Operator changes for CIS 2.3 release (#1718)

operator/build/Dockerfile

@@ -3,7 +3,7 @@ FROM quay.io/operator-framework/helm-operator:latest
 ### Required OpenShift Labels
 LABEL name="F5 BIG-IP Controller Operator" \
       vendor="F5 Networks Inc" \
-      version="v1.5.0" \
+      version="v1.6.0" \
       release="1" \
       summary="F5 BIG-IP Controller Operator" \
       description="This operator will deploy F5 BIG-IP Controller for Kubernetes and OpenShift into the cluster."

operator/deploy/crds/cis.f5.com_v1_f5bigipctlr_cr.yaml

@@ -3,7 +3,7 @@ kind: F5BigIpCtlr
 metadata:
   name: f5-server
 spec:
-  version: 2.2.2
+  version: 2.3.0
   args:
     log_as3_response: true
     manage_routes: true

operator/helm-charts/f5-bigip-ctlr/Chart.yaml

@@ -1,4 +1,4 @@
 apiVersion: v1
-description: Deploy the F5 Networks BIG-IP Controller for Kubernetes and OpenShift (k8s-bigip-ctlr). 
+description: Deploy the F5 Networks BIG-IP Controller for Kubernetes and OpenShift (k8s-bigip-ctlr).
 name: f5-bigip-ctlr
-version: 0.0.11
+version: 0.0.12

operator/helm-charts/f5-bigip-ctlr/README.md

@@ -1,55 +1,76 @@
-# Helm Chart for the F5 BIG-IP Controller
+# Helm Chart for the F5 Container Ingress Services
 
-This chart simplifies repeatable, versioned deployment of the [F5 BIG-IP Controller for Kubernetes](http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest/).
+This chart simplifies repeatable, versioned deployment of the [Container Ingress Services](https://clouddocs.f5.com/containers/latest/).
 
 ### Prerequisites
-- Add your BIG-IP device to your [Kubernetes](http://clouddocs.f5.com/containers/latest/kubernetes/kctlr-use-bigip-k8s.html) or [OpenShift](http://clouddocs.f5.com/containers/v2/openshift/kctlr-use-bigip-openshift.html) Cluster.
-- Create a partition on your BIG-IP device for the BIG-IP Controller to manage. The Controller cannot manage objects in the `/Common` partition.
-- Create a Secret containing the BIG-IP login credentials for the Controller. The Controller needs an account with administrator-level permissions to ensure full functionality.
+- Refer to [CIS Prerequisites](https://clouddocs.f5.com/containers/latest/userguide/cis-helm.html#prerequisites) to install Container Ingress Services on Kubernetes or Openshift
+- [Helm 3](https://helm.sh/docs/intro/) should be installed.
 
-The chart contains the following default values for partition and Secret, respectively:
-- `f5-bigip-ctlr` and 
-- `f5-bigip-ctlr-login` 
 
-Be sure to change these if they differ from your actual partition and Secret names, using `--set <param>=<value>` or `-f <values-file.yaml>` as appropriate. See [customizing the chart before installing](https://docs.helm.sh/using_helm/#customizing-the-chart-before-installing) for more details.
+## Installing CIS Using Helm Charts
 
-## Chart Details
-
-The chart creates a Deployment for one Pod containing the [k8s-bigip-ctlr](http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest/) and its supporting RBAC resources.
+This is the simplest way to install the CIS on OpenShift/Kubernetes cluster. Helm is a package manager for Kubernetes. Helm is Kubernetes version of yum or apt. Helm deploys something called charts, which you can think of as a packaged application. It is a collection of all your versioned, pre-configured application resources which can be deployed as one unit. This chart creates a Deployment for one Pod containing the [k8s-bigip-ctlr](https://clouddocs.f5.com/containers/latest/), it's supporting RBAC, Service Account and Custom Resources Definition installations.
 
 ## Installing the Chart
 
-Run the commands shown below to install the chart using the default values.
+- Add BIG-IP credentials as K8S secrets.
+
+For Kubernetes, use the following command:
+
+```kubectl create secret generic f5-bigip-ctlr-login -n kube-system --from-literal=username=admin --from-literal=password=<password>```
+
+For OpenShift, use the following command:
+
+```oc create secret generic f5-bigip-ctlr-login -n kube-system --from-literal=username=admin --from-literal=password=<password>```
+
+- Add the CIS chart repository in Helm using following command:
 
-```
-helm repo add f5-stable https://f5networks.github.io/charts/stable
-helm install --set args.bigip_url=1.2.3.4 f5-stable/f5-bigip-ctlr
-```
+```helm repo add f5-stable https://f5networks.github.io/charts/stable```
+
+- Create values.yaml as shown in [examples](https://github.com/F5Networks/charts/tree/master/example_values/f5-bigip-ctlr):
 
-Or
+- Install the Helm chart using the following command:
+
+```helm install -f values.yaml <new-chart-name> f5-stable/f5-bigip-ctlr```
 
-```
-# from fork
-helm install --set args.bigip_url=1.2.3.4 charts/src/stable/f5-bigip-ctlr
-```
+- Install the Helm chart with skip crds (without custom resource definitions installations)
 
+```helm install --skip-crds -f values.yaml <new-chart-name> f5-stable/f5-bigip-ctlr```
+
 ## Chart parameters:
 
+Parameter | Required | Description | Default    
+----------|-------------|-------------|--------
+bigip_login_secret | Required |  Secret that contains BIG-IP login credentials | f5-bigip-ctlr-login
+args.bigip_url | Required | The management IP for your BIG-IP device | **Required**, no default
+args.partition | Required | BIG-IP partition the CIS Controller will manage | f5-bigip-ctlr
+rbac.create | Optional | Create ClusterRole and ClusterRoleBinding | true
+serviceAccount.name | Optional | name of the ServiceAccount for CIS controller | f5-bigip-ctlr-serviceaccount
+serviceAccount.create | Optional | Create service account for the CIS controller | true
+namespace | Optional | name of namespace CIS will use to create deployment and other resources | kube-system
+image.user | Optional | CIS Controller image repository username | f5networks
+image.repo | Optional | CIS Controller image repository name | k8s-bigip-ctlr
+image.pullPolicy | Optional | CIS Controller image pull policy | Always
+version | Optional | CIS Controller image tag | latest
+nodeSelector | Optional | dictionary of Node selector labels | empty
+tolerations | Optional | Array of labels | empty
+livenessProbe | Optional | dictionary of Node selector labels | empty
+readinessProbe | Optional | dictionary of Node selector labels | empty
+resources | Optional | resources to be allocated to the pod | empty
+
+
+
+See the CIS documentation for a full list of args supported for CIS [CIS Configuration Options](https://clouddocs.f5.com/containers/latest/userguide/config-parameters.html)
+
 > **Note:** Helm value names cannot include the character `-` which is commonly used in the names of parameters passed to the controller. To accomodate Helm, the parameter names in `values.yaml` use `_` and then replace them with `-` when rendering.
-> e.g. `args.bigip_url` is rendered as `bigip-url` as required by the Controler.
+> e.g. `args.bigip_url` is rendered as `bigip-url` as required by the CIS Controller.
+
 
+If you have a specific use case for F5 products in the Kubernetes environment that would benefit from a curated chart, please [open an issue](https://github.com/F5Networks/charts/issues) describing your use case and providing example resources.
 
-Parameter | Description | Default
-----------|-------------|--------
-bigip_login_secret | Secret that contains BIG-IP login credentials | f5-bigip-ctlr-login
-serviceaccount | name of ServiceAccount the ctlr will use | f5-bigip-ctlr-serviceaccount
-args.bigip_url | The management IP for your BIG-IP device | **Required**, no default
-args.partition | BIG-IP partition the ctlr will manage | f5-bigip-ctlr
-args.log_level | Log detail | DEBUG for incubation chart
-args.verify_interval | Interval, in seconds, at which to verify BIG-IP settings | Default is 30
-args.node_poll_interval | Interval, in seconds, at which to poll the cluster | Default is 30
+## Uninstalling Helm Chart
 
-See the Controller documentation for a full list of [configuration parameters](http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest/#controller-configuration-parameters).
+Run the following command to uninstall the chart.
 
-If you have a specific use case for F5 products in the Kubernetes environment that would benefit from a curated chart, please [open an issue](https://github.com/F5Networks/charts/issues) describing your use case and providing example resources.
+```helm uninstall <new-chart-name>```
 

operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrole.yaml

@@ -56,4 +56,28 @@ rules:
       - tlsprofiles
       - transportservers
       - externaldnss
-{{- end -}}
+{{- if .Values.args.ipam }}
+  - verbs:
+      - get
+      - list
+      - watch
+      - update
+      - create
+      - patch
+    apiGroups:
+      - fic.f5.com
+    resources:
+      - f5ipams
+  - verbs:
+      - get
+      - list
+      - watch
+      - update
+      - create
+      - patch
+    apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+{{- end }}
+{{- end -}}

operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-customresourcedefinitions.yml

@@ -40,6 +40,15 @@ spec:
                 waf:
                   type: string
                   pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$'
+                allowVlans:
+                  items:
+                    type: string
+                    pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_]+\/?)*$'
+                  type: array
+                iRules:
+                  type: array
+                  items:
+                    type: string
                 pools:
                   type: array
                   items:
@@ -93,6 +102,30 @@ spec:
                   type: integer
                   minimum: 1
                   maximum: 65535
+      additionalPrinterColumns:
+        - name: host
+          type: string
+          description: hostname
+          jsonPath: .spec.host
+        - name: tlsProfileName
+          type: string
+          description: TLS Profile attached
+          jsonPath: .spec.tlsProfileName
+        - name: httpTraffic
+          type: string
+          description: Http Traffic Termination
+          jsonPath: .spec.httpTraffic
+        - name: cidr
+          type: string
+          description: Subnet of virtual server
+          jsonPath: .spec.cidr
+        - name: virtualServerAddress
+          type: string
+          description: IP address of virtualServer
+          jsonPath: .spec.virtualServerAddress
+        - name: Age
+          type: date
+          jsonPath: .metadata.creationTimestamp
 
 ---
 apiVersion: apiextensions.k8s.io/v1
@@ -166,11 +199,6 @@ spec:
             spec:
               type: object
               properties:
-                allowVlans:
-                  type: array
-                  items:
-                    type: string
-                    pattern: '^[\/][A-Za-z0-9-_]+[\/][A-Za-z0-9-_]+$'
                 virtualServerAddress:
                   type: string
                   pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$'
@@ -186,6 +214,11 @@ spec:
                   enum: [standard, performance]
                 snat:
                   type: string
+                allowVlans:
+                  items:
+                    type: string
+                    pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_]+\/?)*$'
+                  type: array
                 pool:
                   type: object
                   properties:
@@ -216,7 +249,26 @@ spec:
                 - virtualServerAddress
                 - virtualServerPort
                 - pool
-
+      additionalPrinterColumns:
+        - name: virtualServerAddress
+          type: string
+          description: IP address of virtualServer
+          jsonPath: .spec.virtualServerAddress
+        - name: virtualServerPort
+          type: integer
+          description: Port of virtualServer
+          jsonPath: .spec.virtualServerPort
+        - name: pool
+          type: string
+          description: Name of service
+          jsonPath: .spec.pool.service
+        - name: poolPort
+          type: string
+          description: Port of service
+          jsonPath: .spec.pool.servicePort
+        - name: Age
+          type: date
+          jsonPath: .metadata.creationTimestamp
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -288,4 +340,12 @@ spec:
                       - name
                       - dataServerName
               required:
-                - domainName
+                - domainName
+      additionalPrinterColumns:
+        - name: domainName
+          type: string
+          description: Domain name of virtual server resource
+          jsonPath: .spec.domainName
+        - name: Age
+          type: date
+          jsonPath: .metadata.creationTimestamp

operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-deploy.yaml

@@ -36,6 +36,14 @@ spec:
       containers:
       - name: {{ template "f5-bigip-ctlr.name" . }}
         image: "{{ .Values.image.user }}/{{ .Values.image.repo }}:{{ .Values.version }}"
+{{- if.Values.livenessProbe }}
+        livenessProbe:
+{{ toYaml .Values.livenessProbe | indent 10 }}
+{{- end}}
+{{- if.Values.readinessProbe }}
+        readinessProbe:
+{{ toYaml .Values.readinessProbe | indent 10 }}
+{{- end}}
         volumeMounts:
         - name: bigip-creds
           mountPath: "/tmp/creds"
@@ -47,9 +55,16 @@ spec:
         - --credentials-directory
         - /tmp/creds
         {{- range $key, $value := .Values.args }}
-        - --{{ $key | replace "_" "-"}}
-        - {{ $value | quote }}
+        - --{{ $key | replace "_" "-"}}={{ $value }}
         {{- end }}
+{{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+{{- if .Values.tolerations }}
+      tolerations:
+{{ toYaml .Values.tolerations | indent 6}}
+{{- end }}
       volumes:
       - name: bigip-creds
         secret:

operator/helm-charts/f5-bigip-ctlr/values.yaml

@@ -48,7 +48,7 @@ args:
   # gtm-bigip-password
   # gtm-bigip-url
   # gtm-bigip-username
-  # ipam: true
+  # ipam : true
 image:
   # Use the tag to target a specific version of the Controller
   user: f5networks
@@ -62,5 +62,5 @@ resources: {}
   #  memory: 128Mi
   # requests:
   #  cpu: 100m
-  #  memory: 128Mi
+#  memory: 128Mi
 version: latest