Skip to content

Commit

Permalink
Updating charts for CIS Release v3.0.0-beta-2 and Build Info azure-64…
Browse files Browse the repository at this point in the history 
…78-a8e73194057b776e86c4c95c9a4a6ee8c61a21a1 in incubator
  • Loading branch information
@cisbotctlr
cisbotctlr committed Aug 7, 2024
1 parent 71bf5b8 commit de8d908
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 35 deletions.
77 changes: 45 additions & 32 deletions helm-charts/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,60 +25,73 @@ For OpenShift, use the following command:

- Add the CIS chart repository in Helm using following command:

```helm repo add f5-stable https://f5networks.github.io/charts/stable```
```helm repo add f5-stable https://f5networks.github.io/k8s-bigip-ctlr/helm-charts/stable```

- Create values.yaml as shown in [examples](https://github.com/F5Networks/charts/tree/master/example_values/f5-bigip-ctlr):
- Create values.yaml as shown in [examples](https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/helm-charts/example_values/values.yaml):

- Install the Helm chart if BIGIP credential secrets created manually using the following command:
- Install the Helm chart if Central Manager credential secrets created manually using the following command:

```helm install -f values.yaml <new-chart-name> f5-stable/f5-bigip-ctlr```

- Install the Helm chart with skip crds if BIGIP credential secrets created manually (without custom resource definitions installations)
- Install the Helm chart with skip crds if Central Manager credential secrets created manually (without custom resource definitions installations)

```helm install --skip-crds -f values.yaml <new-chart-name> f5-stable/f5-bigip-ctlr```

- If you want to create the BIGIP credential secret with helm charts use the following command:
- If you want to create the Central Manager credential secret with helm charts use the following command:

```helm install --set cm_secret.create="true" --set cm_secret.username=$CM_USERNAME --set cm_secret.password=$CM_PASSWORD -f values.yaml <new-chart-name> f5-stable/f5-bigip-ctlr```

## Chart parameters:

| Parameter | Required | Description | Default |
|-----------------------------------------|----------|-------------------------------------------------------------------------|------------------------------|
| cm_login_secret | Optional | Secret that contains Central Manager login credentials | f5-bigip-ctlr-login |
| args.cm_url | Required | The management IP for your Central Manager device | **Required**, no default |
| cm_secret.create | Optional | Create kubernetes secret using username and password | false |
| cm_secret.username | Optional | bigip username to create the kubernetes secret | empty |
| cm_secret.password | Optional | bigip password to create the kubernetes secret | empty |
| rbac.create | Optional | Create ClusterRole and ClusterRoleBinding | true |
| serviceAccount.name | Optional | name of the ServiceAccount for CIS controller | f5-bigip-ctlr-serviceaccount |
| serviceAccount.create | Optional | Create service account for the CIS controller | true |
| namespace | Optional | name of namespace CIS will use to create deployment and other resources | kube-system |
| image.user | Optional | CIS Controller image repository username | f5networks |
| image.repo | Optional | CIS Controller image repository name | k8s-bigip-ctlr |
| image.pullPolicy | Optional | CIS Controller image pull policy | Always |
| image.pullSecrets | Optional | List of secrets of container registry to pull image | empty |
| version | Optional | CIS Controller image tag | latest |
| nodeSelector | Optional | dictionary of Node selector labels | empty |
| tolerations | Optional | Array of labels | empty |
| limits_cpu | Optional | CPU limits for the pod | 100m |
| limits_memory | Optional | Memory limits for the pod | 512Mi |
| requests_cpu | Optional | CPU request for the pod | 100m |
| requests_memory | Optional | Memory request for the pod | 512Mi |
| affinity | Optional | Dictionary of affinity | empty |
| securityContext | Optional | Dictionary of deployment securityContext | empty |
| podSecurityContext | Optional | Dictionary of pod securityContext | empty |
| Parameter | Required | Description | Default |
|-------------------------------------------------------|----------|-----------------------------------------------------------------------------------------------------------------------|------------------------------|
| cm_login_secret | Optional | Secret that contains Central Manager login credentials | f5-bigip-ctlr-login |
| args.cm_url | Required | The management IP for your Central Manager device | **Required**, no default |
| cm_secret.create | Optional | Create kubernetes secret using username and password | false |
| cm_secret.username | Optional | Central Manager username to create the kubernetes secret | empty |
| cm_secret.password | Optional | Central Manager password to create the kubernetes secret | empty |
| rbac.create | Optional | Create ClusterRole and ClusterRoleBinding | true |
| serviceAccount.name | Optional | name of the ServiceAccount for CIS controller | f5-bigip-ctlr-serviceaccount |
| serviceAccount.create | Optional | Create service account for the CIS controller | true |
| namespace | Optional | name of namespace CIS will use to create deployment and other resources | kube-system |
| image.user | Optional | CIS Controller image repository username | f5networks |
| image.repo | Optional | CIS Controller image repository name | k8s-bigip-ctlr |
| image.pullPolicy | Optional | CIS Controller image pull policy | Always |
| image.pullSecrets | Optional | List of secrets of container registry to pull image | empty |
| version | Optional | CIS Controller image tag | latest |
| nodeSelector | Optional | dictionary of Node selector labels | empty |
| tolerations | Optional | Array of labels | empty |
| limits_cpu | Optional | CPU limits for the pod | 100m |
| limits_memory | Optional | Memory limits for the pod | 512Mi |
| requests_cpu | Optional | CPU request for the pod | 100m |
| requests_memory | Optional | Memory request for the pod | 512Mi |
| affinity | Optional | Dictionary of affinity | empty |
| securityContext | Optional | Dictionary of deployment securityContext | empty |
| podSecurityContext | Optional | Dictionary of pod securityContext | empty |
| deployConfig.baseConfig.controllerIdentifier | Optional | controllerIdentifier is used to identify the unique CIS cluster/instance | empty |
| deployConfig.baseConfig.nodeLabel | Optional | nodeLabel is used to define the nodes which can be monitored by CIS | empty |
| deployConfig.baseConfig.namespaceLabel | Optional | namespaceLabel is used to define the namespces which can be monitored by CIS | empty |
| deployConfig.networkConfig.orchestrationCNI | Required | Orchestration CNI for the kuberentes/openshift cluster | empty |
| deployConfig.networkConfig.metaData.poolMemberType | Optional | poolMemberType is optional parameter, and it is used to specify the pool member type in CIS default value is nodeport | nodeport |
| deployConfig.networkConfig.metaData.networkCIDR | Optional | network CIDR is optional parameter and required if your nodes are using multiple network interfaces | empty |
| deployConfig.networkConfig.metaData.staticRoutingMode | Optional | staticRoutingMode creates the static routes for pod network on the BigIP | false |
| deployConfig.as3Config.debugAS3 | Optional | debugAS3 is a optional parameter, and it is used to enable the debug logs for AS3 | false |
| deployConfig.as3Config.postDelayAS3 | Optional | post delay is a optional parameter, and it is used if AS3 is taking more time to apply the configuration | 0 |
| deployConfig.bigIpConfig[*].bigIpAddress | Required | Big IP to deploy the application | empty |
| deployConfig.bigIpConfig[*].bigIpLabel | Required | bigIpLabel is used to map the ingress resource to the bigip, you can specify the bigip label in TS/IngressLink CR | empty |
| deployConfig.bigIpConfig[*].defaultPartition | Optional | Big IP tenant | 0 |


Note: cm_login_secret and cm_secret are mutually exclusive, if both are defined in values.yaml file cm_secret will be given priority.


See the CIS documentation for a full list of args supported for CIS [CIS Configuration Options](https://clouddocs.f5.com/containers/latest/userguide/config-parameters.html)
See the CIS documentation for a full list of args supported for CIS [CIS Configuration Options](https://github.com/F5Networks/k8s-bigip-ctlr/blob/master/docs/cis-3.x/README.md#configuration-parameters)

> **Note:** Helm value names cannot include the character `-` which is commonly used in the names of parameters passed to the controller. To accomodate Helm, the parameter names in `values.yaml` use `_` and then replace them with `-` when rendering.
> e.g. `args.cm_url` is rendered as `cm-url` as required by the CIS Controller.

If you have a specific use case for F5 products in the Kubernetes environment that would benefit from a curated chart, please [open an issue](https://github.com/F5Networks/charts/issues) describing your use case and providing example resources.
If you have a specific use case for F5 products in the Kubernetes environment that would benefit from a curated chart, please [open an issue](https://github.com/F5Networks/k8s-bigip-ctlr/issues) describing your use case and providing example resources.

## Uninstalling Helm Chart

Expand Down
Binary file modified helm-charts/incubator/f5-bigip-ctlr-3.0.0.tgz
View file
Binary file not shown.
6 changes: 3 additions & 3 deletions helm-charts/incubator/index.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@ apiVersion: v1
entries:
f5-bigip-ctlr:
- apiVersion: v1
created: "2024-08-07T09:25:26.696156159Z"
created: "2024-08-07T10:08:41.008118779Z"
description: Deploy the F5 Networks BIG-IP Controller for Kubernetes and OpenShift
(k8s-bigip-ctlr).
digest: 26f2f3e0eb1d0b54e48631606e271dc3754bdf2975b99a8258b074716a384ac0
digest: bfc52d677c344d9455ab27b93a311a553743cfb3fbe6c28acfeaa6238800312c
name: f5-bigip-ctlr
urls:
- https://F5Networks.github.io/k8s-bigip-ctlr/helm-charts/incubator/f5-bigip-ctlr-3.0.0.tgz
version: 3.0.0
generated: "2024-08-07T09:25:26.69524755Z"
generated: "2024-08-07T10:08:41.007247376Z"

0 comments on commit de8d908

Please sign in to comment.