diff --git a/README.adoc b/README.adoc index 7bb6a15..a34d199 100644 --- a/README.adoc +++ b/README.adoc @@ -1,81 +1,13 @@ = F5 CIS 101 :toc: manual -== LoadBalancer Type Service - -[source, bash] -.*1. Install both CIS and IPAM Controller* ----- -kubectl apply -f loadbalancer/install/ns.yaml - -kubectl apply -f loadbalancer/install/ipam/rbac.yaml -kubectl apply -f loadbalancer/install/ipam/localstorage-pv-pvc.yaml -kubectl apply -f loadbalancer/install/ipam/ipam_schema.yaml -kubectl apply -f loadbalancer/install/ipam/fic.yaml - -kubectl create secret generic bigip-login --from-literal=username=admin --from-literal=password=admin -n bigip-ctlr -kubectl apply -f loadbalancer/install/rbac.yaml -kubectl apply -f loadbalancer/install/customresourcedefinitions.yaml -kubectl apply -f loadbalancer/install/cis.yaml ----- - -Execute `kubectl get pods -n bigip-ctlr` to verify the installation. - -[source, bash] -.*2. Deploy App* ----- -kubectl apply -f loadbalancer/ttcp.yaml -kubectl apply -f loadbalancer/cafe.yaml ----- - -== CRD - -[source, bash] -.*1. Install CIS Controller* ----- -kubectl apply -f crd/install/ns.yaml -kubectl create secret generic bigip-login --from-literal=username=admin --from-literal=password=admin -n bigip-ctlr -kubectl apply -f crd/install/rbac.yaml -kubectl apply -f crd/install/customresourcedefinitions.yaml -kubectl apply -f crd/install/cis.yaml ----- - -[source, bash] -.*2. Deploy app* ----- -kubectl apply -f crd/cafe.yaml -kubectl apply -f crd/ttcp.yaml ----- - -[source, bash] -.*3. App delivery* ----- -kubectl apply -f crd/vs.yaml -kubectl apply -f crd/transport.yaml ----- - -== CRD Arcadia - -[source, bash] -.*1. Deploy* ----- -kubectl apply -f arcadia/arcadia.yaml ----- - -[source, bash] -.*2. App delivery* ----- -kubectl apply -f arcadia/vs.yaml ----- - - == Configmap Hub Mode [source, bash] .*1. Install CIS Controller* ---- kubectl apply -f configmap-hub/install/ns.yaml -kubectl create secret generic bigip-login --from-literal=username=admin --from-literal=password=admin -n bigip-ctlr +kubectl create secret generic bigip-login --from-literal=username=cis_user --from-literal=password=default --from-literal=url=https://192.168.200.204 -n bigip-ctlr kubectl apply -f configmap-hub/install/rbac.yaml kubectl apply -f configmap-hub/install/cis.yaml ---- diff --git a/app/deploy-l4.yaml b/app/deploy-l4.yaml deleted file mode 100644 index 05bf0c2..0000000 --- a/app/deploy-l4.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: test105 - labels: - cis_scanner_zone: zone_1 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: app - name: app - namespace: test105 -spec: - replicas: 1 - selector: - matchLabels: - app: app - template: - metadata: - labels: - app: app - spec: - containers: - - image: cloudadc/echoserver:1.1 - name: echoserver - ports: - - containerPort: 8877 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: app - cis.f5.com/as3-tenant: test105 - cis.f5.com/as3-app: test105 - cis.f5.com/as3-pool: test105_app_svc_pool - name: app-svc - namespace: test105 -spec: - ports: - - port: 8877 - protocol: TCP - targetPort: 8877 - selector: - app: app - sessionAffinity: None - type: ClusterIP diff --git a/arcadia/arcadia-cli b/arcadia/arcadia-cli deleted file mode 100755 index 5c3540e..0000000 Binary files a/arcadia/arcadia-cli and /dev/null differ diff --git a/arcadia/arcadia.yaml b/arcadia/arcadia.yaml deleted file mode 100644 index e3d19a7..0000000 --- a/arcadia/arcadia.yaml +++ /dev/null @@ -1,237 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - cis_scanner_zone: zone_1 - name: arcadia ---- -apiVersion: v1 -kind: Service -metadata: - name: backend - namespace: arcadia - labels: - app: backend - service: backend -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 80 - name: backend-80 - selector: - app: backend ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: backend - namespace: arcadia - labels: - app: backend - version: v1 -spec: - replicas: 1 - selector: - matchLabels: - app: backend - version: v1 - template: - metadata: - labels: - app: backend - version: v1 - spec: - containers: - - env: - - name: service_name - value: backend - image: cloudadc/arcadia-application-backend:1.0 - imagePullPolicy: IfNotPresent - name: backend - ports: - - containerPort: 80 - protocol: TCP ---- -apiVersion: v1 -kind: Service -metadata: - name: main - namespace: arcadia - labels: - app: main - service: main -spec: - type: ClusterIP - ports: - - name: main-80 - port: 80 - protocol: TCP - targetPort: 80 - selector: - app: main ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: main - namespace: arcadia - labels: - app: main - version: v1 -spec: - replicas: 1 - selector: - matchLabels: - app: main - version: v1 - template: - metadata: - labels: - app: main - version: v1 - spec: - containers: - - env: - - name: service_name - value: main - image: cloudadc/arcadia-application-mainapp:1.0 - imagePullPolicy: IfNotPresent - name: main - ports: - - containerPort: 80 - protocol: TCP ---- -apiVersion: v1 -kind: Service -metadata: - name: app2 - namespace: arcadia - labels: - app: app2 - service: app2 -spec: - type: ClusterIP - ports: - - port: 80 - name: app2-80 - selector: - app: app2 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: app2 - namespace: arcadia - labels: - app: app2 - version: v1 -spec: - replicas: 1 - selector: - matchLabels: - app: app2 - version: v1 - template: - metadata: - labels: - app: app2 - version: v1 - spec: - containers: - - env: - - name: service_name - value: app2 - image: cloudadc/arcadia-application-app2:1.0 - imagePullPolicy: IfNotPresent - name: app2 - ports: - - containerPort: 80 - protocol: TCP ---- -apiVersion: v1 -kind: Service -metadata: - name: app3 - namespace: arcadia - labels: - app: app3 - service: app3 -spec: - type: ClusterIP - ports: - - port: 80 - name: app3-80 - selector: - app: app3 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: app3 - namespace: arcadia - labels: - app: app3 - version: v1 -spec: - replicas: 1 - selector: - matchLabels: - app: app3 - version: v1 - template: - metadata: - labels: - app: app3 - version: v1 - spec: - containers: - - env: - - name: service_name - value: app3 - image: cloudadc/arcadia-application-app3:1.0 - imagePullPolicy: IfNotPresent - name: app3 - ports: - - containerPort: 80 - protocol: TCP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: app - name: app - namespace: arcadia -spec: - replicas: 1 - selector: - matchLabels: - app: app - template: - metadata: - labels: - app: app - spec: - containers: - - image: cloudadc/echoserver:1.1 - name: echoserver - ports: - - containerPort: 8877 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: app - name: app-svc - namespace: arcadia -spec: - ports: - - port: 8877 - protocol: TCP - targetPort: 8877 - selector: - app: app - sessionAffinity: None - type: ClusterIP diff --git a/arcadia/dns.yaml b/arcadia/dns.yaml deleted file mode 100644 index d6b166c..0000000 --- a/arcadia/dns.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: "cis.f5.com/v1" -kind: ExternalDNS -metadata: - name: exdns - labels: - f5cr: "true" -spec: - domainName: arcadia-finance.io - dnsRecordType: A - loadBalanceMethod: round-robin - pools: - - name: arcadia-finance.io - diff --git a/arcadia/transport.yaml b/arcadia/transport.yaml deleted file mode 100644 index 2775e35..0000000 --- a/arcadia/transport.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: "cis.f5.com/v1" -kind: TransportServer -metadata: - name: arcadia-socket - namespace: arcadia - labels: - f5cr: "true" -spec: - virtualServerAddress: "192.168.200.22" - virtualServerPort: 8877 - mode: "performance" - pool: - service: app-svc - servicePort: 8877 - monitor: - type: tcp - interval: 5 - timeout: 16 diff --git a/arcadia/vs.yaml b/arcadia/vs.yaml deleted file mode 100644 index de57425..0000000 --- a/arcadia/vs.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: "cis.f5.com/v1" -kind: VirtualServer -metadata: - name: arcadia - namespace: arcadia - labels: - f5cr: "true" -spec: - host: arcadia-finance.io - virtualServerAddress: "192.168.200.23" - pools: - - path: / - service: main - servicePort: 80 - monitor: - type: http - send: "HTTP /rn" - recv: "" - interval: 5 - timeout: 16 - - path: /files - service: backend - servicePort: 80 - monitor: - type: http - send: "HTTP /rn" - recv: "" - interval: 5 - timeout: 16 - - path: /api - service: app2 - servicePort: 80 - monitor: - type: http - send: "HTTP /rn" - recv: "" - interval: 5 - timeout: 16 - - path: /app3 - service: app3 - servicePort: 80 - monitor: - type: http - send: "HTTP /rn" - recv: "" - interval: 5 - timeout: 16 diff --git a/cccl/cm.yaml b/cccl/cm.yaml deleted file mode 100644 index 4faf5f1..0000000 --- a/cccl/cm.yaml +++ /dev/null @@ -1,65 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: test-l7 - namespace: test100 - labels: - f5type: virtual-server -data: - schema: "f5schemadb://bigip-virtual-server_v0.1.7.json" - data: |- - { - "virtualServer": { - "frontend": { - "balance": "least-connections-member", - "mode": "http", - "partition": "k8s", - "virtualAddress": { - "bindAddr": "192.168.200.10", - "port": 8080 - } - }, - "backend": { - "serviceName": "app-svc", - "servicePort": 80, - "healthMonitors": [{ - "interval": 5, - "timeout": 16, - "protocol": "http" - }] - } - } - } ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: test-l4 - namespace: test105 - labels: - f5type: virtual-server -data: - schema: "f5schemadb://bigip-virtual-server_v0.1.7.json" - data: |- - { - "virtualServer": { - "frontend": { - "balance": "least-connections-member", - "mode": "tcp", - "partition": "k8s", - "virtualAddress": { - "bindAddr": "192.168.200.10", - "port": 8877 - } - }, - "backend": { - "serviceName": "app-svc", - "servicePort": 8877, - "healthMonitors": [{ - "interval": 30, - "timeout": 91, - "protocol": "tcp" - }] - } - } - } diff --git a/configmap-as3/cm.yaml b/configmap-as3/cm.yaml new file mode 100644 index 0000000..a231b3e --- /dev/null +++ b/configmap-as3/cm.yaml @@ -0,0 +1,1327 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: veconfig-nsgroup1 + namespace: f5-hub-1 + labels: + f5type: virtual-server + as3: "true" +data: + template: | + { + "class": "AS3", + "action": "deploy", + "persist": true, + "declaration": { + "class": "ADC", + "schemaVersion": "3.18.0", + "id": "veconfig-nsgroup1", + "midwareak": { + "class": "Tenant", + "escluster_app": { + "class": "Application", + "template": "generic", + "escluster_vs": { + "class": "Service_L4", + "layer4": "any", + "persistenceMethods": [], + "virtualAddresses": [ + "197.0.214.1" + ], + "virtualPort": 31001, + "snat": "self", + "pool": "escluster_pool" + }, + "escluster_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + } + }, + "kafka_app": { + "class": "Application", + "template": "generic", + "kafka_vs": { + "class": "Service_L4", + "layer4": "any", + "persistenceMethods": [], + "virtualAddresses": [ + "197.0.214.1" + ], + "virtualPort": 31002, + "snat": "self", + "pool": "kafka_pool" + }, + "kafka_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + } + }, + "miniocluster_app": { + "class": "Application", + "template": "generic", + "miniocluster_vs": { + "class": "Service_L4", + "layer4": "any", + "persistenceMethods": [], + "virtualAddresses": [ + "197.0.214.1" + ], + "virtualPort": 31003, + "snat": "self", + "pool": "miniocluster_pool" + }, + "miniocluster_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + } + }, + "redis_app": { + "class": "Application", + "template": "generic", + "redis_vs": { + "class": "Service_L4", + "layer4": "any", + "persistenceMethods": [], + "virtualAddresses": [ + "197.0.214.1" + ], + "virtualPort": 31004, + "snat": "self", + "pool": "redis_pool" + }, + "redis_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + } + }, + "rot-consulcluster_app": { + "class": "Application", + "template": "generic", + "rot-consulcluster_vs": { + "class": "Service_L4", + "layer4": "any", + "persistenceMethods": [], + "virtualAddresses": [ + "197.0.214.1" + ], + "virtualPort": 31005, + "snat": "self", + "pool": "rot-consulcluster_pool" + }, + "rot-consulcluster_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + } + }, + "zookeeper_app": { + "class": "Application", + "template": "generic", + "zookeeper_vs": { + "class": "Service_L4", + "layer4": "any", + "persistenceMethods": [], + "virtualAddresses": [ + "197.0.214.1" + ], + "virtualPort": 31006, + "snat": "self", + "pool": "zookeeper_pool" + }, + "zookeeper_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + } + } + }, + "nlpak": { + "class": "Tenant", + "api-group-f5_app": { + "class": "Application", + "template": "generic", + "api-group-f5_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.2" + ], + "virtualPort": 31007, + "profileMultiplex": { + "use": "api-group-f5_oneconnectprofile" + }, + "profileHTTP": { + "use": "api-group-f5_httpprofile" + }, + "snat": "self", + "pool": "api-group-f5_pool" + }, + "api-group-f5_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "api-group-f5_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "api-group-f5_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + }, + "cmbcparse-f5_app": { + "class": "Application", + "template": "generic", + "cmbcparse-f5_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.2" + ], + "virtualPort": 31008, + "profileMultiplex": { + "use": "cmbcparse-f5_oneconnectprofile" + }, + "profileHTTP": { + "use": "cmbcparse-f5_httpprofile" + }, + "snat": "self", + "pool": "cmbcparse-f5_pool" + }, + "cmbcparse-f5_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "cmbcparse-f5_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "cmbcparse-f5_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + } + }, + "innov": { + "class": "Tenant", + "ingress-nginx-http_app": { + "class": "Application", + "template": "generic", + "ingress-nginx-http_vs": { + "class": "Service_L4", + "layer4": "any", + "persistenceMethods": [], + "virtualAddresses": [ + "197.0.214.3" + ], + "virtualPort": 30000, + "snat": "self", + "pool": "ingress-nginx-http_pool" + }, + "ingress-nginx-http_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + } + }, + "ingress-nginx-https_app": { + "class": "Application", + "template": "generic", + "ingress-nginx-https_vs": { + "class": "Service_L4", + "layer4": "any", + "persistenceMethods": [], + "virtualAddresses": [ + "197.0.214.3" + ], + "virtualPort": 30001, + "snat": "self", + "pool": "ingress-nginx-https_pool" + }, + "ingress-nginx-https_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + } + }, + "rtc-signal-server-interf5_app": { + "class": "Application", + "template": "generic", + "rtc-signal-server-interf5_vs": { + "class": "Service_L4", + "layer4": "any", + "persistenceMethods": [], + "virtualAddresses": [ + "197.0.214.3" + ], + "virtualPort": 30002, + "snat": "self", + "pool": "rtc-signal-server-interf5_pool" + }, + "rtc-signal-server-interf5_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + } + }, + "rtc-signal-server-exterf5_app": { + "class": "Application", + "template": "generic", + "rtc-signal-server-exterf5_vs": { + "class": "Service_L4", + "layer4": "any", + "persistenceMethods": [], + "virtualAddresses": [ + "197.0.214.3" + ], + "virtualPort": 30003, + "snat": "self", + "pool": "rtc-signal-server-exterf5_pool" + }, + "rtc-signal-server-exterf5_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + } + }, + "rtc-janus-service_app": { + "class": "Application", + "template": "generic", + "rtc-janus-service_vs": { + "class": "Service_L4", + "layer4": "any", + "persistenceMethods": [], + "virtualAddresses": [ + "197.0.214.3" + ], + "virtualPort": 30004, + "snat": "self", + "pool": "rtc-janus-service_pool" + }, + "rtc-janus-service_pool": { + "class": "Pool", + "monitors": [ + "icmp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + } + }, + "digital-human-plat-f5_app": { + "class": "Application", + "template": "generic", + "digital-human-plat-f5_vs": { + "class": "Service_L4", + "layer4": "any", + "persistenceMethods": [], + "virtualAddresses": [ + "197.0.214.3" + ], + "virtualPort": 30005, + "snat": "self", + "pool": "digital-human-plat-f5_pool" + }, + "digital-human-plat-f5_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + } + }, + "digital-human-video-pipeline-f5_app": { + "class": "Application", + "template": "generic", + "digital-human-video-pipeline-f5_vs": { + "class": "Service_L4", + "layer4": "any", + "persistenceMethods": [], + "virtualAddresses": [ + "197.0.214.3" + ], + "virtualPort": 30006, + "snat": "self", + "pool": "digital-human-video-pipeline-f5_pool" + }, + "digital-human-video-pipeline-f5_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + } + } + }, + "oms": { + "class": "Tenant", + "oms-uat-service_app": { + "class": "Application", + "template": "generic", + "oms-uat-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.4" + ], + "virtualPort": 7003, + "profileMultiplex": { + "use": "oms-uat-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "oms-uat-service_httpprofile" + }, + "snat": "self", + "pool": "oms-uat-service_pool" + }, + "oms-uat-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "oms-uat-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "oms-uat-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + }, + "oms-service_app": { + "class": "Application", + "template": "generic", + "oms-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.4" + ], + "virtualPort": 8001, + "profileMultiplex": { + "use": "oms-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "oms-service_httpprofile" + }, + "snat": "self", + "pool": "oms-service_pool" + }, + "oms-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "oms-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "oms-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + }, + "oms-web-service_app": { + "class": "Application", + "template": "generic", + "oms-web-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.4" + ], + "virtualPort": 8002, + "profileMultiplex": { + "use": "oms-web-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "oms-web-service_httpprofile" + }, + "snat": "self", + "pool": "oms-web-service_pool" + }, + "oms-web-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "oms-web-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "oms-web-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + } + }, + "cdss": { + "class": "Tenant", + "cdss-tccb_app": { + "class": "Application", + "template": "generic", + "cdss-tccb_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.5" + ], + "virtualPort": 80, + "profileMultiplex": { + "use": "cdss-tccb_oneconnectprofile" + }, + "profileHTTP": { + "use": "cdss-tccb_httpprofile" + }, + "snat": "self", + "pool": "cdss-tccb_pool" + }, + "cdss-tccb_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "cdss-tccb_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "cdss-tccb_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + }, + "cdss-tccb-service_app": { + "class": "Application", + "template": "generic", + "cdss-tccb-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.5" + ], + "virtualPort": 8080, + "profileMultiplex": { + "use": "cdss-tccb-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "cdss-tccb-service_httpprofile" + }, + "snat": "self", + "pool": "cdss-tccb-service_pool" + }, + "cdss-tccb-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "cdss-tccb-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "cdss-tccb-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + }, + "cdss-tccb-ob-service_app": { + "class": "Application", + "template": "generic", + "cdss-tccb-ob-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.5" + ], + "virtualPort": 8090, + "profileMultiplex": { + "use": "cdss-tccb-ob-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "cdss-tccb-ob-service_httpprofile" + }, + "snat": "self", + "pool": "cdss-tccb-ob-service_pool" + }, + "cdss-tccb-ob-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "cdss-tccb-ob-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "cdss-tccb-ob-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + } + }, + "aml": { + "class": "Tenant", + "pandora-web_app": { + "class": "Application", + "template": "generic", + "pandora-web_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.6" + ], + "virtualPort": 30249, + "profileMultiplex": { + "use": "pandora-web_oneconnectprofile" + }, + "profileHTTP": { + "use": "pandora-web_httpprofile" + }, + "snat": "self", + "pool": "pandora-web_pool" + }, + "pandora-web_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "pandora-web_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "pandora-web_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + } + }, + "ocrm": { + "class": "Tenant", + "crm-service_app": { + "class": "Application", + "template": "generic", + "crm-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.7" + ], + "virtualPort": 8000, + "profileMultiplex": { + "use": "crm-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "crm-service_httpprofile" + }, + "snat": "self", + "pool": "crm-service_pool" + }, + "crm-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "crm-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "crm-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + }, + "crm-app-service_app": { + "class": "Application", + "template": "generic", + "crm-app-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.7" + ], + "virtualPort": 8001, + "profileMultiplex": { + "use": "crm-app-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "crm-app-service_httpprofile" + }, + "snat": "self", + "pool": "crm-app-service_pool" + }, + "crm-app-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "crm-app-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "crm-app-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + } + }, + "ethp": { + "class": "Tenant", + "fund-service_app": { + "class": "Application", + "template": "generic", + "fund-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.9" + ], + "virtualPort": 50012, + "profileMultiplex": { + "use": "fund-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "fund-service_httpprofile" + }, + "snat": "self", + "pool": "fund-service_pool" + }, + "fund-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "fund-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "fund-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + }, + "flato-service_app": { + "class": "Application", + "template": "generic", + "flato-service_vs": { + "class": "Service_L4", + "layer4": "any", + "persistenceMethods": [], + "virtualAddresses": [ + "197.0.214.9" + ], + "virtualPort": 50011, + "snat": "self", + "pool": "flato-service_pool" + }, + "flato-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + } + } + }, + "apaas": { + "class": "Tenant", + "apaas-cloud-toolkit-app-uat-service_app": { + "class": "Application", + "template": "generic", + "apaas-cloud-toolkit-app-uat-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.10" + ], + "virtualPort": 30283, + "profileMultiplex": { + "use": "apaas-cloud-toolkit-app-uat-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "apaas-cloud-toolkit-app-uat-service_httpprofile" + }, + "snat": "self", + "pool": "apaas-cloud-toolkit-app-uat-service_pool" + }, + "apaas-cloud-toolkit-app-uat-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "apaas-cloud-toolkit-app-uat-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "apaas-cloud-toolkit-app-uat-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + } + }, + "iot": { + "class": "Tenant", + "iot-integrate-service_app": { + "class": "Application", + "template": "generic", + "iot-integrate-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.11" + ], + "virtualPort": 8080, + "profileMultiplex": { + "use": "iot-integrate-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "iot-integrate-service_httpprofile" + }, + "snat": "self", + "pool": "iot-integrate-service_pool" + }, + "iot-integrate-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "iot-integrate-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "iot-integrate-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + }, + "iot-vehicle-web-uat-service_app": { + "class": "Application", + "template": "generic", + "iot-vehicle-web-uat-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.11" + ], + "virtualPort": 8089, + "profileMultiplex": { + "use": "iot-vehicle-web-uat-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "iot-vehicle-web-uat-service_httpprofile" + }, + "snat": "self", + "pool": "iot-vehicle-web-uat-service_pool" + }, + "iot-vehicle-web-uat-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "iot-vehicle-web-uat-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "iot-vehicle-web-uat-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + }, + "iot-vehicle-app-uat-service_app": { + "class": "Application", + "template": "generic", + "iot-vehicle-app-uat-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.11" + ], + "virtualPort": 8088, + "profileMultiplex": { + "use": "iot-vehicle-app-uat-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "iot-vehicle-app-uat-service_httpprofile" + }, + "snat": "self", + "pool": "iot-vehicle-app-uat-service_pool" + }, + "iot-vehicle-app-uat-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "iot-vehicle-app-uat-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "iot-vehicle-app-uat-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + }, + "tccb-service_app": { + "class": "Application", + "template": "generic", + "tccb-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.11" + ], + "virtualPort": 18080, + "profileMultiplex": { + "use": "tccb-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "tccb-service_httpprofile" + }, + "snat": "self", + "pool": "tccb-service_pool" + }, + "tccb-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "tccb-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "tccb-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + } + }, + "gd": { + "class": "Tenant", + "gdweb-apache-service_app": { + "class": "Application", + "template": "generic", + "gdweb-apache-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.12" + ], + "virtualPort": 10180, + "profileMultiplex": { + "use": "gdweb-apache-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "gdweb-apache-service_httpprofile" + }, + "snat": "self", + "pool": "gdweb-apache-service_pool" + }, + "gdweb-apache-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "gdweb-apache-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "gdweb-apache-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + }, + "gdapp-nginx-flume-service_app": { + "class": "Application", + "template": "generic", + "gdapp-nginx-flume-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.12" + ], + "virtualPort": 10280, + "profileMultiplex": { + "use": "gdapp-nginx-flume-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "gdapp-nginx-flume-service_httpprofile" + }, + "snat": "self", + "pool": "gdapp-nginx-flume-service_pool" + }, + "gdapp-nginx-flume-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "gdapp-nginx-flume-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "gdapp-nginx-flume-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + }, + "mobile-analysis-web-service_app": { + "class": "Application", + "template": "generic", + "mobile-analysis-web-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.12" + ], + "virtualPort": 8095, + "profileMultiplex": { + "use": "mobile-analysis-web-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "mobile-analysis-web-service_httpprofile" + }, + "snat": "self", + "pool": "mobile-analysis-web-service_pool" + }, + "mobile-analysis-web-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "mobile-analysis-web-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "mobile-analysis-web-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + }, + "mobile-app-service_app": { + "class": "Application", + "template": "generic", + "mobile-app-service_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "197.0.214.12" + ], + "virtualPort": 8080, + "profileMultiplex": { + "use": "mobile-app-service_oneconnectprofile" + }, + "profileHTTP": { + "use": "mobile-app-service_httpprofile" + }, + "snat": "self", + "pool": "mobile-app-service_pool" + }, + "mobile-app-service_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 80, + "serverAddresses": [] + } + ] + }, + "mobile-app-service_httpprofile": { + "class": "HTTP_Profile", + "xForwardedFor": true + }, + "mobile-app-service_oneconnectprofile": { + "class": "Multiplex_Profile", + "sourceMask": "255.255.255.255", + "maxConnectionReuse": 5 + } + } + } + } + } diff --git a/configmap-as3/install/cis.yaml b/configmap-as3/install/cis.yaml index 180cf77..c030483 100644 --- a/configmap-as3/install/cis.yaml +++ b/configmap-as3/install/cis.yaml @@ -55,6 +55,9 @@ spec: "--insecure=true", "--filter-tenants=true", "--bigip-partition=k8s", + "--hubmode=true", + "--bigip-partition=k8s", "--pool-member-type=cluster", - "--namespace-label=cis_scanner=cistest" + "--namespace=f5-hub-1", + "--namespace=f5-hub-2" ] diff --git a/configmap-hub/cm-hub-1.yaml b/configmap-hub/cm-hub-1.yaml index 7e1950f..bbeb03b 100644 --- a/configmap-hub/cm-hub-1.yaml +++ b/configmap-hub/cm-hub-1.yaml @@ -39,7 +39,7 @@ data: "loadBalancingMode": "least-connections-member", "members": [ { - "servicePort": 8088, + "servicePort": 8080, "serverAddresses": [] } ] diff --git a/configmap-hub/install/cis.yaml b/configmap-hub/install/cis.yaml index f203d81..c885552 100644 --- a/configmap-hub/install/cis.yaml +++ b/configmap-hub/install/cis.yaml @@ -1,39 +1,32 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: bigip-ctlr-192-168-200-204 + name: bigip-ctlr-192-168-75-204 labels: - app: bigip-ctlr-192-168-200-204 + app: bigip-ctlr-192-168-75-204 namespace: bigip-ctlr spec: replicas: 1 selector: matchLabels: - app: bigip-ctlr-192-168-200-204 + app: bigip-ctlr-192-168-75-204 template: metadata: - name: bigip-ctlr-192-168-200-204 + name: bigip-ctlr-192-168-75-204 labels: - app: bigip-ctlr-192-168-200-204 + app: bigip-ctlr-192-168-75-204 spec: serviceAccountName: bigip-ctlr containers: + - name: as3-parser + image: "zongzw/as3-parser:latest" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8081 + protocol: TCP - name: bigip-ctlr - image: "f5networks/k8s-bigip-ctlr:2.9.0" + image: "zongzw/k8s-bigip-ctlr-c:2.9.01-20220729" imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - exec: - command: - - curl - - -k - - -s - - -o - - /dev/null - - https://192.168.200.204 - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 env: - name: BIGIP_USERNAME valueFrom: @@ -45,17 +38,18 @@ spec: secretKeyRef: name: bigip-login key: password - command: ["/app/bin/k8s-bigip-ctlr"] + - name: BIGIP_URL + valueFrom: + secretKeyRef: + name: bigip-login + key: url + command: ["/f5-kic-linux"] args: [ "--bigip-username=$(BIGIP_USERNAME)", "--bigip-password=$(BIGIP_PASSWORD)", - "--log-level=INFO", - "--manage-ingress=false", - "--bigip-url=192.168.200.204", - "--insecure=true", - "--hubmode=true", - "--bigip-partition=k8s", - "--pool-member-type=cluster", + "--log-level=info", + "--bigip-url=https://192.168.200.204", + "--hub-mode=true", "--namespace=f5-hub-1", "--namespace=f5-hub-2" ] diff --git a/configmap-hub/install/rbac.yaml b/configmap-hub/install/rbac.yaml index 97aaf52..23a4dee 100644 --- a/configmap-hub/install/rbac.yaml +++ b/configmap-hub/install/rbac.yaml @@ -15,9 +15,6 @@ rules: - apiGroups: ["", "extensions", "networking.k8s.io"] resources: ["configmaps", "events", "ingresses/status", "services/status"] verbs: ["get", "list", "watch", "update", "create", "patch"] -- apiGroups: ["cis.f5.com"] - resources: ["virtualservers","virtualservers/status", "tlsprofiles", "transportservers", "ingresslinks", "externaldnses", "policies"] - verbs: ["get", "list", "watch", "update"] - apiGroups: ["", "extensions"] resources: ["secrets"] verbs: ["get", "list", "watch"] diff --git a/app/deploy.yaml b/configmap-hub/v1/apps.yaml similarity index 61% rename from app/deploy.yaml rename to configmap-hub/v1/apps.yaml index 8159d86..99e557c 100644 --- a/app/deploy.yaml +++ b/configmap-hub/v1/apps.yaml @@ -1,26 +1,30 @@ +--- + apiVersion: v1 kind: Namespace metadata: - name: test100 + name: cistest1 labels: - cis_scanner_zone: zone_1 + cis_scanner: cistest + --- + apiVersion: apps/v1 kind: Deployment metadata: labels: - app: app - name: app - namespace: test100 + app: app-1 + name: app-1 + namespace: cistest1 spec: - replicas: 1 + replicas: 3 selector: matchLabels: - app: app + app: app-1 template: metadata: labels: - app: app + app: app-1 spec: containers: - image: cloudadc/cafe:1.0 @@ -32,45 +36,45 @@ apiVersion: v1 kind: Service metadata: labels: - app: app - cis.f5.com/as3-tenant: test100 - cis.f5.com/as3-app: test100 - cis.f5.com/as3-pool: test100_app_svc_pool - name: app-svc - namespace: test100 + app: app-1 + cis.f5.com/as3-tenant: cistest1 + cis.f5.com/as3-app: app-1 + cis.f5.com/as3-pool: app-1_app_svc_pool + name: app-svc-1 + namespace: cistest1 spec: ports: - port: 80 protocol: TCP targetPort: 8080 selector: - app: app + app: app-1 sessionAffinity: None type: ClusterIP --- apiVersion: v1 kind: Namespace metadata: - name: test101 + name: cistest2 labels: - cis_scanner_zone: zone_1 + cis_scanner: cistest --- apiVersion: apps/v1 kind: Deployment metadata: labels: - app: app - name: app - namespace: test101 + app: app-1 + name: app-1 + namespace: cistest2 spec: replicas: 1 selector: matchLabels: - app: app + app: app-1 template: metadata: labels: - app: app + app: app-1 spec: containers: - image: cloudadc/cafe:1.0 @@ -82,45 +86,45 @@ apiVersion: v1 kind: Service metadata: labels: - app: app - cis.f5.com/as3-tenant: test101 - cis.f5.com/as3-app: test101 - cis.f5.com/as3-pool: test101_app_svc_pool - name: app-svc - namespace: test101 + app: app-1 + cis.f5.com/as3-tenant: cistest2 + cis.f5.com/as3-app: app-1 + cis.f5.com/as3-pool: app-1_app_svc_pool + name: app-svc-1 + namespace: cistest2 spec: ports: - port: 80 protocol: TCP targetPort: 8080 selector: - app: app + app: app-1 sessionAffinity: None type: ClusterIP --- apiVersion: v1 kind: Namespace metadata: - name: test102 + name: cistest3 labels: - cis_scanner_zone: zone_1 + cis_scanner: cistest --- apiVersion: apps/v1 kind: Deployment metadata: labels: - app: app - name: app - namespace: test102 + app: app-1 + name: app-1 + namespace: cistest3 spec: - replicas: 1 + replicas: 3 selector: matchLabels: - app: app + app: app-1 template: metadata: labels: - app: app + app: app-1 spec: containers: - image: cloudadc/cafe:1.0 @@ -132,45 +136,45 @@ apiVersion: v1 kind: Service metadata: labels: - app: app - cis.f5.com/as3-tenant: test102 - cis.f5.com/as3-app: test102 - cis.f5.com/as3-pool: test102_app_svc_pool - name: app-svc - namespace: test102 + app: app-1 + cis.f5.com/as3-tenant: cistest3 + cis.f5.com/as3-app: app-1 + cis.f5.com/as3-pool: app-1_app_svc_pool + name: app-svc-1 + namespace: cistest3 spec: ports: - port: 80 protocol: TCP targetPort: 8080 selector: - app: app + app: app-1 sessionAffinity: None type: ClusterIP --- apiVersion: v1 kind: Namespace metadata: - name: test103 + name: cistest4 labels: - cis_scanner_zone: zone_1 + cis_scanner: cistest --- apiVersion: apps/v1 kind: Deployment metadata: labels: - app: app - name: app - namespace: test103 + app: app-1 + name: app-1 + namespace: cistest4 spec: replicas: 1 selector: matchLabels: - app: app + app: app-1 template: metadata: labels: - app: app + app: app-1 spec: containers: - image: cloudadc/cafe:1.0 @@ -182,45 +186,45 @@ apiVersion: v1 kind: Service metadata: labels: - app: app - cis.f5.com/as3-tenant: test103 - cis.f5.com/as3-app: test103 - cis.f5.com/as3-pool: test103_app_svc_pool - name: app-svc - namespace: test103 + app: app-1 + cis.f5.com/as3-tenant: cistest4 + cis.f5.com/as3-app: app-1 + cis.f5.com/as3-pool: app-1_app_svc_pool + name: app-svc-1 + namespace: cistest4 spec: ports: - port: 80 protocol: TCP targetPort: 8080 selector: - app: app + app: app-1 sessionAffinity: None type: ClusterIP --- apiVersion: v1 kind: Namespace metadata: - name: test104 + name: cistest5 labels: - cis_scanner_zone: zone_1 + cis_scanner: cistest --- apiVersion: apps/v1 kind: Deployment metadata: labels: - app: app - name: app - namespace: test104 + app: app-1 + name: app-1 + namespace: cistest5 spec: replicas: 1 selector: matchLabels: - app: app + app: app-1 template: metadata: labels: - app: app + app: app-1 spec: containers: - image: cloudadc/cafe:1.0 @@ -232,18 +236,19 @@ apiVersion: v1 kind: Service metadata: labels: - app: app - cis.f5.com/as3-tenant: test104 - cis.f5.com/as3-app: test104 - cis.f5.com/as3-pool: test104_app_svc_pool - name: app-svc - namespace: test104 + app: app-1 + cis.f5.com/as3-tenant: cistest5 + cis.f5.com/as3-app: app-1 + cis.f5.com/as3-pool: app-1_app_svc_pool + name: app-svc-1 + namespace: cistest5 spec: ports: - port: 80 protocol: TCP targetPort: 8080 selector: - app: app + app: app-1 sessionAffinity: None type: ClusterIP +--- diff --git a/configmap-hub/v1/cm-hub-1.yaml b/configmap-hub/v1/cm-hub-1.yaml new file mode 100644 index 0000000..77ec9ee --- /dev/null +++ b/configmap-hub/v1/cm-hub-1.yaml @@ -0,0 +1,110 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: cm-cistest + namespace: f5-hub-1 + labels: + f5type: virtual-server + as3: "true" +data: + template: | + { + "class": "AS3", + "action": "deploy", + "persist": true, + "declaration": { + "class": "ADC", + "schemaVersion": "3.30.0", + "id": "f5-hub01", + "cistest1": { + "class": "Tenant", + "app-1": { + "class": "Application", + "template": "generic", + "app_svc_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "10.1.10.1" + ], + "snat": "self", + "virtualPort": 80, + "pool": "app-1_app_svc_pool" + }, + "app-1_app_svc_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 8080, + "serverAddresses": [] + } + ] + } + } + }, + "cistest2": { + "class": "Tenant", + "app-1": { + "class": "Application", + "template": "generic", + "app_svc_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "10.1.10.2" + ], + "snat": "self", + "virtualPort": 80, + "pool": "app-1_app_svc_pool" + }, + "app-1_app_svc_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 8080, + "serverAddresses": [] + } + ] + } + } + }, + "cistest3": { + "class": "Tenant", + "app-1": { + "class": "Application", + "template": "generic", + "app_svc_vs": { + "class": "Service_HTTP", + "persistenceMethods": [ "cookie" ], + "virtualAddresses": [ + "10.1.10.3" + ], + "snat": "self", + "virtualPort": 80, + "pool": "app-1_app_svc_pool" + }, + "app-1_app_svc_pool": { + "class": "Pool", + "monitors": [ + "tcp" + ], + "loadBalancingMode": "least-connections-member", + "members": [ + { + "servicePort": 8080, + "serverAddresses": [] + } + ] + } + } + } + } + } diff --git a/crd/cafe.yaml b/crd/cafe.yaml deleted file mode 100644 index b875ceb..0000000 --- a/crd/cafe.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cafe - labels: - cis_scanner_zone: zone_1 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: app - name: app - namespace: cafe -spec: - replicas: 3 - selector: - matchLabels: - app: app - template: - metadata: - labels: - app: app - spec: - containers: - - image: cloudadc/cafe:1.0 - name: backend - ports: - - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - cis.f5.com/ipamLabel: Dev - cis.f5.com/health: '{"interval": 10, "timeout": 31}' - labels: - app: app - name: app-svc - namespace: cafe -spec: - ports: - - port: 80 - protocol: TCP - targetPort: 8080 - selector: - app: app - type: ClusterIP diff --git a/crd/install/cis.yaml b/crd/install/cis.yaml deleted file mode 100644 index 532fddd..0000000 --- a/crd/install/cis.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bigip-ctlr-192-168-200-204 - labels: - app: bigip-ctlr-192-168-200-204 - namespace: bigip-ctlr -spec: - replicas: 1 - selector: - matchLabels: - app: bigip-ctlr-192-168-200-204 - template: - metadata: - name: bigip-ctlr-192-168-200-204 - labels: - app: bigip-ctlr-192-168-200-204 - spec: - serviceAccountName: bigip-ctlr - containers: - - name: bigip-ctlr - image: "f5networks/k8s-bigip-ctlr:2.8.0" - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - exec: - command: - - curl - - -k - - -s - - -o - - /dev/null - - https://192.168.200.204 - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - env: - - name: BIGIP_USERNAME - valueFrom: - secretKeyRef: - name: bigip-login - key: username - - name: BIGIP_PASSWORD - valueFrom: - secretKeyRef: - name: bigip-login - key: password - command: ["/app/bin/k8s-bigip-ctlr"] - args: [ - "--bigip-username=$(BIGIP_USERNAME)", - "--bigip-password=$(BIGIP_PASSWORD)", - "--namespace-label=cis_scanner_zone=zone_1", - "--log-level=INFO", - "--bigip-url=192.168.200.204", - "--insecure=true", - "--custom-resource-mode=true", - "--bigip-partition=k8s", - "--pool-member-type=cluster" - ] diff --git a/crd/install/customresourcedefinitions.yaml b/crd/install/customresourcedefinitions.yaml deleted file mode 100644 index cf54844..0000000 --- a/crd/install/customresourcedefinitions.yaml +++ /dev/null @@ -1,622 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: virtualservers.cis.f5.com -spec: - group: cis.f5.com - names: - kind: VirtualServer - plural: virtualservers - shortNames: - - vs - singular: virtualserver - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - host: - type: string - pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - hostGroup: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - httpTraffic: - type: string - ipamLabel: - type: string - snat: - type: string - tlsProfileName: - type: string - persistenceProfile: - type: string - policyName: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - rewriteAppRoot: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - waf: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - allowVlans: - items: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_]+\/?)*$' - type: array - iRules: - type: array - items: - type: string - serviceAddress: - type: array - maxItems: 1 - items: - type: object - properties: - arpEnabled: - type: boolean - icmpEcho: - type: string - enum: [enable, disable, selective] - routeAdvertisement: - type: string - enum: [enable, disable, selective, always, any, all] - spanningEnabled: - type: boolean - trafficGroup: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - pools: - type: array - items: - type: object - properties: - path: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - service: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - nodeMemberLabel: - type: string - pattern: '^[a-zA-Z0-9][-A-Za-z0-9_.\/]{0,61}[a-zA-Z0-9]=[a-zA-Z0-9][-A-Za-z0-9_.]{0,61}[a-zA-Z0-9]$' - servicePort: - type: integer - minimum: 1 - maximum: 65535 - rewrite: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - monitor: - type: object - properties: - type: - type: string - enum: [http, https] - send: - type: string - recv: - type: string - interval: - type: integer - timeout: - type: integer - required: - - type - - send - - interval - virtualServerAddress: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$' - virtualServerName: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - virtualServerHTTPPort: - type: integer - minimum: 1 - maximum: 65535 - virtualServerHTTPSPort: - type: integer - minimum: 1 - maximum: 65535 - status: - type: object - properties: - vsAddress: - type: string - default: None - status: - type: string - default: Pending - additionalPrinterColumns: - - name: host - type: string - description: hostname - jsonPath: .spec.host - - name: tlsProfileName - type: string - description: TLS Profile attached - jsonPath: .spec.tlsProfileName - - name: httpTraffic - type: string - description: Http Traffic Termination - jsonPath: .spec.httpTraffic - - name: IPAddress - type: string - description: IP address of virtualServer - jsonPath: .spec.virtualServerAddress - - name: ipamLabel - type: string - description: ipamLabel for virtual server - jsonPath: .spec.ipamLabel - - name: IPAMVSAddress - type: string - description: IP address of virtualServer - jsonPath: .status.vsAddress - - name: STATUS - type: string - description: status of VirtualServer - jsonPath: .status.status - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - subresources: - status: {} - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: tlsprofiles.cis.f5.com -spec: - group: cis.f5.com - names: - kind: TLSProfile - plural: tlsprofiles - shortNames: - - tls - singular: tlsprofile - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - hosts: - type: array - items: - type: string - pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - tls: - type: object - properties: - termination: - type: string - enum: [edge, reencrypt, passthrough] - clientSSL: - type: string - serverSSL: - type: string - reference: - type: string - required: - - termination - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: transportservers.cis.f5.com -spec: - group: cis.f5.com - names: - kind: TransportServer - plural: transportservers - shortNames: - - ts - singular: transportserver - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - virtualServerAddress: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$' - virtualServerPort: - type: integer - minimum: 1 - maximum: 65535 - virtualServerName: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - host: - type: string - pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - policyName: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - mode: - type: string - enum: [standard, performance] - type: - type: string - enum: [tcp, udp] - snat: - type: string - persistenceProfile: - type: string - allowVlans: - items: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_]+\/?)*$' - type: array - iRules: - type: array - items: - type: string - ipamLabel: - type: string - serviceAddress: - type: array - maxItems: 1 - items: - type: object - properties: - arpEnabled: - type: boolean - icmpEcho: - type: string - enum: [enable, disable, selective] - routeAdvertisement: - type: string - enum: [enable, disable, selective, always, any, all] - spanningEnabled: - type: boolean - trafficGroup: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - pool: - type: object - properties: - service: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - servicePort: - type: integer - minimum: 1 - maximum: 65535 - monitor: - type: object - properties: - type: - type: string - enum: [tcp, udp] - interval: - type: integer - timeout: - type: integer - required: - - type - - interval - required: - - service - - servicePort - required: - - virtualServerPort - - pool - status: - type: object - properties: - vsAddress: - type: string - default: None - status: - type: string - default: Pending - additionalPrinterColumns: - - name: virtualServerAddress - type: string - description: IP address of virtualServer - jsonPath: .spec.virtualServerAddress - - name: virtualServerPort - type: integer - description: Port of virtualServer - jsonPath: .spec.virtualServerPort - - name: pool - type: string - description: Name of service - jsonPath: .spec.pool.service - - name: poolPort - type: string - description: Port of service - jsonPath: .spec.pool.servicePort - - name: ipamLabel - type: string - description: ipamLabel for transport server - jsonPath: .spec.ipamLabel - - name: IPAMVSAddress - type: string - description: IP address of transport server - jsonPath: .status.vsAddress - - name: STATUS - type: string - description: status of TransportServer - jsonPath: .status.status - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - subresources: - status: { } ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: externaldnses.cis.f5.com -spec: - group: cis.f5.com - names: - kind: ExternalDNS - plural: externaldnses - shortNames: - - edns - singular: externaldns - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - domainName: - type: string - pattern: '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - dnsRecordType: - type: string - pattern: 'A' - loadBalanceMethod: - type: string - pools: - type: array - items: - type: object - properties: - dataServerName: - type: string - dnsRecordType: - type: string - pattern: 'A' - loadBalanceMethod: - type: string - monitor: - type: object - properties: - type: - type: string - enum: [http, https, tcp] - send: - type: string - recv: - type: string - interval: - type: integer - timeout: - type: integer - required: - - type - - interval - monitors: - type: array - items: - type: object - properties: - type: - type: string - enum: [http, https, tcp] - send: - type: string - recv: - type: string - interval: - type: integer - timeout: - type: integer - required: - - type - - interval - required: - - dataServerName - required: - - domainName - additionalPrinterColumns: - - name: domainName - type: string - description: Domain name of virtual server resource - jsonPath: .spec.domainName - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: CREATED ON - type: string - jsonPath: .metadata.creationTimestamp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresslinks.cis.f5.com -spec: - group: cis.f5.com - names: - kind: IngressLink - shortNames: - - il - singular: ingresslink - plural: ingresslinks - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - virtualServerAddress: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' - host: - type: string - pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - ipamLabel: - type: string - iRules: - type: array - items: - type: string - selector: - properties: - matchLabels: - additionalProperties: - type: string - type: object - type: object - status: - type: object - properties: - vsAddress: - type: string - additionalPrinterColumns: - - name: IPAMVSAddress - type: string - description: IP address of virtualServer - jsonPath: .status.vsAddress - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - subresources: - status: { } ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: policies.cis.f5.com -spec: - group: cis.f5.com - names: - kind: Policy - shortNames: - - plc - singular: policy - plural: policies - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - l7Policies: - type: object - properties: - waf: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - l3Policies: - type: object - properties: - dos: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - firewallPolicy: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - ltmPolicies: - type: object - properties: - insecure: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - secure: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - priority: - type: string - enum: [low, high] - iRules: - type: object - properties: - insecure: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - secure: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - priority: - type: string - enum: [ low, high ] - profiles: - type: object - properties: - tcp: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' - udp: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' - http: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' - http2: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' - persistenceProfile: - type: string - rewriteProfile: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - logProfiles: - items: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_\s]+\/?)*$' - type: array diff --git a/crd/install/ns.yaml b/crd/install/ns.yaml deleted file mode 100644 index d1ed636..0000000 --- a/crd/install/ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: bigip-ctlr diff --git a/crd/install/rbac.yaml b/crd/install/rbac.yaml deleted file mode 100644 index 97aaf52..0000000 --- a/crd/install/rbac.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: bigip-ctlr - namespace: bigip-ctlr ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: bigip-ctlr-clusterrole -rules: -- apiGroups: ["", "extensions", "networking.k8s.io"] - resources: ["nodes", "services", "endpoints", "namespaces", "ingresses", "pods", "ingressclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["", "extensions", "networking.k8s.io"] - resources: ["configmaps", "events", "ingresses/status", "services/status"] - verbs: ["get", "list", "watch", "update", "create", "patch"] -- apiGroups: ["cis.f5.com"] - resources: ["virtualservers","virtualservers/status", "tlsprofiles", "transportservers", "ingresslinks", "externaldnses", "policies"] - verbs: ["get", "list", "watch", "update"] -- apiGroups: ["", "extensions"] - resources: ["secrets"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: bigip-ctlr-clusterrole-binding - namespace: bigip-ctlr -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: bigip-ctlr-clusterrole -subjects: -- apiGroup: "" - kind: ServiceAccount - name: bigip-ctlr - namespace: bigip-ctlr diff --git a/crd/policy.yaml b/crd/policy.yaml deleted file mode 100644 index 65bfed0..0000000 --- a/crd/policy.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: cis.f5.com/v1 -kind: Policy -metadata: - labels: - f5cr: "true" - name: basic-policy - namespace: cafe -spec: - profiles: - tcp: /Common/f5-tcp-wan - http: /Common/http - persistenceProfile: /Common/source_addr - iRules: - secure: /Common/RULE_01 - insecure: /Common/RULE_02 diff --git a/crd/transport.yaml b/crd/transport.yaml deleted file mode 100644 index dba58cb..0000000 --- a/crd/transport.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: "cis.f5.com/v1" -kind: TransportServer -metadata: - name: virtual01 - namespace: ttcp - labels: - f5cr: "true" -spec: - virtualServerAddress: "192.168.200.22" - virtualServerPort: 5001 - mode: "performance" - pool: - service: ttcp-svc - servicePort: 5001 - monitor: - type: tcp - interval: 5 - timeout: 16 diff --git a/crd/ttcp.yaml b/crd/ttcp.yaml deleted file mode 100644 index af4c825..0000000 --- a/crd/ttcp.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - cis_scanner_zone: zone_1 - name: ttcp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ttcp - name: ttcp - namespace: ttcp -spec: - replicas: 3 - selector: - matchLabels: - app: ttcp - template: - metadata: - labels: - app: ttcp - spec: - containers: - - image: cloudadc/ttcp:1.12-1 - name: ttcp - ports: - - containerPort: 5001 ---- -apiVersion: v1 -kind: Service -metadata: - name: ttcp-svc - namespace: ttcp -spec: - ports: - - port: 5001 - protocol: TCP - targetPort: 5001 - selector: - app: ttcp - sessionAffinity: None - type: ClusterIP diff --git a/crd/vs-policy.yanml b/crd/vs-policy.yanml deleted file mode 100644 index ec11ea4..0000000 --- a/crd/vs-policy.yanml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: "cis.f5.com/v1" -kind: VirtualServer -metadata: - name: virtual02 - namespace: cafe - labels: - f5cr: "true" -spec: - virtualServerAddress: "192.168.200.21" - policyName: basic-policy - pools: - - path: /coffee - service: app-svc - servicePort: 8080 - monitor: - type: http - send: "HTTP /rn" - recv: "" - interval: 20 - timeout: 10 diff --git a/crd/vs.yaml b/crd/vs.yaml deleted file mode 100644 index 2d00c34..0000000 --- a/crd/vs.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: "cis.f5.com/v1" -kind: VirtualServer -metadata: - name: virtual01 - namespace: cafe - labels: - f5cr: "true" -spec: - host: test01.example.com - virtualServerAddress: "192.168.200.20" - persistenceProfile: "cookie" - pools: - - path: /coffee - service: app-svc - servicePort: 8080 - monitor: - type: http - send: "HTTP /rn" - recv: "" - interval: 20 - timeout: 10 diff --git a/install/cis-as3.yaml b/install/cis-as3.yaml deleted file mode 100644 index b347d27..0000000 --- a/install/cis-as3.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bigip-ctlr - namespace: bigip-ctlr - labels: - app: bigip-ctlr -spec: - replicas: 1 - selector: - matchLabels: - app: bigip-ctlr - template: - metadata: - name: bigip-ctlr - labels: - app: bigip-ctlr - spec: - serviceAccountName: bigip-ctlr - containers: - - name: f5-test-1-bigip-ctlr - image: "f5networks/k8s-bigip-ctlr:2.5.0" - imagePullPolicy: Never - livenessProbe: - failureThreshold: 3 - exec: - command: - - curl - - -k - - -s - - -o - - /dev/null - - https://192.168.200.204 - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - env: - - name: BIGIP_USERNAME - valueFrom: - secretKeyRef: - name: bigip-login - key: username - - name: BIGIP_PASSWORD - valueFrom: - secretKeyRef: - name: bigip-login - key: password - command: ["/app/bin/k8s-bigip-ctlr"] - args: [ - "--bigip-username=$(BIGIP_USERNAME)", - "--bigip-password=$(BIGIP_PASSWORD)", - "--namespace-label=cis_scanner_zone=zone_1", - "--manage-configmaps=true", - "--manage-ingress=true", - "--log-level=INFO", - "--bigip-url=192.168.200.204", - "--insecure=true", - "--bigip-partition=k8s", - "--pool-member-type=cluster", - "--agent=as3" - ] diff --git a/install/cis-cccl.yaml b/install/cis-cccl.yaml deleted file mode 100644 index f0e8afc..0000000 --- a/install/cis-cccl.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bigip-ctlr-cccl - namespace: bigip-ctlr - labels: - app: bigip-ctlr-cccl -spec: - replicas: 1 - selector: - matchLabels: - app: bigip-ctlr-cccl - template: - metadata: - name: bigip-ctlr-cccl - labels: - app: bigip-ctlr-cccl - spec: - serviceAccountName: bigip-ctlr - containers: - - name: f5-test-1-bigip-ctlr - image: "f5networks/k8s-bigip-ctlr:2.5.0" - imagePullPolicy: Never - livenessProbe: - failureThreshold: 3 - exec: - command: - - curl - - -k - - -s - - -o - - /dev/null - - https://192.168.200.204 - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - env: - - name: BIGIP_USERNAME - valueFrom: - secretKeyRef: - name: bigip-login - key: username - - name: BIGIP_PASSWORD - valueFrom: - secretKeyRef: - name: bigip-login - key: password - command: ["/app/bin/k8s-bigip-ctlr"] - args: [ - "--bigip-username=$(BIGIP_USERNAME)", - "--bigip-password=$(BIGIP_PASSWORD)", - "--namespace-label=cis_scanner_zone=zone_1", - "--manage-configmaps=true", - "--manage-ingress=false", - "--log-level=INFO", - "--bigip-url=192.168.200.204", - "--insecure=true", - "--bigip-partition=k8s", - "--pool-member-type=cluster", - "--agent=cccl" - ] diff --git a/install/cis-crd.yaml b/install/cis-crd.yaml deleted file mode 100644 index d5bec63..0000000 --- a/install/cis-crd.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bigip-ctlr - namespace: bigip-ctlr - labels: - app: bigip-ctlr -spec: - replicas: 1 - selector: - matchLabels: - app: bigip-ctlr - template: - metadata: - name: bigip-ctlr - labels: - app: bigip-ctlr - spec: - serviceAccountName: bigip-ctlr - containers: - - name: f5-test-1-bigip-ctlr - image: "f5networks/k8s-bigip-ctlr:2.5.0" - imagePullPolicy: Never - livenessProbe: - failureThreshold: 3 - exec: - command: - - curl - - -k - - -s - - -o - - /dev/null - - https://192.168.200.204 - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - env: - - name: BIGIP_USERNAME - valueFrom: - secretKeyRef: - name: bigip-login - key: username - - name: BIGIP_PASSWORD - valueFrom: - secretKeyRef: - name: bigip-login - key: password - command: ["/app/bin/k8s-bigip-ctlr"] - args: [ - "--bigip-username=$(BIGIP_USERNAME)", - "--bigip-password=$(BIGIP_PASSWORD)", - "--namespace-label=cis_scanner_zone=zone_1", - "--log-level=INFO", - "--bigip-url=192.168.200.204", - "--insecure=true", - "--bigip-partition=k8s", - "--pool-member-type=cluster", - "--custom-resource-mode=true", - "--agent=as3" - ] diff --git a/install/cis.yaml b/install/cis.yaml deleted file mode 100644 index e72d521..0000000 --- a/install/cis.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bigip-ctlr-192-168-200-204 - labels: - app: bigip-ctlr-192-168-200-204 - namespace: bigip-ctlr -spec: - replicas: 1 - selector: - matchLabels: - app: bigip-ctlr-192-168-200-204 - template: - metadata: - name: bigip-ctlr-192-168-200-204 - labels: - app: bigip-ctlr-192-168-200-204 - spec: - serviceAccountName: bigip-ctlr - containers: - - name: bigip-ctlr - image: "f5networks/k8s-bigip-ctlr:2.8.0" - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - exec: - command: - - curl - - -k - - -s - - -o - - /dev/null - - https://192.168.200.204 - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - env: - - name: BIGIP_USERNAME - valueFrom: - secretKeyRef: - name: bigip-login - key: username - - name: BIGIP_PASSWORD - valueFrom: - secretKeyRef: - name: bigip-login - key: password - command: ["/app/bin/k8s-bigip-ctlr"] - args: [ - "--bigip-username=$(BIGIP_USERNAME)", - "--bigip-password=$(BIGIP_PASSWORD)", - "--log-level=INFO", - "--bigip-url=192.168.200.204", - "--insecure=true", - "--custom-resource-mode=true", - "--ipam=true", - "--bigip-partition=k8s", - "--pool-member-type=cluster" - ] diff --git a/install/customresourcedefinitions.yaml b/install/customresourcedefinitions.yaml deleted file mode 100644 index cf54844..0000000 --- a/install/customresourcedefinitions.yaml +++ /dev/null @@ -1,622 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: virtualservers.cis.f5.com -spec: - group: cis.f5.com - names: - kind: VirtualServer - plural: virtualservers - shortNames: - - vs - singular: virtualserver - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - host: - type: string - pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - hostGroup: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - httpTraffic: - type: string - ipamLabel: - type: string - snat: - type: string - tlsProfileName: - type: string - persistenceProfile: - type: string - policyName: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - rewriteAppRoot: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - waf: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - allowVlans: - items: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_]+\/?)*$' - type: array - iRules: - type: array - items: - type: string - serviceAddress: - type: array - maxItems: 1 - items: - type: object - properties: - arpEnabled: - type: boolean - icmpEcho: - type: string - enum: [enable, disable, selective] - routeAdvertisement: - type: string - enum: [enable, disable, selective, always, any, all] - spanningEnabled: - type: boolean - trafficGroup: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - pools: - type: array - items: - type: object - properties: - path: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - service: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - nodeMemberLabel: - type: string - pattern: '^[a-zA-Z0-9][-A-Za-z0-9_.\/]{0,61}[a-zA-Z0-9]=[a-zA-Z0-9][-A-Za-z0-9_.]{0,61}[a-zA-Z0-9]$' - servicePort: - type: integer - minimum: 1 - maximum: 65535 - rewrite: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - monitor: - type: object - properties: - type: - type: string - enum: [http, https] - send: - type: string - recv: - type: string - interval: - type: integer - timeout: - type: integer - required: - - type - - send - - interval - virtualServerAddress: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$' - virtualServerName: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - virtualServerHTTPPort: - type: integer - minimum: 1 - maximum: 65535 - virtualServerHTTPSPort: - type: integer - minimum: 1 - maximum: 65535 - status: - type: object - properties: - vsAddress: - type: string - default: None - status: - type: string - default: Pending - additionalPrinterColumns: - - name: host - type: string - description: hostname - jsonPath: .spec.host - - name: tlsProfileName - type: string - description: TLS Profile attached - jsonPath: .spec.tlsProfileName - - name: httpTraffic - type: string - description: Http Traffic Termination - jsonPath: .spec.httpTraffic - - name: IPAddress - type: string - description: IP address of virtualServer - jsonPath: .spec.virtualServerAddress - - name: ipamLabel - type: string - description: ipamLabel for virtual server - jsonPath: .spec.ipamLabel - - name: IPAMVSAddress - type: string - description: IP address of virtualServer - jsonPath: .status.vsAddress - - name: STATUS - type: string - description: status of VirtualServer - jsonPath: .status.status - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - subresources: - status: {} - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: tlsprofiles.cis.f5.com -spec: - group: cis.f5.com - names: - kind: TLSProfile - plural: tlsprofiles - shortNames: - - tls - singular: tlsprofile - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - hosts: - type: array - items: - type: string - pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - tls: - type: object - properties: - termination: - type: string - enum: [edge, reencrypt, passthrough] - clientSSL: - type: string - serverSSL: - type: string - reference: - type: string - required: - - termination - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: transportservers.cis.f5.com -spec: - group: cis.f5.com - names: - kind: TransportServer - plural: transportservers - shortNames: - - ts - singular: transportserver - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - virtualServerAddress: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$' - virtualServerPort: - type: integer - minimum: 1 - maximum: 65535 - virtualServerName: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - host: - type: string - pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - policyName: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - mode: - type: string - enum: [standard, performance] - type: - type: string - enum: [tcp, udp] - snat: - type: string - persistenceProfile: - type: string - allowVlans: - items: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_]+\/?)*$' - type: array - iRules: - type: array - items: - type: string - ipamLabel: - type: string - serviceAddress: - type: array - maxItems: 1 - items: - type: object - properties: - arpEnabled: - type: boolean - icmpEcho: - type: string - enum: [enable, disable, selective] - routeAdvertisement: - type: string - enum: [enable, disable, selective, always, any, all] - spanningEnabled: - type: boolean - trafficGroup: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - pool: - type: object - properties: - service: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - servicePort: - type: integer - minimum: 1 - maximum: 65535 - monitor: - type: object - properties: - type: - type: string - enum: [tcp, udp] - interval: - type: integer - timeout: - type: integer - required: - - type - - interval - required: - - service - - servicePort - required: - - virtualServerPort - - pool - status: - type: object - properties: - vsAddress: - type: string - default: None - status: - type: string - default: Pending - additionalPrinterColumns: - - name: virtualServerAddress - type: string - description: IP address of virtualServer - jsonPath: .spec.virtualServerAddress - - name: virtualServerPort - type: integer - description: Port of virtualServer - jsonPath: .spec.virtualServerPort - - name: pool - type: string - description: Name of service - jsonPath: .spec.pool.service - - name: poolPort - type: string - description: Port of service - jsonPath: .spec.pool.servicePort - - name: ipamLabel - type: string - description: ipamLabel for transport server - jsonPath: .spec.ipamLabel - - name: IPAMVSAddress - type: string - description: IP address of transport server - jsonPath: .status.vsAddress - - name: STATUS - type: string - description: status of TransportServer - jsonPath: .status.status - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - subresources: - status: { } ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: externaldnses.cis.f5.com -spec: - group: cis.f5.com - names: - kind: ExternalDNS - plural: externaldnses - shortNames: - - edns - singular: externaldns - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - domainName: - type: string - pattern: '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - dnsRecordType: - type: string - pattern: 'A' - loadBalanceMethod: - type: string - pools: - type: array - items: - type: object - properties: - dataServerName: - type: string - dnsRecordType: - type: string - pattern: 'A' - loadBalanceMethod: - type: string - monitor: - type: object - properties: - type: - type: string - enum: [http, https, tcp] - send: - type: string - recv: - type: string - interval: - type: integer - timeout: - type: integer - required: - - type - - interval - monitors: - type: array - items: - type: object - properties: - type: - type: string - enum: [http, https, tcp] - send: - type: string - recv: - type: string - interval: - type: integer - timeout: - type: integer - required: - - type - - interval - required: - - dataServerName - required: - - domainName - additionalPrinterColumns: - - name: domainName - type: string - description: Domain name of virtual server resource - jsonPath: .spec.domainName - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: CREATED ON - type: string - jsonPath: .metadata.creationTimestamp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresslinks.cis.f5.com -spec: - group: cis.f5.com - names: - kind: IngressLink - shortNames: - - il - singular: ingresslink - plural: ingresslinks - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - virtualServerAddress: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' - host: - type: string - pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - ipamLabel: - type: string - iRules: - type: array - items: - type: string - selector: - properties: - matchLabels: - additionalProperties: - type: string - type: object - type: object - status: - type: object - properties: - vsAddress: - type: string - additionalPrinterColumns: - - name: IPAMVSAddress - type: string - description: IP address of virtualServer - jsonPath: .status.vsAddress - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - subresources: - status: { } ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: policies.cis.f5.com -spec: - group: cis.f5.com - names: - kind: Policy - shortNames: - - plc - singular: policy - plural: policies - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - l7Policies: - type: object - properties: - waf: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - l3Policies: - type: object - properties: - dos: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - firewallPolicy: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - ltmPolicies: - type: object - properties: - insecure: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - secure: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - priority: - type: string - enum: [low, high] - iRules: - type: object - properties: - insecure: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - secure: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - priority: - type: string - enum: [ low, high ] - profiles: - type: object - properties: - tcp: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' - udp: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' - http: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' - http2: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' - persistenceProfile: - type: string - rewriteProfile: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - logProfiles: - items: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_\s]+\/?)*$' - type: array diff --git a/install/ipam-controller.yaml b/install/ipam-controller.yaml deleted file mode 100644 index dd5002a..0000000 --- a/install/ipam-controller.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - name: f5-ipam-controller - name: f5-ipam-controller - namespace: bigip-ctlr -spec: - replicas: 1 - selector: - matchLabels: - app: f5-ipam-controller - template: - metadata: - labels: - app: f5-ipam-controller - spec: - serviceAccount: bigip-ctlr - containers: - - args: - - --orchestration=kubernetes - - --ip-range='{"Dev":"192.168.200.11-192.168.200.15"}' - - --log-level=INFO - command: ["/app/bin/f5-ipam-controller"] - image: f5networks/f5-ipam-controller:0.1.7 - name: f5-ipam-controller diff --git a/install/ipam/fic.yaml b/install/ipam/fic.yaml deleted file mode 100644 index d47ccf5..0000000 --- a/install/ipam/fic.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - name: f5-ipam-controller - name: f5-ipam-controller - namespace: bigip-ctlr -spec: - replicas: 1 - selector: - matchLabels: - app: f5-ipam-controller - template: - metadata: - labels: - app: f5-ipam-controller - spec: - containers: - - args: - - --orchestration - - kubernetes - - --ip-range - - '{"Dev":"192.168.200.21-192.168.200.25","Test":"172.16.3.31-172.16.3.40","Production":"172.16.3.41-172.16.3.50","Default":"172.16.3.51-172.16.3.60" } ' - - --log-level - - INFO - command: - - /app/bin/f5-ipam-controller - image: f5networks/f5-ipam-controller:0.1.7 - imagePullPolicy: IfNotPresent - name: f5-ipam-controller - terminationMessagePath: /dev/termination-log - volumeMounts: - - mountPath: /app/ipamdb - name: samplevol - securityContext: - fsGroup: 1200 - runAsGroup: 1200 - runAsUser: 1200 - serviceAccount: ipam-ctlr - volumes: - - name: samplevol - persistentVolumeClaim: - claimName: pvc-local diff --git a/install/ipam/localstorage-pv-pvc.yaml b/install/ipam/localstorage-pv-pvc.yaml deleted file mode 100644 index 91dce9e..0000000 --- a/install/ipam/localstorage-pv-pvc.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: local-pv -spec: - capacity: - storage: 1Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - storageClassName: local-storage - local: - path: /tmp/cis_ipam - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - master ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: pvc-local - namespace: bigip-ctlr -spec: - storageClassName: local-storage - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 0.1Gi diff --git a/install/ipam/rbac.yaml b/install/ipam/rbac.yaml deleted file mode 100644 index 75c0949..0000000 --- a/install/ipam/rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ipam-ctlr-clusterrole -rules: - - apiGroups: ["fic.f5.com"] - resources: ["ipams","ipams/status"] - verbs: ["get", "list", "watch", "update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ipam-ctlr-clusterrole-binding - namespace: bigip-ctlr -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ipam-ctlr-clusterrole -subjects: - - apiGroup: "" - kind: ServiceAccount - name: ipam-ctlr - namespace: bigip-ctlr ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ipam-ctlr - namespace: bigip-ctlr diff --git a/install/ipam_schema.yaml b/install/ipam_schema.yaml deleted file mode 100644 index 50841e0..0000000 --- a/install/ipam_schema.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ipams.fic.f5.com - namespace: bigip-ctlr -spec: - group: fic.f5.com - names: - kind: IPAM - listKind: IPAMList - plural: ipams - singular: ipam - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - hostSpecs: - type: array - items: - type: object - properties: - host: - type: string - pattern: '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - key: - type: string - cidr: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' - ipamLabel: - type: string - status: - type: object - properties: - ipStatus: - type: array - items: - type: object - properties: - host: - type: string - pattern: '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - key: - type: string - cidr: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' - ip: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' - ipamLabel: - type: string diff --git a/install/localstorage-pv-pvc-example.yaml b/install/localstorage-pv-pvc-example.yaml deleted file mode 100644 index e1b37bd..0000000 --- a/install/localstorage-pv-pvc-example.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: local-pv -spec: - capacity: - storage: 1Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - storageClassName: local-storage - local: - path: /tmp/cis_ipam - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - master ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: pvc-local - namespace: kube-system -spec: - storageClassName: local-storage - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 0.1Gi diff --git a/install/ns.yaml b/install/ns.yaml deleted file mode 100644 index d1ed636..0000000 --- a/install/ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: bigip-ctlr diff --git a/install/rbac.yaml b/install/rbac.yaml deleted file mode 100644 index d55c55d..0000000 --- a/install/rbac.yaml +++ /dev/null @@ -1,35 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: bigip-ctlr-clusterrole -rules: -- apiGroups: ["", "extensions", "networking.k8s.io"] - resources: ["nodes", "services", "endpoints", "namespaces", "ingresses", "pods", "ingressclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["", "extensions", "networking.k8s.io"] - resources: ["configmaps", "events", "ingresses/status", "services/status"] - verbs: ["get", "list", "watch", "update", "create", "patch"] -- apiGroups: ["cis.f5.com"] - resources: ["virtualservers","virtualservers/status", "tlsprofiles", "transportservers", "ingresslinks", "externaldnses", "policies"] - verbs: ["get", "list", "watch", "update"] -- apiGroups: ["", "extensions"] - resources: ["secrets"] - verbs: ["get", "list", "watch"] -- apiGroups: ["fic.f5.com"] - resources: ["f5ipams", "f5ipams/status", "ipams"] - verbs: ["get", "list", "watch", "update", "patch", "create", "delete"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: bigip-ctlr-clusterrole-binding - namespace: bigip-ctlr -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: bigip-ctlr-clusterrole -subjects: -- apiGroup: "" - kind: ServiceAccount - name: bigip-ctlr - namespace: bigip-ctlr diff --git a/install/sa.yaml b/install/sa.yaml deleted file mode 100644 index 8d793ba..0000000 --- a/install/sa.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: bigip-ctlr - namespace: bigip-ctlr diff --git a/install/secret.yaml b/install/secret.yaml deleted file mode 100644 index e52e202..0000000 --- a/install/secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -kind: Secret -apiVersion: v1 -type: Opaque -metadata: - name: bigip-login - namespace: bigip-ctlr -data: - password: YWRtaW4= - username: YWRtaW4= diff --git a/ipam/svc.yaml b/ipam/svc.yaml deleted file mode 100644 index 60370ed..0000000 --- a/ipam/svc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - cis.f5.com/ipamLabel: Dev - cis.f5.com/health: '{"interval": 10, "timeout": 31}' - labels: - app: app - name: app-svc-lb - namespace: test102 -spec: - ports: - - port: 80 - protocol: TCP - targetPort: 8080 - selector: - app: app - sessionAffinity: None - type: LoadBalancer diff --git a/ipam/transport.yaml b/ipam/transport.yaml deleted file mode 100644 index 8de5b6c..0000000 --- a/ipam/transport.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: "cis.f5.com/v1" -kind: TransportServer -metadata: - name: virtual01 - namespace: test105 - labels: - f5cr: "true" -spec: - ipamLabel: Dev - virtualServerPort: 8877 - mode: "performance" - pool: - service: app-svc - servicePort: 8877 - monitor: - type: tcp - interval: 5 - timeout: 16 diff --git a/ipam/vs.yaml b/ipam/vs.yaml deleted file mode 100644 index 04f7742..0000000 --- a/ipam/vs.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: "cis.f5.com/v1" -kind: VirtualServer -metadata: - name: virtual01 - namespace: test100 - labels: - f5cr: "true" -spec: - host: test01.example.com - ipamLabel: Dev - pools: - - path: /coffee - service: app-svc - servicePort: 8080 - monitor: - type: http - send: "HTTP /rn" - recv: "" - interval: 20 - timeout: 10 ---- -apiVersion: "cis.f5.com/v1" -kind: VirtualServer -metadata: - name: virtual01 - namespace: test101 - labels: - f5cr: "true" -spec: - host: test02.example.com - ipamLabel: Dev - pools: - - path: / - service: app-svc - servicePort: 8080 - monitor: - type: http - send: "HTTP /rn" - recv: "" - interval: 20 - timeout: 10 diff --git a/jenkins/DEMO-F5-CIS-ADVANCED-INGRESS-CLEAN.pipeline b/jenkins/DEMO-F5-CIS-ADVANCED-INGRESS-CLEAN.pipeline deleted file mode 100644 index bf2d336..0000000 --- a/jenkins/DEMO-F5-CIS-ADVANCED-INGRESS-CLEAN.pipeline +++ /dev/null @@ -1,36 +0,0 @@ -node { - stage('DELETE VS') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl delete -f /opt/src/cis-scripts/advanced-ingress/ingress.yaml --ignore-not-found' - sh 'sleep 5' - sh 'kubectl delete -f /opt/src/cis-scripts/advanced-ingress/cm.yaml --ignore-not-found' - sh 'sleep 5' - sh 'kubectl delete -f /opt/src/cis-scripts/advanced-ingress/cm-l4.yaml --ignore-not-found' - sh 'sleep 15' - } - } - stage('DELETE APP') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl delete -f /opt/src/cis-scripts/app/deploy-l4.yaml --ignore-not-found' - sh 'sleep 3' - sh 'kubectl delete -f /opt/src/cis-scripts/app/deploy.yaml --ignore-not-found' - sh 'sleep 3' - } - } - stage('DELETE CIS') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl delete -f /opt/src/cis-scripts/install/cis-as3.yaml' - sh 'sleep 5' - sh 'kubectl delete -f /opt/src/cis-scripts/install/rbac.yaml' - sh 'kubectl delete -f /opt/src/cis-scripts/install/sa.yaml' - sh 'kubectl delete -f /opt/src/cis-scripts/install/secret.yaml' - sh 'kubectl delete -f /opt/src/cis-scripts/install/ns.yaml' - } - } - stage('VERIFY') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl get ns' - } - } - -} diff --git a/jenkins/DEMO-F5-CIS-ADVANCED-INGRESS.pipeline b/jenkins/DEMO-F5-CIS-ADVANCED-INGRESS.pipeline deleted file mode 100644 index ad8a135..0000000 --- a/jenkins/DEMO-F5-CIS-ADVANCED-INGRESS.pipeline +++ /dev/null @@ -1,48 +0,0 @@ -node { - stage('DEPLOY CIS') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl apply -f /opt/src/cis-scripts/install/ns.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/secret.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/sa.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/rbac.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/cis-as3.yaml' - sh 'sleep 10' - sh 'kubectl get pods -n bigip-ctlr' - } - } - stage('L7 APP') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl apply -f /opt/src/cis-scripts/app/deploy.yaml' - sh 'sleep 15' - sh 'kubectl get pods --all-namespaces -o wide | grep test' - } - } - stage('L7 INGRESS') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'cat /opt/src/cis-scripts/advanced-ingress/ingress.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/advanced-ingress/ingress.yaml' - sh 'sleep 5' - } - } - stage('L7 ADVANCED') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'cat /opt/src/cis-scripts/advanced-ingress/cm.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/advanced-ingress/cm.yaml' - sh 'sleep 15' - } - } - stage('L4 APP') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl apply -f /opt/src/cis-scripts/app/deploy-l4.yaml' - sh 'sleep 5' - sh 'kubectl get pods -o wide -n test105' - } - } - stage('L4 INGRESS') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'cat /opt/src/cis-scripts/advanced-ingress/cm-l4.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/advanced-ingress/cm-l4.yaml' - sh 'sleep 5' - } - } -} diff --git a/jenkins/DEMO-F5-CIS-CCCL-CLEAN.pipeline b/jenkins/DEMO-F5-CIS-CCCL-CLEAN.pipeline deleted file mode 100644 index 2646122..0000000 --- a/jenkins/DEMO-F5-CIS-CCCL-CLEAN.pipeline +++ /dev/null @@ -1,31 +0,0 @@ -node { - stage('DELETE VS') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl delete -f /opt/src/cis-scripts/cccl/cm.yaml' - sh 'sleep 15' - } - } - stage('DELETE APP') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl delete -f /opt/src/cis-scripts/app/deploy.yaml' - sh 'kubectl delete -f /opt/src/cis-scripts/app/deploy-l4.yaml' - sh 'sleep 5' - } - } - stage('DELETE CIS') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl delete -f /opt/src/cis-scripts/install/cis-cccl.yaml' - sh 'sleep 5' - sh 'kubectl delete -f /opt/src/cis-scripts/install/rbac.yaml' - sh 'kubectl delete -f /opt/src/cis-scripts/install/sa.yaml' - sh 'kubectl delete -f /opt/src/cis-scripts/install/secret.yaml' - sh 'kubectl delete -f /opt/src/cis-scripts/install/ns.yaml' - } - } - stage('VERIFY') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl get ns' - } - } - -} diff --git a/jenkins/DEMO-F5-CIS-CCCL.pipeline b/jenkins/DEMO-F5-CIS-CCCL.pipeline deleted file mode 100644 index 5d09317..0000000 --- a/jenkins/DEMO-F5-CIS-CCCL.pipeline +++ /dev/null @@ -1,25 +0,0 @@ -node { - stage('DEPLOY CIS') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl apply -f /opt/src/cis-scripts/install/ns.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/secret.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/sa.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/rbac.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/cis-cccl.yaml' - sh 'sleep 15' - } - } - stage('DEPLOY APP') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl apply -f /opt/src/cis-scripts/app/deploy.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/app/deploy-l4.yaml' - sh 'sleep 15' - sh 'kubectl get pods -o wide --all-namespaces | grep test' - } - } - stage('DEPLOY VS') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl apply -f /opt/src/cis-scripts/cccl/cm.yaml' - } - } -} diff --git a/jenkins/DEMO-F5-CIS-CRD-CLEAN.pipeline b/jenkins/DEMO-F5-CIS-CRD-CLEAN.pipeline deleted file mode 100644 index 7b3d640..0000000 --- a/jenkins/DEMO-F5-CIS-CRD-CLEAN.pipeline +++ /dev/null @@ -1,35 +0,0 @@ -node { - stage('DELETE VS') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl delete -f /opt/src/cis-scripts/crd/transport.yaml --ignore-not-found' - sh 'sleep 5' - sh 'kubectl delete -f /opt/src/cis-scripts/crd/vs.yaml --ignore-not-found' - sh 'sleep 5' - } - } - stage('DELETE APP') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl delete -f /opt/src/cis-scripts/app/deploy-l4.yaml --ignore-not-found' - sh 'sleep 3' - sh 'kubectl delete -f /opt/src/cis-scripts/app/deploy.yaml --ignore-not-found' - sh 'sleep 3' - } - } - stage('DELETE CIS') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl delete -f /opt/src/cis-scripts/install/cis-crd.yaml' - sh 'sleep 5' - sh 'kubectl delete -f /opt/src/cis-scripts/install/customresourcedefinitions.yml' - sh 'kubectl delete -f /opt/src/cis-scripts/install/rbac.yaml' - sh 'kubectl delete -f /opt/src/cis-scripts/install/sa.yaml' - sh 'kubectl delete -f /opt/src/cis-scripts/install/secret.yaml' - sh 'kubectl delete -f /opt/src/cis-scripts/install/ns.yaml' - } - } - stage('VERIFY') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl get ns' - } - } - -} diff --git a/jenkins/DEMO-F5-CIS-CRD.pipeline b/jenkins/DEMO-F5-CIS-CRD.pipeline deleted file mode 100644 index d7fb79b..0000000 --- a/jenkins/DEMO-F5-CIS-CRD.pipeline +++ /dev/null @@ -1,42 +0,0 @@ -node { - stage('DEPLOY CIS') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl apply -f /opt/src/cis-scripts/install/ns.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/secret.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/sa.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/rbac.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/customresourcedefinitions.yml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/cis-crd.yaml' - sh 'sleep 10' - sh 'kubectl get pods -n bigip-ctlr' - } - } - stage('L7 APP') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl apply -f /opt/src/cis-scripts/app/deploy.yaml' - sh 'sleep 15' - sh 'kubectl get pods --all-namespaces -o wide | grep test' - } - } - stage('VirtualServer') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'cat /opt/src/cis-scripts/crd/vs.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/crd/vs.yaml' - sh 'sleep 5' - } - } - stage('L4 APP') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl apply -f /opt/src/cis-scripts/app/deploy-l4.yaml' - sh 'sleep 5' - sh 'kubectl get pods -o wide -n test105' - } - } - stage('TransportServer') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'cat /opt/src/cis-scripts/crd/transport.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/crd/transport.yaml' - sh 'sleep 5' - } - } -} diff --git a/jenkins/DEMO-F5-CIS-IPAM-CLEAN.pipeline b/jenkins/DEMO-F5-CIS-IPAM-CLEAN.pipeline deleted file mode 100644 index a397b21..0000000 --- a/jenkins/DEMO-F5-CIS-IPAM-CLEAN.pipeline +++ /dev/null @@ -1,44 +0,0 @@ -node { - stage('DELETE VS') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl delete -f /opt/src/cis-scripts/ipam/transport.yaml --ignore-not-found' - sh 'sleep 5' - sh 'kubectl delete -f /opt/src/cis-scripts/ipam/vs.yaml --ignore-not-found' - sh 'sleep 5' - sh 'kubectl delete -f /opt/src/cis-scripts/ipam/svc.yaml --ignore-not-found' - sh 'sleep 5' - } - } - stage('DELETE APP') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl delete -f /opt/src/cis-scripts/app/deploy-l4.yaml --ignore-not-found' - sh 'sleep 3' - sh 'kubectl delete -f /opt/src/cis-scripts/app/deploy.yaml --ignore-not-found' - sh 'sleep 3' - } - } - stage('DELETE IPAM') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl delete -f /opt/src/cis-scripts/install/ipam-controller.yaml --ignore-not-found' - sh 'sleep 10' - sh 'kubectl delete -f /opt/src/cis-scripts/install/ipam_schema.yaml --ignore-not-found' - } - } - stage('DELETE CIS') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl delete -f /opt/src/cis-scripts/install/cis-crd.yaml --ignore-not-found' - sh 'sleep 5' - sh 'kubectl delete -f /opt/src/cis-scripts/install/customresourcedefinitions.yml --ignore-not-found' - sh 'kubectl delete -f /opt/src/cis-scripts/install/rbac.yaml --ignore-not-found' - sh 'kubectl delete -f /opt/src/cis-scripts/install/sa.yaml --ignore-not-found' - sh 'kubectl delete -f /opt/src/cis-scripts/install/secret.yaml --ignore-not-found' - sh 'kubectl delete -f /opt/src/cis-scripts/install/ns.yaml --ignore-not-found' - } - } - stage('VERIFY') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl get ns' - } - } - -} diff --git a/jenkins/DEMO-F5-CIS-IPAM.pipeline b/jenkins/DEMO-F5-CIS-IPAM.pipeline deleted file mode 100644 index 2d9b026..0000000 --- a/jenkins/DEMO-F5-CIS-IPAM.pipeline +++ /dev/null @@ -1,57 +0,0 @@ -node { - stage('DEPLOY IPAM') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl apply -f /opt/src/cis-scripts/install/ns.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/ipam_schema.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/ipam-controller.yaml' - sh 'sleep 10' - sh 'kubectl get pods -n bigip-ctlr' - } - } - stage('DEPLOY CIS') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl apply -f /opt/src/cis-scripts/install/secret.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/sa.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/rbac.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/customresourcedefinitions.yml' - sh 'kubectl apply -f /opt/src/cis-scripts/install/cis-crd.yaml' - sh 'sleep 10' - sh 'kubectl get pods -n bigip-ctlr' - } - } - stage('L7 APP') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl apply -f /opt/src/cis-scripts/app/deploy.yaml' - sh 'sleep 15' - sh 'kubectl get pods --all-namespaces -o wide | grep test' - } - } - stage('VirtualServer') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'cat /opt/src/cis-scripts/ipam/vs.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/ipam/vs.yaml' - sh 'sleep 5' - } - } - stage('L4 APP') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'kubectl apply -f /opt/src/cis-scripts/app/deploy-l4.yaml' - sh 'sleep 5' - sh 'kubectl get pods -o wide -n test105' - } - } - stage('TransportServer') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'cat /opt/src/cis-scripts/crd/transport.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/ipam/transport.yaml' - sh 'sleep 5' - } - } - stage('LoadBalancer') { - withKubeConfig([credentialsId: 'kubernetes-config']) { - sh 'cat /opt/src/cis-scripts/ipam/transport.yaml' - sh 'kubectl apply -f /opt/src/cis-scripts/ipam/svc.yaml' - sh 'sleep 5' - } - } -} diff --git a/loadbalancer/cafe.yaml b/loadbalancer/cafe.yaml deleted file mode 100644 index 9acd1c7..0000000 --- a/loadbalancer/cafe.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cafe - labels: - cis_scanner_zone: zone_1 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: app - name: app - namespace: cafe -spec: - replicas: 1 - selector: - matchLabels: - app: app - template: - metadata: - labels: - app: app - spec: - containers: - - image: cloudadc/cafe:1.0 - name: backend - ports: - - containerPort: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - cis.f5.com/ipamLabel: Dev - cis.f5.com/health: '{"interval": 10, "timeout": 31}' - labels: - app: app - name: app-svc - namespace: cafe -spec: - ports: - - port: 80 - protocol: TCP - targetPort: 8080 - selector: - app: app - type: LoadBalancer diff --git a/loadbalancer/install/cis.yaml b/loadbalancer/install/cis.yaml deleted file mode 100644 index 10dfedc..0000000 --- a/loadbalancer/install/cis.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bigip-ctlr-192-168-200-204 - labels: - app: bigip-ctlr-192-168-200-204 - namespace: bigip-ctlr -spec: - replicas: 1 - selector: - matchLabels: - app: bigip-ctlr-192-168-200-204 - template: - metadata: - name: bigip-ctlr-192-168-200-204 - labels: - app: bigip-ctlr-192-168-200-204 - spec: - serviceAccountName: bigip-ctlr - containers: - - name: bigip-ctlr - image: "f5networks/k8s-bigip-ctlr:2.8.0" - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - exec: - command: - - curl - - -k - - -s - - -o - - /dev/null - - https://192.168.200.204 - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - env: - - name: BIGIP_USERNAME - valueFrom: - secretKeyRef: - name: bigip-login - key: username - - name: BIGIP_PASSWORD - valueFrom: - secretKeyRef: - name: bigip-login - key: password - command: ["/app/bin/k8s-bigip-ctlr"] - args: [ - "--bigip-username=$(BIGIP_USERNAME)", - "--bigip-password=$(BIGIP_PASSWORD)", - "--namespace-label=cis_scanner_zone=zone_1", - "--log-level=INFO", - "--bigip-url=192.168.200.204", - "--insecure=true", - "--custom-resource-mode=true", - "--ipam=true", - "--bigip-partition=k8s", - "--pool-member-type=cluster" - ] diff --git a/loadbalancer/install/customresourcedefinitions.yaml b/loadbalancer/install/customresourcedefinitions.yaml deleted file mode 100644 index cf54844..0000000 --- a/loadbalancer/install/customresourcedefinitions.yaml +++ /dev/null @@ -1,622 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: virtualservers.cis.f5.com -spec: - group: cis.f5.com - names: - kind: VirtualServer - plural: virtualservers - shortNames: - - vs - singular: virtualserver - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - host: - type: string - pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - hostGroup: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - httpTraffic: - type: string - ipamLabel: - type: string - snat: - type: string - tlsProfileName: - type: string - persistenceProfile: - type: string - policyName: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - rewriteAppRoot: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - waf: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - allowVlans: - items: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_]+\/?)*$' - type: array - iRules: - type: array - items: - type: string - serviceAddress: - type: array - maxItems: 1 - items: - type: object - properties: - arpEnabled: - type: boolean - icmpEcho: - type: string - enum: [enable, disable, selective] - routeAdvertisement: - type: string - enum: [enable, disable, selective, always, any, all] - spanningEnabled: - type: boolean - trafficGroup: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - pools: - type: array - items: - type: object - properties: - path: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - service: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - nodeMemberLabel: - type: string - pattern: '^[a-zA-Z0-9][-A-Za-z0-9_.\/]{0,61}[a-zA-Z0-9]=[a-zA-Z0-9][-A-Za-z0-9_.]{0,61}[a-zA-Z0-9]$' - servicePort: - type: integer - minimum: 1 - maximum: 65535 - rewrite: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - monitor: - type: object - properties: - type: - type: string - enum: [http, https] - send: - type: string - recv: - type: string - interval: - type: integer - timeout: - type: integer - required: - - type - - send - - interval - virtualServerAddress: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$' - virtualServerName: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - virtualServerHTTPPort: - type: integer - minimum: 1 - maximum: 65535 - virtualServerHTTPSPort: - type: integer - minimum: 1 - maximum: 65535 - status: - type: object - properties: - vsAddress: - type: string - default: None - status: - type: string - default: Pending - additionalPrinterColumns: - - name: host - type: string - description: hostname - jsonPath: .spec.host - - name: tlsProfileName - type: string - description: TLS Profile attached - jsonPath: .spec.tlsProfileName - - name: httpTraffic - type: string - description: Http Traffic Termination - jsonPath: .spec.httpTraffic - - name: IPAddress - type: string - description: IP address of virtualServer - jsonPath: .spec.virtualServerAddress - - name: ipamLabel - type: string - description: ipamLabel for virtual server - jsonPath: .spec.ipamLabel - - name: IPAMVSAddress - type: string - description: IP address of virtualServer - jsonPath: .status.vsAddress - - name: STATUS - type: string - description: status of VirtualServer - jsonPath: .status.status - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - subresources: - status: {} - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: tlsprofiles.cis.f5.com -spec: - group: cis.f5.com - names: - kind: TLSProfile - plural: tlsprofiles - shortNames: - - tls - singular: tlsprofile - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - hosts: - type: array - items: - type: string - pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - tls: - type: object - properties: - termination: - type: string - enum: [edge, reencrypt, passthrough] - clientSSL: - type: string - serverSSL: - type: string - reference: - type: string - required: - - termination - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: transportservers.cis.f5.com -spec: - group: cis.f5.com - names: - kind: TransportServer - plural: transportservers - shortNames: - - ts - singular: transportserver - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - virtualServerAddress: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$' - virtualServerPort: - type: integer - minimum: 1 - maximum: 65535 - virtualServerName: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - host: - type: string - pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - policyName: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - mode: - type: string - enum: [standard, performance] - type: - type: string - enum: [tcp, udp] - snat: - type: string - persistenceProfile: - type: string - allowVlans: - items: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_]+\/?)*$' - type: array - iRules: - type: array - items: - type: string - ipamLabel: - type: string - serviceAddress: - type: array - maxItems: 1 - items: - type: object - properties: - arpEnabled: - type: boolean - icmpEcho: - type: string - enum: [enable, disable, selective] - routeAdvertisement: - type: string - enum: [enable, disable, selective, always, any, all] - spanningEnabled: - type: boolean - trafficGroup: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9]+\/?)*$' - pool: - type: object - properties: - service: - type: string - pattern: '^([A-z0-9-_+])*([A-z0-9])$' - servicePort: - type: integer - minimum: 1 - maximum: 65535 - monitor: - type: object - properties: - type: - type: string - enum: [tcp, udp] - interval: - type: integer - timeout: - type: integer - required: - - type - - interval - required: - - service - - servicePort - required: - - virtualServerPort - - pool - status: - type: object - properties: - vsAddress: - type: string - default: None - status: - type: string - default: Pending - additionalPrinterColumns: - - name: virtualServerAddress - type: string - description: IP address of virtualServer - jsonPath: .spec.virtualServerAddress - - name: virtualServerPort - type: integer - description: Port of virtualServer - jsonPath: .spec.virtualServerPort - - name: pool - type: string - description: Name of service - jsonPath: .spec.pool.service - - name: poolPort - type: string - description: Port of service - jsonPath: .spec.pool.servicePort - - name: ipamLabel - type: string - description: ipamLabel for transport server - jsonPath: .spec.ipamLabel - - name: IPAMVSAddress - type: string - description: IP address of transport server - jsonPath: .status.vsAddress - - name: STATUS - type: string - description: status of TransportServer - jsonPath: .status.status - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - subresources: - status: { } ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: externaldnses.cis.f5.com -spec: - group: cis.f5.com - names: - kind: ExternalDNS - plural: externaldnses - shortNames: - - edns - singular: externaldns - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - domainName: - type: string - pattern: '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - dnsRecordType: - type: string - pattern: 'A' - loadBalanceMethod: - type: string - pools: - type: array - items: - type: object - properties: - dataServerName: - type: string - dnsRecordType: - type: string - pattern: 'A' - loadBalanceMethod: - type: string - monitor: - type: object - properties: - type: - type: string - enum: [http, https, tcp] - send: - type: string - recv: - type: string - interval: - type: integer - timeout: - type: integer - required: - - type - - interval - monitors: - type: array - items: - type: object - properties: - type: - type: string - enum: [http, https, tcp] - send: - type: string - recv: - type: string - interval: - type: integer - timeout: - type: integer - required: - - type - - interval - required: - - dataServerName - required: - - domainName - additionalPrinterColumns: - - name: domainName - type: string - description: Domain name of virtual server resource - jsonPath: .spec.domainName - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: CREATED ON - type: string - jsonPath: .metadata.creationTimestamp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ingresslinks.cis.f5.com -spec: - group: cis.f5.com - names: - kind: IngressLink - shortNames: - - il - singular: ingresslink - plural: ingresslinks - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - virtualServerAddress: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' - host: - type: string - pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - ipamLabel: - type: string - iRules: - type: array - items: - type: string - selector: - properties: - matchLabels: - additionalProperties: - type: string - type: object - type: object - status: - type: object - properties: - vsAddress: - type: string - additionalPrinterColumns: - - name: IPAMVSAddress - type: string - description: IP address of virtualServer - jsonPath: .status.vsAddress - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - subresources: - status: { } ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: policies.cis.f5.com -spec: - group: cis.f5.com - names: - kind: Policy - shortNames: - - plc - singular: policy - plural: policies - scope: Namespaced - versions: - - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - l7Policies: - type: object - properties: - waf: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - l3Policies: - type: object - properties: - dos: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - firewallPolicy: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - ltmPolicies: - type: object - properties: - insecure: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - secure: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - priority: - type: string - enum: [low, high] - iRules: - type: object - properties: - insecure: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - secure: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - priority: - type: string - enum: [ low, high ] - profiles: - type: object - properties: - tcp: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' - udp: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' - http: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' - http2: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9-]+\/?)*$' - persistenceProfile: - type: string - rewriteProfile: - type: string - pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$' - logProfiles: - items: - type: string - pattern: '^\/([A-z0-9-_+]+\/)*([A-z0-9-_\s]+\/?)*$' - type: array diff --git a/loadbalancer/install/ipam/fic.yaml b/loadbalancer/install/ipam/fic.yaml deleted file mode 100644 index d47ccf5..0000000 --- a/loadbalancer/install/ipam/fic.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - name: f5-ipam-controller - name: f5-ipam-controller - namespace: bigip-ctlr -spec: - replicas: 1 - selector: - matchLabels: - app: f5-ipam-controller - template: - metadata: - labels: - app: f5-ipam-controller - spec: - containers: - - args: - - --orchestration - - kubernetes - - --ip-range - - '{"Dev":"192.168.200.21-192.168.200.25","Test":"172.16.3.31-172.16.3.40","Production":"172.16.3.41-172.16.3.50","Default":"172.16.3.51-172.16.3.60" } ' - - --log-level - - INFO - command: - - /app/bin/f5-ipam-controller - image: f5networks/f5-ipam-controller:0.1.7 - imagePullPolicy: IfNotPresent - name: f5-ipam-controller - terminationMessagePath: /dev/termination-log - volumeMounts: - - mountPath: /app/ipamdb - name: samplevol - securityContext: - fsGroup: 1200 - runAsGroup: 1200 - runAsUser: 1200 - serviceAccount: ipam-ctlr - volumes: - - name: samplevol - persistentVolumeClaim: - claimName: pvc-local diff --git a/loadbalancer/install/ipam/ipam_schema.yaml b/loadbalancer/install/ipam/ipam_schema.yaml deleted file mode 100644 index 50841e0..0000000 --- a/loadbalancer/install/ipam/ipam_schema.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ipams.fic.f5.com - namespace: bigip-ctlr -spec: - group: fic.f5.com - names: - kind: IPAM - listKind: IPAMList - plural: ipams - singular: ipam - scope: Namespaced - versions: - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - hostSpecs: - type: array - items: - type: object - properties: - host: - type: string - pattern: '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - key: - type: string - cidr: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' - ipamLabel: - type: string - status: - type: object - properties: - ipStatus: - type: array - items: - type: object - properties: - host: - type: string - pattern: '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' - key: - type: string - cidr: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$' - ip: - type: string - pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' - ipamLabel: - type: string diff --git a/loadbalancer/install/ipam/localstorage-pv-pvc.yaml b/loadbalancer/install/ipam/localstorage-pv-pvc.yaml deleted file mode 100644 index 91dce9e..0000000 --- a/loadbalancer/install/ipam/localstorage-pv-pvc.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: local-pv -spec: - capacity: - storage: 1Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - storageClassName: local-storage - local: - path: /tmp/cis_ipam - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - master ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: pvc-local - namespace: bigip-ctlr -spec: - storageClassName: local-storage - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 0.1Gi diff --git a/loadbalancer/install/ipam/rbac.yaml b/loadbalancer/install/ipam/rbac.yaml deleted file mode 100644 index 75c0949..0000000 --- a/loadbalancer/install/ipam/rbac.yaml +++ /dev/null @@ -1,29 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ipam-ctlr-clusterrole -rules: - - apiGroups: ["fic.f5.com"] - resources: ["ipams","ipams/status"] - verbs: ["get", "list", "watch", "update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ipam-ctlr-clusterrole-binding - namespace: bigip-ctlr -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ipam-ctlr-clusterrole -subjects: - - apiGroup: "" - kind: ServiceAccount - name: ipam-ctlr - namespace: bigip-ctlr ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ipam-ctlr - namespace: bigip-ctlr diff --git a/loadbalancer/install/ns.yaml b/loadbalancer/install/ns.yaml deleted file mode 100644 index d1ed636..0000000 --- a/loadbalancer/install/ns.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: bigip-ctlr diff --git a/loadbalancer/install/rbac.yaml b/loadbalancer/install/rbac.yaml deleted file mode 100644 index 16bc434..0000000 --- a/loadbalancer/install/rbac.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: bigip-ctlr - namespace: bigip-ctlr ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: bigip-ctlr-clusterrole -rules: -- apiGroups: ["", "extensions", "networking.k8s.io"] - resources: ["nodes", "services", "endpoints", "namespaces", "ingresses", "pods", "ingressclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["", "extensions", "networking.k8s.io"] - resources: ["configmaps", "events", "ingresses/status", "services/status"] - verbs: ["get", "list", "watch", "update", "create", "patch"] -- apiGroups: ["cis.f5.com"] - resources: ["virtualservers","virtualservers/status", "tlsprofiles", "transportservers", "ingresslinks", "externaldnses", "policies"] - verbs: ["get", "list", "watch", "update"] -- apiGroups: ["", "extensions"] - resources: ["secrets"] - verbs: ["get", "list", "watch"] -- apiGroups: ["fic.f5.com"] - resources: ["f5ipams", "f5ipams/status", "ipams"] - verbs: ["get", "list", "watch", "update", "patch", "create", "delete"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: bigip-ctlr-clusterrole-binding - namespace: bigip-ctlr -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: bigip-ctlr-clusterrole -subjects: -- apiGroup: "" - kind: ServiceAccount - name: bigip-ctlr - namespace: bigip-ctlr diff --git a/loadbalancer/ttcp.yaml b/loadbalancer/ttcp.yaml deleted file mode 100644 index c5c6656..0000000 --- a/loadbalancer/ttcp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - name: ttcp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ttcp - name: ttcp - namespace: ttcp -spec: - replicas: 3 - selector: - matchLabels: - app: ttcp - template: - metadata: - labels: - app: ttcp - spec: - containers: - - image: cloudadc/ttcp:1.12-1 - name: ttcp - ports: - - containerPort: 5001 ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - cis.f5.com/ipamLabel: Dev - cis.f5.com/health: '{"interval": 10, "timeout": 31}' - labels: - name: ttcp-svc - namespace: ttcp -spec: - ports: - - port: 5001 - protocol: TCP - targetPort: 5001 - selector: - app: ttcp - sessionAffinity: None - type: LoadBalancer