hostGroup parameter doesn't work if VirtualServerName is specified

[mikeoleary]

Setup Details

CIS Version : 2.12.1
BIGIP Version: Big IP 17.1.0.1
AS3 Version: 3.25
Agent Mode: AS3
Orchestration: K8S
Pool Mode: Cluster

Description

hostGroup and VirtualServerName attributes cannot be used at the same time.

Some ideas:

• Could we fix this so that the VirtualServerName field is ignored if hostGroup is used, or throw an error if both exist?
• or could you add this note to the documentation to say that hostGroup and VirtualServerName should not be used at the same time?
• Or log entries in CIS to make it more obvious if this is quiety ignored?

Steps To Reproduce

1. Create 2x VirtualServers as below. Define BOTH hostGroup and VirtualServerName.
2. Apply and observe logs on CIS do not give you much info (even with DEBUG level) but /var/log/restnoded/restnoded.log will tell you:

severe: [appsvcs] {"message":"Declaration failed: 01070333:3: Virtual Server /kubernetes/Shared/hello_world_vs2_443 illegally shares destination address, source address, service port, ip-protocol, and vlan with Virtual Server /kubernetes/Shared/hello_world_vs_443.","level":"error"}

apiVersion: "cis.f5.com/v1"
kind: VirtualServer
metadata:
  name: hello-world-virtual-server
  namespace: nginx-ingress
  labels:
    f5cr: "true"
spec:
  host: demo.my-f5.com
  hostGroup: mike
  tlsProfileName: hello-world-tls
  virtualServerAddress: "20.96.103.238"
  virtualServerName: demo               ### <--- this line should not be used if hostGroup is being used for multiple VS resources.
  httpTraffic: allow
  pools:
  - path: /
    service: nginx-ingress
    servicePort: 80
    monitor:
      type: http
      interval: 10
      timeout: 31
      send: "/"
      recv: ""


apiVersion: "cis.f5.com/v1"
kind: VirtualServer
metadata:
  name: hello-world-virtual-server2
  namespace: nginx-ingress
  labels:
    f5cr: "true"
spec:
  host: demo2.my-f5.com
  hostGroup: mike
  tlsProfileName: hello-world-tls2
  virtualServerAddress: "20.96.103.238"
  virtualServerName: demo2               ### <--- this line should not be used if hostGroup is being used for multiple VS resources.
  httpTraffic: allow
  pools:
  - path: /
    service: nginx-ingress2
    servicePort: 80
    monitor:
      type: http
      interval: 10
      timeout: 31
      send: "/"
      recv: ""

Expected Result

I expected I could use the above VS definitions to create 2x VS that share the same IP address, even if I left the VirtualServerName attribute in them.

Actual Result

I need to remove the VirtualServerName attribute from both before this will work.

Diagnostic Information

<Configuration files, error messages, logs>
Note: Sanitize the data. For example, be mindful of IPs, ports, application names and URLs
Note: The following F5 article outlines the information required when opening an issue.
https://support.f5.com/csp/article/K60974137

Observations (if any)

[trinaths]

Created [CONTCNTR-3950] for internal tracking.

[thomas-cripps-fg]

Also experiencing this, can anything be included to edit the description of sorts? Easiest way for me to understand what the virtual server is processing is the policy it creates.