Skip to content

Commit

Permalink
Merge 96a8894 into 6c7fcca
Browse files Browse the repository at this point in the history
  • Loading branch information
@arzzon
arzzon committed Mar 14, 2024
2 parents 6c7fcca + 96a8894 commit 3f9e441
Show file tree
Hide file tree
Showing 5 changed files with 103 additions and 15 deletions.
25 changes: 15 additions & 10 deletions docs/RELEASE-NOTES.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,33 +8,38 @@ Added Functionality
```````````````````
**What's new:**
* Multi Cluster
* `Issue 3284 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3284>`_: Add support to avoid service pool creation for clusters under maintenance.
* `Issue 3284 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3284>`_: Add support to avoid service pool creation for clusters under maintenance. See `Example <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/multicluster/extendedConfigmap/>`_
* Streamline the naming convention for extended service references and multi cluster references annotations.
* See `Example with the updated field names for extendedServiceReferences in VS CRD: <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/multicluster/customResource/virtualServer/vs-with-extended-services.yaml>`_
* See `Example the updated field names for multiClusterServices annotation in NextGenRoutes: <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/multicluster/routes/route-with-multicluster-service-annotation.yaml>`_
* CRD
* `Issue 3225 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3225>`_: Support for Host Persistence to configure and disable the Persistence in VS Policy Rule action based on host in VirtualServer.
* `Issue 3262 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3262>`_: Support for Host Aliases to allow defining multiple hosts in VS CRD. `Example <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/customResource/VirtualServer>`_.
* `Issue 3263 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3263>`_: Support for Host group virtual server name in virtual server to customise the virtual server name when Host Group exists.
* `Issue 3225 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3225>`_: Support for Host Persistence to configure and disable the Persistence in VS Policy Rule action based on host in VirtualServer. See `Example <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/customResource/VirtualServer/virtual-server-with-hostPersistence/>`_
* `Issue 3262 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3262>`_: Support for Host Aliases to allow defining multiple hosts in VS CRD. See `Example <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/customResource/VirtualServer/virtual-with-hostAliases>`_.
* `Issue 3263 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3263>`_: Support for Host group virtual server name in virtual server to customise the virtual server name when Host Group exists. See `Example <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/customResource/VirtualServer/host-group-virtual-server-name>`_
* `Issue 3279 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3279>`_: Support for disabling default partition in AS3 legacy nodeport mode.
* `Issue 3295 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3295>`_: Support for setting the default pool via policy CRD for virtual server and nextgen routes. `Example <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/customResource/Policy>`_.
* Support for mix of k8s Secret and bigip reference in TLSProfile.
* `Issue 3295 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3295>`_: Support for setting the default pool via policy CRD for virtual server and nextgen routes. See `Example <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/customResource/Policy>`_.
* `Issue 3239 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3239>`_: Support for mix of k8s Secret and bigip reference in TLSProfile. See `Example <https://github.com/F5Networks/k8s-bigip-ctlr/tree/2.x-master/docs/config_examples/customResource/VirtualServerWithTLSProfile/reencrypt-hybrid-reference>`_
* Support for setting sslProfile with https monitor in virtualServer and nextgen routes.
* See `Example for Virtual Server CRD <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/customResource/VirtualServerWithTLSProfile/tls-with-health-monitor/>`_
* See `Example for NextGenRoutes <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/next-gen-routes/routes/route-with-target-port-health-monitor.yaml>`_
* Support self value for SNAT in virtualServer and transportServer.
* Support for pool-member-type auto for CRD, NextGen Routes and multiCluster mode. Please refer `Documentation <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/PoolType-Auto/README.md>`.
* Support for CIS deployment parameters "trusted-certs-cfgmap" && "insecure" in CRD and NextGen
* Support for pool-member-type auto for CRD, NextGen Routes and multiCluster mode. Please refer `Documentation <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/PoolType-Auto/README.md>`_
* Support for CIS deployment parameters "trusted-certs-cfgmap" && "insecure" in CRD and NextGen. See `Example <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/configmap/trusted-certs-configmap/>`_
* CIS compatible with AS3 3.50

Bug Fixes
````````````
* `Issue 3230 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3230>`_: CRD multicluster configuration triggers Raw response from Big-IP: map[code:422 declarationFullId: message:declaration has duplicate values in rules].
* `Issue 3230 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3230>`_: CRD multicluster configuration triggers Raw response from Big-IP: map[code:422 declarationFullId: message:declaration has duplicate values in rules]. Please refer FAQ in `Documentation <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/multicluster/README.md>`_
* `Issue 3232 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3232>`_: Enhance as3 response add the runtime attribute.
* `Issue 3239 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3239>`_: Support for mix of k8s Secret and bigip reference in TLSProfile.
* `Issue 3266 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3266>`_: Improve log when admitting next gen routes.
* `Issue 3267 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3267>`_: Improve log for certificate host name validation.
* `Issue 3268 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3268>`_: Handle embedded certificates appropriately when missing SAN and hostnames mismatch.
* `Issue 3277 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3277>`_: Additional PoolMember properties in ConfigMap not preserved for NodePortLocal mode.
* `Issue 3299 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3299>`_: Fix for EDNS in AS3 and CCCL modes.
* `Issue 3312 <https://github.com/F5Networks/k8s-bigip-ctlr/issues/3312>`_: CIS 2.15 crashes due to interface conversion panic.
* Fix for wildcard domain with multiple hosts in tls profile.
* Improve documentation for HTTP2 profile. Please refer `Documentation <https://github.com/F5Networks/k8s-bigip-ctlr/blob/2.x-master/docs/config_examples/customResource/VirtualServerWithTLSProfile/tls-with-http2-profile>`_


Upgrade notes
``````````````
Expand Down
14 changes: 10 additions & 4 deletions docs/config_examples/customResource/CustomResource.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ This page is created to document the behaviour of CIS in CRD Mode.
| PARAMETER | TYPE | REQUIRED | DEFAULT | DESCRIPTION |
|----------------------------------|-------------------------------|-----------|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| host | String | Optional | NA | Virtual Host |
| hostAliases | Array of strings | Optional | NA | Additional host names for a virtual server apart from the primary host |
| defaultPool | defaultPool | Optional | NA | Default BIG-IP Pool for virtual server |
| pools | List of pool | Required | NA | List of BIG-IP Pool members |
| virtualServerAddress | String | Optional | NA | IP4/IP6 Address of BIG-IP Virtual Server. IP address can also be replaced by a reference to a Service_Address. |
Expand All @@ -59,12 +60,12 @@ This page is created to document the behaviour of CIS in CRD Mode.
| tlsProfileName | String | Optional | NA | Describes the TLS profile Name for BIG-IP Virtual Server |
| rewriteAppRoot | String | Optional | NA | Rewrites the path in the HTTP Header (and Redirects) from \"/" (root path) to specifed path |
| waf | String | Optional | NA | Reference to WAF policy on BIG-IP |
| snat | String | Optional | auto | Reference to SNAT pool on BIG-IP. The supported values are ``none``, ``auto``, ``self`` and the BIG-IP SNATPool path. |
| snat | String | Optional | auto | Reference to SNAT pool on BIG-IP. The supported values are ``none``, ``auto``, ``self`` and the BIG-IP SNATPool path. |
| connectionMirroring | String | Optional | NA | Controls connection-mirroring for high-availability.allowed value is "none" or "L4" |
| httpTraffic | String | Optional | allow | Configure behavior of HTTP Virtual Server. The allowed values are: allow: allow HTTP (default), none: only HTTPs, redirect: redirect HTTP to HTTPS. |
| allowVlans | List of Vlans | Optional | NA | list of Vlan objects to allow traffic from |
| hostGroup | String | Optional | NA | Label to group virtualservers with different host names into one in BIG-IP. |
| hostGroupVirtualServerName | String | Optional | NA | Custom name of BIG-IP Virtual Server when hostGroup exists. |
| hostGroupVirtualServerName | String | Optional | NA | Custom name of BIG-IP Virtual Server when hostGroup exists. |
| persistenceProfile | String | Optional | cookie | CIS uses the AS3 default persistence profile. VirtualServer CRD resource takes precedence over Policy CRD. Allowed values are existing BIG-IP Persistence profiles. |
| htmlProfile | String | Optional | NA | Pathname of existing BIG-IP HTML profile. VirtualServer CRD resource takes precedence over Policy CRD. Allowed values are existing BIG-IP HTML profiles. |
| dos | String | Optional | NA | Pathname of existing BIG-IP DoS policy. |
Expand All @@ -78,10 +79,15 @@ This page is created to document the behaviour of CIS in CRD Mode.
| httpMrfRoutingEnabled | boolean | Optional | false | Specifies whether to use the HTTP message routing framework (MRF) functionality. This property is available on BIGIP 14.1 and above. |
| additionalVirtualServerAddresses | List of virtualserver address | Optional | NA | List of virtual addresses additional to virtualServerAddress where virtual will be listening on.Uses AS3 virtualAddresses param to expose Virtual server which will listen to each IP address in list |
| partition | String | Optional | NA | bigip partition |
| hostPersistence | Object | Optional | NA | Persist session rule action will be added to the VS Policy based on the host. Allowed values are existing BIG-IP Persist session |
| hostPersistence | Object | Optional | NA | Persist session rule action will be added to the VS Policy based on the host. Allowed values are existing BIG-IP Persist session |

**Note**:
* **hostGroupVirtualServerName** is valid for Virtual Servers configured with hostGroup. hostGroupVirtualServerName is same in all Virtual Servers definitions in a hostGroup. To update existing hostGrouped Virtual servers with hostGroupVirtualServerName, delete the existing Virtual Servers with that hostGroup and apply after adding hostGroupVirtualServerName to the Virtual Server.
* **hostGroupVirtualServerName** will be considered only when the hostGroup is provided in the Virtual Server.
If you want to set the hostGroupVirtualServerName for the existing Virtual Servers, please delete those
Virtual Servers from the Kubernetes/Openshift cluster and re-apply the Virtual Servers with the hostGroupVirtualServerName.
And please make sure that hostGroupVirtualServerName is same across a hostGroup in Virtual Servers. Virtual Servers
which are in same hostGroup and using hostGroupVirtualServerName, do not get updated unless all the Virtual Servers
have same hostGroupVirtualServerName.


**Default Pool Components**
Expand Down
2 changes: 1 addition & 1 deletion docs/config_examples/multicluster/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -537,7 +537,7 @@ Supported values for adminState are [enable, disable, offline, no-pool]<br>
By default clusters are in enabled state.<br>
**adminState: enable**, all new connections are allowed to the pool members from the cluster.<br>
**adminState: disable**, all new connections except those which match an existing persistence session are not allowed for the pool members from the cluster.<br>
**adminState: offline**, no new connections are allowed to the pool members from the cluster, even if they match an existing persistence session.
**adminState: offline**, no new connections are allowed to the pool members from the cluster, even if they match an existing persistence session.<br>
**adminState: no-pool**, in ratio mode, a service pool is not created for the affected cluster. For all other modes, pool members from the cluster are not added to the service pool. This configuration is helpful when we don't want to add pool or pool members from a particular cluster due to any reasons(for example cluster is under maintenance).<br>


Expand Down
43 changes: 43 additions & 0 deletions ...pool/global-spec-config-for-multicluster-with-HA-CIS-and-cluster-admin-state-no-pool.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# Example for the usage of adminState with no-pool value in the extendedConfigmap in case of HA-CIS.
# adminState can be provided for a cluster to mark the state of a particular cluster.
# Supported values for adminState are [enable, disable, offline]
# By default clusters are in enabled state.
# adminState: enable, all new connections are allowed to the pool members from the cluster.
# adminState: disable, all new connections except those which match an existing persistence session are not allowed for the pool members from the cluster.
# adminState: offline, no new connections are allowed to the pool members from the cluster, even if they match an existing persistence session.
# adminState: in ratio mode, a service pool is not created for the affected cluster. For all other modes, pool members from the cluster are not added to the service pool. This configuration is helpful when we don't want to add pool or pool members from a particular cluster due to any reasons(for example cluster is under maintenance).

apiVersion: v1
kind: ConfigMap
metadata:
labels:
f5nr: "true"
name: extended-spec-config
namespace: kube-system
data:
extendedSpec: |
mode: active-active
highAvailabilityCIS:
primaryEndPoint: http://10.145.72.114:8001
probeInterval: 30
retryInterval: 3
primaryCluster:
clusterName: cluster1
secret: default/kubeconfig1
secondaryCluster:
clusterName: cluster2
secret: default/kubeconfig2
adminState: no-pool
externalClustersConfig:
- clusterName: cluster3
secret: default/kubeconfig3
adminState: offline
- clusterName: cluster4
secret: default/kubeconfig4
adminState: no-pool
extendedRouteSpec:
- allowOverride: false
namespace: foo
policyCR: foo/cr-policy1
vserverAddr: 10.8.0.4
vserverName: vs-foo

0 comments on commit 3f9e441

Please sign in to comment.