diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/README.md b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/README.md new file mode 100644 index 0000000..0432760 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/README.md @@ -0,0 +1,110 @@ +# Overview + +Creates a single-cluster L7 two-tier deployment where OpenShift's router (HA-proxy) default instance is used is in the second tier. + +L7 routes created in HA-proxy and in BIG-IP: + +``` +www.sc-twotier.com/ +www.sc-twotier.com/shop +www.sc-twotier.com/checkout +account.sc-twotier.com/ +``` + +In the second tier (HA-proxy), these L7 routes are exposed with the Route resource type. + +In the first tier (BIG-IP), these same L7 routes are exposed with the VirtualServer resource type. That is, there is a 1:1 mapping between the L7 routes in the first and second tier. There is one Service definition for each L7 route in the second tier, where the service definition is the same selecting always to the same HA-proxy instances, but with diferent names for each Service. These duplicated Service definitions allow to have a separate pool for each L7 route and per service monitoring. + +The L7 routes are exposed in both BIG-IP and HA-proxy as HTTPS only + +# Prerequisites + +It is needed to pre-create a server-side SSL profile with SNI for the following domains: www.sc-twotier.com and account.sc-twotier.com + +It is needed to pre-create an HTTPs monitors using these server-side SSL profiles for the L7 above. + +These configurations are shown next + +``` +ltm profile server-ssl www.sc-twotier.com { + app-service none + defaults-from serverssl + server-name www.sc-twotier.com + sni-default true +} +ltm profile server-ssl account.sc-twotier.com { + app-service none + defaults-from serverssl + server-name account.sc-twotier.com +} +ltm monitor https www.sc-twotier.com { + defaults-from https + recv "^HTTP/1.1 200" + send "GET / HTTP/1.1\r\nHost: www.sc-twotier.com\r\nConnection: close\r\n\r\n" + ssl-profile /Common/www.sc-twotier.com +} +ltm monitor https www.sc-twotier.com-shop { + recv "^HTTP/1.1 200" + send "GET /shop HTTP/1.1\r\nHost: www.sc-twotier.com\r\nConnection: close\r\n\r\n" + ssl-profile /Common/www.sc-twotier.com +} +ltm monitor https www.sc-twotier.com-checkout { + recv "^HTTP/1.1 200" + send "GET /checkout HTTP/1.1\r\nHost: www.sc-twotier.com\r\nConnection: close\r\n\r\n" + ssl-profile /Common/www.sc-twotier.com +} +ltm monitor https account.sc-twotier.com { + recv "^HTTP/1.1 200" + send "GET / HTTP/1.1\r\nHost: account.sc-twotier.com\r\nConnection: close\r\n\r\n" + ssl-profile /Common/account.sc-twotier.com +} +``` + +# Install and Run the demo + +Run the script ./create-demo.sh which will: + +- Install CIS without IPAM controller in the namespace cis-sc-twotier +- Create Route resources for HA-proxy in the namespace sc-twotier +- Create VirtualServer resources in the openshift-ingress namespace to expose HA-proxy in BIG-IP + +The L7 routes will be exposed in both the HA-proxy controller and in the BIG-IP, you should see something alike the next respectively + +``` +$ oc -n sc-twotier get route +NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD +route-a www.sc-twotier.com / route-a 8080 edge None +route-b www.sc-twotier.com /shop route-b 8080 edge None +route-c www.sc-twotier.com /checkout route-c 8080 edge None +route-d account.sc-twotier.com / route-d 8080 edge None + +$ oc -n openshift-ingress get vs,svc +NAME HOST TLSPROFILENAME HTTPTRAFFIC IPADDRESS IPAMLABEL IPAMVSADDRESS STATUS AGE +virtualserver.cis.f5.com/route-a www.sc-twotier.com reencrypt-tls 10.1.10.104 10.1.10.104 Ok 14m +virtualserver.cis.f5.com/route-b www.sc-twotier.com reencrypt-tls 10.1.10.104 10.1.10.104 Ok 14m +virtualserver.cis.f5.com/route-c www.sc-twotier.com reencrypt-tls 10.1.10.104 10.1.10.104 Ok 14m +virtualserver.cis.f5.com/route-d account.sc-twotier.com reencrypt-tls 10.1.10.104 10.1.10.104 Ok 14m + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/router-default-route-a ClusterIP 172.30.241.140 80/TCP,443/TCP 14m +service/router-default-route-b ClusterIP 172.30.36.203 80/TCP,443/TCP 14m +service/router-default-route-c ClusterIP 172.30.159.196 80/TCP,443/TCP 14m +service/router-default-route-d ClusterIP 172.30.115.20 80/TCP,443/TCP 14m +service/router-internal-default ClusterIP 172.30.158.83 80/TCP,443/TCP,1936/TCP 113d + +``` + +Edit the DNS to match the IP address in the BIG-IP (reported by the virtualserver resource). Next is an example when using dnsmasq: + +``` +$ sudo bash -c 'echo "address=/sc-twotier.com/10.1.10.104" > /etc/dnsmasq.d/sc-twotier.com.conf' +$ sudo systemctl restart dnsmasq +``` + +And run the ./test-demo.sh to verify the deployment works as expected + +# Delete the demo + +Run the script ./delete-demo.sh + + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/bigip-ctlr-clusterrole.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/bigip-ctlr-clusterrole.yaml new file mode 100644 index 0000000..ade9dda --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/bigip-ctlr-clusterrole.yaml @@ -0,0 +1,46 @@ +# for reference only +# Should be changed as per your cluster requirements +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: bigip-ctlr-clusterrole +rules: + - apiGroups: ["", "extensions", "networking.k8s.io", "route.openshift.io"] + resources: ["nodes", "services", "endpoints", "namespaces", "ingresses", "pods", "ingressclasses", "policies", "routes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["", "extensions", "networking.k8s.io", "route.openshift.io"] + resources: ["configmaps", "events", "ingresses/status", "services/status", "routes/status"] + verbs: ["get", "list", "watch", "update", "create", "patch"] + - apiGroups: ["cis.f5.com"] + resources: ["virtualservers","virtualservers/status", "tlsprofiles", "transportservers", "transportservers/status", "ingresslinks", "ingresslinks/status", "externaldnses", "policies"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["fic.f5.com"] + resources: ["ipams", "ipams/status"] + verbs: ["get", "list", "watch", "update", "create", "patch", "delete"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "update", "create", "patch"] + - apiGroups: ["", "extensions"] + resources: ["secrets"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: bigip-ctlr-clusterrole-binding + namespace: cis-sc-twotier +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: bigip-ctlr-clusterrole +subjects: + - apiGroup: "" + kind: ServiceAccount + name: bigip-ctlr + namespace: cis-sc-twotier +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: bigip-ctlr + namespace: cis-sc-twotier diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/deploy-cis.sh b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/deploy-cis.sh new file mode 100755 index 0000000..529268b --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/deploy-cis.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +POOLMEMBER_TYPE=clusterip + +oc create ns cis-sc-twotier + +kubectl apply -f bigip-ctlr-clusterrole.yaml +oc adm policy add-cluster-role-to-user cluster-admin -z bigip-ctlr -n cis-sc-twotier + +kubectl create -f https://raw.githubusercontent.com/F5Networks/k8s-bigip-ctlr/master/docs/config_examples/customResourceDefinitions/incubator/customresourcedefinitions.yml + +oc create secret generic bigip-login --namespace cis-sc-twotier --from-literal=username=admin --from-literal=password=OpenShiftMC + +for BIGIP in 1; do + + oc apply -f f5-bigip${BIGIP}-ctlr-deployment.${POOLMEMBER_TYPE}.yaml +done + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/deploy-ipam.sh b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/deploy-ipam.sh new file mode 100755 index 0000000..8c337bb --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/deploy-ipam.sh @@ -0,0 +1,8 @@ +#!/bin/bash + + +oc apply -f ipam-pv.yaml +oc apply -f ipam-pvc.yaml + +helm install -n cis-sc-twotier -f values.yaml f5-ipam-controller f5-ipam-controller-0.0.4.tgz + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/f5-bigip1-ctlr-deployment.clusterip.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/f5-bigip1-ctlr-deployment.clusterip.yaml new file mode 100644 index 0000000..d66a8ec --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/f5-bigip1-ctlr-deployment.clusterip.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: k8s-bigip1-ctlr-deployment + namespace: cis-sc-twotier +spec: + # DO NOT INCREASE REPLICA COUNT + replicas: 1 + selector: + matchLabels: + app: k8s-bigip1-ctlr-deployment + template: + metadata: + labels: + app: k8s-bigip1-ctlr-deployment + spec: + # Name of the Service Account bound to a Cluster Role with the required + # permissions + containers: + - name: k8s-bigip-ctlr + # securityContext: + # allowPrivilegeEscalation: false + # capabilities: + # drop: ["ALL"] + # runAsNonRoot: true + # seccompProfile: + # type: RuntimeDefault + image: registry.connect.redhat.com/f5networks/cntr-ingress-svcs:latest + env: + - name: BIGIP_USERNAME + valueFrom: + secretKeyRef: + # Replace with the name of the Secret containing your login + # credentials + name: bigip-login + key: username + - name: BIGIP_PASSWORD + valueFrom: + secretKeyRef: + # Replace with the name of the Secret containing your login + # credentials + name: bigip-login + key: password + command: ["/app/bin/k8s-bigip-ctlr"] + args: [ + "--bigip-username=$(BIGIP_USERNAME)", + "--bigip-password=$(BIGIP_PASSWORD)", + "--bigip-url=10.1.1.5", + "--ipam=true", + "--namespace=openshift-ingress", + "--bigip-partition=sc-twotier", + "--pool-member-type=cluster", + "--share-nodes=true", + "--log-level=INFO", + "--insecure=true", + "--custom-resource-mode=true", + "--orchestration-cni=ovn-k8s", + "--as3-validation=true", + "--log-as3-response=true" + ] + serviceAccountName: bigip-ctlr diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/f5-bigip2-ctlr-deployment.clusterip.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/f5-bigip2-ctlr-deployment.clusterip.yaml new file mode 100644 index 0000000..60c478d --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/f5-bigip2-ctlr-deployment.clusterip.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: k8s-bigip2-ctlr-deployment + namespace: cis-sc-twotier +spec: + # DO NOT INCREASE REPLICA COUNT + replicas: 1 + selector: + matchLabels: + app: k8s-bigip2-ctlr-deployment + template: + metadata: + labels: + app: k8s-bigip2-ctlr-deployment + spec: + # Name of the Service Account bound to a Cluster Role with the required + # permissions + containers: + - name: k8s-bigip-ctlr + # securityContext: + # allowPrivilegeEscalation: false + # capabilities: + # drop: ["ALL"] + # runAsNonRoot: true + # seccompProfile: + # type: RuntimeDefault + image: registry.connect.redhat.com/f5networks/cntr-ingress-svcs:latest + env: + - name: BIGIP_USERNAME + valueFrom: + secretKeyRef: + # Replace with the name of the Secret containing your login + # credentials + name: bigip-login + key: username + - name: BIGIP_PASSWORD + valueFrom: + secretKeyRef: + # Replace with the name of the Secret containing your login + # credentials + name: bigip-login + key: password + command: ["/app/bin/k8s-bigip-ctlr"] + args: [ + "--bigip-username=$(BIGIP_USERNAME)", + "--bigip-password=$(BIGIP_PASSWORD)", + "--bigip-url=10.1.1.8", + "--ipam=true", + "--namespace=openshift-ingress", + "--bigip-partition=sc-twotier", + "--pool-member-type=cluster", + "--share-nodes=true", + "--log-level=INFO", + "--insecure=true", + "--custom-resource-mode=true", + "--orchestration-cni=ovn-k8s", + "--as3-validation=true", + "--log-as3-response=true" + ] + serviceAccountName: bigip-ctlr diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/f5-ipam-controller-0.0.4.tgz b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/f5-ipam-controller-0.0.4.tgz new file mode 100644 index 0000000..4475080 Binary files /dev/null and b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/f5-ipam-controller-0.0.4.tgz differ diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/ipam-pv.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/ipam-pv.yaml new file mode 100644 index 0000000..256ac01 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/ipam-pv.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: ipam-nfs +spec: + storageClassName: openebs-hostpath + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: + nfs: + path: /nfs/ipam + server: 10.1.10.4 + readOnly: false + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/ipam-pvc.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/ipam-pvc.yaml new file mode 100644 index 0000000..95bdcd4 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/ipam-pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ipam-pvc + namespace: cis-sc-twotier +spec: + accessModes: + - ReadWriteMany + volumeName: ipam-nfs + volumeMode: Filesystem + resources: + requests: + storage: 10Mi diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/undeploy-cis.sh b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/undeploy-cis.sh new file mode 100755 index 0000000..89a7867 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/undeploy-cis.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +oc delete -f https://raw.githubusercontent.com/F5Networks/k8s-bigip-ctlr/master/docs/config_examples/customResourceDefinitions/incubator/customresourcedefinitions.yml +oc delete ns cis-sc-twotier + + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/undeploy-ipam.sh b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/undeploy-ipam.sh new file mode 100755 index 0000000..d2dc320 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/undeploy-ipam.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +helm -n cis-sc-twotier uninstall f5-ipam-controller + +oc delete -f ipam-pvc.yaml +oc delete -f ipam-pv.yaml + + diff --git a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/values.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/values.yaml similarity index 73% rename from crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/values.yaml rename to crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/values.yaml index 0c30997..0632857 100644 --- a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/values.yaml +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/cis-config/values.yaml @@ -7,30 +7,20 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: # This namespace is where the Controller lives -namespace: kube-system +namespace: cis-sc-twotier args: # NOTE: helm has difficulty with values using `-`; `_` are used for naming # and are replaced with `-` during rendering. # REQUIRED Params - orchestration: "kubernetes" + orchestration: "openshift" provider: "f5-ip-provider" # provider: "infoblox" - # REQUIRED Params if provider is infoblox - infoblox_grid_host: 10.x.x.x - infoblox_wapi_version: 2.11.2 - infoblox_username: username - infoblox_password: passsword - #if you want to set infoblox access credentials through secret uncomment below line. - #infoblox_login_secret: infoblox-credentials - infoblox_labels: '{"Dev":{"cidr":"10.8.128.0/17"}}' - infoblox_netview: netview_10_145_77_87 - # REQUIRED Params if provider is f5-ip-provider - ip_range: '{"test":"172.16.1.1-172.16.1.5", "prod":"172.16.1.50-172.16.1.55"}' + ip_range: '{"test":"10.1.10.110-10.1.10.115", "prod":"10.1.10.120-10.1.10.125"}' # OPTIONAL PARAMS -- uncomment and provide values for those you wish to use. - # log-level + log_level: DEBUG # version @@ -42,7 +32,7 @@ image: # Use the tag to target a specific version of the Controller user: f5networks repo: f5-ipam-controller - pullPolicy: Always + pullPolicy: IfNotPresent version: 0.1.5 # affinity: # nodeAffinity: @@ -51,10 +41,10 @@ image: # - matchExpressions: # - key: kubernetes.io/arch # operator: Exists -# securityContext: -# runAsUser: 1000 -# runAsGroup: 3000 -# fsGroup: 2000 +#securityContext: +# fsGroup: 1200 +# runAsGroup: 1200 +# runAsUser: 1000760000 # If you want to specify resources, uncomment the following # limits_cpu: 100m # limits_memory: 512Mi @@ -72,12 +62,7 @@ pvc: #name of the persistent volume claim to be used # If not set and create is true, a name is generated using the fullname template - name: - - #if create set to false below parameters will be ignored - storageClassName: - accessMode: ReadWriteOnce - storage: + name: ipam-pvc volume: mountPath: /app/ipamdb @@ -89,3 +74,4 @@ volume: # - key: "node-role.kubernetes.io/master" # effect: "NoSchedule" # operator: "Exists" + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/create-demo.sh b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/create-demo.sh new file mode 100755 index 0000000..357e1d8 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/create-demo.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +(cd cis-config ; ./deploy-cis.sh ) +oc -n cis-sc-twotier get deployments + +(cd routes-router ; ./create-routes-router.sh) +oc -n sc-twotier get route + +(cd routes-bigip ; ./create-routes-bigip.sh) +oc -n openshift-ingress get route + + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/delete-demo.sh b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/delete-demo.sh new file mode 100755 index 0000000..135084a --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/delete-demo.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +(cd routes-bigip ; ./delete-routes-bigip.sh) + +(cd routes-router ; ./delete-routes-router.sh) + +(cd cis-config ; ./undeploy-cis.sh ) + + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/create-routes-bigip.sh b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/create-routes-bigip.sh new file mode 100755 index 0000000..b88bd5e --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/create-routes-bigip.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +oc apply -f reencrypt-tls.yaml + +for s in a b c d ; do + + oc apply -f service-route-$s.yaml + +done + + +for s in a b c d ; do + + oc apply -f route-$s.yaml + +done + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/delete-routes-bigip.sh b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/delete-routes-bigip.sh new file mode 100755 index 0000000..c6bd0f0 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/delete-routes-bigip.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +for s in a b c d ; do + + oc delete -f route-$s.yaml + +done + +for s in a b c d ; do + + oc delete -f service-route-$s.yaml + +done + +oc delete -f reencrypt-tls.yaml + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/reencrypt-tls.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/reencrypt-tls.yaml new file mode 100644 index 0000000..08bafbb --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/reencrypt-tls.yaml @@ -0,0 +1,17 @@ +apiVersion: cis.f5.com/v1 +kind: TLSProfile +metadata: + name: reencrypt-tls + namespace: openshift-ingress + labels: + f5cr: "true" +spec: + tls: + termination: reencrypt + clientSSL: /Common/clientssl + serverSSL: /Common/serverssl + reference: bigip + hosts: + - www.sc-twotier.com + - account.sc-twotier.com + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/route-a.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/route-a.yaml new file mode 100644 index 0000000..e8915f8 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/route-a.yaml @@ -0,0 +1,24 @@ +apiVersion: "cis.f5.com/v1" +kind: VirtualServer +metadata: + name: route-a + namespace: openshift-ingress + labels: + f5cr: "true" +spec: + host: www.sc-twotier.com + ipamLabel: test + hostGroup: sc-twotier.com + # virtualServerAddress: "10.1.10.104" + tlsProfileName: reencrypt-tls + pools: + - path: / + service: router-default-route-a + servicePort: 443 + monitor: + type: https + send: "GET / HTTP/1.1\r\nHost: www.sc-twotier.com\r\nConnection: close\r\n\r\n" + recv: "^HTTP/1.1 200" + interval: 5 + timeout: 16 + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/route-b.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/route-b.yaml new file mode 100644 index 0000000..cdce607 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/route-b.yaml @@ -0,0 +1,24 @@ +apiVersion: "cis.f5.com/v1" +kind: VirtualServer +metadata: + name: route-b + namespace: openshift-ingress + labels: + f5cr: "true" +spec: + host: www.sc-twotier.com + tlsProfileName: reencrypt-tls + ipamLabel: test + hostGroup: sc-twotier.com + # virtualServerAddress: "10.1.10.104" + pools: + - path: /shop + service: router-default-route-b + servicePort: 443 + monitor: + type: https + send: "GET /shop HTTP/1.1\r\nHost: www.sc-twotier.com\r\nConnection: close\r\n\r\n" + recv: "^HTTP/1.1 200" + interval: 5 + timeout: 16 + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/route-c.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/route-c.yaml new file mode 100644 index 0000000..60f6417 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/route-c.yaml @@ -0,0 +1,24 @@ +apiVersion: "cis.f5.com/v1" +kind: VirtualServer +metadata: + name: route-c + namespace: openshift-ingress + labels: + f5cr: "true" +spec: + host: www.sc-twotier.com + ipamLabel: test + hostGroup: sc-twotier.com + # virtualServerAddress: "10.1.10.104" + tlsProfileName: reencrypt-tls + pools: + - path: /checkout + service: router-default-route-c + servicePort: 443 + monitor: + type: https + send: "GET /checkout HTTP/1.1\r\nHost: www.sc-twotier.com\r\nConnection: close\r\n\r\n" + recv: "^HTTP/1.1 200" + interval: 5 + timeout: 16 + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/route-d.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/route-d.yaml new file mode 100644 index 0000000..a5c382e --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/route-d.yaml @@ -0,0 +1,24 @@ +apiVersion: "cis.f5.com/v1" +kind: VirtualServer +metadata: + name: route-d + namespace: openshift-ingress + labels: + f5cr: "true" +spec: + host: account.sc-twotier.com + ipamLabel: test + hostGroup: sc-twotier.com + # virtualServerAddress: "10.1.10.104" + tlsProfileName: reencrypt-tls + pools: + - path: / + service: router-default-route-d + servicePort: 443 + monitor: + type: https + send: "GET / HTTP/1.1\r\nHost: account.sc-twotier.com\r\nConnection: close\r\n\r\n" + recv: "^HTTP/1.1 200" + interval: 5 + timeout: 16 + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/service-route-a.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/service-route-a.yaml new file mode 100644 index 0000000..7fad225 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/service-route-a.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + name: router-default-route-a + namespace: openshift-ingress +spec: + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default + sessionAffinity: None + type: ClusterIP diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/service-route-b.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/service-route-b.yaml new file mode 100644 index 0000000..5ee1ef7 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/service-route-b.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + name: router-default-route-b + namespace: openshift-ingress +spec: + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default + sessionAffinity: None + type: ClusterIP diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/service-route-c.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/service-route-c.yaml new file mode 100644 index 0000000..585a4d0 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/service-route-c.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + name: router-default-route-c + namespace: openshift-ingress +spec: + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default + sessionAffinity: None + type: ClusterIP diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/service-route-d.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/service-route-d.yaml new file mode 100644 index 0000000..9d543c1 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-bigip/service-route-d.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + name: router-default-route-d + namespace: openshift-ingress +spec: + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default + sessionAffinity: None + type: ClusterIP diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/create-routes-router.sh b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/create-routes-router.sh new file mode 100755 index 0000000..936be7d --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/create-routes-router.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +oc create ns sc-twotier + +for n in a b c d ; do + oc apply -f route-$n.yaml +done + + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/delete-routes-router.sh b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/delete-routes-router.sh new file mode 100755 index 0000000..9637c45 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/delete-routes-router.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +oc delete ns sc-twotier + + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/route-a.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/route-a.yaml new file mode 100644 index 0000000..cfd07c5 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/route-a.yaml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: route-a + namespace: sc-twotier +spec: + replicas: 3 + selector: + matchLabels: + app: route-a + template: + metadata: + labels: + app: route-a + spec: + containers: + - name: hello-openshift + image: openshift/hello-openshift + env: + - name: RESPONSE + value: "Two tier route A: www.sc-twotier.com/" + ports: + - containerPort: 8080 + protocol: TCP + volumemounts: + - name: tmp + mountpath: "/tmp" + terminationmessagepath: "/dev/termination-log" + imagepullpolicy: ifnotpresent + securitycontext: + capabilities: {} + privileged: false + volumes: + - name: tmp + emptydir: {} + restartpolicy: always + dnspolicy: clusterfirst + Serviceaccount: '' +--- +apiVersion: v1 +kind: Service +metadata: + name: route-a + namespace: sc-twotier + labels: + app: route-a +spec: + ports: + - name: route-a-svc + port: 8080 + protocol: TCP + targetPort: 8080 + type: ClusterIP + selector: + app: route-a +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + labels: + name: route-a + namespace: sc-twotier +spec: + host: www.sc-twotier.com + path: / + port: + targetPort: 8080 + tls: + termination: edge + to: + kind: Service + name: route-a + weight: 100 + wildcardPolicy: None + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/route-b.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/route-b.yaml new file mode 100644 index 0000000..504bbe4 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/route-b.yaml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: route-b + namespace: sc-twotier +spec: + replicas: 3 + selector: + matchLabels: + app: route-b + template: + metadata: + labels: + app: route-b + spec: + containers: + - name: hello-openshift + image: openshift/hello-openshift + env: + - name: RESPONSE + value: "Two tier Route B: www.sc-twotier.com/shop" + ports: + - containerPort: 8080 + protocol: TCP + volumemounts: + - name: tmp + mountpath: "/tmp" + terminationmessagepath: "/dev/termination-log" + imagepullpolicy: ifnotpresent + securitycontext: + capabilities: {} + privileged: false + volumes: + - name: tmp + emptydir: {} + restartpolicy: always + dnspolicy: clusterfirst + Serviceaccount: '' +--- +apiVersion: v1 +kind: Service +metadata: + name: route-b + namespace: sc-twotier + labels: + app: route-b +spec: + ports: + - name: route-b-svc + port: 8080 + protocol: TCP + targetPort: 8080 + type: ClusterIP + selector: + app: route-b +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + labels: + name: route-b + namespace: sc-twotier +spec: + host: www.sc-twotier.com + path: /shop + port: + targetPort: 8080 + tls: + termination: edge + to: + kind: Service + name: route-b + weight: 100 + wildcardPolicy: None + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/route-c.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/route-c.yaml new file mode 100644 index 0000000..fd9ec3c --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/route-c.yaml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: route-c + namespace: sc-twotier +spec: + replicas: 3 + selector: + matchLabels: + app: route-c + template: + metadata: + labels: + app: route-c + spec: + containers: + - name: hello-openshift + image: openshift/hello-openshift + env: + - name: RESPONSE + value: "Two tier Route C: www.sc-twotier.com/checkout" + ports: + - containerPort: 8080 + protocol: TCP + volumemounts: + - name: tmp + mountpath: "/tmp" + terminationmessagepath: "/dev/termination-log" + imagepullpolicy: ifnotpresent + securitycontext: + capabilities: {} + privileged: false + volumes: + - name: tmp + emptydir: {} + restartpolicy: always + dnspolicy: clusterfirst + Serviceaccount: '' +--- +apiVersion: v1 +kind: Service +metadata: + name: route-c + namespace: sc-twotier + labels: + app: route-c +spec: + ports: + - name: route-c-svc + port: 8080 + protocol: TCP + targetPort: 8080 + type: ClusterIP + selector: + app: route-c +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + labels: + name: route-c + namespace: sc-twotier +spec: + host: www.sc-twotier.com + path: /checkout + port: + targetPort: 8080 + tls: + termination: edge + to: + kind: Service + name: route-c + weight: 100 + wildcardPolicy: None + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/route-d.yaml b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/route-d.yaml new file mode 100644 index 0000000..2a62da2 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/routes-router/route-d.yaml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: route-d + namespace: sc-twotier +spec: + replicas: 3 + selector: + matchLabels: + app: route-d + template: + metadata: + labels: + app: route-d + spec: + containers: + - name: hello-openshift + image: openshift/hello-openshift + env: + - name: RESPONSE + value: "Two tier Route D: account.sc-twotier.com/" + ports: + - containerPort: 8080 + protocol: TCP + volumemounts: + - name: tmp + mountpath: "/tmp" + terminationmessagepath: "/dev/termination-log" + imagepullpolicy: ifnotpresent + securitycontext: + capabilities: {} + privileged: false + volumes: + - name: tmp + emptydir: {} + restartpolicy: always + dnspolicy: clusterfirst + Serviceaccount: '' +--- +apiVersion: v1 +kind: Service +metadata: + name: route-d + namespace: sc-twotier + labels: + app: route-d +spec: + ports: + - name: route-d-svc + port: 8080 + protocol: TCP + targetPort: 8080 + type: ClusterIP + selector: + app: route-d +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + labels: + name: route-d + namespace: sc-twotier +spec: + host: account.sc-twotier.com + path: / + port: + targetPort: 8080 + tls: + termination: edge + to: + kind: Service + name: route-d + weight: 100 + wildcardPolicy: None + diff --git a/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/test-demo.sh b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/test-demo.sh new file mode 100755 index 0000000..ee082d3 --- /dev/null +++ b/crds/demo-sc-twotier-haproxy-l7-noshards-ipam/test-demo.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -x + +curl -k https://www.sc-twotier.com/ +curl -k https://www.sc-twotier.com/shop +curl -k https://www.sc-twotier.com/checkout +curl -k https://account.sc-twotier.com/ diff --git a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/.helmignore b/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/.helmignore deleted file mode 100644 index 35e80be..0000000 --- a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode -.code diff --git a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/Chart.yaml b/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/Chart.yaml deleted file mode 100644 index e641163..0000000 --- a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: Deploy the F5 Networks IPAM Controller for Kubernetes and OpenShift (f5-ipam-controller). -name: f5-ipam-controller -version: 0.0.4 diff --git a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/README.md b/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/README.md deleted file mode 100644 index 5c83c63..0000000 --- a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/README.md +++ /dev/null @@ -1,74 +0,0 @@ -# Helm Chart for the F5 IPAM Controller - -This chart simplifies repeatable, versioned deployment of the [F5 IPAM Controller](https://clouddocs.f5.com/containers/latest/userguide/ipam/). - -### Prerequisites -- Refer to [CIS Prerequisites](https://clouddocs.f5.com/containers/latest/userguide/cis-helm.html#prerequisites) to install Container Ingress Services on Kubernetes or Openshift -- [Helm 3](https://helm.sh/docs/intro/) should be installed. -- For Infoblox as provider configure Infoblox with network and netview Refer [Infoblox documentation](https://www.infoblox.com/products/ipam-dhcp/) -- Create persistent volume and persistent volume claim for static f5-ipam provider as follows: - - ```oc apply -f https://raw.githubusercontent.com/F5Networks/f5-ipam-controller/main/docs/config_examples/f5-ip-provider/localstorage-pv-pvc-example.yaml``` -## Installing FIC Using Helm Charts - -This is the simplest way to install the FIC on OpenShift/Kubernetes cluster. Helm is a package manager for Kubernetes. Helm is Kubernetes version of yum or apt. Helm deploys something called charts, which you can think of as a packaged application. It is a collection of all your versioned, pre-configured application resources which can be deployed as one unit. This chart creates a Deployment for one Pod containing the [F5 IPAM Controller](https://clouddocs.f5.com/containers/latest/userguide/ipam/), it's supporting RBAC, Service Account and Custom Resources Definition installations. - -## Installing the Chart -- Add the FIC chart repository in Helm using following command: - - ```helm repo add f5-ipam-stable https://f5networks.github.io/f5-ipam-controller/helm-charts/stable``` - -- Create values.yaml as shown in [examples](https://github.com/F5Networks/f5-ipam-controller/tree/master/helm-charts/f5-ipam-controller/values.yaml): - -- Install the Helm chart using the following command: - - ```helm install -f values.yaml f5-ipam-stable/f5-ipam-controller``` - - -## Chart parameters: - -| Parameter | Required | Description | Default | -|-----------------------|-----------|------------------------------------------------------------|--------------------------------| - | rbac.create | Optional | Create ClusterRole and ClusterRoleBinding | true | - | serviceAccount.name | Optional | name of the ServiceAccount for FIC controller | -f5-ipam-controller | - | serviceAccount.create | Optional | Create service account for the FIC controller | true | - | namespace | Optional | name of namespace FIC lives and watches for IPAM resources | kube-system | - | image.user | Optional | FIC Controller image repository username | f5networks | -| image.repo | Optional | FIC Controller image repository name | f5-ipam-controller | -| image.pullPolicy | Optional | FIC Controller image pull policy | Always | -| image.version | Optional | FIC Controller image tag | NA | -| pvc.name | Optional | Name of the persistent volume claim for FIC controller | -f5-ipam-controller | -| pvc.create | Optional | Create persistent volume claim for FIC controller | false | -| pvc.storageClassName | Optional | Name of the storage class | NA | -| pvc.accessMode | Optional | Access Mode for the volume | ReadWriteOnce | -| pvc.storage | Optional | Required storage for FIC controller volume | NA | -| volume.mountPath | Optional | Mount Path that the controller places the DB file | NA | -| volume.mountName | Optional | Name of the volume mounted | NA | -| nodeSelector | Optional | dictionary of Node selector labels | empty -| tolerations | Optional | Array of labels | empty -| limits_cpu | Optional | CPU limits for the pod | 100m -| limits_memory | Optional | Memory limits for the pod | 512Mi -| requests_cpu | Optional | CPU request for the pod | 100m -| requests_memory | Optional | Memory request for the pod | 512Mi -| affinity | Optional | Dictionary of affinity | empty -| securityContext | Optional | Dictionary of securityContext | empty -| args.infoblox_login_secret | Optional | Secret that contains infoblox login credentials | empty | - -See the FIC documentation for a full list of args supported for FIC [FIC Configuration Options](https://github.com/F5Networks/f5-ipam-controller/blob/main/README.md) - -> **Note:** Helm value names cannot include the character `-` which is commonly used in the names of parameters passed to the controller. To accomodate Helm, the parameter names in `values.yaml` use `_` and then replace them with `-` when rendering. -> e.g. `args.ip_range` is rendered as `ip-range` as required by the FIC Controller. - - -If you have a specific use case for F5 products in the Kubernetes environment that would benefit from a curated chart, please [open an issue](https://github.com/F5Networks/f5-ipam-controller/issues) describing your use case and providing example resources. - -## Uninstalling Helm Chart - -Run the following command to uninstall the chart. - -```helm del ``` - -## Known Issues - -* Unable to pass multiple Infoblox labels to FIC Helm charts and OpenShift Operator. - diff --git a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/NOTES.txt b/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/NOTES.txt deleted file mode 100644 index b7ebb10..0000000 --- a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -F5 IPAM Controller: {{ .Release.Name }} diff --git a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/_helpers.tpl b/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/_helpers.tpl deleted file mode 100644 index 250c345..0000000 --- a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/_helpers.tpl +++ /dev/null @@ -1,65 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "f5-ipam-controller.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Check for user given namespace or give kube-system -*/}} -{{- define "f5-ipam-controller.namespace" -}} -{{- if hasKey .Values "namespace" -}} -{{- .Values.namespace -}} -{{- else -}} -{{- print "kube-system" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "f5-ipam-controller.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "f5-ipam-controller.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - {{/* -Create the name of the service account to use -*/}} -{{- define "f5-ipam-controller.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "f5-ipam-controller.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - - - {{/* -Create the name of the Persistent Volume Claim to use -*/}} -{{- define "f5-ipam-controller.persistentVolumeClaimName" -}} -{{- if .Values.pvc.create -}} - {{ default (include "f5-ipam-controller.fullname" .) .Values.pvc.name }} -{{- else -}} - {{ default "default" .Values.pvc.name }} -{{- end -}} -{{- end -}} diff --git a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-clusterrole.yaml b/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-clusterrole.yaml deleted file mode 100644 index 8644221..0000000 --- a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-clusterrole.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "f5-ipam-controller.fullname" . }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/name: {{ template "f5-ipam-controller.name" . }} - app: {{ template "f5-ipam-controller.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: - - verbs: - - get - - list - - watch - - update - - create - - patch - - delete - apiGroups: - - fic.f5.com - resources: - - ipams - - ipams/status - - verbs: - - get - - list - - watch - - update - - create - - patch - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions -{{- end -}} \ No newline at end of file diff --git a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-clusterrolebinding.yaml b/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-clusterrolebinding.yaml deleted file mode 100644 index 29f93ad..0000000 --- a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-clusterrolebinding.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "f5-ipam-controller.fullname" . }} - namespace: {{ template "f5-ipam-controller.namespace" . }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/name: {{ template "f5-ipam-controller.name" . }} - app: {{ template "f5-ipam-controller.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "f5-ipam-controller.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "f5-ipam-controller.serviceAccountName" . }} - namespace: {{ template "f5-ipam-controller.namespace" . }} -{{- end -}} diff --git a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-deploy.yaml b/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-deploy.yaml deleted file mode 100644 index 2efc73e..0000000 --- a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-deploy.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- if or (not .Values.args.orchestration) (not .Values.args.provider) }} -{{/* -Generate errors for missing required values. -*/}} -{{- else -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "f5-ipam-controller.fullname" . }} - namespace: {{ template "f5-ipam-controller.namespace" . }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/name: {{ template "f5-ipam-controller.name" . }} - app: {{ template "f5-ipam-controller.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "-" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: -{{- if .Values.updateStrategy }} - strategy: - type: {{ .Values.updateStrategy }} -{{- end }} - replicas: 1 - selector: - matchLabels: - app: {{ template "f5-ipam-controller.name" . }} - template: - metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/name: {{ template "f5-ipam-controller.name" . }} - app: {{ template "f5-ipam-controller.name" . }} - release: {{ .Release.Name }} - spec: -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} - serviceAccountName: {{ template "f5-ipam-controller.serviceAccountName" . }} -{{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range $pullSecret := .Values.image.pullSecrets }} - - name: {{ $pullSecret }} - {{- end }} -{{- end }} - containers: - - name: {{ template "f5-ipam-controller.name" . }} - image: "{{ .Values.image.user }}/{{ .Values.image.repo }}:{{ .Values.image.version }}" - {{- if eq .Values.args.provider "f5-ip-provider" }} - volumeMounts: - - name: {{ .Values.volume.mountName }} - mountPath: {{ .Values.volume.mountPath }} - {{- end }} - {{- if and (eq .Values.args.provider "infoblox") (.Values.args.infoblox_login_secret) }} - volumeMounts: - - name: infoblox-creds - mountPath: "/tmp/creds" - readOnly: true - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - /app/bin/f5-ipam-controller - args: - - --orchestration={{ .Values.args.orchestration }} - - --ipam-provider={{ .Values.args.provider }} - {{- if eq .Values.args.provider "f5-ip-provider" }} - - --ip-range={{ .Values.args.ip_range | replace "_" "-" }} - {{- end }} - {{- if eq .Values.args.provider "infoblox" }} - - --infoblox-wapi-version={{ .Values.args.infoblox_wapi_version }} - - --infoblox-labels - - {{ .Values.args.infoblox_labels | squote }} - - --infoblox-netview={{ .Values.args.infoblox_netview }} - {{- end }} - {{- if and (eq .Values.args.provider "infoblox") (not .Values.args.infoblox_login_secret) }} - - --infoblox-grid-host={{ .Values.args.infoblox_grid_host }} - - --infoblox-username={{ .Values.args.infoblox_username }} - - --infoblox-password={{ .Values.args.infoblox_password }} - {{- end }} - {{- if and (eq .Values.args.provider "infoblox") (.Values.args.infoblox_login_secret) }} - - --credentials-directory - - /tmp/creds - {{- end }} - {{- if .Values.args.infoblox_wapi_port }} - - --infoblox-wapi-port={{ .Values.args.infoblox_wapi_port }} - {{- end }} - {{- if .Values.args.log_level }} - - --log-level={{ .Values.args.log_level }} - {{- end }} - {{- if .Values.args.version }} - - --version={{ .Values.args.version }} - {{- end }} - {{- if .Values.args.credentials_directory }} - - --credentials-directory={{ .Values.args.credentials_directory }} - {{- end }} - {{- if .Values.args.insecure }} - - --insecure={{ .Values.args.insecure }} - {{- end }} - resources: - limits: - cpu: {{ .Values.limits_cpu | default "100m" }} - memory: {{ .Values.limits_memory | default "512Mi" }} - requests: - cpu: {{ .Values.requests_cpu | default "100m" }} - memory: {{ .Values.requests_memory | default "512Mi" }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6}} -{{- end }} - {{- if eq .Values.args.provider "f5-ip-provider" }} - volumes: - - name: {{ .Values.volume.mountName }} - persistentVolumeClaim: - claimName: {{ template "f5-ipam-controller.persistentVolumeClaimName" . }} - {{- end }} - {{- if and (eq .Values.args.provider "infoblox") (.Values.args.infoblox_login_secret) }} - volumes: - - name: infoblox-creds - secret: - secretName: {{ .Values.args.infoblox_login_secret }} - {{- end }} -{{- end }} diff --git a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-persistentvolumeclaim.yaml b/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-persistentvolumeclaim.yaml deleted file mode 100644 index 9eca60b..0000000 --- a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-persistentvolumeclaim.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (eq .Values.args.provider "f5-ip-provider") (eq .Values.pvc.create true) }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "f5-ipam-controller.persistentVolumeClaimName" . }} - namespace: {{ template "f5-ipam-controller.namespace" . }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/name: {{ template "f5-ipam-controller.name" . }} - app: {{ template "f5-ipam-controller.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "-" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - storageClassName: {{ .Values.pvc.storageClassName }} - accessModes: - - {{ .Values.pvc.accessMode }} - resources: - requests: - storage: {{ .Values.pvc.storage }} - {{- end }} - - - diff --git a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-serviceaccount.yaml b/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-serviceaccount.yaml deleted file mode 100644 index 04b1626..0000000 --- a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.rbac.create -}} -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "f5-ipam-controller.serviceAccountName" . }} - namespace: {{ template "f5-ipam-controller.namespace" . }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/name: {{ template "f5-ipam-controller.name" . }} - app: {{ template "f5-ipam-controller.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- end -}} -{{- end -}} diff --git a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-deployment.yaml b/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-deployment.yaml deleted file mode 100644 index 831e0c0..0000000 --- a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-deployment.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - name: f5-ipam-controller - name: f5-ipam-controller - namespace: cis-sc-twotier -spec: - replicas: 1 - selector: - matchLabels: - app: f5-ipam-controller - template: - metadata: - labels: - app: f5-ipam-controller - spec: - containers: - - args: - - --orchestration=openshift -# - --ip-range='{"Dev":"10.1.10.110-10.1.10.115","Test":"10.1.10.120-10.1.10.125","Production":"10.1.10.130-10.1.10.135","Default":"10.1.10.130-10.1.10.135"}' - - --ip-range - - '{"Dev":"10.1.10.110-10.1.10.115"}' - - --log-level=DEBUG - command: - - /app/bin/f5-ipam-controller - image: f5devcentral/f5-ipam-controller:latest - imagePullPolicy: IfNotPresent - name: f5-ipam-controller - serviceAccount: ipam-ctlr - serviceAccountName: ipam-ctlr - diff --git a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-pvc.yaml b/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-pvc.yaml deleted file mode 100644 index 3bc548e..0000000 --- a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-pvc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: local-pv -spec: - capacity: - storage: 1Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - local: - path: /tmp/localstorage - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - master-1.ocp1.f5-udf.com - - master-1.ocp2.f5-udf.com - - master-1.ocp3.f5-udf.com ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: pvc-local - namespace: cis-sc-twotier -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 0.1Gi - diff --git a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-rbac.yaml b/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-rbac.yaml deleted file mode 100644 index 1a818a7..0000000 --- a/crds/demo-sc-twotier-istio-l4/cis-config/old/f5-ipam-rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ipam-ctlr-clusterrole -rules: - - apiGroups: ["fic.f5.com"] - resources: ["f5ipams"] - verbs: ["get", "list", "watch", "update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ipam-ctlr-clusterrole-binding - namespace: cis-sc-twotier -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ipam-ctlr-clusterrole -subjects: - - apiGroup: "" - kind: ServiceAccount - name: ipam-ctlr - namespace: cis-sc-twotier ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ipam-ctlr - namespace: cis-sc-twotier diff --git a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/.helmignore b/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/.helmignore deleted file mode 100644 index 35e80be..0000000 --- a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode -.code diff --git a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/Chart.yaml b/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/Chart.yaml deleted file mode 100644 index e641163..0000000 --- a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/Chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -description: Deploy the F5 Networks IPAM Controller for Kubernetes and OpenShift (f5-ipam-controller). -name: f5-ipam-controller -version: 0.0.4 diff --git a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/README.md b/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/README.md deleted file mode 100644 index 5c83c63..0000000 --- a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/README.md +++ /dev/null @@ -1,74 +0,0 @@ -# Helm Chart for the F5 IPAM Controller - -This chart simplifies repeatable, versioned deployment of the [F5 IPAM Controller](https://clouddocs.f5.com/containers/latest/userguide/ipam/). - -### Prerequisites -- Refer to [CIS Prerequisites](https://clouddocs.f5.com/containers/latest/userguide/cis-helm.html#prerequisites) to install Container Ingress Services on Kubernetes or Openshift -- [Helm 3](https://helm.sh/docs/intro/) should be installed. -- For Infoblox as provider configure Infoblox with network and netview Refer [Infoblox documentation](https://www.infoblox.com/products/ipam-dhcp/) -- Create persistent volume and persistent volume claim for static f5-ipam provider as follows: - - ```oc apply -f https://raw.githubusercontent.com/F5Networks/f5-ipam-controller/main/docs/config_examples/f5-ip-provider/localstorage-pv-pvc-example.yaml``` -## Installing FIC Using Helm Charts - -This is the simplest way to install the FIC on OpenShift/Kubernetes cluster. Helm is a package manager for Kubernetes. Helm is Kubernetes version of yum or apt. Helm deploys something called charts, which you can think of as a packaged application. It is a collection of all your versioned, pre-configured application resources which can be deployed as one unit. This chart creates a Deployment for one Pod containing the [F5 IPAM Controller](https://clouddocs.f5.com/containers/latest/userguide/ipam/), it's supporting RBAC, Service Account and Custom Resources Definition installations. - -## Installing the Chart -- Add the FIC chart repository in Helm using following command: - - ```helm repo add f5-ipam-stable https://f5networks.github.io/f5-ipam-controller/helm-charts/stable``` - -- Create values.yaml as shown in [examples](https://github.com/F5Networks/f5-ipam-controller/tree/master/helm-charts/f5-ipam-controller/values.yaml): - -- Install the Helm chart using the following command: - - ```helm install -f values.yaml f5-ipam-stable/f5-ipam-controller``` - - -## Chart parameters: - -| Parameter | Required | Description | Default | -|-----------------------|-----------|------------------------------------------------------------|--------------------------------| - | rbac.create | Optional | Create ClusterRole and ClusterRoleBinding | true | - | serviceAccount.name | Optional | name of the ServiceAccount for FIC controller | -f5-ipam-controller | - | serviceAccount.create | Optional | Create service account for the FIC controller | true | - | namespace | Optional | name of namespace FIC lives and watches for IPAM resources | kube-system | - | image.user | Optional | FIC Controller image repository username | f5networks | -| image.repo | Optional | FIC Controller image repository name | f5-ipam-controller | -| image.pullPolicy | Optional | FIC Controller image pull policy | Always | -| image.version | Optional | FIC Controller image tag | NA | -| pvc.name | Optional | Name of the persistent volume claim for FIC controller | -f5-ipam-controller | -| pvc.create | Optional | Create persistent volume claim for FIC controller | false | -| pvc.storageClassName | Optional | Name of the storage class | NA | -| pvc.accessMode | Optional | Access Mode for the volume | ReadWriteOnce | -| pvc.storage | Optional | Required storage for FIC controller volume | NA | -| volume.mountPath | Optional | Mount Path that the controller places the DB file | NA | -| volume.mountName | Optional | Name of the volume mounted | NA | -| nodeSelector | Optional | dictionary of Node selector labels | empty -| tolerations | Optional | Array of labels | empty -| limits_cpu | Optional | CPU limits for the pod | 100m -| limits_memory | Optional | Memory limits for the pod | 512Mi -| requests_cpu | Optional | CPU request for the pod | 100m -| requests_memory | Optional | Memory request for the pod | 512Mi -| affinity | Optional | Dictionary of affinity | empty -| securityContext | Optional | Dictionary of securityContext | empty -| args.infoblox_login_secret | Optional | Secret that contains infoblox login credentials | empty | - -See the FIC documentation for a full list of args supported for FIC [FIC Configuration Options](https://github.com/F5Networks/f5-ipam-controller/blob/main/README.md) - -> **Note:** Helm value names cannot include the character `-` which is commonly used in the names of parameters passed to the controller. To accomodate Helm, the parameter names in `values.yaml` use `_` and then replace them with `-` when rendering. -> e.g. `args.ip_range` is rendered as `ip-range` as required by the FIC Controller. - - -If you have a specific use case for F5 products in the Kubernetes environment that would benefit from a curated chart, please [open an issue](https://github.com/F5Networks/f5-ipam-controller/issues) describing your use case and providing example resources. - -## Uninstalling Helm Chart - -Run the following command to uninstall the chart. - -```helm del ``` - -## Known Issues - -* Unable to pass multiple Infoblox labels to FIC Helm charts and OpenShift Operator. - diff --git a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/NOTES.txt b/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/NOTES.txt deleted file mode 100644 index b7ebb10..0000000 --- a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -F5 IPAM Controller: {{ .Release.Name }} diff --git a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/_helpers.tpl b/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/_helpers.tpl deleted file mode 100644 index 250c345..0000000 --- a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/_helpers.tpl +++ /dev/null @@ -1,65 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "f5-ipam-controller.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Check for user given namespace or give kube-system -*/}} -{{- define "f5-ipam-controller.namespace" -}} -{{- if hasKey .Values "namespace" -}} -{{- .Values.namespace -}} -{{- else -}} -{{- print "kube-system" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "f5-ipam-controller.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "f5-ipam-controller.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - {{/* -Create the name of the service account to use -*/}} -{{- define "f5-ipam-controller.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "f5-ipam-controller.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - - - {{/* -Create the name of the Persistent Volume Claim to use -*/}} -{{- define "f5-ipam-controller.persistentVolumeClaimName" -}} -{{- if .Values.pvc.create -}} - {{ default (include "f5-ipam-controller.fullname" .) .Values.pvc.name }} -{{- else -}} - {{ default "default" .Values.pvc.name }} -{{- end -}} -{{- end -}} diff --git a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-clusterrole.yaml b/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-clusterrole.yaml deleted file mode 100644 index 8644221..0000000 --- a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-clusterrole.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "f5-ipam-controller.fullname" . }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/name: {{ template "f5-ipam-controller.name" . }} - app: {{ template "f5-ipam-controller.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: - - verbs: - - get - - list - - watch - - update - - create - - patch - - delete - apiGroups: - - fic.f5.com - resources: - - ipams - - ipams/status - - verbs: - - get - - list - - watch - - update - - create - - patch - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions -{{- end -}} \ No newline at end of file diff --git a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-clusterrolebinding.yaml b/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-clusterrolebinding.yaml deleted file mode 100644 index 29f93ad..0000000 --- a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-clusterrolebinding.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "f5-ipam-controller.fullname" . }} - namespace: {{ template "f5-ipam-controller.namespace" . }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/name: {{ template "f5-ipam-controller.name" . }} - app: {{ template "f5-ipam-controller.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "f5-ipam-controller.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "f5-ipam-controller.serviceAccountName" . }} - namespace: {{ template "f5-ipam-controller.namespace" . }} -{{- end -}} diff --git a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-deploy.yaml b/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-deploy.yaml deleted file mode 100644 index 2efc73e..0000000 --- a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-deploy.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- if or (not .Values.args.orchestration) (not .Values.args.provider) }} -{{/* -Generate errors for missing required values. -*/}} -{{- else -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "f5-ipam-controller.fullname" . }} - namespace: {{ template "f5-ipam-controller.namespace" . }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/name: {{ template "f5-ipam-controller.name" . }} - app: {{ template "f5-ipam-controller.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "-" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: -{{- if .Values.updateStrategy }} - strategy: - type: {{ .Values.updateStrategy }} -{{- end }} - replicas: 1 - selector: - matchLabels: - app: {{ template "f5-ipam-controller.name" . }} - template: - metadata: - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/name: {{ template "f5-ipam-controller.name" . }} - app: {{ template "f5-ipam-controller.name" . }} - release: {{ .Release.Name }} - spec: -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} - serviceAccountName: {{ template "f5-ipam-controller.serviceAccountName" . }} -{{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range $pullSecret := .Values.image.pullSecrets }} - - name: {{ $pullSecret }} - {{- end }} -{{- end }} - containers: - - name: {{ template "f5-ipam-controller.name" . }} - image: "{{ .Values.image.user }}/{{ .Values.image.repo }}:{{ .Values.image.version }}" - {{- if eq .Values.args.provider "f5-ip-provider" }} - volumeMounts: - - name: {{ .Values.volume.mountName }} - mountPath: {{ .Values.volume.mountPath }} - {{- end }} - {{- if and (eq .Values.args.provider "infoblox") (.Values.args.infoblox_login_secret) }} - volumeMounts: - - name: infoblox-creds - mountPath: "/tmp/creds" - readOnly: true - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - /app/bin/f5-ipam-controller - args: - - --orchestration={{ .Values.args.orchestration }} - - --ipam-provider={{ .Values.args.provider }} - {{- if eq .Values.args.provider "f5-ip-provider" }} - - --ip-range={{ .Values.args.ip_range | replace "_" "-" }} - {{- end }} - {{- if eq .Values.args.provider "infoblox" }} - - --infoblox-wapi-version={{ .Values.args.infoblox_wapi_version }} - - --infoblox-labels - - {{ .Values.args.infoblox_labels | squote }} - - --infoblox-netview={{ .Values.args.infoblox_netview }} - {{- end }} - {{- if and (eq .Values.args.provider "infoblox") (not .Values.args.infoblox_login_secret) }} - - --infoblox-grid-host={{ .Values.args.infoblox_grid_host }} - - --infoblox-username={{ .Values.args.infoblox_username }} - - --infoblox-password={{ .Values.args.infoblox_password }} - {{- end }} - {{- if and (eq .Values.args.provider "infoblox") (.Values.args.infoblox_login_secret) }} - - --credentials-directory - - /tmp/creds - {{- end }} - {{- if .Values.args.infoblox_wapi_port }} - - --infoblox-wapi-port={{ .Values.args.infoblox_wapi_port }} - {{- end }} - {{- if .Values.args.log_level }} - - --log-level={{ .Values.args.log_level }} - {{- end }} - {{- if .Values.args.version }} - - --version={{ .Values.args.version }} - {{- end }} - {{- if .Values.args.credentials_directory }} - - --credentials-directory={{ .Values.args.credentials_directory }} - {{- end }} - {{- if .Values.args.insecure }} - - --insecure={{ .Values.args.insecure }} - {{- end }} - resources: - limits: - cpu: {{ .Values.limits_cpu | default "100m" }} - memory: {{ .Values.limits_memory | default "512Mi" }} - requests: - cpu: {{ .Values.requests_cpu | default "100m" }} - memory: {{ .Values.requests_memory | default "512Mi" }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 6}} -{{- end }} - {{- if eq .Values.args.provider "f5-ip-provider" }} - volumes: - - name: {{ .Values.volume.mountName }} - persistentVolumeClaim: - claimName: {{ template "f5-ipam-controller.persistentVolumeClaimName" . }} - {{- end }} - {{- if and (eq .Values.args.provider "infoblox") (.Values.args.infoblox_login_secret) }} - volumes: - - name: infoblox-creds - secret: - secretName: {{ .Values.args.infoblox_login_secret }} - {{- end }} -{{- end }} diff --git a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-persistentvolumeclaim.yaml b/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-persistentvolumeclaim.yaml deleted file mode 100644 index 9eca60b..0000000 --- a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-persistentvolumeclaim.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (eq .Values.args.provider "f5-ip-provider") (eq .Values.pvc.create true) }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "f5-ipam-controller.persistentVolumeClaimName" . }} - namespace: {{ template "f5-ipam-controller.namespace" . }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/name: {{ template "f5-ipam-controller.name" . }} - app: {{ template "f5-ipam-controller.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "-" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - storageClassName: {{ .Values.pvc.storageClassName }} - accessModes: - - {{ .Values.pvc.accessMode }} - resources: - requests: - storage: {{ .Values.pvc.storage }} - {{- end }} - - - diff --git a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-serviceaccount.yaml b/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-serviceaccount.yaml deleted file mode 100644 index 04b1626..0000000 --- a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/templates/f5-ipam-controller-serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.rbac.create -}} -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "f5-ipam-controller.serviceAccountName" . }} - namespace: {{ template "f5-ipam-controller.namespace" . }} - labels: - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/name: {{ template "f5-ipam-controller.name" . }} - app: {{ template "f5-ipam-controller.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- end -}} -{{- end -}} diff --git a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/values.yaml b/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/values.yaml deleted file mode 100644 index 0c30997..0000000 --- a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-controller/values.yaml +++ /dev/null @@ -1,91 +0,0 @@ -rbac: - create: true -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: -# This namespace is where the Controller lives -namespace: kube-system -args: - # NOTE: helm has difficulty with values using `-`; `_` are used for naming - # and are replaced with `-` during rendering. - # REQUIRED Params - orchestration: "kubernetes" - provider: "f5-ip-provider" - # provider: "infoblox" - - # REQUIRED Params if provider is infoblox - infoblox_grid_host: 10.x.x.x - infoblox_wapi_version: 2.11.2 - infoblox_username: username - infoblox_password: passsword - #if you want to set infoblox access credentials through secret uncomment below line. - #infoblox_login_secret: infoblox-credentials - infoblox_labels: '{"Dev":{"cidr":"10.8.128.0/17"}}' - infoblox_netview: netview_10_145_77_87 - - # REQUIRED Params if provider is f5-ip-provider - ip_range: '{"test":"172.16.1.1-172.16.1.5", "prod":"172.16.1.50-172.16.1.55"}' - - # OPTIONAL PARAMS -- uncomment and provide values for those you wish to use. - # log-level - # version - - - # OPTIONAL PARAMS if provider is infoblox - # infoblox_wapi_port: "443" - # insecure - -image: - # Use the tag to target a specific version of the Controller - user: f5networks - repo: f5-ipam-controller - pullPolicy: Always - version: 0.1.5 -# affinity: -# nodeAffinity: -# requiredDuringSchedulingIgnoredDuringExecution: -# nodeSelectorTerms: -# - matchExpressions: -# - key: kubernetes.io/arch -# operator: Exists -# securityContext: -# runAsUser: 1000 -# runAsGroup: 3000 -# fsGroup: 2000 -# If you want to specify resources, uncomment the following -# limits_cpu: 100m -# limits_memory: 512Mi -# requests_cpu: 100m -# requests_memory: 512Mi - -# updateStrategy is used to set the update strategy for f5-ipam-controller deployment. -# The default update strategy is RollingUpdate, however if you want to set it to Recreate then uncomment the following line. -# Note: Setting updateStrategy to Recreate may have some downtime during the update. -#updateStrategy: Recreate - -pvc: - # set create tag to true to create new persistent volume claim and set storageClassName,accessMode and storage - create: false - - #name of the persistent volume claim to be used - # If not set and create is true, a name is generated using the fullname template - name: - - #if create set to false below parameters will be ignored - storageClassName: - accessMode: ReadWriteOnce - storage: - -volume: - mountPath: /app/ipamdb - mountName: fic-volume-mount - -# To enable tolerations, uncomment below block and customize key,effect,operator. -# Below is just an example and different key,value and operators are also supported -#tolerations: -# - key: "node-role.kubernetes.io/master" -# effect: "NoSchedule" -# operator: "Exists" diff --git a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-deployment.yaml b/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-deployment.yaml deleted file mode 100644 index 831e0c0..0000000 --- a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-deployment.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - name: f5-ipam-controller - name: f5-ipam-controller - namespace: cis-sc-twotier -spec: - replicas: 1 - selector: - matchLabels: - app: f5-ipam-controller - template: - metadata: - labels: - app: f5-ipam-controller - spec: - containers: - - args: - - --orchestration=openshift -# - --ip-range='{"Dev":"10.1.10.110-10.1.10.115","Test":"10.1.10.120-10.1.10.125","Production":"10.1.10.130-10.1.10.135","Default":"10.1.10.130-10.1.10.135"}' - - --ip-range - - '{"Dev":"10.1.10.110-10.1.10.115"}' - - --log-level=DEBUG - command: - - /app/bin/f5-ipam-controller - image: f5devcentral/f5-ipam-controller:latest - imagePullPolicy: IfNotPresent - name: f5-ipam-controller - serviceAccount: ipam-ctlr - serviceAccountName: ipam-ctlr - diff --git a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-pvc.yaml b/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-pvc.yaml deleted file mode 100644 index 3bc548e..0000000 --- a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-pvc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: local-pv -spec: - capacity: - storage: 1Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - local: - path: /tmp/localstorage - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - master-1.ocp1.f5-udf.com - - master-1.ocp2.f5-udf.com - - master-1.ocp3.f5-udf.com ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: pvc-local - namespace: cis-sc-twotier -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 0.1Gi - diff --git a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-rbac.yaml b/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-rbac.yaml deleted file mode 100644 index 1a818a7..0000000 --- a/crds/demo-sc-twotier-istio-l7/cis-config/old/f5-ipam-rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ipam-ctlr-clusterrole -rules: - - apiGroups: ["fic.f5.com"] - resources: ["f5ipams"] - verbs: ["get", "list", "watch", "update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ipam-ctlr-clusterrole-binding - namespace: cis-sc-twotier -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ipam-ctlr-clusterrole -subjects: - - apiGroup: "" - kind: ServiceAccount - name: ipam-ctlr - namespace: cis-sc-twotier ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ipam-ctlr - namespace: cis-sc-twotier