Add support for ingressLink

docs/config_examples/customResource/IngressLink/ingressLink-with-inline-iRule/ingresslink-with-inline-proxy-iRule.yaml

@@ -0,0 +1,13 @@
+apiVersion: "cis.f5.com/v1"
+kind: IngressLink
+metadata:
+  name: nginx-ingress
+  namespace: nginx-ingress
+spec:
+  virtualServerAddress: "192.168.10.5"
+  host: cafe.example.com
+  iRules:
+    - "when SERVER_CONNECTED {\nTCP::respond \"PROXY TCP[IP::version] [IP::client_addr] [clientside {IP::local_addr}] [TCP::client_port] [clientside {TCP::local_port}]\r\n\"}"
+  selector:
+    matchLabels:
+      app: ingresslink

docs/config_examples/customResourceDefinitions/incubator/customresourcedefinitions.yml

@@ -870,7 +870,6 @@ spec:
                   type: array
                   items:
                     type: string
-                    pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
                 selector:
                   properties:
                     matchLabels:

pkg/controller/as3PostManager.go

@@ -201,9 +201,13 @@ func createPoolDecl(cfg *ResourceConfig, app as3Application, shareNodes bool, te
 				log.Warningf("[AS3] virtualServer: %v, pool: %v, monitor: %v, bigIp reference feature is not supported with BIG-IP Next", cfg.Virtual.Name, v.Name, val.Name)
 			} else {
 				use := strings.Split(val.Name, "/")
-				monitor.Use = fmt.Sprintf("/%s/%s/%s",
-					tenant,
-					cfg.Virtual.Name,
+				// Full path is not supported with BIG-IP Next
+				//monitor.Use = fmt.Sprintf("/%s/%s/%s",
+				//	tenant,
+				//	cfg.Virtual.Name,
+				//	use[len(use)-1],
+				//)
+				monitor.Use = fmt.Sprintf("%s",
 					use[len(use)-1],
 				)
 				pool.Monitors = append(pool.Monitors, monitor)
@@ -245,8 +249,9 @@ func processIrulesForCRD(cfg *ResourceConfig, svc *as3Service) {
 		if strings.HasSuffix(iRuleNoPort, HttpRedirectIRuleName) ||
 			strings.HasSuffix(iRuleNoPort, HttpRedirectNoHostIRuleName) ||
 			strings.HasSuffix(iRuleName, TLSIRuleName) ||
-			strings.HasSuffix(iRuleName, ABPathIRuleName) {
-
+			strings.HasSuffix(iRuleName, ABPathIRuleName) || v[0] != '/' {
+			// Reference existing iRule from BIGIP as well as inline iRules
+			// If iRule value doesn't start with '/' then it's considered to be inline iRule
 			IRules = append(IRules, iRuleName)
 		} else {
 			irule := &as3ResourcePointer{

pkg/controller/controller.go

@@ -66,6 +66,7 @@ func NewController(params Params) *Controller {
 		managedResources: ManagedResources{
 			ManageCustomResources: true,
 			ManageTransportServer: true,
+			ManageIL:              true,
 		},
 		bigIpMap:   make(BigIpMap),
 		PostParams: PostParams{},

pkg/controller/worker.go

@@ -30,6 +30,7 @@ import (
 	"reflect"
 	"slices"
 	"sort"
+	"strconv"
 	"strings"
 	"time"
 
@@ -3365,17 +3366,18 @@ func (ctlr *Controller) processIngressLink(
 			}
 		}
 		for _, rsName := range delRes {
-			var hostnames []string
-			if rsMap[rsName] != nil {
-				rsCfg, err := ctlr.resources.getResourceConfig(partition, rsName, BigIPLabel)
-				if err == nil {
-					hostnames = rsCfg.MetaData.hosts
-				}
-			}
+			// TODO: Uncomment the below code when ENDS is supported with 3.x
+			//var hostnames []string
+			//if rsMap[rsName] != nil {
+			//	rsCfg, err := ctlr.resources.getResourceConfig(partition, rsName, BigIPLabel)
+			//	if err == nil {
+			//		hostnames = rsCfg.MetaData.hosts
+			//	}
+			//}
 			ctlr.deleteVirtualServer(partition, rsName, bigipConfig)
-			if len(hostnames) > 0 {
-				ctlr.ProcessAssociatedExternalDNS(hostnames)
-			}
+			//if len(hostnames) > 0 {
+			//	ctlr.ProcessAssociatedExternalDNS(hostnames)
+			//}
 		}
 		ctlr.TeemData.Lock()
 		ctlr.TeemData.ResourceType.IngressLink[ingLink.Namespace]--
@@ -3428,8 +3430,22 @@ func (ctlr *Controller) processIngressLink(
 		rsCfg.Virtual.Enabled = true
 		rsCfg.Virtual.Name = rsName
 		rsCfg.Virtual.SNAT = DEFAULT_SNAT
+		rsCfg.IRulesMap = make(IRulesMap)
 		if len(ingLink.Spec.IRules) > 0 {
-			rsCfg.Virtual.IRules = ingLink.Spec.IRules
+			var iRules []string
+			i := 0
+			for _, iRule := range ingLink.Spec.IRules {
+				//rsCfg.Virtual.IRules = ingLink.Spec.IRules
+				if iRule[0] == '/' {
+					iRules = append(iRules, iRule)
+				} else {
+					iRuleName := rsName + "_iRule_" + strconv.Itoa(i)
+					rsCfg.addIRule(iRuleName, partition, iRule)
+					iRules = append(iRules, iRuleName)
+					i++
+				}
+			}
+			rsCfg.Virtual.IRules = iRules
 		}
 		rsCfg.Virtual.SetVirtualAddress(
 			ip,
@@ -3464,20 +3480,27 @@ func (ctlr *Controller) processIngressLink(
 			rsCfg.MetaData.Active = true
 		}
 		monitorName := fmt.Sprintf("%s_monitor", pool.Name)
+		// TODO: Commented below monitor definition since TargetPort isn't supported yet with Bigip-Next
+		//rsCfg.Monitors = append(
+		//	rsCfg.Monitors,
+		//	Monitor{Name: monitorName, Partition: rsCfg.Virtual.Partition, Interval: 20,
+		//		Type: "http", Send: "GET /nginx-ready HTTP/1.1\r\n", Recv: "", Timeout: 10, TargetPort: targetPort})
 		rsCfg.Monitors = append(
 			rsCfg.Monitors,
 			Monitor{Name: monitorName, Partition: rsCfg.Virtual.Partition, Interval: 20,
-				Type: "http", Send: "GET /nginx-ready HTTP/1.1\r\n", Recv: "", Timeout: 10, TargetPort: targetPort})
+				Type: "http", Send: "GET /nginx-ready HTTP/1.1\r\n", Recv: "", Timeout: 10})
+
 		pool.MonitorNames = append(pool.MonitorNames, MonitorName{Name: monitorName})
 		rsCfg.Virtual.PoolName = pool.Name
 		rsCfg.Pools = append(rsCfg.Pools, pool)
 		// Update rsMap with ResourceConfigs created for the current ingresslink virtuals
 		rsMap[rsName] = rsCfg
-		var hostnames []string
-		hostnames = rsCfg.MetaData.hosts
-		if len(hostnames) > 0 {
-			ctlr.ProcessAssociatedExternalDNS(hostnames)
-		}
+		// TODO: Uncomment the following lines once CIS 3.x starts supporting EDNS
+		//var hostnames []string
+		//hostnames = rsCfg.MetaData.hosts
+		//if len(hostnames) > 0 {
+		//	ctlr.ProcessAssociatedExternalDNS(hostnames)
+		//}
 	}
 
 	return nil