IBM Platform Certification - Linter issue fixes (#1829)

Co-authored-by: Nitin SRIVASTAV <[email protected]>
F5Networks · May 17, 2021 · b0c3c70 · b0c3c70
1 parent 21cfa89
commit b0c3c70
Show file tree

Hide file tree

Showing 10 changed files with 133 additions and 23 deletions.
diff --git a/operator/build/Dockerfile b/operator/build/Dockerfile
@@ -1,4 +1,4 @@
-FROM quay.io/operator-framework/helm-operator:latest
+FROM quay.io/operator-framework/helm-operator:v1.6.4
 
 ### Required OpenShift Labels
 LABEL name="F5 BIG-IP Controller Operator" \

diff --git a/operator/helm-charts/f5-bigip-ctlr/Chart.yaml b/operator/helm-charts/f5-bigip-ctlr/Chart.yaml
@@ -1,4 +1,4 @@
 apiVersion: v1
 description: Deploy the F5 Networks BIG-IP Controller for Kubernetes and OpenShift (k8s-bigip-ctlr).
 name: f5-bigip-ctlr
-version: 0.0.13
+version: 0.0.14
diff --git a/operator/helm-charts/f5-bigip-ctlr/README.md b/operator/helm-charts/f5-bigip-ctlr/README.md
@@ -44,6 +44,7 @@ Parameter | Required | Description | Default
 bigip_login_secret | Required |  Secret that contains BIG-IP login credentials | f5-bigip-ctlr-login
 args.bigip_url | Required | The management IP for your BIG-IP device | **Required**, no default
 args.partition | Required | BIG-IP partition the CIS Controller will manage | f5-bigip-ctlr
+args.namespaces | Optional | List of Kubernetes namespaces which CIS will monitor | empty
 rbac.create | Optional | Create ClusterRole and ClusterRoleBinding | true
 serviceAccount.name | Optional | name of the ServiceAccount for CIS controller | f5-bigip-ctlr-serviceaccount
 serviceAccount.create | Optional | Create service account for the CIS controller | true
@@ -54,9 +55,14 @@ image.pullPolicy | Optional | CIS Controller image pull policy | Always
 version | Optional | CIS Controller image tag | latest
 nodeSelector | Optional | dictionary of Node selector labels | empty
 tolerations | Optional | Array of labels | empty
-livenessProbe | Optional | dictionary of Node selector labels | empty
-readinessProbe | Optional | dictionary of Node selector labels | empty
-resources | Optional | resources to be allocated to the pod | empty
+limits_cpu | Optional | CPU limits for the pod | 100m
+limits_memory | Optional | Memory limits for the pod | 512Mi
+requests_cpu | Optional | CPU request for the pod | 100m
+requests_memory | Optional | Memory request for the pod | 512Mi
+affinity | Optional | Dictionary of affinity | empty
+securityContext | Optional | Dictionary of securityContext | empty
+
+
 
 
 

diff --git a/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrole.yaml b/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrole.yaml
@@ -4,6 +4,9 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: {{ template "f5-bigip-ctlr.fullname" . }}
   labels:
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }}
     app: {{ template "f5-bigip-ctlr.name" . }}
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     release: {{ .Release.Name }}
@@ -50,6 +53,7 @@ rules:
       - list
       - watch
       - update
+      - patch
     apiGroups:
       - cis.f5.com
     resources:
@@ -67,6 +71,7 @@ rules:
       - update
       - create
       - patch
+      - delete
     apiGroups:
       - fic.f5.com
     resources:

diff --git a/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrolebinding.yaml b/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrolebinding.yaml
@@ -5,6 +5,9 @@ metadata:
   name: {{ template "f5-bigip-ctlr.fullname" . }}
   namespace: {{ template "f5-bigip-ctlr.namespace" . }}
   labels:
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }}
     app: {{ template "f5-bigip-ctlr.name" . }}
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     release: {{ .Release.Name }}

diff --git a/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-customresourcedefinitions.yml b/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-customresourcedefinitions.yml
@@ -1,6 +1,10 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
+  labels:
+    app.kubernetes.io/instance: f5-bigip-ctlr
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: f5-bigip-ctlr
   name: virtualservers.cis.f5.com
 spec:
   group: cis.f5.com
@@ -121,6 +125,11 @@ spec:
                   type: integer
                   minimum: 1
                   maximum: 65535
+            status:
+              type: object
+              properties:
+                vsAddress:
+                  type: string
       additionalPrinterColumns:
         - name: host
           type: string
@@ -142,14 +151,24 @@ spec:
           type: string
           description: IP address of virtualServer
           jsonPath: .spec.virtualServerAddress
+        - name: vsAddress
+          type: string
+          description: IP address of virtualServer
+          jsonPath: .status.vsAddress
         - name: Age
           type: date
           jsonPath: .metadata.creationTimestamp
+      subresources:
+        status: {}
 
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
+  labels:
+    app.kubernetes.io/instance: f5-bigip-ctlr
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: f5-bigip-ctlr
   name: tlsprofiles.cis.f5.com
 spec:
   group: cis.f5.com
@@ -196,6 +215,10 @@ spec:
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
+  labels:
+    app.kubernetes.io/instance: f5-bigip-ctlr
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: f5-bigip-ctlr
   name: transportservers.cis.f5.com
 spec:
   group: cis.f5.com
@@ -315,6 +338,10 @@ spec:
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
+  labels:
+    app.kubernetes.io/instance: f5-bigip-ctlr
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: f5-bigip-ctlr
   name: externaldnss.cis.f5.com
 spec:
   group: cis.f5.com
@@ -395,6 +422,10 @@ spec:
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
+  labels:
+    app.kubernetes.io/instance: f5-bigip-ctlr
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: f5-bigip-ctlr
   name: ingresslinks.cis.f5.com
 spec:
   group: cis.f5.com

diff --git a/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-deploy.yaml b/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-deploy.yaml
@@ -11,6 +11,9 @@ metadata:
   name: {{ template "f5-bigip-ctlr.fullname" . }}
   namespace: {{ template "f5-bigip-ctlr.namespace" . }}
   labels:
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }}
     app: {{ template "f5-bigip-ctlr.name" . }}
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "-" }}
     release: {{ .Release.Name }}
@@ -23,27 +26,65 @@ spec:
   template:
     metadata:
       labels:
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }}
         app: {{ template "f5-bigip-ctlr.name" . }}
         release: {{ .Release.Name }}
     spec:
+{{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+{{- end }}
       serviceAccountName: {{ template "f5-bigip-ctlr.serviceAccountName" . }}
 {{- if .Values.image.pullSecrets }}
       imagePullSecrets:
       {{- range $pullSecret := .Values.image.pullSecrets }}
         - name: {{ $pullSecret }}
       {{- end }}
 {{- end }}
+      securityContext:
+        {{- $securityContext := .Values.securityContext | default dict }}
+        {{- if $securityContext.runAsUser }}
+        runAsUser: {{ $securityContext.runAsUser }}
+        {{- else }}
+          runAsUser: 1000
+        {{- end }}
+        {{- $securityContext := .Values.securityContext | default dict }}
+        {{- if $securityContext.runAsGroup }}
+        runAsGroup: {{ $securityContext.runAsGroup }}
+        {{- else }}
+          runAsGroup: 1000
+        {{- end }}
+        {{- $securityContext := .Values.securityContext | default dict }}
+        {{- if $securityContext.fsGroup }}
+        fsGroup: {{ $securityContext.fsGroup }}
+        {{- else }}
+          fsGroup: 1000
+        {{- end }}
       containers:
       - name: {{ template "f5-bigip-ctlr.name" . }}
         image: "{{ .Values.image.user }}/{{ .Values.image.repo }}:{{ .Values.version }}"
-{{- if.Values.livenessProbe }}
         livenessProbe:
-{{ toYaml .Values.livenessProbe | indent 10 }}
-{{- end}}
-{{- if.Values.readinessProbe }}
+          failureThreshold: 3
+          httpGet:
+            path: /health
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 15
+          periodSeconds: 15
+          successThreshold: 1
+          timeoutSeconds: 15
         readinessProbe:
-{{ toYaml .Values.readinessProbe | indent 10 }}
-{{- end}}
+          failureThreshold: 3
+          httpGet:
+            path: /health
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 30
+          periodSeconds: 30
+          successThreshold: 1
+          timeoutSeconds: 15
         volumeMounts:
         - name: bigip-creds
           mountPath: "/tmp/creds"
@@ -54,9 +95,23 @@ spec:
         args:
         - --credentials-directory
         - /tmp/creds
+        {{- $ns := .Values.args.namespaces }}
         {{- range $key, $value := .Values.args }}
+        {{- if eq $key "namespaces" }}
+        {{- range $ns}}
+        - --namespace={{ . }}
+        {{- end }}
+        {{- else }}
         - --{{ $key | replace "_" "-"}}={{ $value }}
         {{- end }}
+        {{- end }}
+        resources:
+          limits:
+            cpu: {{ .Values.limits_cpu | default "100m" }}
+            memory: {{ .Values.limits_memory | default "512Mi" }}
+          requests:
+            cpu: {{ .Values.requests_cpu | default "100m" }}
+            memory: {{ .Values.requests_memory | default "512Mi" }}
 {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}

diff --git a/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-serviceaccount.yaml b/operator/helm-charts/f5-bigip-ctlr/templates/f5-bigip-ctlr-serviceaccount.yaml
@@ -6,6 +6,9 @@ metadata:
   name: {{ template "f5-bigip-ctlr.serviceAccountName" . }}
   namespace: {{ template "f5-bigip-ctlr.namespace" . }}
   labels:
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }}
     app: {{ template "f5-bigip-ctlr.name" . }}
     chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     release: {{ .Release.Name }}

diff --git a/operator/helm-charts/f5-bigip-ctlr/values.yaml b/operator/helm-charts/f5-bigip-ctlr/values.yaml
@@ -34,7 +34,7 @@ args:
   # KUBERNETES
   # default_ingress_ip:
   # kubeconfig:
-  # namespace:
+  # namespaces: ["foo", "bar"]
   # namespace_label:
   # node_label_selector:
   # pool_member_type:
@@ -54,13 +54,20 @@ image:
   user: f5networks
   repo: k8s-bigip-ctlr
   pullPolicy: Always
-resources: {}
-  # If you want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-#  memory: 128Mi
-version: latest
+#  version: latest
+# affinity:
+#   nodeAffinity:
+#     requiredDuringSchedulingIgnoredDuringExecution:
+#       nodeSelectorTerms:
+#       - matchExpressions:
+#         - key: kubernetes.io/arch
+#           operator: Exists
+# securityContext:
+#   runAsUser: 1000
+#   runAsGroup: 3000
+#   fsGroup: 2000
+# If you want to specify resources, uncomment the following
+# limits_cpu: 100m
+# limits_memory: 512Mi
+# requests_cpu: 100m
+# requests_memory: 512Mi
diff --git a/...st/new-f5-bundle/1.7.0/manifests/f5-bigip-ctlr-operator.v1.7.0.clusterserviceversion.yaml b/...st/new-f5-bundle/1.7.0/manifests/f5-bigip-ctlr-operator.v1.7.0.clusterserviceversion.yaml
@@ -8,7 +8,7 @@ metadata:
       [{"apiVersion":"cis.f5.com/v1","kind":"F5BigIpCtlr","metadata":{"name":"f5-server"},"spec":{"args":{"log_as3_response":true,"manage_routes":true,"agent":"as3","log_level":"<DEBUG_OR_INFO>","route_vserver_addr":"<IP_ADDRESS>","bigip_partition":"<BIGIP_PARTITION>","openshift_sdn_name":"</BIGIP_PARTITION/SDN_NAME>","bigip_url":"<BIGIP_IP_ADDRESS>","insecure":true,"pool-member-type":"<CLUSTER_OR_NODEPORT_OR_LOADBALANCER>"},"bigip_login_secret":"<BIGIP_LOGIN_K8S_SECRET>","image":{"pullPolicy":"Always","repo":"k8s-bigip-ctlr","user":"f5networks"},"namespace":"kube-system","rbac":{"create":true},"resources":{},"serviceAccount":{"create":true,"name":null},"version":"latest"}}]
     categories: Networking
     certified: 'false'
-    createdAt: '2021-04-19'
+    createdAt: '2021-05-19'
     description: >-
       Operator to install F5 Container Ingress Services (CIS) for BIG-IP.
     containerImage: 'registry.connect.redhat.com/f5networks/k8s-bigip-ctlr-operator:latest'