From bce2a8f30a4e4327fba25a7c639f17cd344ba6cf Mon Sep 17 00:00:00 2001 From: Arbaaz Khan Date: Tue, 26 Mar 2024 10:03:46 +0530 Subject: [PATCH] Add support for ingressLink --- docs/cis-3.x/rbac/clusterrole.yaml | 2 +- ...resslink-with-iRule-reference-from-cm.yaml | 16 +++++++ .../incubator/customresourcedefinitions.yml | 2 +- pkg/controller/as3PostManager.go | 17 +++++-- pkg/controller/controller.go | 1 + pkg/controller/types.go | 1 + pkg/controller/worker.go | 45 ++++++++++--------- 7 files changed, 57 insertions(+), 27 deletions(-) create mode 100644 docs/config_examples/customResource/IngressLink/ingressLink-with-iRule-reference-from-cm/ingresslink-with-iRule-reference-from-cm.yaml diff --git a/docs/cis-3.x/rbac/clusterrole.yaml b/docs/cis-3.x/rbac/clusterrole.yaml index 40052b050..97a05528c 100644 --- a/docs/cis-3.x/rbac/clusterrole.yaml +++ b/docs/cis-3.x/rbac/clusterrole.yaml @@ -12,7 +12,7 @@ rules: resources: ["events", "services/status"] verbs: ["get", "list", "watch", "update", "create", "patch"] - apiGroups: ["cis.f5.com"] - resources: ["transportservers", "transportservers/status", "deployconfigs", "policies"] + resources: ["transportservers", "transportservers/status", "deployconfigs", "policies", "ingresslinks", "ingresslinks/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["fic.f5.com"] resources: ["ipams", "ipams/status"] diff --git a/docs/config_examples/customResource/IngressLink/ingressLink-with-iRule-reference-from-cm/ingresslink-with-iRule-reference-from-cm.yaml b/docs/config_examples/customResource/IngressLink/ingressLink-with-iRule-reference-from-cm/ingresslink-with-iRule-reference-from-cm.yaml new file mode 100644 index 000000000..14522d950 --- /dev/null +++ b/docs/config_examples/customResource/IngressLink/ingressLink-with-iRule-reference-from-cm/ingresslink-with-iRule-reference-from-cm.yaml @@ -0,0 +1,16 @@ +# Example of iRule reference from Central Manager +# In order to reference an iRule created on Central Manager, provide the iRule in the following format +# :, for example: proxyProtocolIrule:v1 +apiVersion: "cis.f5.com/v1" +kind: IngressLink +metadata: + name: nginx-ingress + namespace: nginx-ingress +spec: + virtualServerAddress: "192.168.10.5" + host: cafe.example.com + iRules: + - "proxyProtocolIrule:v1" + selector: + matchLabels: + app: ingresslink \ No newline at end of file diff --git a/docs/config_examples/customResourceDefinitions/incubator/customresourcedefinitions.yml b/docs/config_examples/customResourceDefinitions/incubator/customresourcedefinitions.yml index b39bdd155..3c6e34f5b 100644 --- a/docs/config_examples/customResourceDefinitions/incubator/customresourcedefinitions.yml +++ b/docs/config_examples/customResourceDefinitions/incubator/customresourcedefinitions.yml @@ -870,7 +870,7 @@ spec: type: array items: type: string - pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$' + pattern: '(^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$)|(^[a-zA-Z]+([A-z0-9-_+])*:[a-zA-Z]+([A-z0-9-_+])*$)' selector: properties: matchLabels: diff --git a/pkg/controller/as3PostManager.go b/pkg/controller/as3PostManager.go index d2858b499..a61411c59 100644 --- a/pkg/controller/as3PostManager.go +++ b/pkg/controller/as3PostManager.go @@ -201,9 +201,13 @@ func createPoolDecl(cfg *ResourceConfig, app as3Application, shareNodes bool, te log.Warningf("[AS3] virtualServer: %v, pool: %v, monitor: %v, bigIp reference feature is not supported with BIG-IP Next", cfg.Virtual.Name, v.Name, val.Name) } else { use := strings.Split(val.Name, "/") - monitor.Use = fmt.Sprintf("/%s/%s/%s", - tenant, - cfg.Virtual.Name, + // Full path is not supported with BIG-IP Next + //monitor.Use = fmt.Sprintf("/%s/%s/%s", + // tenant, + // cfg.Virtual.Name, + // use[len(use)-1], + //) + monitor.Use = fmt.Sprintf("%s", use[len(use)-1], ) pool.Monitors = append(pool.Monitors, monitor) @@ -246,8 +250,13 @@ func processIrulesForCRD(cfg *ResourceConfig, svc *as3Service) { strings.HasSuffix(iRuleNoPort, HttpRedirectNoHostIRuleName) || strings.HasSuffix(iRuleName, TLSIRuleName) || strings.HasSuffix(iRuleName, ABPathIRuleName) { - IRules = append(IRules, iRuleName) + } else if len(strings.Split(v, ":")) == 2 { + cmIRule := strings.Split(v, ":") + iRule := &as3ResourcePointer{ + CM: fmt.Sprintf("%s::%s", cmIRule[0], cmIRule[1]), + } + IRules = append(IRules, iRule) } else { irule := &as3ResourcePointer{ BigIP: v, diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index b3e54fe1b..e2291058f 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -66,6 +66,7 @@ func NewController(params Params) *Controller { managedResources: ManagedResources{ ManageCustomResources: true, ManageTransportServer: true, + ManageIL: true, }, bigIpMap: make(BigIpMap), PostParams: PostParams{}, diff --git a/pkg/controller/types.go b/pkg/controller/types.go index 786d3b56a..f41eb0573 100644 --- a/pkg/controller/types.go +++ b/pkg/controller/types.go @@ -947,6 +947,7 @@ type ( as3ResourcePointer struct { BigIP string `json:"bigip,omitempty"` Use string `json:"use,omitempty"` + CM string `json:"cm,omitempty"` } // as3Service maps to the following in AS3 Resources diff --git a/pkg/controller/worker.go b/pkg/controller/worker.go index 5fc5fe225..1d2e3a31a 100644 --- a/pkg/controller/worker.go +++ b/pkg/controller/worker.go @@ -3365,17 +3365,18 @@ func (ctlr *Controller) processIngressLink( } } for _, rsName := range delRes { - var hostnames []string - if rsMap[rsName] != nil { - rsCfg, err := ctlr.resources.getResourceConfig(partition, rsName, BigIPLabel) - if err == nil { - hostnames = rsCfg.MetaData.hosts - } - } + // TODO: Uncomment the below code when ENDS is supported with 3.x + //var hostnames []string + //if rsMap[rsName] != nil { + // rsCfg, err := ctlr.resources.getResourceConfig(partition, rsName, BigIPLabel) + // if err == nil { + // hostnames = rsCfg.MetaData.hosts + // } + //} ctlr.deleteVirtualServer(partition, rsName, bigipConfig) - if len(hostnames) > 0 { - ctlr.ProcessAssociatedExternalDNS(hostnames) - } + //if len(hostnames) > 0 { + // ctlr.ProcessAssociatedExternalDNS(hostnames) + //} } ctlr.TeemData.Lock() ctlr.TeemData.ResourceType.IngressLink[ingLink.Namespace]-- @@ -3463,21 +3464,23 @@ func (ctlr *Controller) processIngressLink( if len(pool.Members) > 0 { rsCfg.MetaData.Active = true } - monitorName := fmt.Sprintf("%s_monitor", pool.Name) - rsCfg.Monitors = append( - rsCfg.Monitors, - Monitor{Name: monitorName, Partition: rsCfg.Virtual.Partition, Interval: 20, - Type: "http", Send: "GET /nginx-ready HTTP/1.1\r\n", Recv: "", Timeout: 10, TargetPort: targetPort}) - pool.MonitorNames = append(pool.MonitorNames, MonitorName{Name: monitorName}) + // TODO: Commented below monitor definition since TargetPort isn't supported yet with Bigip-Next + //monitorName := fmt.Sprintf("%s_monitor", pool.Name) + //rsCfg.Monitors = append( + // rsCfg.Monitors, + // Monitor{Name: monitorName, Partition: rsCfg.Virtual.Partition, Interval: 20, + // Type: "http", Send: "GET /nginx-ready HTTP/1.1\r\n", Recv: "", Timeout: 10, TargetPort: targetPort}) + //pool.MonitorNames = append(pool.MonitorNames, MonitorName{Name: monitorName}) rsCfg.Virtual.PoolName = pool.Name rsCfg.Pools = append(rsCfg.Pools, pool) // Update rsMap with ResourceConfigs created for the current ingresslink virtuals rsMap[rsName] = rsCfg - var hostnames []string - hostnames = rsCfg.MetaData.hosts - if len(hostnames) > 0 { - ctlr.ProcessAssociatedExternalDNS(hostnames) - } + // TODO: Uncomment the following lines once CIS 3.x starts supporting EDNS + //var hostnames []string + //hostnames = rsCfg.MetaData.hosts + //if len(hostnames) > 0 { + // ctlr.ProcessAssociatedExternalDNS(hostnames) + //} } return nil