Skip to content

Doing a PoC with Route + ExternalName Services causes error in CIS #4004

New issue
New issue
Open
Open
Doing a PoC with Route + ExternalName Services causes error in CIS#4004
Labels
buguntriagedno JIRA created
@alonsocamaro

Description

@alonsocamaro
alonsocamaro
opened on Nov 18, 2025

Setup Details

Build: Version: 2.20.1, BuildInfo: azure-7645-383b7cb7252e831bfc8ace1a4e5ff56e464789ef
BIGIP Version: Big IP 21.0.0
AS3 Version: 3.55
Agent Mode: AS3
Orchestration: OSCP
Orchestration Version: 4.19
Pool Mode: Cluster
Additional Setup details: OVN

Description

The following is not affecting a customer. I just wanted to report this non usual configuration failure I found while trying a PoC with the following config which uses a Service of type ExternalName:

apiVersion: route.openshift.io/v1
kind: Route
metadata:
  name: flights-mcp-server
  namespace: mcp-shared
  annotations:
     virtual-server.f5.com/health: |
        [
           {
              "interval": 5,
              "timeout": 16,
              "type": "tcp",
           }
        ]
spec:
  host: flights-mcp-server.f5demo.com
  to:
    kind: Service
    name: flights-mcp-server
---
apiVersion: v1
kind: Service
metadata:
  name: flights-mcp-server
  namespace: mcp-shared
spec:
  type: ExternalName
  externalName: flights-mcp-server.flights-mcp-server.svc.cluster.local # FQDN of the Service in the other namespace

crashes CIS with the following logs

2025/11/18 15:14:29 [DEBUG] [CORE] Periodic enqueue of Service from Namespace: flights-mcp-server, svc: flights-mcp-server
2025/11/18 15:14:29 [DEBUG] [CORE] Finished syncing namespace flights-mcp-server (56.262µs)
2025/11/18 15:14:29 [DEBUG] [CORE] Periodic enqueue of Service from Namespace: formula1-mcp-server, svc: f1-mcp-server
2025/11/18 15:14:29 [DEBUG] [CORE] Finished syncing namespace formula1-mcp-server (24.382µs)
2025/11/18 15:14:29 [DEBUG] [CORE] Finished syncing virtual servers with service flights-mcp-server in namespace mcp-shared (34.873µs), processed VS 1 out of 7
2025/11/18 15:14:29 [DEBUG] [CORE] Periodic enqueue of Service from Namespace: mcp-shared, svc: flights-mcp-server
2025/11/18 15:14:29 [DEBUG] [CORE] Finished syncing namespace mcp-shared (14.55µs)
E1118 15:14:29.769818       1 runtime.go:78] Observed a panic: runtime.boundsError{x:0, y:0, signed:true, code:0x0} (runtime error: index out of range [0] with length 0)
goroutine 661 [running]:
k8s.io/apimachinery/pkg/util/runtime.logPanic({0x238cf60, 0xc0016aa660})
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:74 +0xf4
k8s.io/apimachinery/pkg/util/runtime.HandleCrash({0x0, 0x0, 0x0})
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:48 +0xb6
panic({0x238cf60?, 0xc0016aa660?})
        /usr/local/go/src/runtime/panic.go:791 +0x136
github.com/F5Networks/k8s-bigip-ctlr/v2/pkg/resource.GetServicePort({0xc00084d3a0, 0xa}, {0xc0008d6828, 0x12}, {0x26944d0, 0xc000886948}, {0x0, 0x0}, {0x249408d, 0x5})
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/pkg/resource/resourceConfig.go:2596 +0x5d1
github.com/F5Networks/k8s-bigip-ctlr/v2/pkg/appmanager.(*Manager).createRSConfigFromRoute(_, _, {_, _}, _, {{0x7ffe17faed15, 0xe}, {0x0, 0x0}, {0x7ffe17faecef, ...}, ...}, ...)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/pkg/appmanager/resourceConfig.go:64 +0x4ef
github.com/F5Networks/k8s-bigip-ctlr/v2/pkg/appmanager.(*Manager).syncRoutes(0xc000734008, 0xc0007f33b8, {{0xc00084d3a0, 0xa}, {0xc0008d6828, 0x12}, {0x24949cb, 0x6}, {0xc0008d6750, 0x12}, ..
.}, ...)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/pkg/appmanager/appManager.go:2296 +0x18c5
github.com/F5Networks/k8s-bigip-ctlr/v2/pkg/appmanager.(*Manager).syncVirtualServer(0xc000734008, {{0xc00084d3a0, 0xa}, {0xc0008d6828, 0x12}, {0x24949cb, 0x6}, {0xc0008d6750, 0x12}, {0x24949c5, ...}, ...})
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/pkg/appmanager/appManager.go:1609 +0x1830
github.com/F5Networks/k8s-bigip-ctlr/v2/pkg/appmanager.(*Manager).processNextVirtualServer(0xc000734008)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/pkg/appmanager/appManager.go:1451 +0xa05
github.com/F5Networks/k8s-bigip-ctlr/v2/pkg/appmanager.(*Manager).virtualServerWorker(0xc000734008)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/pkg/appmanager/appManager.go:1320 +0x1f
k8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1(0xc0007dd510)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155 +0x39
k8s.io/apimachinery/pkg/util/wait.BackoffUntil(0xc0007dd510, {0x2672ac0, 0xc00158d740}, 0x1, 0xc00087e070)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156 +0xbb
k8s.io/apimachinery/pkg/util/wait.JitterUntil(0xc0007dd510, 0x3b9aca00, 0x0, 0x1, 0xc00087e070)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133 +0x76
k8s.io/apimachinery/pkg/util/wait.Until(0xc0007dd510, 0x3b9aca00, 0xc00087e070)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90 +0x2d
created by github.com/F5Networks/k8s-bigip-ctlr/v2/pkg/appmanager.(*Manager).runImpl in goroutine 110
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/pkg/appmanager/appManager.go:1265 +0x40f
panic: runtime error: index out of range [0] with length 0 [recovered]
        panic: runtime error: index out of range [0] with length 0

goroutine 661 [running]:
k8s.io/apimachinery/pkg/util/runtime.HandleCrash({0x0, 0x0, 0x0})
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:55 +0x154
panic({0x238cf60?, 0xc0016aa660?})
        /usr/local/go/src/runtime/panic.go:791 +0x136
github.com/F5Networks/k8s-bigip-ctlr/v2/pkg/resource.GetServicePort({0xc00084d3a0, 0xa}, {0xc0008d6828, 0x12}, {0x26944d0, 0xc000886948}, {0x0, 0x0}, {0x249408d, 0x5})
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/pkg/resource/resourceConfig.go:2596 +0x5d1
github.com/F5Networks/k8s-bigip-ctlr/v2/pkg/appmanager.(*Manager).createRSConfigFromRoute(_, _, {_, _}, _, {{0x7ffe17faed15, 0xe}, {0x0, 0x0}, {0x7ffe17faecef, ...}, ...}, ...)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/pkg/appmanager/resourceConfig.go:64 +0x4ef
github.com/F5Networks/k8s-bigip-ctlr/v2/pkg/appmanager.(*Manager).syncRoutes(0xc000734008, 0xc0007f33b8, {{0xc00084d3a0, 0xa}, {0xc0008d6828, 0x12}, {0x24949cb, 0x6}, {0xc0008d6750, 0x12}, ...}, ...)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/pkg/appmanager/appManager.go:2296 +0x18c5
github.com/F5Networks/k8s-bigip-ctlr/v2/pkg/appmanager.(*Manager).syncVirtualServer(0xc000734008, {{0xc00084d3a0, 0xa}, {0xc0008d6828, 0x12}, {0x24949cb, 0x6}, {0xc0008d6750, 0x12}, {0x24949c5, ...}, ...})
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/pkg/appmanager/appManager.go:1609 +0x1830
github.com/F5Networks/k8s-bigip-ctlr/v2/pkg/appmanager.(*Manager).processNextVirtualServer(0xc000734008)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/pkg/appmanager/appManager.go:1451 +0xa05
github.com/F5Networks/k8s-bigip-ctlr/v2/pkg/appmanager.(*Manager).virtualServerWorker(0xc000734008)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/pkg/appmanager/appManager.go:1320 +0x1f
k8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1(0xc0007dd510)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155 +0x39
k8s.io/apimachinery/pkg/util/wait.BackoffUntil(0xc0007dd510, {0x2672ac0, 0xc00158d740}, 0x1, 0xc00087e070)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156 +0xbb
k8s.io/apimachinery/pkg/util/wait.JitterUntil(0xc0007dd510, 0x3b9aca00, 0x0, 0x1, 0xc00087e070)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133 +0x76
k8s.io/apimachinery/pkg/util/wait.Until(0xc0007dd510, 0x3b9aca00, 0xc00087e070)
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90 +0x2d
created by github.com/F5Networks/k8s-bigip-ctlr/v2/pkg/appmanager.(*Manager).runImpl in goroutine 110
        /go/src/github.com/F5Networks/k8s-bigip-ctlr/pkg/appmanager/appManager.go:1265 +0x40f

Steps To Reproduce

  1. use CIS with the following parameters
              "--namespace=mcp-shared",
              "--namespace=flights-mcp-server",
              "--namespace=formula1-mcp-server",
              "--bigip-partition=f5-cis",
              "--pool-member-type=cluster",
              "--share-nodes=true",
              "--log-level=AS3DEBUG",
              "--insecure=true",
              "--manage-routes=true",
              "--route-http-vserver=vs-mcp-openshift",
              "--route-vserver-addr=192.170.34.212",
              "--orchestration-cni=ovn-k8s",
              "--static-routing-mode=true",
              "--as3-validation=true",
              "--log-as3-response=true",
              "--override-as3-declaration=mcp-shared/cis-configmap"
  1. Use the K8s resources above

Expected Result

The service lookup of flights-mcp-server should succeed

Actual Result

CIS crashes

Metadata

Metadata

Assignees

No one assigned

    Labels

    buguntriagedno JIRA created

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions