andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make charts - F5

pull/405/head
Trinath Somanchi 2022-05-11 11:51:12 +05:30
parent 1fa3ebb4de
commit 799dc4b615
17 changed files with 1408 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/f5-container-ingress-services/f5-bigip-ctlr-0.0.1901.tgz Normal file
View File

Binary file not shown.

21
charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

30
charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/Chart.yaml Normal file
View File

@ -0,0 +1,30 @@
annotations:
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: Documentation
url: https://clouddocs.f5.com/containers/latest
artifacthub.io/prerelease: "false"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: F5 Container Ingress Services for Kubernetes and
OpenShift
catalog.cattle.io/release-name: f5-bigip-ctlr
apiVersion: v1
description: Deploy the F5 Networks BIG-IP Controller for Kubernetes and OpenShift
(k8s-bigip-ctlr).
home: https://www.f5.com/products/automation-and-orchestration/container-ingress-services
icon: https://avatars.githubusercontent.com/u/8935905?s=200&v=4
keywords:
- F5
- BIG-IP
- Containers
- Kubernetes
- OpenShift
kubeVersion: 1.20.0-0 - 1.23.0-0
maintainers:
- email: f5_cis_operators@f5.com
name: F5CISSupport
name: f5-bigip-ctlr
sources:
- https://github.com/F5Networks/k8s-bigip-ctlr
- https://github.com/F5Networks/charts
version: 0.0.1901

87
charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/README.md Normal file
View File

@ -0,0 +1,87 @@
# Helm Chart for the F5 Container Ingress Services
This chart simplifies repeatable, versioned deployment of the [Container Ingress Services](https://clouddocs.f5.com/containers/latest/).
### Prerequisites
- Refer to [CIS Prerequisites](https://clouddocs.f5.com/containers/latest/userguide/cis-helm.html#prerequisites) to install Container Ingress Services on Kubernetes or Openshift
- [Helm 3](https://helm.sh/docs/intro/) should be installed.
## Installing CIS Using Helm Charts
This is the simplest way to install the CIS on OpenShift/Kubernetes cluster. Helm is a package manager for Kubernetes. Helm is Kubernetes version of yum or apt. Helm deploys something called charts, which you can think of as a packaged application. It is a collection of all your versioned, pre-configured application resources which can be deployed as one unit. This chart creates a Deployment for one Pod containing the [k8s-bigip-ctlr](https://clouddocs.f5.com/containers/latest/), it's supporting RBAC, Service Account and Custom Resources Definition installations.
## Installing the Chart
- Add BIG-IP credentials as K8S secrets.
For Kubernetes, use the following command:
```kubectl create secret generic f5-bigip-ctlr-login -n kube-system --from-literal=username=admin --from-literal=password=<password>```
For OpenShift, use the following command:
```oc create secret generic f5-bigip-ctlr-login -n kube-system --from-literal=username=admin --from-literal=password=<password>```
- Add the CIS chart repository in Helm using following command:
```helm repo add f5-stable https://f5networks.github.io/charts/stable```
- Create values.yaml as shown in [examples](https://github.com/F5Networks/charts/tree/master/example_values/f5-bigip-ctlr):
- Install the Helm chart using the following command:
```helm install -f values.yaml <new-chart-name> f5-stable/f5-bigip-ctlr```
- Install the Helm chart with skip crds (without custom resource definitions installations)
```helm install --skip-crds -f values.yaml <new-chart-name> f5-stable/f5-bigip-ctlr```
## Chart parameters:
Parameter | Required | Description | Default
----------|-------------|-------------|--------
bigip_login_secret | Required | Secret that contains BIG-IP login credentials | f5-bigip-ctlr-login
args.bigip_url | Required | The management IP for your BIG-IP device | **Required**, no default
args.bigip_partition | Required | BIG-IP partition the CIS Controller will manage | f5-bigip-ctlr
args.namespaces | Optional | List of Kubernetes namespaces which CIS will monitor | empty
rbac.create | Optional | Create ClusterRole and ClusterRoleBinding | true
serviceAccount.name | Optional | name of the ServiceAccount for CIS controller | f5-bigip-ctlr-serviceaccount
serviceAccount.create | Optional | Create service account for the CIS controller | true
namespace | Optional | name of namespace CIS will use to create deployment and other resources | kube-system
image.user | Optional | CIS Controller image repository username | f5networks
image.repo | Optional | CIS Controller image repository name | k8s-bigip-ctlr
image.pullPolicy | Optional | CIS Controller image pull policy | Always
image.pullSecrets | Optional | List of secrets of container registry to pull image | empty
version | Optional | CIS Controller image tag | latest
nodeSelector | Optional | dictionary of Node selector labels | empty
tolerations | Optional | Array of labels | empty
limits_cpu | Optional | CPU limits for the pod | 100m
limits_memory | Optional | Memory limits for the pod | 512Mi
requests_cpu | Optional | CPU request for the pod | 100m
requests_memory | Optional | Memory request for the pod | 512Mi
affinity | Optional | Dictionary of affinity | empty
securityContext | Optional | Dictionary of securityContext | empty
ingressClass.ingressClassName | Optional | Name of ingress class | f5
ingressClass.defaultIngressController | Optional | CIS will monitor all the ingresses resource if set true | false
ingressClass.create | Optional | Create ingress class | true
See the CIS documentation for a full list of args supported for CIS [CIS Configuration Options](https://clouddocs.f5.com/containers/latest/userguide/config-parameters.html)
> **Note:** Helm value names cannot include the character `-` which is commonly used in the names of parameters passed to the controller. To accomodate Helm, the parameter names in `values.yaml` use `_` and then replace them with `-` when rendering.
> e.g. `args.bigip_url` is rendered as `bigip-url` as required by the CIS Controller.
If you have a specific use case for F5 products in the Kubernetes environment that would benefit from a curated chart, please [open an issue](https://github.com/F5Networks/charts/issues) describing your use case and providing example resources.
## Uninstalling Helm Chart
Run the following command to uninstall the chart.
```helm uninstall <new-chart-name>```

87
charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/app-readme.md Normal file
View File

@ -0,0 +1,87 @@
# Helm Chart for the F5 Container Ingress Services
This chart simplifies repeatable, versioned deployment of the [Container Ingress Services](https://clouddocs.f5.com/containers/latest/).
### Prerequisites
- Refer to [CIS Prerequisites](https://clouddocs.f5.com/containers/latest/userguide/cis-helm.html#prerequisites) to install Container Ingress Services on Kubernetes or Openshift
- [Helm 3](https://helm.sh/docs/intro/) should be installed.
## Installing CIS Using Helm Charts
This is the simplest way to install the CIS on OpenShift/Kubernetes cluster. Helm is a package manager for Kubernetes. Helm is Kubernetes version of yum or apt. Helm deploys something called charts, which you can think of as a packaged application. It is a collection of all your versioned, pre-configured application resources which can be deployed as one unit. This chart creates a Deployment for one Pod containing the [k8s-bigip-ctlr](https://clouddocs.f5.com/containers/latest/), it's supporting RBAC, Service Account and Custom Resources Definition installations.
## Installing the Chart
- Add BIG-IP credentials as K8S secrets.
For Kubernetes, use the following command:
```kubectl create secret generic f5-bigip-ctlr-login -n kube-system --from-literal=username=admin --from-literal=password=<password>```
For OpenShift, use the following command:
```oc create secret generic f5-bigip-ctlr-login -n kube-system --from-literal=username=admin --from-literal=password=<password>```
- Add the CIS chart repository in Helm using following command:
```helm repo add f5-stable https://f5networks.github.io/charts/stable```
- Create values.yaml as shown in [examples](https://github.com/F5Networks/charts/tree/master/example_values/f5-bigip-ctlr):
- Install the Helm chart using the following command:
```helm install -f values.yaml <new-chart-name> f5-stable/f5-bigip-ctlr```
- Install the Helm chart with skip crds (without custom resource definitions installations)
```helm install --skip-crds -f values.yaml <new-chart-name> f5-stable/f5-bigip-ctlr```
## Chart parameters:
Parameter | Required | Description | Default
----------|-------------|-------------|--------
bigip_login_secret | Required | Secret that contains BIG-IP login credentials | f5-bigip-ctlr-login
args.bigip_url | Required | The management IP for your BIG-IP device | **Required**, no default
args.bigip_partition | Required | BIG-IP partition the CIS Controller will manage | f5-bigip-ctlr
args.namespaces | Optional | List of Kubernetes namespaces which CIS will monitor | empty
rbac.create | Optional | Create ClusterRole and ClusterRoleBinding | true
serviceAccount.name | Optional | name of the ServiceAccount for CIS controller | f5-bigip-ctlr-serviceaccount
serviceAccount.create | Optional | Create service account for the CIS controller | true
namespace | Optional | name of namespace CIS will use to create deployment and other resources | kube-system
image.user | Optional | CIS Controller image repository username | f5networks
image.repo | Optional | CIS Controller image repository name | k8s-bigip-ctlr
image.pullPolicy | Optional | CIS Controller image pull policy | Always
image.pullSecrets | Optional | List of secrets of container registry to pull image | empty
version | Optional | CIS Controller image tag | latest
nodeSelector | Optional | dictionary of Node selector labels | empty
tolerations | Optional | Array of labels | empty
limits_cpu | Optional | CPU limits for the pod | 100m
limits_memory | Optional | Memory limits for the pod | 512Mi
requests_cpu | Optional | CPU request for the pod | 100m
requests_memory | Optional | Memory request for the pod | 512Mi
affinity | Optional | Dictionary of affinity | empty
securityContext | Optional | Dictionary of securityContext | empty
ingressClass.ingressClassName | Optional | Name of ingress class | f5
ingressClass.defaultIngressController | Optional | CIS will monitor all the ingresses resource if set true | false
ingressClass.create | Optional | Create ingress class | true
See the CIS documentation for a full list of args supported for CIS [CIS Configuration Options](https://clouddocs.f5.com/containers/latest/userguide/config-parameters.html)
> **Note:** Helm value names cannot include the character `-` which is commonly used in the names of parameters passed to the controller. To accomodate Helm, the parameter names in `values.yaml` use `_` and then replace them with `-` when rendering.
> e.g. `args.bigip_url` is rendered as `bigip-url` as required by the CIS Controller.
If you have a specific use case for F5 products in the Kubernetes environment that would benefit from a curated chart, please [open an issue](https://github.com/F5Networks/charts/issues) describing your use case and providing example resources.
## Uninstalling Helm Chart
Run the following command to uninstall the chart.
```helm uninstall <new-chart-name>```

646
charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/crds/f5-bigip-ctlr-customresourcedefinitions.yml Normal file
View File

@ -0,0 +1,646 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app.kubernetes.io/instance: f5-bigip-ctlr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: f5-bigip-ctlr
name: virtualservers.cis.f5.com
spec:
group: cis.f5.com
names:
kind: VirtualServer
plural: virtualservers
shortNames:
- vs
singular: virtualserver
scope: Namespaced
versions:
-
name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
host:
type: string
pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$'
hostGroup:
type: string
pattern: '^([A-z0-9-_+])*([A-z0-9])$'
httpTraffic:
type: string
ipamLabel:
type: string
snat:
type: string
tlsProfileName:
type: string
persistenceProfile:
type: string
policyName:
type: string
pattern: '^([A-z0-9-_+])*([A-z0-9])$'
rewriteAppRoot:
type: string
pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$'
waf:
type: string
pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$'
allowVlans:
items:
type: string
pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_]+\/?)*$'
type: array
iRules:
type: array
items:
type: string
serviceAddress:
type: array
maxItems: 1
items:
type: object
properties:
arpEnabled:
type: boolean
icmpEcho:
type: string
enum: [enable, disable, selective]
routeAdvertisement:
type: string
enum: [enable, disable, selective, always, any, all]
spanningEnabled:
type: boolean
trafficGroup:
type: string
pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$'
pools:
type: array
items:
type: object
properties:
path:
type: string
pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$'
service:
type: string
pattern: '^([A-z0-9-_+])*([A-z0-9])$'
nodeMemberLabel:
type: string
pattern: '^[a-zA-Z0-9][-A-Za-z0-9_.\/]{0,61}[a-zA-Z0-9]=[a-zA-Z0-9][-A-Za-z0-9_.]{0,61}[a-zA-Z0-9]$'
servicePort:
type: integer
minimum: 1
maximum: 65535
rewrite:
type: string
pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$'
monitor:
type: object
properties:
type:
type: string
enum: [http, https]
send:
type: string
recv:
type: string
interval:
type: integer
timeout:
type: integer
required:
- type
- send
- interval
virtualServerAddress:
type: string
pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$'
virtualServerName:
type: string
pattern: '^([A-z0-9-_+])*([A-z0-9])$'
virtualServerHTTPPort:
type: integer
minimum: 1
maximum: 65535
virtualServerHTTPSPort:
type: integer
minimum: 1
maximum: 65535
status:
type: object
properties:
vsAddress:
type: string
default: None
status:
type: string
default: Pending
additionalPrinterColumns:
- name: host
type: string
description: hostname
jsonPath: .spec.host
- name: tlsProfileName
type: string
description: TLS Profile attached
jsonPath: .spec.tlsProfileName
- name: httpTraffic
type: string
description: Http Traffic Termination
jsonPath: .spec.httpTraffic
- name: IPAddress
type: string
description: IP address of virtualServer
jsonPath: .spec.virtualServerAddress
- name: ipamLabel
type: string
description: ipamLabel for virtual server
jsonPath: .spec.ipamLabel
- name: IPAMVSAddress
type: string
description: IP address of virtualServer
jsonPath: .status.vsAddress
- name: STATUS
type: string
description: status of VirtualServer
jsonPath: .status.status
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app.kubernetes.io/instance: f5-bigip-ctlr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: f5-bigip-ctlr
name: tlsprofiles.cis.f5.com
spec:
group: cis.f5.com
names:
kind: TLSProfile
plural: tlsprofiles
shortNames:
- tls
singular: tlsprofile
scope: Namespaced
versions:
-
name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
hosts:
type: array
items:
type: string
pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$'
tls:
type: object
properties:
termination:
type: string
enum: [edge, reencrypt, passthrough]
clientSSL:
type: string
serverSSL:
type: string
reference:
type: string
required:
- termination
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app.kubernetes.io/instance: f5-bigip-ctlr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: f5-bigip-ctlr
name: transportservers.cis.f5.com
spec:
group: cis.f5.com
names:
kind: TransportServer
plural: transportservers
shortNames:
- ts
singular: transportserver
scope: Namespaced
versions:
-
name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
virtualServerAddress:
type: string
pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$'
virtualServerPort:
type: integer
minimum: 1
maximum: 65535
virtualServerName:
type: string
pattern: '^([A-z0-9-_+])*([A-z0-9])$'
host:
type: string
pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$'
policyName:
type: string
pattern: '^([A-z0-9-_+])*([A-z0-9])$'
mode:
type: string
enum: [standard, performance]
type:
type: string
enum: [tcp, udp]
snat:
type: string
persistenceProfile:
type: string
allowVlans:
items:
type: string
pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_]+\/?)*$'
type: array
iRules:
type: array
items:
type: string
ipamLabel:
type: string
serviceAddress:
type: array
maxItems: 1
items:
type: object
properties:
arpEnabled:
type: boolean
icmpEcho:
type: string
enum: [enable, disable, selective]
routeAdvertisement:
type: string
enum: [enable, disable, selective, always, any, all]
spanningEnabled:
type: boolean
trafficGroup:
type: string
pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$'
pool:
type: object
properties:
service:
type: string
pattern: '^([A-z0-9-_+])*([A-z0-9])$'
servicePort:
type: integer
minimum: 1
maximum: 65535
monitor:
type: object
properties:
type:
type: string
enum: [tcp, udp]
interval:
type: integer
timeout:
type: integer
required:
- type
- interval
required:
- service
- servicePort
required:
- virtualServerPort
- pool
status:
type: object
properties:
vsAddress:
type: string
default: None
status:
type: string
default: Pending
additionalPrinterColumns:
- name: virtualServerAddress
type: string
description: IP address of virtualServer
jsonPath: .spec.virtualServerAddress
- name: virtualServerPort
type: integer
description: Port of virtualServer
jsonPath: .spec.virtualServerPort
- name: pool
type: string
description: Name of service
jsonPath: .spec.pool.service
- name: poolPort
type: string
description: Port of service
jsonPath: .spec.pool.servicePort
- name: ipamLabel
type: string
description: ipamLabel for transport server
jsonPath: .spec.ipamLabel
- name: IPAMVSAddress
type: string
description: IP address of transport server
jsonPath: .status.vsAddress
- name: STATUS
type: string
description: status of TransportServer
jsonPath: .status.status
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
subresources:
status: { }
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app.kubernetes.io/instance: f5-bigip-ctlr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: f5-bigip-ctlr
name: externaldnses.cis.f5.com
spec:
group: cis.f5.com
names:
kind: ExternalDNS
plural: externaldnses
shortNames:
- edns
singular: externaldns
scope: Namespaced
versions:
-
name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
domainName:
type: string
pattern: '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$'
dnsRecordType:
type: string
pattern: 'A'
loadBalanceMethod:
type: string
pools:
type: array
items:
type: object
properties:
dataServerName:
type: string
dnsRecordType:
type: string
pattern: 'A'
loadBalanceMethod:
type: string
monitor:
type: object
properties:
type:
type: string
enum: [http, https, tcp]
send:
type: string
recv:
type: string
interval:
type: integer
timeout:
type: integer
required:
- type
- interval
monitors:
type: array
items:
type: object
properties:
type:
type: string
enum: [http, https, tcp]
send:
type: string
recv:
type: string
interval:
type: integer
timeout:
type: integer
required:
- type
- interval
required:
- dataServerName
required:
- domainName
additionalPrinterColumns:
- name: domainName
type: string
description: Domain name of virtual server resource
jsonPath: .spec.domainName
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
- name: CREATED ON
type: string
jsonPath: .metadata.creationTimestamp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app.kubernetes.io/instance: f5-bigip-ctlr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: f5-bigip-ctlr
name: ingresslinks.cis.f5.com
spec:
group: cis.f5.com
names:
kind: IngressLink
shortNames:
- il
singular: ingresslink
plural: ingresslinks
scope: Namespaced
versions:
-
name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
virtualServerAddress:
type: string
pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$'
host:
type: string
pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$'
ipamLabel:
type: string
iRules:
type: array
items:
type: string
selector:
properties:
matchLabels:
additionalProperties:
type: string
type: object
type: object
status:
type: object
properties:
vsAddress:
type: string
additionalPrinterColumns:
- name: IPAMVSAddress
type: string
description: IP address of virtualServer
jsonPath: .status.vsAddress
- name: Age
type: date
jsonPath: .metadata.creationTimestamp
subresources:
status: { }
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app.kubernetes.io/instance: f5-bigip-ctlr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: f5-bigip-ctlr
name: policies.cis.f5.com
spec:
group: cis.f5.com
names:
kind: Policy
shortNames:
- plc
singular: policy
plural: policies
scope: Namespaced
versions:
-
name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
l7Policies:
type: object
properties:
waf:
type: string
pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$'
l3Policies:
type: object
properties:
dos:
type: string
pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$'
firewallPolicy:
type: string
pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$'
ltmPolicies:
type: object
properties:
insecure:
type: string
pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$'
secure:
type: string
pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$'
priority:
type: string
enum: [low, high]
iRules:
type: object
properties:
insecure:
type: string
pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$'
secure:
type: string
pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$'
priority:
type: string
enum: [ low, high ]
profiles:
type: object
properties:
tcp:
type: string
pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$'
udp:
type: string
pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$'
http:
type: string
pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$'
http2:
type: string
pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$'
persistenceProfile:
type: string
rewriteProfile:
type: string
pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$'
logProfiles:
items:
type: string
pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_\s]+\/?)*$'
type: array

75
charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/questions.yaml Normal file
View File

@ -0,0 +1,75 @@
questions:
- variable: bigip_login_secret
required: true
type: string
label: "Name of the k8s secret object with BIG-IP login credentials."
- variable: args.bigip_url
required: true
type: string
label: "BIG-IP Management IP/URL"
- variable: args.bigip_partition
required: true
type: string
label: "BIG-IP Partition"
- variable: image.user
type: string
label: "Image Repository where CIS image is hosted"
- variable: image.repo
type: string
label: "CIS image name"
- variable: version
type: string
label: "CIS version tag."
default: "latest"
- variable: args.pool_member_type
type: string
label: "Type of BIG-IP Pool members to create."
default: "nodeport"
- variable: args.node_poll_interval
type: string
label: "In seconds, the interval at which the CIS polls the cluster to find all node members."
default: "30"
- variable: args.verify_interval
type: string
label: "In seconds, the interval at which the CIS verifies that the BIG-IP configuration matches the state of the orchestration system."
default: "30"
- variable: args.agent
type: string
label: "Specify the agent for CIS to communicate with BIG-IP. CCCL or AS3"
default: "as3"
- variable: args.custom_resource_mode
type: string
label: "Set 'true' to process CRD resources. Supported in AS3 agent. When true ConfigMaps, Routes, and Ingress are not processed by CIS."
default: "false"
- variable: args.ipam
type: string
label: "Specify if CIS provides the ability to interface with F5 IPAM Controller (FIC). Valid with agent AS3."
default: "false"
- variable: args.disable_teems
type: string
label: "If true, analytics data is not sent to F5."
default: "false"
- variable: args.hubmode
type: string
label: "When `true`, ConfigMaps with Services in same and different namespace are processed. CIS >= 2.5.0+. Valid with agent AS3."
default: "false"
- variable: args.default_route_domain
type: string
label: "Set default Route Domain for Custom resources. Valid with agent AS3."
default: "0"
- variable: args.filter_tenants
type: string
label: "Specify to use tenant filtering API for AS3 declaration. This allows CIS to process each AS3 Tenant separately. Compatible with ConfigMap only. Valid with agent AS3. CIS >= 2.7"
default: "false"
- variable: args.enable_ipv6
type: string
label: "When set to true, it enables IPv6 network support. CIS >= 2.7."
default: "false"
- variable: args.log_level
type: string
label: "Configured the log level. INFO, DEBUG, CRITICAL, WARNING, ERROR."
default: "INFO"
- variable: args.log_as3_response
type: string
label: "When set to true, adds the body of AS3 API response in Controller logs."
default: "false"

6
charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/NOTES.txt Normal file
View File

@ -0,0 +1,6 @@
Container Ingress Services controller: {{ .Release.Name }}
Controller Documentation:
- Kubernetes: https://clouddocs.f5.com/containers/latest/userguide/kubernetes/
- OpenShift: https://clouddocs.f5.com/containers/latest/userguide/openshift/

64
charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,64 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "f5-bigip-ctlr.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "deployment.apiVersion" -}}
{{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "apps/v1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Check for user given namespace or give kube-system
*/}}
{{- define "f5-bigip-ctlr.namespace" -}}
{{- if hasKey .Values "namespace" -}}
{{- .Values.namespace -}}
{{- else -}}
{{- print "kube-system" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "f5-bigip-ctlr.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "f5-bigip-ctlr.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "f5-bigip-ctlr.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "f5-bigip-ctlr.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}

98
charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-clusterrole.yaml Normal file
View File

@ -0,0 +1,98 @@
{{- if .Values.rbac.create -}}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "f5-bigip-ctlr.fullname" . }}
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }}
app: {{ template "f5-bigip-ctlr.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- verbs:
- get
- list
- watch
apiGroups:
- ''
- apps
- extensions
- route.openshift.io
- networking.k8s.io
resources:
- nodes
- services
- endpoints
- namespaces
- ingresses
- ingressclasses
- secrets
- pods
- routes
- verbs:
- get
- list
- watch
- update
- create
- patch
apiGroups:
- ''
- apps
- extensions
- route.openshift.io
- networking.k8s.io
resources:
- configmaps
- events
- ingresses/status
- routes/status
- services/status
- verbs:
- get
- list
- watch
- update
- patch
apiGroups:
- cis.f5.com
resources:
- virtualservers
- tlsprofiles
- transportservers
- externaldnses
- ingresslinks
- transportservers/status
- virtualservers/status
- ingresslinks/status
- policies
{{- if .Values.args.ipam }}
- verbs:
- get
- list
- watch
- update
- create
- patch
- delete
apiGroups:
- fic.f5.com
resources:
- ipams
- ipams/status
- verbs:
- get
- list
- watch
- update
- create
- patch
apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
{{- end }}
{{- end -}}

23
charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- if .Values.rbac.create -}}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "f5-bigip-ctlr.fullname" . }}
namespace: {{ template "f5-bigip-ctlr.namespace" . }}
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }}
app: {{ template "f5-bigip-ctlr.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "f5-bigip-ctlr.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "f5-bigip-ctlr.serviceAccountName" . }}
namespace: {{ template "f5-bigip-ctlr.namespace" . }}
{{- end -}}

127
charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-deploy.yaml Normal file
View File

@ -0,0 +1,127 @@
{{- if or (not .Values.args.bigip_url) (not .Values.args.bigip_partition) }}
{{/*
Generate errors for missing required values.
*/}}
# {{required "BIG-IP url not specified - add to Values or pass with `--set` " .Values.args.bigip_url }}
# {{required "BIG-IP partition not specified - add to Values or pass with `--set` " .Values.args.bigip_partition }}
{{- else -}}
apiVersion: {{ template "deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "f5-bigip-ctlr.fullname" . }}
namespace: {{ template "f5-bigip-ctlr.namespace" . }}
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }}
app: {{ template "f5-bigip-ctlr.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "-" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "f5-bigip-ctlr.name" . }}
template:
metadata:
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }}
app: {{ template "f5-bigip-ctlr.name" . }}
release: {{ .Release.Name }}
spec:
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ template "f5-bigip-ctlr.serviceAccountName" . }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range $pullSecret := .Values.image.pullSecrets }}
- name: {{ $pullSecret }}
{{- end }}
{{- end }}
securityContext:
{{- $securityContext := .Values.securityContext | default dict }}
{{- if $securityContext.runAsUser }}
runAsUser: {{ $securityContext.runAsUser }}
{{- else }}
runAsUser: 1000
{{- end }}
{{- $securityContext := .Values.securityContext | default dict }}
{{- if $securityContext.runAsGroup }}
runAsGroup: {{ $securityContext.runAsGroup }}
{{- else }}
runAsGroup: 1000
{{- end }}
{{- $securityContext := .Values.securityContext | default dict }}
{{- if $securityContext.fsGroup }}
fsGroup: {{ $securityContext.fsGroup }}
{{- else }}
fsGroup: 1000
{{- end }}
containers:
- name: {{ template "f5-bigip-ctlr.name" . }}
image: "{{ .Values.image.user }}/{{ .Values.image.repo }}:{{ .Values.version }}"
livenessProbe:
failureThreshold: 3
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 15
readinessProbe:
failureThreshold: 3
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
volumeMounts:
- name: bigip-creds
mountPath: "/tmp/creds"
readOnly: true
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- /app/bin/k8s-bigip-ctlr
args:
- --credentials-directory
- /tmp/creds
{{- $ns := .Values.args.namespaces }}
{{- range $key, $value := .Values.args }}
{{- if eq $key "namespaces" }}
{{- range $ns}}
- --namespace={{ . }}
{{- end }}
{{- else }}
- --{{ $key | replace "_" "-"}}={{ $value }}
{{- end }}
{{- end }}
resources:
limits:
cpu: {{ .Values.limits_cpu | default "100m" }}
memory: {{ .Values.limits_memory | default "512Mi" }}
requests:
cpu: {{ .Values.requests_cpu | default "100m" }}
memory: {{ .Values.requests_memory | default "512Mi" }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 6}}
{{- end }}
volumes:
- name: bigip-creds
secret:
secretName: {{ .Values.bigip_login_secret }}
{{- end }}

12
charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-ingress-class.yaml Normal file
View File

@ -0,0 +1,12 @@
{{- if .Values.ingressClass.create -}}
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: {{ .Values.ingressClassName | default "f5" }}
annotations:
ingressclass.kubernetes.io/is-default-class: "{{ .Values.isDefaultIngressController | default false }}"
spec:
controller: f5.com/cntr-ingress-svcs
{{- end -}}

17
charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/templates/f5-bigip-ctlr-serviceaccount.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if .Values.rbac.create -}}
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "f5-bigip-ctlr.serviceAccountName" . }}
namespace: {{ template "f5-bigip-ctlr.namespace" . }}
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/name: {{ template "f5-bigip-ctlr.name" . }}
app: {{ template "f5-bigip-ctlr.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- end -}}
{{- end -}}

79
charts/f5-container-ingress-services/f5-bigip-ctlr/0.0.1901/values.yaml Normal file
View File

@ -0,0 +1,79 @@
# For additional information on installing the k8-bigip-ctlr please see:
# Kubernetes: http://clouddocs.f5.com/containers/latest/kubernetes/kctlr-app-install.html
# OpenShift: http://clouddocs.f5.com/containers/latest/openshift/kctlr-openshift-app-install.html#install-kctlr-openshift
#
# access / permissions / RBAC
# To create a secret using kubectl see
# http://clouddocs.f5.com/containers/latest/kubernetes/kctlr-secrets.html#secret-bigip-login
bigip_login_secret: f5-bigip-ctlr-login
rbac:
create: true
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
# This namespace is where the Controller lives;
ingressClass:
create: true
ingressClassName: f5
defaultController: true
namespace: kube-system
args:
# See http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest/#controller-configuration-parameters
# NOTE: helm has difficulty with values using `-`; `_` are used for naming
# and are replaced with `-` during rendering.
# REQUIRED Params
bigip_url: ~
bigip_partition: f5-bigip-ctlr
# OPTIONAL PARAMS -- uncomment and provide values for those you wish to use.
# verify_interval:
# node-poll_interval:
# log_level:
# python_basedir: ~
# VXLAN
# openshift_sdn_name:
# flannel_name:
# KUBERNETES
# default_ingress_ip:
# kubeconfig:
# namespaces: ["foo", "bar"]
# namespace_label:
# node_label_selector:
# pool_member_type:
# resolve_ingress_names:
# running_in_cluster:
# use_node_internal:
# use_secrets:
# insecure: true
# custom-resource-mode: true
# log-as3-response: true
# gtm-bigip-password
# gtm-bigip-url
# gtm-bigip-username
# ipam : true
image:
# Use the tag to target a specific version of the Controller
user: f5networks
repo: k8s-bigip-ctlr
pullPolicy: Always
# version: latest
# affinity:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/arch
# operator: Exists
# securityContext:
# runAsUser: 1000
# runAsGroup: 3000
# fsGroup: 2000
# If you want to specify resources, uncomment the following
# limits_cpu: 100m
# limits_memory: 512Mi
# requests_cpu: 100m
# requests_memory: 512Mi

35
index.yaml
View File

@ -1060,6 +1060,41 @@ entries:
urls:
- assets/external-secrets-operator/external-secrets-0.5.200.tgz
version: 0.5.200
f5-bigip-ctlr:
- annotations:
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: Documentation
url: https://clouddocs.f5.com/containers/latest
artifacthub.io/prerelease: "false"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: F5 Container Ingress Services for Kubernetes
and OpenShift
catalog.cattle.io/release-name: f5-bigip-ctlr
apiVersion: v1
created: "2022-05-11T11:50:57.37725+05:30"
description: Deploy the F5 Networks BIG-IP Controller for Kubernetes and OpenShift
(k8s-bigip-ctlr).
digest: 203936f752e2c2ec0a07c306dacf5105db7f0f27e168d83ef5dfac3efd0ae75d
home: https://www.f5.com/products/automation-and-orchestration/container-ingress-services
icon: https://avatars.githubusercontent.com/u/8935905?s=200&v=4
keywords:
- F5
- BIG-IP
- Containers
- Kubernetes
- OpenShift
kubeVersion: 1.20.0-0 - 1.23.0-0
maintainers:
- email: f5_cis_operators@f5.com
name: F5CISSupport
name: f5-bigip-ctlr
sources:
- https://github.com/F5Networks/k8s-bigip-ctlr
- https://github.com/F5Networks/charts
urls:
- assets/f5-container-ingress-services/f5-bigip-ctlr-0.0.1901.tgz
version: 0.0.1901
falcon-sensor:
- annotations:
catalog.cattle.io/certified: partner

2
packages/f5-container-ingress-services/generated-changes/overlay/questions.yaml
View File

@ -17,7 +17,7 @@ questions:
- variable: image.repo
type: string
label: "CIS image name"
- variable: image.version
- variable: version
type: string
label: "CIS version tag."
default: "latest"