Skip to content

Commit

Permalink
Release 2.10.0 (#2559)
Browse files Browse the repository at this point in the history 
* Updating the pipeline and chart version

Signed-off-by: Vivek Lohiya <[email protected]>

* Updating the documentation and release notes for 2.10.0

Signed-off-by: Vivek Lohiya <[email protected]>

Signed-off-by: Vivek Lohiya <[email protected]>
  • Loading branch information
@vklohiya
vklohiya committed Sep 8, 2022
1 parent e1dde1a commit c0a031c
Show file tree
Hide file tree
Showing 11 changed files with 393 additions and 159 deletions.
16 changes: 14 additions & 2 deletions azure-pipelines.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,8 +96,8 @@ stages:
- script: |
set -ex
podman pull --authfile $(DOCKER_CONFIG)/config.json $(quay_path):$(Build.SourceVersion)
podman tag $(quay_path):$(Build.SourceVersion) scan.connect.redhat.com/$(REDHAT_PRJ_ID)/$(redhat_prj_name):$(BUILD_VERSION)-rhel7
podman push --authfile $(DOCKER_CONFIG)/config.json scan.connect.redhat.com/$(REDHAT_PRJ_ID)/$(redhat_prj_name):$(BUILD_VERSION)-rhel7
podman tag $(quay_path):$(Build.SourceVersion) scan.connect.redhat.com/$(REDHAT_PRJ_ID)/$(redhat_prj_name):$(BUILD_VERSION)-ubi8
podman push --authfile $(DOCKER_CONFIG)/config.json scan.connect.redhat.com/$(REDHAT_PRJ_ID)/$(redhat_prj_name):$(BUILD_VERSION)-ubi8
condition: and(succeeded(), startsWith(variables['build.sourceBranch'], 'refs/tags/'))
displayName: 'Push image to Redhat'
continueOnError: true
Expand Down Expand Up @@ -191,6 +191,18 @@ stages:
inputs:
command: login
containerRegistry: $(redhatConnection)
- task: UsePythonVersion@0
displayName: Install Python
inputs:
versionSpec: '3.8'
addToPath: true
architecture: 'x64'
condition: and(succeeded(), eq(variables['operatorUpdated'], 'True'))
- script: |
pip install --disable-pip-version-check -r ./build-tools/py-requirements.txt
python ./build-tools/helm-clusterrole-gen.py
displayName: 'Generate the ClusterRole file'
condition: and(succeeded(), eq(variables['operatorUpdated'], 'True'))
- task: Docker@2
displayName: Build Operator Image for test
inputs:
Expand Down
43 changes: 23 additions & 20 deletions docs/RELEASE-NOTES.rst
View file
Original file line number Diff line number Diff line change
@@ -1,43 +1,46 @@
Release Notes for Container Ingress Services for Kubernetes & OpenShift
=======================================================================

Next Release
2.10.0
-------------

Added Functionality
```````````````````

**What’s new:**
* Next generation routes
* Added support for namespaceLabel in global extended ConfigMap
* Added support for BigIP ClientSSL/ServerSSL profile reference in global extended ConfigMap
* Added support for path rewrite
* Added base config block for TLSCipher for NextGen Routes
* Add support for Load Balancing feature in NextGen Routes for Pools
* Add support for AllowSourceRange in NextGen Routes
* Add support for AB Deployment in NextGen Routes
* Next generation routes preview. Refer `Documentation <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/next-gen-routes>`_ for more details
* Added new base config block for TLSCiphers in global extended ConfigMap. See `Examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/next-gen-routes/configmap>`_
* Support for namespaceLabel in global extended ConfigMap. See `Examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/next-gen-routes/configmap>`_
* Support for BigIP ClientSSL/ServerSSL profile reference in global extended ConfigMap. See `Examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/next-gen-routes/configmap>`_
* Support for allowSourceRange in global & local extended ConfigMap. See `Examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/next-gen-routes/configmap>`_
* rewrite-target-url support via route annotations. See `Examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/next-gen-routes/routes>`_
* Load Balancing support via route annotation. See `Examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/next-gen-routes/routes>`_
* Support for AB Deployment in routes
* CRD:
* AllowSourceRange support for VirtualServer CRs and Policy CRs. See `Examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/customResource/>`_
* :issues:`2201` Support for linking existing healthmonitor on bigip with virtualSever and TransportServer CRs.
* :issues:`2361` Allow monitoring of an alias port in VirtualServer and TransportServer
* allowSourceRange support for VirtualServer CRs and Policy CRs. See `Examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/customResource/>`_
* Added support for TCP Health Monitor support in VS CRs. See `Examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/customResource/VirtualServer/HealthMonitor>`_
* Added support for multiple monitors in VS and TS CRs. See `Examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/customResource/`_
* SCTP support for Transport Server Custom Resource. See `Examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/customResource/TransportServer>`_
* :issues:`2201` Support for linking existing health monitor on bigip with virtualSever and TransportServer CRs. See `Examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/customResource/>`_
* :issues:`2361` Allow monitoring of an alias port in VirtualServer and TransportServer. See `Examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/customResource/>`_
* :issues:`1933` Added serviceNamespace field in Pools for VirtualServer CR that allows to define a pool service from another namespace in a Virtual server CR.
See `Examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/customResource/>`_
* :issues:`2507` Monitor name by accident includes health check command
* Added TCP Health Monitor support for VS CRs
* Added monitors support for VS and TS CRs
* Add SCTP support for Transport Server Custom Resource
* Ingress:
* Added support to configure netmask for Virtual Server for Ingress. See `Examples <https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/ingress/>`_
* Added support for --log-file deployment parameter to store the CIS logs in a file
* Added Support for AS3 3.38.0
* Added Support for operator in openshift 4.10
* Support for Cilium CNI (>=v1.12.0) in kubernetes cluster
* Support for --log-file deployment parameter to store the CIS logs in a file
* Support for AS3 3.38.0
* Support for operator in openshift 4.10 & openshift 4.11

Bug Fixes
````````````
* Fix CIS continuous processing of ingress belonging to unmanaged ingress class
* :issues:`2325` Supporting Prometheus service in CRDs
* :issues:`2158` CIS send logs to file from container
* :issues:`2345` CIS crash due to Route Profiles
* Fix CIS continuous processing of ingress belonging to unmanaged ingress class
* :issues:`2507` Monitor name by accident includes health check command
* :issues:`2413` Hyphens/dashes not allowed in VirtualServer pool path


2.9.1
-------------
Expand Down
8 changes: 6 additions & 2 deletions docs/config_examples/customResource/CustomResource.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,11 +69,13 @@ This page is created to document the behaviour of CIS in CRD Mode.
| service | String | Required | NA | Service deployed in kubernetes cluster |
| nodeMemberLabel | String | Optional | NA | List of Nodes to consider in NodePort Mode as BIG-IP pool members. This Option is only applicable for NodePort Mode |
| servicePort | String | Required | NA | Port to access Service |
| monitor | String | Optional | NA | Health Monitor to check the health of Pool Members |
| monitor | monitor | Optional | NA | Health Monitor to check the health of Pool Members |
| monitors | monitor | Optional | NA | Specifies multiple monitors for VS Pool |
| rewrite | String | Optional | NA | Rewrites the path in the HTTP Header while submitting the request to Server in the pool |
| serviceNamespace | String | Optional | NA | Namespace of service, define it if service is present in a namespace other than the one where Virtual Server Custom Resource is present |

Note: **monitors** take priority over **monitor** if both are provided in VS spec.

**Service_Address Components**

| PARAMETER | TYPE | REQUIRED | DEFAULT | DESCRIPTION |
Expand Down Expand Up @@ -164,9 +166,11 @@ different terminations(for same domain), one with edge and another with re-encry
| ------ |---------| ------ | ------ |----------------------------------------------------|
| service | String | Required | NA | Service deployed in kubernetes cluster |
| servicePort | String | Required | NA | Port to access Service |
| monitor | String | Optional | NA | Health Monitor to check the health of Pool Members |
| monitor | monitor | Optional | NA | Health Monitor to check the health of Pool Members |
| monitors | monitor | Optional | NA | Specifies multiple monitors for TS Pool |

Note: **monitors** take priority over **monitor** if both are provided in TS spec.

**Service_Address Components**

| PARAMETER | TYPE | REQUIRED | DEFAULT | DESCRIPTION |
Expand Down
66 changes: 66 additions & 0 deletions docs/config_examples/customResource/Policy/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# Policy
Policy is used to apply existing BIG-IP profiles and policy with Virtual Server and Transport server. The Policy CRD resource defines the profile configuration for a virtual server in BIG-IP. VirtualServer or TransportServer CRD resource takes precedence over Policy CRD resource if the respective feature is supported. Examples of features supported in all resource CRD (i.e. VirtualServer, TransportServer, and Policy) are waf and persistenceProfile.

## Components
### Policy Components

| Parameter | Type | Required | Default | Description |
| ----------- | ------ | -------- | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| l7Policies | Object | Optional | N/A | BIG-IP l7Policies in Policy CR. |
| l3Policies | Object | Optional | N/A | BIG-IP l3Policies in Policy CR. |
| ltmPolicies | Object | Optional | N/A | BIG-IP LTM Policies in Policy CR. |
| iRules | Object | Optional | N/A | BIG-IP iRules in Policy CR. |
| profiles | Object | Optional | N/A | Various BIG-IP Profiles in Policy CR. |
| tcp | Object | Optional | N/A | BIG-IP TCP client and server profiles in Policy CR. |
| snat | String | Optional | auto | Reference to SNAT pool on BIG-IP. The other allowed values are: `auto` (default) and `none`. VirtualServer or TransportServer CRD resource takes precedence over Policy CRD resource. |

### L7 Policy Components

| Parameter | Type | Required | Default | Description |
| --------- | ------ | -------- | ------- | --------------------------------------- |
| waf | String | Optional | N/A | Pathname of existing BIG-IP WAF policy. |

### L3 Policy Components

| Parameter | Type | Required | Default | Description |
| ---------------- | ------ | -------- | ------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| botDefense | String | Optional | N/A | Pathname of the existing BIG-IP botDefense policy. |
| dos | String | Optional | N/A | Pathname of existing BIG-IP DOS policy. |
| firewallPolicy | String | Optional | N/A | Pathname of existing BIG-IP firewall(AFM) policy. |
| allowSourceRange | String | Optional | N/A | Comma-separated list of CIDR addresses to allow inbound to services corresponding to VirtualServer CRD. Allowed values are comma-separated, CIDR formatted, IP addresses. For example: `1.2.3.4/32,2.2.2.0/24` |

### LTM Policy Components

| Parameter | Type | Required | Default | Description |
| --------- | ------ | -------- | ------- | ------------------------------------------------------------------- |
| insecure | String | Optional | N/A | |
| secure | String | Optional | N/A | |
| priority | String | Optional | N/A | Defines the level of priority. Allowed values are `low` and `high`. |

### iRules Components

| Parameter | Type | Required | Default | Description |
| --------- | ------ | -------- | ------- | ------------------------------------------------------------------- |
| insecure | String | Optional | N/A | Pathname of existing BIG-IP iRule. |
| secure | String | Optional | N/A | Pathname of existing BIG-IP iRule. |
| priority | String | Optional | N/A | Defines the level of priority. Allowed values are `low` and `high`. |

### Profile Components

| Parameter | Type | Required | Default | Description |
| ------------------ | -------------- | -------- | ----------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| udp | String | Optional | N/A | Pathname of existing BIG-IP UDP profile. |
| http | String | Optional | N/A | Pathname of existing BIG-IP HTTP profile. |
| https | String | Optional | N/A | Pathname of existing BIG-IP SSL profile. |
| http2 | String | Optional | N/A | Pathname of existing BIG-IP HTTP2 profile. |
| logProfiles | List of string | Optional | N/A | Pathname of existing BIG-IP log profile. |
| persistenceProfile | String | Optional | VirtualServer uses `cookie` TransportServer uses `source-address` | CIS uses the AS3 default persistence profile. VirtualServer or TransportServer CRD resource takes precedence over Policy CRD resource. Allowed values are existing BIG-IP Persistence profiles. |
| profileMultiplex | String | Optional | N/A | CIS uses the AS3 default profileMultiplex profile. Allowed values are existing BIG-IP profileMultiplex profiles. |
| profileL4 | String | Optional | basic | The default value is `basic` but it is not configurable if the profileL4 spec is not included in TS or Policy CR. Transport CRD resource takes precedence over Policy CRD resource. Allowed values are existing BIG-IP profileL4 profiles. |

### TCP Profile Components

| Parameter | Type | Required | Default | Description |
| --------- | ------ | -------- | --------------- | -------------------------------------------------------------------------------------------------------------------------------- |
| client | String | Required | N/A Custom\_TCP | CIS uses the AS3 default TCP client profile. Allowed values are existing BIG-IP TCP Client profiles. |
| server | String | Optional | N/A | Allowed values are existing BIG-IP TCP Server profiles. **Note: Server TCP Profile can only be used along with Client profile.** |
Loading

0 comments on commit c0a031c

Please sign in to comment.