Operator changes for 2.5.0 release (#1900)

azure-pipelines.yaml

@@ -19,7 +19,7 @@ variables:
   quayConnection: 'quay-bot'
   redhatConnection: 'redhat-bot'
   dockerConnection: 'docker-bot'
-  scanConnection: 'scan-bot'
+  scanConnection: 'cis-scan-bot'
   quay_path: 'quay.io/f5networks/k8s-bigip-ctlr-devel'
   redhat_prj_name: 'cntr-ingress-svcs'
   redhat_tag: '$(BUILD_VERSION)-rhel7'
@@ -39,11 +39,13 @@ steps:
       containerRegistry: $(quayConnection)
   - task: Docker@2
     displayName: Login to docker registry
+    condition: startsWith(variables['build.sourceBranch'], 'refs/tags/')
     inputs:
       command: login
       containerRegistry: $(dockerConnection)
   - task: Docker@2
     displayName: Login to scan registry
+    condition: startsWith(variables['build.sourceBranch'], 'refs/tags/')
     inputs:
       command: login
       containerRegistry: $(scanConnection)
@@ -62,7 +64,7 @@ steps:
       tags: $(Build.SourceVersion)
       arguments: "--build-arg BUILD_INFO=azure-$(Build.BuildId)-$(Build.SourceVersion) --build-arg BUILD_VERSION=$(BUILD_VERSION) --build-arg RUN_TESTS=$(RUN_TESTS)"
   - task: Docker@2
-    displayName: Push image to quay.io
+    displayName: Push image to Quay
     inputs:
       command: push
       containerRegistry: $(quayConnection)
@@ -74,7 +76,7 @@ steps:
       podman tag $(quay_path):$(Build.SourceVersion) scan.connect.redhat.com/$(REDHAT_PRJ_ID)/$(redhat_prj_name):$(redhat_tag)
       podman push --authfile $(DOCKER_CONFIG)/config.json scan.connect.redhat.com/$(REDHAT_PRJ_ID)/$(redhat_prj_name):$(redhat_tag)
     condition: and(succeeded(), startsWith(variables['build.sourceBranch'], 'refs/tags/'))
-    displayName: 'Publish to Redhat'
+    displayName: 'Push image to Redhat'
     continueOnError: true
   - script: |
       set -ex
@@ -88,5 +90,5 @@ steps:
       fi
       docker push $(docker_repo):latest
       docker push $(docker_repo):$(docker_version)
-    displayName: 'Publish to DockerHub'
+    displayName: 'Push image to DockerHub'
     condition: startsWith(variables['build.sourceBranch'], 'refs/tags/')

docs/RELEASE-NOTES.rst

@@ -15,7 +15,7 @@ Added Functionality
     - Multiport Service and Health Monitor for Service type LoadBalancer in CRD mode. Refer for `examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/crd/serviceTypeLB>`_.
     - :issues:`1824` Support for Kubernetes networking.k8s.io/v1 Ingress and IngressClass. Refer for `examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/ingress/networkingV1>`_.
     - For networking.k8s.io/v1 Ingress, add multiple BIGIP SSL client profiles with annotation ``virtual-server.f5.com/clientssl``. Refer for `examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/ingress/networkingV1>`_.
-    - OpenShift route annotations ``virtual-server.f5.com/rewrite-app-root`` (`examples <https://github.com/F5Networks/k8s-bigip-ctlr/blob/master/docs/config_examples/openshift/routes/sample-route-rewrite-app-root.yaml>`_) and ``virtual-server.f5.com/rewrite-target-url`` (`examples <https://github.com/F5Networks/k8s-bigip-ctlr/blob/master/docs/config_examples/openshift/routes/sample-route-rewrite-target-url.yaml>`_) with agent AS3.
+    - OpenShift route annotations ``virtual-server.f5.com/rewrite-app-root`` (`examples <https://raw.githubusercontent.com/F5Networks/k8s-bigip-ctlr/master/docs/config_examples/openshift/routes/sample-route-rewrite-app-root.yaml>`_) and ``virtual-server.f5.com/rewrite-target-url`` (`examples <https://raw.githubusercontent.com/F5Networks/k8s-bigip-ctlr/master/docs/config_examples/openshift/routes/sample-route-rewrite-target-url.yaml>`_) with agent AS3.
     - :issues:`1570` iRule reference in TransportServer CRD.  Refer for `examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/crd/TransportServer>`_.
     - CIS deployment configuration options:
          * ``--periodic-sync-interval`` - Configure the periodic sync of Kubernetes resources.
@@ -24,6 +24,11 @@ Added Functionality
 * CIS now monitors changes to Kubernetes Secret resource.
 * Improved performance while processing Ingress resources.
 * CIS in AS3 agent mode now adds default cipher groups to SSL profiles for TLS v1.3.
+* CIS now supports `F5 IPAM Controller 0.1.4 <https://github.com/F5Networks/f5-ipam-controller/blob/main/docs/RELEASE-NOTES.rst>`_.
+
+* Helm Chart Enhancements includes:
+    - Latest CRD schemas
+    - IngressClass installation
 
 Bugs Fixes
 ``````````
@@ -36,14 +41,18 @@ Known Issues
 
 Note
 ````
-* CIS 2.5 supports Kubenetes networking.k8s.io/v1 Ingress and IngressClass. With Kubernetes > 1.18, update CIS ClusterRole (refer for `example <https://github.com/F5Networks/k8s-bigip-ctlr/blob/master/docs/config_examples/crd/Install/clusterrole.yml>`_) and create IngressClass (refer for `example <https://github.com/F5Networks/k8s-bigip-ctlr/blob/master/docs/config_examples/ingress/networkingV1/example-default-ingress-class.yaml>`_) before version upgrade.
+* CIS 2.5 supports Kubenetes networking.k8s.io/v1 Ingress and IngressClass. With Kubernetes > 1.18, update CIS ClusterRole (refer for `example <https://raw.githubusercontent.com/F5Networks/k8s-bigip-ctlr/master/docs/config_examples/crd/Install/clusterrole.yml>`_) and create IngressClass (refer for `example <https://raw.githubusercontent.com/F5Networks/k8s-bigip-ctlr/master/docs/config_examples/ingress/networkingV1/example-default-ingress-class.yaml>`_) before version upgrade.
+* To upgrade CIS using operator in OpenShift, 
+  - Install `IngressClass <https://raw.githubusercontent.com/F5Networks/k8s-bigip-ctlr/master/docs/config_examples/ingress/networkingV1/example-default-ingress-class.yaml>_` manually if CIS is monitoring ingress resource. 
+  - Install `CRDs <https://raw.githubusercontent.com/F5Networks/k8s-bigip-ctlr/master/docs/config_examples/crd/Install/customresourcedefinitions.yml>_` manually if using CIS CustomResources (VirtualServer/TransportServer/IngressLink).
+
 
 F5 IPAM Controller v0.1.4
 ``````````````````````````
 
 Added Functionality
 ```````````````````
-* F5 IPAM Controller supports InfoBlox (Preview - Available for VirtualServer CRD only. See `documentation <https://github.com/F5Networks/f5-ipam-controller/blob/main/README.md>`_).
+* F5 IPAM Controller supports InfoBlox (Preview - Available for VirtualServer CR only. See `documentation <https://github.com/F5Networks/f5-ipam-controller/blob/main/README.md>`_).
 
 
 2.4.1

docs/config_examples/crd/IngressLink/README.md

@@ -37,7 +37,7 @@ Create IngressLink Custom Resource definition as follows:
 
 ### 4. Install the Nginx Ingress Controller
 
-* Refer to [Integration with F5 Container Ingress Services](https://github.com/nginxinc/kubernetes-ingress/blob/master/docs-web/f5-ingresslink.md) to deploy NGINX Ingress Controller
+* Refer to [Integration with F5 Container Ingress Services](https://docs.nginx.com/nginx-ingress-controller/f5-ingresslink/) to deploy NGINX Ingress Controller
 
 ### 5. Create an IngressLink Resource
 

docs/config_examples/sample-rbac.yaml

@@ -1,6 +1,6 @@
 # for use in clusters using RBAC
 kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: bigip-ctlr-clusterrole
 rules:
@@ -54,7 +54,7 @@ rules:
 ---
 
 kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: bigip-ctlr-clusterrole-binding
   namespace: kube-system

operator/build/Dockerfile

@@ -1,9 +1,9 @@
-FROM quay.io/operator-framework/helm-operator:v1.6.4
+FROM quay.io/operator-framework/helm-operator:latest
 
 ### Required OpenShift Labels
 LABEL name="F5 BIG-IP Controller Operator" \
       vendor="F5 Networks Inc" \
-      version="v1.7.0" \
+      version="v1.8.0" \
       release="1" \
       summary="F5 BIG-IP Controller Operator" \
       description="This operator will deploy F5 BIG-IP Controller for Kubernetes and OpenShift into the cluster."

operator/helm-charts/f5-bigip-ctlr/Chart.yaml

@@ -1,4 +1,4 @@
 apiVersion: v1
 description: Deploy the F5 Networks BIG-IP Controller for Kubernetes and OpenShift (k8s-bigip-ctlr).
 name: f5-bigip-ctlr
-version: 0.0.14
+version: 0.0.15

operator/helm-charts/f5-bigip-ctlr/README.md

@@ -43,7 +43,7 @@ Parameter | Required | Description | Default
 ----------|-------------|-------------|--------
 bigip_login_secret | Required |  Secret that contains BIG-IP login credentials | f5-bigip-ctlr-login
 args.bigip_url | Required | The management IP for your BIG-IP device | **Required**, no default
-args.partition | Required | BIG-IP partition the CIS Controller will manage | f5-bigip-ctlr
+args.bigip_partition | Required | BIG-IP partition the CIS Controller will manage | f5-bigip-ctlr
 args.namespaces | Optional | List of Kubernetes namespaces which CIS will monitor | empty
 rbac.create | Optional | Create ClusterRole and ClusterRoleBinding | true
 serviceAccount.name | Optional | name of the ServiceAccount for CIS controller | f5-bigip-ctlr-serviceaccount
@@ -52,6 +52,7 @@ namespace | Optional | name of namespace CIS will use to create deployment and o
 image.user | Optional | CIS Controller image repository username | f5networks
 image.repo | Optional | CIS Controller image repository name | k8s-bigip-ctlr
 image.pullPolicy | Optional | CIS Controller image pull policy | Always
+image.pullSecrets | Optional | List of secrets of container registry to pull image | empty
 version | Optional | CIS Controller image tag | latest
 nodeSelector | Optional | dictionary of Node selector labels | empty
 tolerations | Optional | Array of labels | empty

operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrole.yaml

@@ -1,6 +1,6 @@
 {{- if .Values.rbac.create -}}
 kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ template "f5-bigip-ctlr.fullname" . }}
   labels:
@@ -92,4 +92,5 @@ rules:
     resources:
       - customresourcedefinitions
 {{- end }}
-{{- end -}}
+{{- end -}}
+

operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrolebinding.yaml

@@ -1,6 +1,6 @@
 {{- if .Values.rbac.create -}}
 kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ template "f5-bigip-ctlr.fullname" . }}
   namespace: {{ template "f5-bigip-ctlr.namespace" . }}