VirtualServer CRD property httpTraffic redirect not working when using a defaultPool #3991
Description
Setup Details
CIS Version : 2.X
Build: f5networks/k8s-bigip-ctlr:latest
BIGIP Version: Big IP x.x.x
AS3 Version: 3.x
Agent Mode: AS3/CCCL
Orchestration: K8S/OSCP
Orchestration Version:
Pool Mode: Cluster
Additional Setup details: <Platform/CNI Plugins/ cluster nodes/ etc>
Description
We make use of the VirtualServer CRDs and we'd like to auto redirect HTTP traffic to HTTPS. There's the httpTraffic: redirect option to enable this on the VirtualServer, but this only works if you only use the pools property. It doesn't work when you only use the defaultPool property.
We exclusively use the defaultPool property as we'd like the pool health to be reflected on the UI overview of the virtual servers.
When you first create a VirtualServer with a single pool entry the VS and pool is created in the F5. You can later patch the CRD by referencing this pool as the defaultPool. However, you can't do this when creating the VirtualServer from scratch (define a pools entry and reference this pool as defaultPool) because then you have a race condition. As we use GitOps we can't patch the manifest later...
Steps To Reproduce
Only defaultPool set
- Use the
tls-with-httpredirectexample but instead of the pools property, set the defaultPool property only.
Expected Result
The virtual server is created, the pool is created, the irule to redirect is applied and works, the pools is configured as default pool.
Actual Result
Creating the virtual server fails with the following error:
2025/11/07 14:20:28 [INFO] [Request: 3][AS3] post resulted in FAILURE
2025/11/07 14:20:28 [ERROR] [Request: 3][AS3] Response from BIG-IP: code: 422 --- tenant:k8s-dev-1 --- message: declaration failed
2025/11/07 14:20:28 [DEBUG] [AS3] Raw response from Big-IP: map[code:422 declaration:HTML Tag-like Content in the Request URL/Body results:[map[code:422 declarationId:urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d host:localhost message:declaration failed response:01070151:3: Rule [/k8s-dev-1/Shared/argocd_dev_1_k8s_https_80_http_redirect_irule_443] error: Unable to find value_list (/k8s-dev-1/Shared/argocd_dev_1_k8s_https_80_https_redirect_dg) referenced at line 5: [class match -value \"*/\" equals /k8s-dev-1/Shared/argocd_dev_1_k8s_https_80_https_redirect_dg] runTime:8563 tenant:k8s-dev-1]]]
For default pools no redirect_dg value lists are generated in the F5.
Diagnostic Information
<Configuration files, error messages, logs>
Note: Sanitize the data. For example, be mindful of IPs, ports, application names and URLs
Note: The following F5 article outlines the information required when opening an issue.
https://support.f5.com/csp/article/K60974137