diff --git a/assets/f5-container-ingress-services/f5-bigip-ctlr-0.0.1901.tgz b/assets/f5-container-ingress-services/f5-bigip-ctlr-0.0.1901.tgz new file mode 100644 index 000000000..77a46ecf2 Binary files /dev/null and b/assets/f5-container-ingress-services/f5-bigip-ctlr-0.0.1901.tgz differ diff --git a/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/.helmignore b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/Chart.yaml b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/Chart.yaml new file mode 100644 index 000000000..d2ebab78f --- /dev/null +++ b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/Chart.yaml @@ -0,0 +1,30 @@ +annotations: + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://clouddocs.f5.com/containers/latest + artifacthub.io/prerelease: "false" + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: F5 Container Ingress Services for Kubernetes and + OpenShift + catalog.cattle.io/release-name: f5-bigip-ctlr +apiVersion: v1 +description: Deploy the F5 Networks BIG-IP Controller for Kubernetes and OpenShift + (k8s-bigip-ctlr). +home: https://www.f5.com/products/automation-and-orchestration/container-ingress-services +icon: https://avatars.githubusercontent.com/u/8935905?s=200&v=4 +keywords: +- F5 +- BIG-IP +- Containers +- Kubernetes +- OpenShift +kubeVersion: 1.20.0-0 - 1.23.0-0 +maintainers: +- email: f5_cis_operators@f5.com + name: F5CISSupport +name: f5-bigip-ctlr +sources: +- https://github.com/F5Networks/k8s-bigip-ctlr +- https://github.com/F5Networks/charts +version: 0.0.1901 diff --git a/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/README.md b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/README.md new file mode 100644 index 000000000..6f28ef779 --- /dev/null +++ b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/README.md @@ -0,0 +1,87 @@ +# Helm Chart for the F5 Container Ingress Services + +This chart simplifies repeatable, versioned deployment of the [Container Ingress Services](https://clouddocs.f5.com/containers/latest/). + +### Prerequisites +- Refer to [CIS Prerequisites](https://clouddocs.f5.com/containers/latest/userguide/cis-helm.html#prerequisites) to install Container Ingress Services on Kubernetes or Openshift +- [Helm 3](https://helm.sh/docs/intro/) should be installed. + + +## Installing CIS Using Helm Charts + +This is the simplest way to install the CIS on OpenShift/Kubernetes cluster. Helm is a package manager for Kubernetes. Helm is Kubernetes version of yum or apt. Helm deploys something called charts, which you can think of as a packaged application. It is a collection of all your versioned, pre-configured application resources which can be deployed as one unit. This chart creates a Deployment for one Pod containing the [k8s-bigip-ctlr](https://clouddocs.f5.com/containers/latest/), it's supporting RBAC, Service Account and Custom Resources Definition installations. + +## Installing the Chart + +- Add BIG-IP credentials as K8S secrets. + +For Kubernetes, use the following command: + +```kubectl create secret generic f5-bigip-ctlr-login -n kube-system --from-literal=username=admin --from-literal=password=``` + +For OpenShift, use the following command: + +```oc create secret generic f5-bigip-ctlr-login -n kube-system --from-literal=username=admin --from-literal=password=``` + +- Add the CIS chart repository in Helm using following command: + +```helm repo add f5-stable https://f5networks.github.io/charts/stable``` + +- Create values.yaml as shown in [examples](https://github.com/F5Networks/charts/tree/master/example_values/f5-bigip-ctlr): + +- Install the Helm chart using the following command: + +```helm install -f values.yaml f5-stable/f5-bigip-ctlr``` + +- Install the Helm chart with skip crds (without custom resource definitions installations) + +```helm install --skip-crds -f values.yaml f5-stable/f5-bigip-ctlr``` + +## Chart parameters: + +Parameter | Required | Description | Default +----------|-------------|-------------|-------- +bigip_login_secret | Required | Secret that contains BIG-IP login credentials | f5-bigip-ctlr-login +args.bigip_url | Required | The management IP for your BIG-IP device | **Required**, no default +args.bigip_partition | Required | BIG-IP partition the CIS Controller will manage | f5-bigip-ctlr +args.namespaces | Optional | List of Kubernetes namespaces which CIS will monitor | empty +rbac.create | Optional | Create ClusterRole and ClusterRoleBinding | true +serviceAccount.name | Optional | name of the ServiceAccount for CIS controller | f5-bigip-ctlr-serviceaccount +serviceAccount.create | Optional | Create service account for the CIS controller | true +namespace | Optional | name of namespace CIS will use to create deployment and other resources | kube-system +image.user | Optional | CIS Controller image repository username | f5networks +image.repo | Optional | CIS Controller image repository name | k8s-bigip-ctlr +image.pullPolicy | Optional | CIS Controller image pull policy | Always +image.pullSecrets | Optional | List of secrets of container registry to pull image | empty +version | Optional | CIS Controller image tag | latest +nodeSelector | Optional | dictionary of Node selector labels | empty +tolerations | Optional | Array of labels | empty +limits_cpu | Optional | CPU limits for the pod | 100m +limits_memory | Optional | Memory limits for the pod | 512Mi +requests_cpu | Optional | CPU request for the pod | 100m +requests_memory | Optional | Memory request for the pod | 512Mi +affinity | Optional | Dictionary of affinity | empty +securityContext | Optional | Dictionary of securityContext | empty +ingressClass.ingressClassName | Optional | Name of ingress class | f5 +ingressClass.defaultIngressController | Optional | CIS will monitor all the ingresses resource if set true | false +ingressClass.create | Optional | Create ingress class | true + + + + + + +See the CIS documentation for a full list of args supported for CIS [CIS Configuration Options](https://clouddocs.f5.com/containers/latest/userguide/config-parameters.html) + +> **Note:** Helm value names cannot include the character `-` which is commonly used in the names of parameters passed to the controller. To accomodate Helm, the parameter names in `values.yaml` use `_` and then replace them with `-` when rendering. +> e.g. `args.bigip_url` is rendered as `bigip-url` as required by the CIS Controller. + + +If you have a specific use case for F5 products in the Kubernetes environment that would benefit from a curated chart, please [open an issue](https://github.com/F5Networks/charts/issues) describing your use case and providing example resources. + +## Uninstalling Helm Chart + +Run the following command to uninstall the chart. + +```helm uninstall ``` + diff --git a/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/app-readme.md b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/app-readme.md new file mode 100644 index 000000000..6f28ef779 --- /dev/null +++ b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/app-readme.md @@ -0,0 +1,87 @@ +# Helm Chart for the F5 Container Ingress Services + +This chart simplifies repeatable, versioned deployment of the [Container Ingress Services](https://clouddocs.f5.com/containers/latest/). + +### Prerequisites +- Refer to [CIS Prerequisites](https://clouddocs.f5.com/containers/latest/userguide/cis-helm.html#prerequisites) to install Container Ingress Services on Kubernetes or Openshift +- [Helm 3](https://helm.sh/docs/intro/) should be installed. + + +## Installing CIS Using Helm Charts + +This is the simplest way to install the CIS on OpenShift/Kubernetes cluster. Helm is a package manager for Kubernetes. Helm is Kubernetes version of yum or apt. Helm deploys something called charts, which you can think of as a packaged application. It is a collection of all your versioned, pre-configured application resources which can be deployed as one unit. This chart creates a Deployment for one Pod containing the [k8s-bigip-ctlr](https://clouddocs.f5.com/containers/latest/), it's supporting RBAC, Service Account and Custom Resources Definition installations. + +## Installing the Chart + +- Add BIG-IP credentials as K8S secrets. + +For Kubernetes, use the following command: + +```kubectl create secret generic f5-bigip-ctlr-login -n kube-system --from-literal=username=admin --from-literal=password=``` + +For OpenShift, use the following command: + +```oc create secret generic f5-bigip-ctlr-login -n kube-system --from-literal=username=admin --from-literal=password=``` + +- Add the CIS chart repository in Helm using following command: + +```helm repo add f5-stable https://f5networks.github.io/charts/stable``` + +- Create values.yaml as shown in [examples](https://github.com/F5Networks/charts/tree/master/example_values/f5-bigip-ctlr): + +- Install the Helm chart using the following command: + +```helm install -f values.yaml f5-stable/f5-bigip-ctlr``` + +- Install the Helm chart with skip crds (without custom resource definitions installations) + +```helm install --skip-crds -f values.yaml f5-stable/f5-bigip-ctlr``` + +## Chart parameters: + +Parameter | Required | Description | Default +----------|-------------|-------------|-------- +bigip_login_secret | Required | Secret that contains BIG-IP login credentials | f5-bigip-ctlr-login +args.bigip_url | Required | The management IP for your BIG-IP device | **Required**, no default +args.bigip_partition | Required | BIG-IP partition the CIS Controller will manage | f5-bigip-ctlr +args.namespaces | Optional | List of Kubernetes namespaces which CIS will monitor | empty +rbac.create | Optional | Create ClusterRole and ClusterRoleBinding | true +serviceAccount.name | Optional | name of the ServiceAccount for CIS controller | f5-bigip-ctlr-serviceaccount +serviceAccount.create | Optional | Create service account for the CIS controller | true +namespace | Optional | name of namespace CIS will use to create deployment and other resources | kube-system +image.user | Optional | CIS Controller image repository username | f5networks +image.repo | Optional | CIS Controller image repository name | k8s-bigip-ctlr +image.pullPolicy | Optional | CIS Controller image pull policy | Always +image.pullSecrets | Optional | List of secrets of container registry to pull image | empty +version | Optional | CIS Controller image tag | latest +nodeSelector | Optional | dictionary of Node selector labels | empty +tolerations | Optional | Array of labels | empty +limits_cpu | Optional | CPU limits for the pod | 100m +limits_memory | Optional | Memory limits for the pod | 512Mi +requests_cpu | Optional | CPU request for the pod | 100m +requests_memory | Optional | Memory request for the pod | 512Mi +affinity | Optional | Dictionary of affinity | empty +securityContext | Optional | Dictionary of securityContext | empty +ingressClass.ingressClassName | Optional | Name of ingress class | f5 +ingressClass.defaultIngressController | Optional | CIS will monitor all the ingresses resource if set true | false +ingressClass.create | Optional | Create ingress class | true + + + + + + +See the CIS documentation for a full list of args supported for CIS [CIS Configuration Options](https://clouddocs.f5.com/containers/latest/userguide/config-parameters.html) + +> **Note:** Helm value names cannot include the character `-` which is commonly used in the names of parameters passed to the controller. To accomodate Helm, the parameter names in `values.yaml` use `_` and then replace them with `-` when rendering. +> e.g. `args.bigip_url` is rendered as `bigip-url` as required by the CIS Controller. + + +If you have a specific use case for F5 products in the Kubernetes environment that would benefit from a curated chart, please [open an issue](https://github.com/F5Networks/charts/issues) describing your use case and providing example resources. + +## Uninstalling Helm Chart + +Run the following command to uninstall the chart. + +```helm uninstall ``` + diff --git a/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/crds/f5-bigip-ctlr-customresourcedefinitions.yml b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/crds/f5-bigip-ctlr-customresourcedefinitions.yml new file mode 100644 index 000000000..1c559a4b6 --- /dev/null +++ b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/crds/f5-bigip-ctlr-customresourcedefinitions.yml @@ -0,0 +1,646 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/instance: f5-bigip-ctlr + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: f5-bigip-ctlr + name: virtualservers.cis.f5.com +spec: + group: cis.f5.com + names: + kind: VirtualServer + plural: virtualservers + shortNames: + - vs + singular: virtualserver + scope: Namespaced + versions: + - + name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + host: + type: string + pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' + hostGroup: + type: string + pattern: '^([A-z0-9-_+])*([A-z0-9])$' + httpTraffic: + type: string + ipamLabel: + type: string + snat: + type: string + tlsProfileName: + type: string + persistenceProfile: + type: string + policyName: + type: string + pattern: '^([A-z0-9-_+])*([A-z0-9])$' + rewriteAppRoot: + type: string + pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' + waf: + type: string + pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' + allowVlans: + items: + type: string + pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_]+\/?)*$' + type: array + iRules: + type: array + items: + type: string + serviceAddress: + type: array + maxItems: 1 + items: + type: object + properties: + arpEnabled: + type: boolean + icmpEcho: + type: string + enum: [enable, disable, selective] + routeAdvertisement: + type: string + enum: [enable, disable, selective, always, any, all] + spanningEnabled: + type: boolean + trafficGroup: + type: string + pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' + pools: + type: array + items: + type: object + properties: + path: + type: string + pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' + service: + type: string + pattern: '^([A-z0-9-_+])*([A-z0-9])$' + nodeMemberLabel: + type: string + pattern: '^[a-zA-Z0-9][-A-Za-z0-9_.\/]{0,61}[a-zA-Z0-9]=[a-zA-Z0-9][-A-Za-z0-9_.]{0,61}[a-zA-Z0-9]$' + servicePort: + type: integer + minimum: 1 + maximum: 65535 + rewrite: + type: string + pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' + monitor: + type: object + properties: + type: + type: string + enum: [http, https] + send: + type: string + recv: + type: string + interval: + type: integer + timeout: + type: integer + required: + - type + - send + - interval + virtualServerAddress: + type: string + pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$' + virtualServerName: + type: string + pattern: '^([A-z0-9-_+])*([A-z0-9])$' + virtualServerHTTPPort: + type: integer + minimum: 1 + maximum: 65535 + virtualServerHTTPSPort: + type: integer + minimum: 1 + maximum: 65535 + status: + type: object + properties: + vsAddress: + type: string + default: None + status: + type: string + default: Pending + additionalPrinterColumns: + - name: host + type: string + description: hostname + jsonPath: .spec.host + - name: tlsProfileName + type: string + description: TLS Profile attached + jsonPath: .spec.tlsProfileName + - name: httpTraffic + type: string + description: Http Traffic Termination + jsonPath: .spec.httpTraffic + - name: IPAddress + type: string + description: IP address of virtualServer + jsonPath: .spec.virtualServerAddress + - name: ipamLabel + type: string + description: ipamLabel for virtual server + jsonPath: .spec.ipamLabel + - name: IPAMVSAddress + type: string + description: IP address of virtualServer + jsonPath: .status.vsAddress + - name: STATUS + type: string + description: status of VirtualServer + jsonPath: .status.status + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/instance: f5-bigip-ctlr + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: f5-bigip-ctlr + name: tlsprofiles.cis.f5.com +spec: + group: cis.f5.com + names: + kind: TLSProfile + plural: tlsprofiles + shortNames: + - tls + singular: tlsprofile + scope: Namespaced + versions: + - + name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + hosts: + type: array + items: + type: string + pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' + tls: + type: object + properties: + termination: + type: string + enum: [edge, reencrypt, passthrough] + clientSSL: + type: string + serverSSL: + type: string + reference: + type: string + required: + - termination + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/instance: f5-bigip-ctlr + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: f5-bigip-ctlr + name: transportservers.cis.f5.com +spec: + group: cis.f5.com + names: + kind: TransportServer + plural: transportservers + shortNames: + - ts + singular: transportserver + scope: Namespaced + versions: + - + name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + virtualServerAddress: + type: string + pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$' + virtualServerPort: + type: integer + minimum: 1 + maximum: 65535 + virtualServerName: + type: string + pattern: '^([A-z0-9-_+])*([A-z0-9])$' + host: + type: string + pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' + policyName: + type: string + pattern: '^([A-z0-9-_+])*([A-z0-9])$' + mode: + type: string + enum: [standard, performance] + type: + type: string + enum: [tcp, udp] + snat: + type: string + persistenceProfile: + type: string + allowVlans: + items: + type: string + pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_]+\/?)*$' + type: array + iRules: + type: array + items: + type: string + ipamLabel: + type: string + serviceAddress: + type: array + maxItems: 1 + items: + type: object + properties: + arpEnabled: + type: boolean + icmpEcho: + type: string + enum: [enable, disable, selective] + routeAdvertisement: + type: string + enum: [enable, disable, selective, always, any, all] + spanningEnabled: + type: boolean + trafficGroup: + type: string + pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' + pool: + type: object + properties: + service: + type: string + pattern: '^([A-z0-9-_+])*([A-z0-9])$' + servicePort: + type: integer + minimum: 1 + maximum: 65535 + monitor: + type: object + properties: + type: + type: string + enum: [tcp, udp] + interval: + type: integer + timeout: + type: integer + required: + - type + - interval + required: + - service + - servicePort + required: + - virtualServerPort + - pool + status: + type: object + properties: + vsAddress: + type: string + default: None + status: + type: string + default: Pending + additionalPrinterColumns: + - name: virtualServerAddress + type: string + description: IP address of virtualServer + jsonPath: .spec.virtualServerAddress + - name: virtualServerPort + type: integer + description: Port of virtualServer + jsonPath: .spec.virtualServerPort + - name: pool + type: string + description: Name of service + jsonPath: .spec.pool.service + - name: poolPort + type: string + description: Port of service + jsonPath: .spec.pool.servicePort + - name: ipamLabel + type: string + description: ipamLabel for transport server + jsonPath: .spec.ipamLabel + - name: IPAMVSAddress + type: string + description: IP address of transport server + jsonPath: .status.vsAddress + - name: STATUS + type: string + description: status of TransportServer + jsonPath: .status.status + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: { } +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/instance: f5-bigip-ctlr + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: f5-bigip-ctlr + name: externaldnses.cis.f5.com +spec: + group: cis.f5.com + names: + kind: ExternalDNS + plural: externaldnses + shortNames: + - edns + singular: externaldns + scope: Namespaced + versions: + - + name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + domainName: + type: string + pattern: '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' + dnsRecordType: + type: string + pattern: 'A' + loadBalanceMethod: + type: string + pools: + type: array + items: + type: object + properties: + dataServerName: + type: string + dnsRecordType: + type: string + pattern: 'A' + loadBalanceMethod: + type: string + monitor: + type: object + properties: + type: + type: string + enum: [http, https, tcp] + send: + type: string + recv: + type: string + interval: + type: integer + timeout: + type: integer + required: + - type + - interval + monitors: + type: array + items: + type: object + properties: + type: + type: string + enum: [http, https, tcp] + send: + type: string + recv: + type: string + interval: + type: integer + timeout: + type: integer + required: + - type + - interval + required: + - dataServerName + required: + - domainName + additionalPrinterColumns: + - name: domainName + type: string + description: Domain name of virtual server resource + jsonPath: .spec.domainName + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: CREATED ON + type: string + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/instance: f5-bigip-ctlr + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: f5-bigip-ctlr + name: ingresslinks.cis.f5.com +spec: + group: cis.f5.com + names: + kind: IngressLink + shortNames: + - il + singular: ingresslink + plural: ingresslinks + scope: Namespaced + versions: + - + name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + virtualServerAddress: + type: string + pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' + host: + type: string + pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' + ipamLabel: + type: string + iRules: + type: array + items: + type: string + selector: + properties: + matchLabels: + additionalProperties: + type: string + type: object + type: object + status: + type: object + properties: + vsAddress: + type: string + additionalPrinterColumns: + - name: IPAMVSAddress + type: string + description: IP address of virtualServer + jsonPath: .status.vsAddress + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + subresources: + status: { } +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/instance: f5-bigip-ctlr + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: f5-bigip-ctlr + name: policies.cis.f5.com +spec: + group: cis.f5.com + names: + kind: Policy + shortNames: + - plc + singular: policy + plural: policies + scope: Namespaced + versions: + - + name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + l7Policies: + type: object + properties: + waf: + type: string + pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' + l3Policies: + type: object + properties: + dos: + type: string + pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' + firewallPolicy: + type: string + pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' + ltmPolicies: + type: object + properties: + insecure: + type: string + pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' + secure: + type: string + pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' + priority: + type: string + enum: [low, high] + iRules: + type: object + properties: + insecure: + type: string + pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' + secure: + type: string + pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' + priority: + type: string + enum: [ low, high ] + profiles: + type: object + properties: + tcp: + type: string + pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' + udp: + type: string + pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' + http: + type: string + pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' + http2: + type: string + pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' + persistenceProfile: + type: string + rewriteProfile: + type: string + pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' + logProfiles: + items: + type: string + pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_\s]+\/?)*$' + type: array diff --git a/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/questions.yaml b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/questions.yaml new file mode 100644 index 000000000..4d276dfbd --- /dev/null +++ b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/questions.yaml @@ -0,0 +1,75 @@ +questions: +- variable: bigip_login_secret + required: true + type: string + label: "Name of the k8s secret object with BIG-IP login credentials." +- variable: args.bigip_url + required: true + type: string + label: "BIG-IP Management IP/URL" +- variable: args.bigip_partition + required: true + type: string + label: "BIG-IP Partition" +- variable: image.user + type: string + label: "Image Repository where CIS image is hosted" +- variable: image.repo + type: string + label: "CIS image name" +- variable: version + type: string + label: "CIS version tag." + default: "latest" +- variable: args.pool_member_type + type: string + label: "Type of BIG-IP Pool members to create." + default: "nodeport" +- variable: args.node_poll_interval + type: string + label: "In seconds, the interval at which the CIS polls the cluster to find all node members." + default: "30" +- variable: args.verify_interval + type: string + label: "In seconds, the interval at which the CIS verifies that the BIG-IP configuration matches the state of the orchestration system." + default: "30" +- variable: args.agent + type: string + label: "Specify the agent for CIS to communicate with BIG-IP. CCCL or AS3" + default: "as3" +- variable: args.custom_resource_mode + type: string + label: "Set 'true' to process CRD resources. Supported in AS3 agent. When true ConfigMaps, Routes, and Ingress are not processed by CIS." + default: "false" +- variable: args.ipam + type: string + label: "Specify if CIS provides the ability to interface with F5 IPAM Controller (FIC). Valid with agent AS3." + default: "false" +- variable: args.disable_teems + type: string + label: "If true, analytics data is not sent to F5." + default: "false" +- variable: args.hubmode + type: string + label: "When `true`, ConfigMaps with Services in same and different namespace are processed. CIS >= 2.5.0+. Valid with agent AS3." + default: "false" +- variable: args.default_route_domain + type: string + label: "Set default Route Domain for Custom resources. Valid with agent AS3." + default: "0" +- variable: args.filter_tenants + type: string + label: "Specify to use tenant filtering API for AS3 declaration. This allows CIS to process each AS3 Tenant separately. Compatible with ConfigMap only. Valid with agent AS3. CIS >= 2.7" + default: "false" +- variable: args.enable_ipv6 + type: string + label: "When set to true, it enables IPv6 network support. CIS >= 2.7." + default: "false" +- variable: args.log_level + type: string + label: "Configured the log level. INFO, DEBUG, CRITICAL, WARNING, ERROR." + default: "INFO" +- variable: args.log_as3_response + type: string + label: "When set to true, adds the body of AS3 API response in Controller logs." + default: "false" diff --git a/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/NOTES.txt b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/NOTES.txt new file mode 100644 index 000000000..302512a9b --- /dev/null +++ b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/NOTES.txt @@ -0,0 +1,6 @@ +Container Ingress Services controller: {{ .Release.Name }} + +Controller Documentation: +- Kubernetes: https://clouddocs.f5.com/containers/latest/userguide/kubernetes/ +- OpenShift: https://clouddocs.f5.com/containers/latest/userguide/openshift/ + diff --git a/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/_helpers.tpl b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/_helpers.tpl new file mode 100644 index 000000000..7ce05d2ef --- /dev/null +++ b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/_helpers.tpl @@ -0,0 +1,64 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "f5-bigip-ctlr.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "deployment.apiVersion" -}} +{{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1" -}} +{{- else -}} +{{- print "extensions/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Check for user given namespace or give kube-system +*/}} +{{- define "f5-bigip-ctlr.namespace" -}} +{{- if hasKey .Values "namespace" -}} +{{- .Values.namespace -}} +{{- else -}} +{{- print "kube-system" -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "f5-bigip-ctlr.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "f5-bigip-ctlr.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + {{/* +Create the name of the service account to use +*/}} +{{- define "f5-bigip-ctlr.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "f5-bigip-ctlr.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-clusterrole.yaml b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-clusterrole.yaml new file mode 100644 index 000000000..3b4d3447b --- /dev/null +++ b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-clusterrole.yaml @@ -0,0 +1,98 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "f5-bigip-ctlr.fullname" . }} + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }} + app: {{ template "f5-bigip-ctlr.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - verbs: + - get + - list + - watch + apiGroups: + - '' + - apps + - extensions + - route.openshift.io + - networking.k8s.io + resources: + - nodes + - services + - endpoints + - namespaces + - ingresses + - ingressclasses + - secrets + - pods + - routes + - verbs: + - get + - list + - watch + - update + - create + - patch + apiGroups: + - '' + - apps + - extensions + - route.openshift.io + - networking.k8s.io + resources: + - configmaps + - events + - ingresses/status + - routes/status + - services/status + - verbs: + - get + - list + - watch + - update + - patch + apiGroups: + - cis.f5.com + resources: + - virtualservers + - tlsprofiles + - transportservers + - externaldnses + - ingresslinks + - transportservers/status + - virtualservers/status + - ingresslinks/status + - policies +{{- if .Values.args.ipam }} + - verbs: + - get + - list + - watch + - update + - create + - patch + - delete + apiGroups: + - fic.f5.com + resources: + - ipams + - ipams/status + - verbs: + - get + - list + - watch + - update + - create + - patch + apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-clusterrolebinding.yaml b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-clusterrolebinding.yaml new file mode 100644 index 000000000..aba54704d --- /dev/null +++ b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-clusterrolebinding.yaml @@ -0,0 +1,23 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "f5-bigip-ctlr.fullname" . }} + namespace: {{ template "f5-bigip-ctlr.namespace" . }} + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }} + app: {{ template "f5-bigip-ctlr.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "f5-bigip-ctlr.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "f5-bigip-ctlr.serviceAccountName" . }} + namespace: {{ template "f5-bigip-ctlr.namespace" . }} +{{- end -}} diff --git a/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-deploy.yaml b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-deploy.yaml new file mode 100644 index 000000000..efce45d31 --- /dev/null +++ b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-deploy.yaml @@ -0,0 +1,127 @@ +{{- if or (not .Values.args.bigip_url) (not .Values.args.bigip_partition) }} +{{/* +Generate errors for missing required values. +*/}} +# {{required "BIG-IP url not specified - add to Values or pass with `--set` " .Values.args.bigip_url }} +# {{required "BIG-IP partition not specified - add to Values or pass with `--set` " .Values.args.bigip_partition }} +{{- else -}} +apiVersion: {{ template "deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "f5-bigip-ctlr.fullname" . }} + namespace: {{ template "f5-bigip-ctlr.namespace" . }} + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }} + app: {{ template "f5-bigip-ctlr.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "-" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "f5-bigip-ctlr.name" . }} + template: + metadata: + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }} + app: {{ template "f5-bigip-ctlr.name" . }} + release: {{ .Release.Name }} + spec: +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} + serviceAccountName: {{ template "f5-bigip-ctlr.serviceAccountName" . }} +{{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range $pullSecret := .Values.image.pullSecrets }} + - name: {{ $pullSecret }} + {{- end }} +{{- end }} + securityContext: + {{- $securityContext := .Values.securityContext | default dict }} + {{- if $securityContext.runAsUser }} + runAsUser: {{ $securityContext.runAsUser }} + {{- else }} + runAsUser: 1000 + {{- end }} + {{- $securityContext := .Values.securityContext | default dict }} + {{- if $securityContext.runAsGroup }} + runAsGroup: {{ $securityContext.runAsGroup }} + {{- else }} + runAsGroup: 1000 + {{- end }} + {{- $securityContext := .Values.securityContext | default dict }} + {{- if $securityContext.fsGroup }} + fsGroup: {{ $securityContext.fsGroup }} + {{- else }} + fsGroup: 1000 + {{- end }} + containers: + - name: {{ template "f5-bigip-ctlr.name" . }} + image: "{{ .Values.image.user }}/{{ .Values.image.repo }}:{{ .Values.version }}" + livenessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 15 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 15 + volumeMounts: + - name: bigip-creds + mountPath: "/tmp/creds" + readOnly: true + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - /app/bin/k8s-bigip-ctlr + args: + - --credentials-directory + - /tmp/creds + {{- $ns := .Values.args.namespaces }} + {{- range $key, $value := .Values.args }} + {{- if eq $key "namespaces" }} + {{- range $ns}} + - --namespace={{ . }} + {{- end }} + {{- else }} + - --{{ $key | replace "_" "-"}}={{ $value }} + {{- end }} + {{- end }} + resources: + limits: + cpu: {{ .Values.limits_cpu | default "100m" }} + memory: {{ .Values.limits_memory | default "512Mi" }} + requests: + cpu: {{ .Values.requests_cpu | default "100m" }} + memory: {{ .Values.requests_memory | default "512Mi" }} +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 6}} +{{- end }} + volumes: + - name: bigip-creds + secret: + secretName: {{ .Values.bigip_login_secret }} +{{- end }} diff --git a/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-ingress-class.yaml b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-ingress-class.yaml new file mode 100644 index 000000000..ab953df6e --- /dev/null +++ b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-ingress-class.yaml @@ -0,0 +1,12 @@ +{{- if .Values.ingressClass.create -}} + +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: {{ .Values.ingressClassName | default "f5" }} + annotations: + ingressclass.kubernetes.io/is-default-class: "{{ .Values.isDefaultIngressController | default false }}" +spec: + controller: f5.com/cntr-ingress-svcs + +{{- end -}} \ No newline at end of file diff --git a/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-serviceaccount.yaml b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-serviceaccount.yaml new file mode 100644 index 000000000..5729a8bc1 --- /dev/null +++ b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-serviceaccount.yaml @@ -0,0 +1,17 @@ +{{- if .Values.rbac.create -}} +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "f5-bigip-ctlr.serviceAccountName" . }} + namespace: {{ template "f5-bigip-ctlr.namespace" . }} + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }} + app: {{ template "f5-bigip-ctlr.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end -}} +{{- end -}} diff --git a/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/values.yaml b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/values.yaml new file mode 100644 index 000000000..68aa13677 --- /dev/null +++ b/charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/values.yaml @@ -0,0 +1,79 @@ +# For additional information on installing the k8-bigip-ctlr please see: +# Kubernetes: http://clouddocs.f5.com/containers/latest/kubernetes/kctlr-app-install.html +# OpenShift: http://clouddocs.f5.com/containers/latest/openshift/kctlr-openshift-app-install.html#install-kctlr-openshift +# +# access / permissions / RBAC +# To create a secret using kubectl see +# http://clouddocs.f5.com/containers/latest/kubernetes/kctlr-secrets.html#secret-bigip-login +bigip_login_secret: f5-bigip-ctlr-login +rbac: + create: true +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: +# This namespace is where the Controller lives; +ingressClass: + create: true + ingressClassName: f5 + defaultController: true +namespace: kube-system +args: + # See http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest/#controller-configuration-parameters + # NOTE: helm has difficulty with values using `-`; `_` are used for naming + # and are replaced with `-` during rendering. + # REQUIRED Params + bigip_url: ~ + bigip_partition: f5-bigip-ctlr + # OPTIONAL PARAMS -- uncomment and provide values for those you wish to use. + # verify_interval: + # node-poll_interval: + # log_level: + # python_basedir: ~ + # VXLAN + # openshift_sdn_name: + # flannel_name: + # KUBERNETES + # default_ingress_ip: + # kubeconfig: + # namespaces: ["foo", "bar"] + # namespace_label: + # node_label_selector: + # pool_member_type: + # resolve_ingress_names: + # running_in_cluster: + # use_node_internal: + # use_secrets: + # insecure: true + # custom-resource-mode: true + # log-as3-response: true + # gtm-bigip-password + # gtm-bigip-url + # gtm-bigip-username + # ipam : true + +image: + # Use the tag to target a specific version of the Controller + user: f5networks + repo: k8s-bigip-ctlr + pullPolicy: Always +# version: latest +# affinity: +# nodeAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# nodeSelectorTerms: +# - matchExpressions: +# - key: kubernetes.io/arch +# operator: Exists +# securityContext: +# runAsUser: 1000 +# runAsGroup: 3000 +# fsGroup: 2000 +# If you want to specify resources, uncomment the following +# limits_cpu: 100m +# limits_memory: 512Mi +# requests_cpu: 100m +# requests_memory: 512Mi + diff --git a/index.yaml b/index.yaml index 47a2b17e2..77ec45772 100755 --- a/index.yaml +++ b/index.yaml @@ -1060,6 +1060,41 @@ entries: urls: - assets/external-secrets-operator/external-secrets-0.5.200.tgz version: 0.5.200 + f5-bigip-ctlr: + - annotations: + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://clouddocs.f5.com/containers/latest + artifacthub.io/prerelease: "false" + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: F5 Container Ingress Services for Kubernetes + and OpenShift + catalog.cattle.io/release-name: f5-bigip-ctlr + apiVersion: v1 + created: "2022-05-11T11:50:57.37725+05:30" + description: Deploy the F5 Networks BIG-IP Controller for Kubernetes and OpenShift + (k8s-bigip-ctlr). + digest: 203936f752e2c2ec0a07c306dacf5105db7f0f27e168d83ef5dfac3efd0ae75d + home: https://www.f5.com/products/automation-and-orchestration/container-ingress-services + icon: https://avatars.githubusercontent.com/u/8935905?s=200&v=4 + keywords: + - F5 + - BIG-IP + - Containers + - Kubernetes + - OpenShift + kubeVersion: 1.20.0-0 - 1.23.0-0 + maintainers: + - email: f5_cis_operators@f5.com + name: F5CISSupport + name: f5-bigip-ctlr + sources: + - https://github.com/F5Networks/k8s-bigip-ctlr + - https://github.com/F5Networks/charts + urls: + - assets/f5-container-ingress-services/f5-bigip-ctlr-0.0.1901.tgz + version: 0.0.1901 falcon-sensor: - annotations: catalog.cattle.io/certified: partner diff --git a/packages/f5-container-ingress-services/generated-changes/overlay/questions.yaml b/packages/f5-container-ingress-services/generated-changes/overlay/questions.yaml index 6f0ba9d2e..4d276dfbd 100644 --- a/packages/f5-container-ingress-services/generated-changes/overlay/questions.yaml +++ b/packages/f5-container-ingress-services/generated-changes/overlay/questions.yaml @@ -17,7 +17,7 @@ questions: - variable: image.repo type: string label: "CIS image name" -- variable: image.version +- variable: version type: string label: "CIS version tag." default: "latest"