From 5802ce9a9edc172a5d19f388aa96fde646e9ce42 Mon Sep 17 00:00:00 2001 From: Vivek Lohiya Date: Wed, 4 Sep 2024 10:19:48 +0530 Subject: [PATCH] CIS 2.18.0 release (#3544) --- docs/RELEASE-NOTES.rst | 6 +- .../customresourcedefinitions.yml | 149 +++++++++++------- docs/upgradeProcess.md | 4 +- f5-bigip-ctlr-operator/Dockerfile | 2 +- f5-bigip-ctlr-operator/bundle.Dockerfile | 4 +- ...p-ctlr-operator.clusterserviceversion.yaml | 6 +- .../bundle/metadata/annotations.yaml | 6 +- helm-charts/f5-bigip-ctlr/Chart.yaml | 2 +- 8 files changed, 112 insertions(+), 67 deletions(-) diff --git a/docs/RELEASE-NOTES.rst b/docs/RELEASE-NOTES.rst index 67979d808..a0ce1f785 100644 --- a/docs/RELEASE-NOTES.rst +++ b/docs/RELEASE-NOTES.rst @@ -2,7 +2,7 @@ Release Notes for Container Ingress Services for Kubernetes & OpenShift ======================================================================= -Next Release +2.18.0 ------------- Added Functionality @@ -38,6 +38,10 @@ Upgrade notes Also see the deployment parameter `manage-load-balancer-class-only`, to control the behavior of CIS for services with loadBalancerClass field set in the service spec. * CIS with as3 version >= 3.52, passthrough VS on bigip will not have default ssl profile. +Known Issues +````````````` +* Support for multiple ltm monitors with single virtual server referring to same backend on different path does not work. + F5 IPAM Controller v0.1.11 `````````````````````````` diff --git a/docs/config_examples/customResourceDefinitions/customresourcedefinitions.yml b/docs/config_examples/customResourceDefinitions/customresourcedefinitions.yml index 82e51a308..5f43608f6 100644 --- a/docs/config_examples/customResourceDefinitions/customresourcedefinitions.yml +++ b/docs/config_examples/customResourceDefinitions/customresourcedefinitions.yml @@ -46,6 +46,11 @@ spec: ipamLabel: type: string pattern: '^[a-zA-Z]+[-A-z0-9_.:]+[A-z0-9]+$' + bigipRouteDomain: + type: integer + minimum: 0 + maximum: 65535 + default: 0 snat: type: string pattern: '^$|^\/?[a-zA-Z]+([-A-z0-9_+]+\/)*([-A-z0-9_.:]+\/?)+$' @@ -139,6 +144,15 @@ spec: profileMultiplex: type: string pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$' + profileAdapt: + type: object + properties: + request: + type: string + pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$' + response: + type: string + pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$' allowVlans: items: type: string @@ -445,7 +459,7 @@ spec: jsonPath: .metadata.creationTimestamp subresources: status: {} - + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -478,6 +492,11 @@ spec: tlsVersion: type: string enum: ["1.0", "1.1", "1.2", "1.3"] + disableTLSVersions: + type: array + items: + type: string + enum: ["1.0", "1.1", "1.2", "1.3"] ciphers: type: string cipherGroup: @@ -581,7 +600,7 @@ spec: policyName: type: string pattern: '^([A-z0-9-_+])*([A-z0-9])$' - mode: + mode: type: string enum: [standard, performance] type: @@ -627,6 +646,11 @@ spec: ipamLabel: type: string pattern: '^[a-zA-Z]+[-A-z0-9_.:]+[A-z0-9]+$' + bigipRouteDomain: + type: integer + minimum: 0 + maximum: 65535 + default: 0 serviceAddress: type: array maxItems: 1 @@ -717,25 +741,25 @@ spec: items: type: object properties: - type: - type: string - enum: [ tcp, udp, http, https ] - interval: - type: integer - timeout: - type: integer - targetPort: - type: integer - name: - type: string - pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$' - reference: - type: string - enum: [bigip] - send: - type: string - recv: - type: string + type: + type: string + enum: [ tcp, udp, http, https ] + interval: + type: integer + timeout: + type: integer + targetPort: + type: integer + name: + type: string + pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$' + reference: + type: string + enum: [bigip] + send: + type: string + recv: + type: string reselectTries: type: integer minimum: 0 @@ -764,8 +788,8 @@ spec: minimum: 0 maximum: 100 required: - - service - - servicePort + - service + - servicePort required: - virtualServerPort - pool @@ -783,37 +807,37 @@ spec: type: string default: Pending additionalPrinterColumns: - - name: virtualServerAddress - type: string - description: IP address of virtualServer - jsonPath: .spec.virtualServerAddress - - name: virtualServerPort - type: integer - description: Port of virtualServer - jsonPath: .spec.virtualServerPort - - name: pool - type: string - description: Name of service - jsonPath: .spec.pool.service - - name: poolPort - type: string - description: Port of service - jsonPath: .spec.pool.servicePort - - name: ipamLabel - type: string - description: ipamLabel for transport server - jsonPath: .spec.ipamLabel - - name: IPAMVSAddress - type: string - description: IP address of transport server - jsonPath: .status.vsAddress - - name: STATUS - type: string - description: status of TransportServer - jsonPath: .status.status - - name: Age - type: date - jsonPath: .metadata.creationTimestamp + - name: virtualServerAddress + type: string + description: IP address of virtualServer + jsonPath: .spec.virtualServerAddress + - name: virtualServerPort + type: integer + description: Port of virtualServer + jsonPath: .spec.virtualServerPort + - name: pool + type: string + description: Name of service + jsonPath: .spec.pool.service + - name: poolPort + type: string + description: Port of service + jsonPath: .spec.pool.servicePort + - name: ipamLabel + type: string + description: ipamLabel for transport server + jsonPath: .spec.ipamLabel + - name: IPAMVSAddress + type: string + description: IP address of transport server + jsonPath: .status.vsAddress + - name: STATUS + type: string + description: status of TransportServer + jsonPath: .status.status + - name: Age + type: date + jsonPath: .metadata.creationTimestamp subresources: status: { } --- @@ -978,6 +1002,11 @@ spec: ipamLabel: type: string pattern: '^[a-zA-Z]+[-A-z0-9_.:]+[A-z0-9]+$' + bigipRouteDomain: + type: integer + minimum: 0 + maximum: 65535 + default: 0 iRules: type: array items: @@ -1046,6 +1075,15 @@ spec: policyPerRequestAccess: type: string pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$' + profileAdapt: + type: object + properties: + request: + type: string + pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$' + response: + type: string + pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$' l3Policies: type: object properties: @@ -1231,6 +1269,9 @@ spec: htmlProfile: type: string pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$' + ftpProfile: + type: string + pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$' autoLastHop: type: string enum: [ default, auto, disable ] diff --git a/docs/upgradeProcess.md b/docs/upgradeProcess.md index 33d1cd996..f24cbfd85 100644 --- a/docs/upgradeProcess.md +++ b/docs/upgradeProcess.md @@ -47,7 +47,7 @@ Compatibility Matrix | v2.16.1 | v17.0 | v1.29 | v4.14.0* | Yes | Yes | v3.50 | v0.1.10 | v0.0.4 | v0.0.29 | Red Hat Enterprise Linux release 9.1 (Plow) | | v2.17.0 | v17.0 | v1.31 | v4.15.0* | Yes | Yes | v3.50 | v0.1.10 | v0.0.5 | v0.0.30 | Red Hat Enterprise Linux release 9.1 (Plow) | | v2.17.1 | v17.0 | v1.31 | v4.15.0* | Yes | Yes | v3.50 | v0.1.10 | v0.0.5 | v0.0.31 | Red Hat Enterprise Linux release 9.1 (Plow) | -| v2.18.0 | v17.0 | v1.31 | v4.16.0* | Yes | Yes | v3.52 | v0.1.10 | v0.0.5 | v0.0.31 | Red Hat Enterprise Linux release 9.1 (Plow) | +| v2.18.0 | v17.0 | v1.31 | v4.16.0* | Yes | Yes | v3.52 | v0.1.11 | v0.0.5 | v0.0.32 | Red Hat Enterprise Linux release 9.1 (Plow) | Note: For OCP version 4.12, CIS is compatible with IPv4 and dual stack IPv4. Compatibility Matrix for Multi Cluster Support @@ -59,7 +59,7 @@ Compatibility Matrix for Multi Cluster Support | v2.15.0 | v16.0 | v1.28 | v4.13.0 | Yes | No | Yes | v3.48 | v0.0.27 | | v2.16.0 | v17.0 | v1.29 | v4.14.0* | Yes | No | Yes | v3.50 | v0.0.29 | | v2.17.0 | v17.0 | v1.31 | v4.15.0* | Yes | No | Yes | v3.50 | v0.0.30 | -| v2.18.0 | v17.0 | v1.31 | v4.16.0* | Yes | No | Yes | v3.52 | v0.0.30 | +| v2.18.0 | v17.0 | v1.31 | v4.16.0* | Yes | No | Yes | v3.52 | v0.0.32 | diff --git a/f5-bigip-ctlr-operator/Dockerfile b/f5-bigip-ctlr-operator/Dockerfile index b3c308a2c..2ee4032d6 100644 --- a/f5-bigip-ctlr-operator/Dockerfile +++ b/f5-bigip-ctlr-operator/Dockerfile @@ -7,7 +7,7 @@ ENV HOME=/opt/helm LABEL name="F5 Container Ingress Services Operator" \ maintainer="f5_cis_operators@f5.com" \ vendor="F5 Networks Inc." \ - version="v1.17.0" \ + version="v1.18.0" \ release="1" \ summary="Container Ingress Services Operator for F5 BIG-IP" \ description="F5 BIG-IP Controller Operator is a Service Operator which installs F5 BIG-IP Controller (Container Ingress Services) on Kubernetes and OpenShift platforms and respective supported versions." diff --git a/f5-bigip-ctlr-operator/bundle.Dockerfile b/f5-bigip-ctlr-operator/bundle.Dockerfile index 58bb088f5..5de0eb9bd 100644 --- a/f5-bigip-ctlr-operator/bundle.Dockerfile +++ b/f5-bigip-ctlr-operator/bundle.Dockerfile @@ -5,8 +5,8 @@ LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.package.v1=f5-bigip-ctlr-operator -LABEL operators.operatorframework.io.bundle.channels.v1=alpha,beta -LABEL operators.operatorframework.io.bundle.channel.default.v1=beta +LABEL operators.operatorframework.io.bundle.channels.v1=alpha,beta,stable +LABEL operators.operatorframework.io.bundle.channel.default.v1=stable LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.26.0 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 LABEL operators.operatorframework.io.metrics.project_layout=helm.sdk.operatorframework.io/v1 diff --git a/f5-bigip-ctlr-operator/bundle/manifests/f5-bigip-ctlr-operator.clusterserviceversion.yaml b/f5-bigip-ctlr-operator/bundle/manifests/f5-bigip-ctlr-operator.clusterserviceversion.yaml index d521006b3..bec641c8a 100644 --- a/f5-bigip-ctlr-operator/bundle/manifests/f5-bigip-ctlr-operator.clusterserviceversion.yaml +++ b/f5-bigip-ctlr-operator/bundle/manifests/f5-bigip-ctlr-operator.clusterserviceversion.yaml @@ -50,7 +50,7 @@ metadata: categories: Networking certified: "false" containerImage: registry.connect.redhat.com/f5networks/k8s-bigip-ctlr-operator@sha256:560aff6297fa8d5c13d830b0186035205abb1785d62f310a268054fbfd3ae7d1 - createdAt: "2024-06-04" + createdAt: "2024-08-28" description: Operator to install F5 Container Ingress Services (CIS) for BIG-IP. operators.operatorframework.io/builder: operator-sdk-v1.26.0 operators.operatorframework.io/project_layout: helm.sdk.operatorframework.io/v1 @@ -66,7 +66,7 @@ metadata: features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "false" features.operators.openshift.io/csi: "false" - name: f5-bigip-ctlr-operator.v1.17.0 + name: f5-bigip-ctlr-operator.v1.18.0 namespace: placeholder spec: apiservicedefinitions: {} @@ -410,7 +410,7 @@ spec: minKubeVersion: 1.13.0 provider: name: F5 Networks Inc. - version: 1.17.0 + version: 1.18.0 relatedImages: - name: cntr-ingress-svcs image: registry.connect.redhat.com/f5networks/cntr-ingress-svcs@sha256:7ee53dc08596d4078da5bdb8188f3eda337d44ca8a91976667f2612bf54f9948 diff --git a/f5-bigip-ctlr-operator/bundle/metadata/annotations.yaml b/f5-bigip-ctlr-operator/bundle/metadata/annotations.yaml index 265651dbc..b61c1eb13 100644 --- a/f5-bigip-ctlr-operator/bundle/metadata/annotations.yaml +++ b/f5-bigip-ctlr-operator/bundle/metadata/annotations.yaml @@ -4,8 +4,8 @@ annotations: operators.operatorframework.io.bundle.manifests.v1: manifests/ operators.operatorframework.io.bundle.metadata.v1: metadata/ operators.operatorframework.io.bundle.package.v1: f5-bigip-ctlr-operator - operators.operatorframework.io.bundle.channels.v1: alpha,beta - operators.operatorframework.io.bundle.channel.default.v1: beta + operators.operatorframework.io.bundle.channels.v1: alpha,beta,stable + operators.operatorframework.io.bundle.channel.default.v1: stable operators.operatorframework.io.metrics.builder: operator-sdk-v1.26.0 operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 operators.operatorframework.io.metrics.project_layout: helm.sdk.operatorframework.io/v1 @@ -15,4 +15,4 @@ annotations: operators.operatorframework.io.test.config.v1: tests/scorecard/ # Annotations to specify OCP versions compatibility. - com.redhat.openshift.versions: v4.6-v4.15 \ No newline at end of file + com.redhat.openshift.versions: v4.12-v4.16 \ No newline at end of file diff --git a/helm-charts/f5-bigip-ctlr/Chart.yaml b/helm-charts/f5-bigip-ctlr/Chart.yaml index c8b905cac..69c7e16e4 100644 --- a/helm-charts/f5-bigip-ctlr/Chart.yaml +++ b/helm-charts/f5-bigip-ctlr/Chart.yaml @@ -1,4 +1,4 @@ apiVersion: v1 description: Deploy the F5 Networks BIG-IP Controller for Kubernetes and OpenShift (k8s-bigip-ctlr). name: f5-bigip-ctlr -version: 0.0.31 +version: 0.0.32