From 1952a80a2165b7fc2d3561795ad09d1eb8615136 Mon Sep 17 00:00:00 2001 From: Sravya <46847681+sravyap135@users.noreply.github.com> Date: Thu, 15 Jul 2021 16:29:06 +0530 Subject: [PATCH] Operator changes for 2.5.0 release (#1900) --- azure-pipelines.yaml | 10 +- docs/RELEASE-NOTES.rst | 15 +- .../config_examples/crd/IngressLink/README.md | 2 +- docs/config_examples/sample-rbac.yaml | 4 +- operator/build/Dockerfile | 4 +- operator/helm-charts/f5-bigip-ctlr/Chart.yaml | 2 +- operator/helm-charts/f5-bigip-ctlr/README.md | 3 +- .../templates/f5-bigip-ctlr-clusterrole.yaml | 5 +- .../f5-bigip-ctlr-clusterrolebinding.yaml | 2 +- ...5-bigip-ctlr-customresourcedefinitions.yml | 464 ------------------ .../f5-bigip-ctlr-ingress-class.yaml | 8 - ...operator.v1.8.0.clusterserviceversion.yaml | 273 +++++++++++ .../f5bigipctlrs.cis.f5.com.crd.yaml | 19 + .../1.8.0/metadata/annotations.yaml | 7 + operator/manifest/new-f5-bundle/Dockerfile | 4 +- 15 files changed, 331 insertions(+), 491 deletions(-) delete mode 100644 operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-customresourcedefinitions.yml delete mode 100644 operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-ingress-class.yaml create mode 100644 operator/manifest/new-f5-bundle/1.8.0/manifests/f5-bigip-ctlr-operator.v1.8.0.clusterserviceversion.yaml create mode 100644 operator/manifest/new-f5-bundle/1.8.0/manifests/f5bigipctlrs.cis.f5.com.crd.yaml create mode 100644 operator/manifest/new-f5-bundle/1.8.0/metadata/annotations.yaml diff --git a/azure-pipelines.yaml b/azure-pipelines.yaml index 8d55a03fc..0d8c6c046 100644 --- a/azure-pipelines.yaml +++ b/azure-pipelines.yaml @@ -19,7 +19,7 @@ variables: quayConnection: 'quay-bot' redhatConnection: 'redhat-bot' dockerConnection: 'docker-bot' - scanConnection: 'scan-bot' + scanConnection: 'cis-scan-bot' quay_path: 'quay.io/f5networks/k8s-bigip-ctlr-devel' redhat_prj_name: 'cntr-ingress-svcs' redhat_tag: '$(BUILD_VERSION)-rhel7' @@ -39,11 +39,13 @@ steps: containerRegistry: $(quayConnection) - task: Docker@2 displayName: Login to docker registry + condition: startsWith(variables['build.sourceBranch'], 'refs/tags/') inputs: command: login containerRegistry: $(dockerConnection) - task: Docker@2 displayName: Login to scan registry + condition: startsWith(variables['build.sourceBranch'], 'refs/tags/') inputs: command: login containerRegistry: $(scanConnection) @@ -62,7 +64,7 @@ steps: tags: $(Build.SourceVersion) arguments: "--build-arg BUILD_INFO=azure-$(Build.BuildId)-$(Build.SourceVersion) --build-arg BUILD_VERSION=$(BUILD_VERSION) --build-arg RUN_TESTS=$(RUN_TESTS)" - task: Docker@2 - displayName: Push image to quay.io + displayName: Push image to Quay inputs: command: push containerRegistry: $(quayConnection) @@ -74,7 +76,7 @@ steps: podman tag $(quay_path):$(Build.SourceVersion) scan.connect.redhat.com/$(REDHAT_PRJ_ID)/$(redhat_prj_name):$(redhat_tag) podman push --authfile $(DOCKER_CONFIG)/config.json scan.connect.redhat.com/$(REDHAT_PRJ_ID)/$(redhat_prj_name):$(redhat_tag) condition: and(succeeded(), startsWith(variables['build.sourceBranch'], 'refs/tags/')) - displayName: 'Publish to Redhat' + displayName: 'Push image to Redhat' continueOnError: true - script: | set -ex @@ -88,5 +90,5 @@ steps: fi docker push $(docker_repo):latest docker push $(docker_repo):$(docker_version) - displayName: 'Publish to DockerHub' + displayName: 'Push image to DockerHub' condition: startsWith(variables['build.sourceBranch'], 'refs/tags/') diff --git a/docs/RELEASE-NOTES.rst b/docs/RELEASE-NOTES.rst index e74ac896d..8f789b027 100644 --- a/docs/RELEASE-NOTES.rst +++ b/docs/RELEASE-NOTES.rst @@ -15,7 +15,7 @@ Added Functionality - Multiport Service and Health Monitor for Service type LoadBalancer in CRD mode. Refer for `examples `_. - :issues:`1824` Support for Kubernetes networking.k8s.io/v1 Ingress and IngressClass. Refer for `examples `_. - For networking.k8s.io/v1 Ingress, add multiple BIGIP SSL client profiles with annotation ``virtual-server.f5.com/clientssl``. Refer for `examples `_. - - OpenShift route annotations ``virtual-server.f5.com/rewrite-app-root`` (`examples `_) and ``virtual-server.f5.com/rewrite-target-url`` (`examples `_) with agent AS3. + - OpenShift route annotations ``virtual-server.f5.com/rewrite-app-root`` (`examples `_) and ``virtual-server.f5.com/rewrite-target-url`` (`examples `_) with agent AS3. - :issues:`1570` iRule reference in TransportServer CRD. Refer for `examples `_. - CIS deployment configuration options: * ``--periodic-sync-interval`` - Configure the periodic sync of Kubernetes resources. @@ -24,6 +24,11 @@ Added Functionality * CIS now monitors changes to Kubernetes Secret resource. * Improved performance while processing Ingress resources. * CIS in AS3 agent mode now adds default cipher groups to SSL profiles for TLS v1.3. +* CIS now supports `F5 IPAM Controller 0.1.4 `_. + +* Helm Chart Enhancements includes: + - Latest CRD schemas + - IngressClass installation Bugs Fixes `````````` @@ -36,14 +41,18 @@ Known Issues Note ```` -* CIS 2.5 supports Kubenetes networking.k8s.io/v1 Ingress and IngressClass. With Kubernetes > 1.18, update CIS ClusterRole (refer for `example `_) and create IngressClass (refer for `example `_) before version upgrade. +* CIS 2.5 supports Kubenetes networking.k8s.io/v1 Ingress and IngressClass. With Kubernetes > 1.18, update CIS ClusterRole (refer for `example `_) and create IngressClass (refer for `example `_) before version upgrade. +* To upgrade CIS using operator in OpenShift, + - Install `IngressClass _` manually if CIS is monitoring ingress resource. + - Install `CRDs _` manually if using CIS CustomResources (VirtualServer/TransportServer/IngressLink). + F5 IPAM Controller v0.1.4 `````````````````````````` Added Functionality ``````````````````` -* F5 IPAM Controller supports InfoBlox (Preview - Available for VirtualServer CRD only. See `documentation `_). +* F5 IPAM Controller supports InfoBlox (Preview - Available for VirtualServer CR only. See `documentation `_). 2.4.1 diff --git a/docs/config_examples/crd/IngressLink/README.md b/docs/config_examples/crd/IngressLink/README.md index c20033c81..6b8e2230a 100644 --- a/docs/config_examples/crd/IngressLink/README.md +++ b/docs/config_examples/crd/IngressLink/README.md @@ -37,7 +37,7 @@ Create IngressLink Custom Resource definition as follows: ### 4. Install the Nginx Ingress Controller -* Refer to [Integration with F5 Container Ingress Services](https://github.com/nginxinc/kubernetes-ingress/blob/master/docs-web/f5-ingresslink.md) to deploy NGINX Ingress Controller +* Refer to [Integration with F5 Container Ingress Services](https://docs.nginx.com/nginx-ingress-controller/f5-ingresslink/) to deploy NGINX Ingress Controller ### 5. Create an IngressLink Resource diff --git a/docs/config_examples/sample-rbac.yaml b/docs/config_examples/sample-rbac.yaml index e00fb7dbd..2e2bd2bad 100644 --- a/docs/config_examples/sample-rbac.yaml +++ b/docs/config_examples/sample-rbac.yaml @@ -1,6 +1,6 @@ # for use in clusters using RBAC kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: bigip-ctlr-clusterrole rules: @@ -54,7 +54,7 @@ rules: --- kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: bigip-ctlr-clusterrole-binding namespace: kube-system diff --git a/operator/build/Dockerfile b/operator/build/Dockerfile index c5d607a6c..832b0452c 100644 --- a/operator/build/Dockerfile +++ b/operator/build/Dockerfile @@ -1,9 +1,9 @@ -FROM quay.io/operator-framework/helm-operator:v1.6.4 +FROM quay.io/operator-framework/helm-operator:latest ### Required OpenShift Labels LABEL name="F5 BIG-IP Controller Operator" \ vendor="F5 Networks Inc" \ - version="v1.7.0" \ + version="v1.8.0" \ release="1" \ summary="F5 BIG-IP Controller Operator" \ description="This operator will deploy F5 BIG-IP Controller for Kubernetes and OpenShift into the cluster." diff --git a/operator/helm-charts/f5-bigip-ctlr/Chart.yaml b/operator/helm-charts/f5-bigip-ctlr/Chart.yaml index d5cf61011..a498cf114 100644 --- a/operator/helm-charts/f5-bigip-ctlr/Chart.yaml +++ b/operator/helm-charts/f5-bigip-ctlr/Chart.yaml @@ -1,4 +1,4 @@ apiVersion: v1 description: Deploy the F5 Networks BIG-IP Controller for Kubernetes and OpenShift (k8s-bigip-ctlr). name: f5-bigip-ctlr -version: 0.0.14 +version: 0.0.15 diff --git a/operator/helm-charts/f5-bigip-ctlr/README.md b/operator/helm-charts/f5-bigip-ctlr/README.md index b92152ce3..75fca57a0 100644 --- a/operator/helm-charts/f5-bigip-ctlr/README.md +++ b/operator/helm-charts/f5-bigip-ctlr/README.md @@ -43,7 +43,7 @@ Parameter | Required | Description | Default ----------|-------------|-------------|-------- bigip_login_secret | Required | Secret that contains BIG-IP login credentials | f5-bigip-ctlr-login args.bigip_url | Required | The management IP for your BIG-IP device | **Required**, no default -args.partition | Required | BIG-IP partition the CIS Controller will manage | f5-bigip-ctlr +args.bigip_partition | Required | BIG-IP partition the CIS Controller will manage | f5-bigip-ctlr args.namespaces | Optional | List of Kubernetes namespaces which CIS will monitor | empty rbac.create | Optional | Create ClusterRole and ClusterRoleBinding | true serviceAccount.name | Optional | name of the ServiceAccount for CIS controller | f5-bigip-ctlr-serviceaccount @@ -52,6 +52,7 @@ namespace | Optional | name of namespace CIS will use to create deployment and o image.user | Optional | CIS Controller image repository username | f5networks image.repo | Optional | CIS Controller image repository name | k8s-bigip-ctlr image.pullPolicy | Optional | CIS Controller image pull policy | Always +image.pullSecrets | Optional | List of secrets of container registry to pull image | empty version | Optional | CIS Controller image tag | latest nodeSelector | Optional | dictionary of Node selector labels | empty tolerations | Optional | Array of labels | empty diff --git a/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrole.yaml b/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrole.yaml index f43bb6680..3d7857ad5 100644 --- a/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrole.yaml +++ b/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrole.yaml @@ -1,6 +1,6 @@ {{- if .Values.rbac.create -}} kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ template "f5-bigip-ctlr.fullname" . }} labels: @@ -92,4 +92,5 @@ rules: resources: - customresourcedefinitions {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} + diff --git a/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrolebinding.yaml b/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrolebinding.yaml index 0b7bf6ddb..aba54704d 100644 --- a/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrolebinding.yaml +++ b/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrolebinding.yaml @@ -1,6 +1,6 @@ {{- if .Values.rbac.create -}} kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ template "f5-bigip-ctlr.fullname" . }} namespace: {{ template "f5-bigip-ctlr.namespace" . }} diff --git a/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-customresourcedefinitions.yml b/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-customresourcedefinitions.yml deleted file mode 100644 index c06683b74..000000000 --- a/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-customresourcedefinitions.yml +++ /dev/null @@ -1,464 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/instance: f5-bigip-ctlr - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: f5-bigip-ctlr - name: virtualservers.cis.f5.com -spec: - group: cis.f5.com - names: - kind: VirtualServer - plural: virtualservers - shortNames: - - vs - singular: virtualserver - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - host: - type: string - pattern: '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - httpTraffic: - type: string - ipamLabel: - type: string - snat: - type: string - tlsProfileName: - type: string - rewriteAppRoot: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - waf: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - allowVlans: - items: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_]+\/?)*$' - type: array - iRules: - type: array - items: - type: string - serviceAddress: - type: array - maxItems: 1 - items: - type: object - properties: - arpEnabled: - type: boolean - icmpEcho: - type: string - enum: [enable, disable, selective] - routeAdvertisement: - type: string - enum: [enable, disable, selective, always, any, all] - spanningEnabled: - type: boolean - trafficGroup: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - pools: - type: array - items: - type: object - properties: - path: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - service: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - nodeMemberLabel: - type: string - pattern: '^[a-zA-Z0-9][-A-Za-z0-9_.]{0,61}[a-zA-Z0-9]=[a-zA-Z0-9][-A-Za-z0-9_.]{0,61}[a-zA-Z0-9]$' - servicePort: - type: integer - minimum: 1 - maximum: 65535 - rewrite: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - monitor: - type: object - properties: - type: - type: string - enum: [http, https] - send: - type: string - recv: - type: string - interval: - type: integer - timeout: - type: integer - required: - - type - - send - - interval - virtualServerAddress: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' - virtualServerName: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - virtualServerHTTPPort: - type: integer - minimum: 1 - maximum: 65535 - virtualServerHTTPSPort: - type: integer - minimum: 1 - maximum: 65535 - status: - type: object - properties: - vsAddress: - type: string - additionalPrinterColumns: - - name: host - type: string - description: hostname - jsonPath: .spec.host - - name: tlsProfileName - type: string - description: TLS Profile attached - jsonPath: .spec.tlsProfileName - - name: httpTraffic - type: string - description: Http Traffic Termination - jsonPath: .spec.httpTraffic - - name: ipamLabel - type: string - description: ipamLabel for virtual server - jsonPath: .spec.ipamLabel - - name: virtualServerAddress - type: string - description: IP address of virtualServer - jsonPath: .spec.virtualServerAddress - - name: vsAddress - type: string - description: IP address of virtualServer - jsonPath: .status.vsAddress - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - subresources: - status: {} - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/instance: f5-bigip-ctlr - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: f5-bigip-ctlr - name: tlsprofiles.cis.f5.com -spec: - group: cis.f5.com - names: - kind: TLSProfile - plural: tlsprofiles - shortNames: - - tls - singular: tlsprofile - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - hosts: - type: array - items: - type: string - pattern: '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - tls: - type: object - properties: - termination: - type: string - enum: [edge, reencrypt, passthrough] - clientSSL: - type: string - serverSSL: - type: string - reference: - type: string - required: - - termination - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/instance: f5-bigip-ctlr - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: f5-bigip-ctlr - name: transportservers.cis.f5.com -spec: - group: cis.f5.com - names: - kind: TransportServer - plural: transportservers - shortNames: - - ts - singular: transportserver - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - virtualServerAddress: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' - virtualServerPort: - type: integer - minimum: 1 - maximum: 65535 - virtualServerName: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - mode: - type: string - enum: [standard, performance] - type: - type: string - enum: [tcp, udp] - snat: - type: string - allowVlans: - items: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_]+\/?)*$' - type: array - ipamLabel: - type: string - serviceAddress: - type: array - maxItems: 1 - items: - type: object - properties: - arpEnabled: - type: boolean - icmpEcho: - type: string - enum: [enable, disable, selective] - routeAdvertisement: - type: string - enum: [enable, disable, selective, always, any, all] - spanningEnabled: - type: boolean - trafficGroup: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - pool: - type: object - properties: - service: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - servicePort: - type: integer - minimum: 1 - maximum: 65535 - monitor: - type: object - properties: - type: - type: string - enum: [tcp, udp] - interval: - type: integer - timeout: - type: integer - required: - - type - - interval - required: - - service - - servicePort - required: - - virtualServerPort - - pool - additionalPrinterColumns: - - name: virtualServerAddress - type: string - description: IP address of virtualServer - jsonPath: .spec.virtualServerAddress - - name: virtualServerPort - type: integer - description: Port of virtualServer - jsonPath: .spec.virtualServerPort - - name: pool - type: string - description: Name of service - jsonPath: .spec.pool.service - - name: poolPort - type: string - description: Port of service - jsonPath: .spec.pool.servicePort - - name: Age - type: date - jsonPath: .metadata.creationTimestamp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/instance: f5-bigip-ctlr - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: f5-bigip-ctlr - name: externaldnss.cis.f5.com -spec: - group: cis.f5.com - names: - kind: ExternalDNS - plural: externaldnss - shortNames: - - edns - singular: externaldns - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - domainName: - type: string - pattern: '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - dnsRecordType: - type: string - pattern: 'A' - loadBalanceMethod: - type: string - pools: - type: array - items: - type: object - properties: - name: - type: string - pattern: '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - dataServerName: - type: string - dnsRecordType: - type: string - pattern: 'A' - loadBalanceMethod: - type: string - monitor: - type: object - properties: - type: - type: string - enum: [http, https] - send: - type: string - recv: - type: string - interval: - type: integer - timeout: - type: integer - required: - - type - - send - - interval - required: - - name - - dataServerName - required: - - domainName - additionalPrinterColumns: - - name: domainName - type: string - description: Domain name of virtual server resource - jsonPath: .spec.domainName - - name: Age - type: date - jsonPath: .metadata.creationTimestamp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/instance: f5-bigip-ctlr - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: f5-bigip-ctlr - name: ingresslinks.cis.f5.com -spec: - group: cis.f5.com - names: - kind: IngressLink - shortNames: - - il - singular: ingresslink - plural: ingresslinks - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - virtualServerAddress: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' - iRules: - type: array - items: - type: string - selector: - properties: - matchLabels: - additionalProperties: - type: string - type: object - type: object diff --git a/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-ingress-class.yaml b/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-ingress-class.yaml deleted file mode 100644 index 055731fdb..000000000 --- a/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-ingress-class.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: {{ .Values.ingressClassName | default "f5" }} - annotations: - ingressclass.kubernetes.io/is-default-class: "{{ .Values.isDefaultIngressController | default false }}" -spec: - controller: f5.com/cntr-ingress-svcs diff --git a/operator/manifest/new-f5-bundle/1.8.0/manifests/f5-bigip-ctlr-operator.v1.8.0.clusterserviceversion.yaml b/operator/manifest/new-f5-bundle/1.8.0/manifests/f5-bigip-ctlr-operator.v1.8.0.clusterserviceversion.yaml new file mode 100644 index 000000000..c1b78fb5c --- /dev/null +++ b/operator/manifest/new-f5-bundle/1.8.0/manifests/f5-bigip-ctlr-operator.v1.8.0.clusterserviceversion.yaml @@ -0,0 +1,273 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + name: f5-bigip-ctlr-operator.v1.8.0 + namespace: placeholder + annotations: + alm-examples: >- + [{"apiVersion":"cis.f5.com/v1","kind":"F5BigIpCtlr","metadata":{"name":"f5-server"},"spec":{"args":{"log_as3_response":true,"manage_routes":true,"agent":"as3","log_level":"","route_vserver_addr":"","bigip_partition":"","openshift_sdn_name":"","bigip_url":"","insecure":true,"pool-member-type":""},"bigip_login_secret":"","image":{"pullPolicy":"Always","repo":"k8s-bigip-ctlr","user":"f5networks"},"namespace":"kube-system","rbac":{"create":true},"resources":{},"serviceAccount":{"create":true,"name":null},"version":"latest"}}] + categories: Networking + certified: 'false' + createdAt: '2021-07-14' + description: >- + Operator to install F5 Container Ingress Services (CIS) for BIG-IP. + containerImage: 'registry.connect.redhat.com/f5networks/k8s-bigip-ctlr-operator:latest' + support: F5 Operators Team + capabilities: Basic Install + repository: 'https://github.com/F5Networks/k8s-bigip-ctlr' +spec: + displayName: 'F5 Container Ingress Services' + description: > + ## Introduction + + This Operator installs F5 Container Ingress Services (CIS) for BIG-IP in + your Cluster. This enables to configure and deploy CIS using Helm Charts. + + ## F5 Container Ingress Services for BIG-IP + + F5 Container Ingress Services (CIS) integrates with container orchestration + environments to dynamically create L4/L7 services on F5 BIG-IP systems, and + load balance network traffic across the services. + + Monitoring the orchestration API server, CIS is able to modify the BIG-IP + system configuration based on changes made to containerized applications. + + ## Documentation + + Refer to F5 documentation + + - CIS on OpenShift (https://clouddocs.f5.com/containers/latest/userguide/openshift/) + - OpenShift Routes (https://clouddocs.f5.com/containers/latest/userguide/routes.html) + + ## Prerequisites + + Create BIG-IP login credentials for use with Operator Helm charts. A basic + way be, + + ``` + + oc create secret generic -n kube-system + --from-literal=username= --from-literal=password= + + ``` + + ### Support for Kubernetes networking.k8s.io/v1 Ingress resources + + Create ingress class resource as follows if you are using networking.k8s.io/v1 ingresses in your openshift environment + + ``` + + oc apply -f https://raw.githubusercontent.com/F5Networks/k8s-bigip-ctlr/master/docs/config_examples/ingress/networkingV1/example-default-ingress-class.yaml + + ``` + + ### Support for CIS CustomResources + + Install CRDs manually as follows if using CIS CustomResources (VirtualServer/TransportServer/IngressLink): + + ``` + + oc apply -f https://raw.githubusercontent.com/F5Networks/k8s-bigip-ctlr/master/docs/config_examples/crd/Install/customresourcedefinitions.yml + + ``` + + + maturity: beta + version: 1.8.0 + minKubeVersion: 1.13.0 + keywords: + - Ingress Controller + - BIGIP + - F5 + - container + - router + - application + - delivery + - controller + - waf + - firewall + - loadbalancer + maintainers: + - name: F5 Operators Team + email: f5_cis_operators@f5.com + provider: + name: F5 Networks Inc. + labels: {} + selector: + matchLabels: {} + links: + - name: Documentation + url: 'https://clouddocs.f5.com/containers/latest/' + - name: Github Repo + url: 'https://github.com/F5Networks/k8s-bigip-ctlr/operator' + icon: + - base64data: >- +  + mediatype: image/png + customresourcedefinitions: + owned: + - name: f5bigipctlrs.cis.f5.com + displayName: F5BigIpCtlr + kind: F5BigIpCtlr + version: v1 + description: >- + This CRD provides kind `F5BigIpCtlr` to configure and deploy F5 BIG-IP + Controller. + resources: + - version: v1 + kind: Deployment + - version: v1 + kind: Service + - version: v1 + kind: ReplicaSet + - version: v1 + kind: Pod + - version: v1 + kind: Secret + - version: v1 + kind: ConfigMap + specDescriptors: + - description: Version is a read-only field. It contains the current version of F5 BIG-IP Controller Operator. + displayName: Version + path: version + statusDescriptors: + - path: phase + displayName: Status + description: Status of the F5 Container Ingress Services Operator. + x-descriptors: + - 'urn:alm:descriptor:io.kubernetes.phase' + required: [] + install: + strategy: deployment + spec: + clusterPermissions: + - serviceAccountName: f5-bigip-ctlr-operator + rules: + - apiGroups: + - '' + resources: + - pods + - services + - services/finalizers + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - serviceaccounts + verbs: + - '*' + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' + - apiGroups: + - '' + resources: + - namespaces + verbs: + - '*' + - apiGroups: + - '' + resources: + - configmaps + - secrets + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - f5-bigip-ctlr-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - '' + resources: + - pods + verbs: + - get + - apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get + - apiGroups: + - cis.f5.com + resources: + - '*' + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' + - apiGroups: + - charts.helm.k8s.io + resources: + - '*' + verbs: + - '*' + deployments: + - name: f5-bigip-ctlr-operator + spec: + replicas: 1 + selector: + matchLabels: + name: f5-bigip-ctlr-operator + template: + metadata: + labels: + name: f5-bigip-ctlr-operator + spec: + serviceAccountName: f5-bigip-ctlr-operator + containers: + - name: f5-bigip-ctlr-operator + image: registry.connect.redhat.com/f5networks/k8s-bigip-ctlr-operator:latest + imagePullPolicy: Always + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: f5-bigip-ctlr-operator + installModes: + - type: OwnNamespace + supported: true + - type: SingleNamespace + supported: true + - type: MultiNamespace + supported: true + - type: AllNamespaces + supported: true \ No newline at end of file diff --git a/operator/manifest/new-f5-bundle/1.8.0/manifests/f5bigipctlrs.cis.f5.com.crd.yaml b/operator/manifest/new-f5-bundle/1.8.0/manifests/f5bigipctlrs.cis.f5.com.crd.yaml new file mode 100644 index 000000000..9e6743024 --- /dev/null +++ b/operator/manifest/new-f5-bundle/1.8.0/manifests/f5bigipctlrs.cis.f5.com.crd.yaml @@ -0,0 +1,19 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: f5bigipctlrs.cis.f5.com +spec: + group: cis.f5.com + names: + kind: F5BigIpCtlr + listKind: F5BigIpCtlrList + plural: f5bigipctlrs + singular: f5bigipctlr + scope: Namespaced + subresources: + status: {} + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/operator/manifest/new-f5-bundle/1.8.0/metadata/annotations.yaml b/operator/manifest/new-f5-bundle/1.8.0/metadata/annotations.yaml new file mode 100644 index 000000000..80acdf034 --- /dev/null +++ b/operator/manifest/new-f5-bundle/1.8.0/metadata/annotations.yaml @@ -0,0 +1,7 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: beta + operators.operatorframework.io.bundle.channels.v1: beta + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: f5-bigip-ctlr-operator diff --git a/operator/manifest/new-f5-bundle/Dockerfile b/operator/manifest/new-f5-bundle/Dockerfile index d8d2488a1..43d0a1080 100644 --- a/operator/manifest/new-f5-bundle/Dockerfile +++ b/operator/manifest/new-f5-bundle/Dockerfile @@ -7,8 +7,8 @@ LABEL operators.operatorframework.io.bundle.package.v1=f5-bigip-ctlr-operator LABEL operators.operatorframework.io.bundle.channels.v1=beta LABEL operators.operatorframework.io.bundle.channel.default.v1=beta -COPY 1.7.0/manifests /manifests/ -COPY 1.7.0/metadata /metadata/ +COPY 1.8.0/manifests /manifests/ +COPY 1.8.0/metadata /metadata/ LABEL com.redhat.openshift.versions="v4.5,v4.6" LABEL com.redhat.delivery.backport=true LABEL com.redhat.delivery.operator.bundle=true