Merge pull request #48 from citrix/cic-1.10.2

Releasing CIC version 1.10.2
netscaler · Nov 3, 2020 · 8bd16c0 · 8bd16c0
2 parents 3b2a640 + ad073b8
commit 8bd16c0
Show file tree

Hide file tree

Showing 52 changed files with 1,053 additions and 274 deletions.
diff --git a/citrix-cloud-native/Chart.yaml b/citrix-cloud-native/Chart.yaml
@@ -14,17 +14,17 @@ maintainers:
   email: subash.dangol@citrix.com
 dependencies:
   - name: citrix-ingress-controller
-    version: "1.9.20"
+    version: "1.10.2"
     condition: cic.enabled
     alias: cic
   - name: citrix-cpx-with-ingress-controller
-    version: "1.9.20"
+    version: "1.10.2"
     condition: cpx.enabled
     alias: cpx
-  - name: citrix-gslb-controller
-    version: "1.9.20"
-    condition: gslb.enabled
-    alias: gslb
+  - name: citrix-multi-cluster-ingress-controller
+    version: "1.10.2"
+    condition: mcIngress.enabled
+    alias: mcIngress
   - name: citrix-node-controller
     version: "2.0.0"
     condition: cnc.enabled

diff --git a/citrix-cloud-native/README.md b/citrix-cloud-native/README.md
@@ -10,7 +10,7 @@ This helm chart can be used to:
 5. [Deploy Observability Exporter](https://github.com/citrix/citrix-helm-charts/tree/master/citrix-cloud-native/charts/citrix-observability-exporter/README.md)
 6. [Deploy Citrix ADC as an Ingress Gateway in Istio environment](https://github.com/citrix/citrix-helm-charts/tree/master/citrix-cloud-native/charts/citrix-adc-istio-ingress-gateway/README.md)
 7. [Deploy Citrix ADC CPX as a sidecar in Istio environment](https://github.com/citrix/citrix-helm-charts/tree/master/citrix-cloud-native/charts/citrix-cpx-istio-sidecar-injector/README.md)
-8. [Deploy Citrix GSLB Controller for Citrix VPX/MPX](https://github.com/citrix/citrix-helm-charts/blob/master/citrix-cloud-native/charts/citrix-gslb-controller/README.md)
+8. [Deploy Citrix Multi-Cluster Ingress Controller for Citrix VPX/MPX](https://github.com/citrix/citrix-helm-charts/blob/master/citrix-cloud-native/charts/citrix-multi-cluster-ingress-controller/README.md)
 9. [Deploy Citrix ADC as an Egress Gateway in Istio environment](https://github.com/citrix/citrix-helm-charts/tree/master/citrix-cloud-native/charts/citrix-adc-istio-egress-gateway/README.md)
 
 Depending on the architecture, it is sometimes needed to deploy multiple products in Citrix portfolio together. This can be achieved by setting required parameters for all products together while installing those products using this helm chart.

diff --git a/citrix-cloud-native/charts/citrix-cpx-with-ingress-controller/Chart.yaml b/citrix-cloud-native/charts/citrix-cpx-with-ingress-controller/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: "1.9.20"
+appVersion: "1.10.2"
 description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running as sidecar.
 name: citrix-cpx-with-ingress-controller
-version: 1.9.20
+version: 1.10.2
 icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png
 home: https://www.citrix.com
 sources:

diff --git a/citrix-cloud-native/charts/citrix-cpx-with-ingress-controller/README.md b/citrix-cloud-native/charts/citrix-cpx-with-ingress-controller/README.md
diff --git a/...ud-native/charts/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml b/...ud-native/charts/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml
@@ -1,12 +1,18 @@
 apiVersion: apps/v1
+{{- if .Values.cpxBgpRouter }}
+kind: DaemonSet
+{{- else }}
 kind: Deployment
+{{- end }}
 metadata:
   name: {{ include "citrix-cpx-ingress-controller.fullname" . }}
 spec:
   selector:
     matchLabels:
       app: {{ include "citrix-cpx-ingress-controller.fullname" . }}
+{{- if not .Values.cpxBgpRouter }}
   replicas: 1
+{{- end }}
   template:
     metadata:
       name: {{ include "citrix-cpx-ingress-controller.fullname" . }}
@@ -42,10 +48,24 @@ spec:
           - name: "LS_PORT"
             value: {{ .Values.ADMSettings.licenseServerPort | quote }}
 {{- end }}
+{{- if not .Values.cpxBgpRouter }}
           - name: "MGMT_HTTP_PORT"
             value: {{ .Values.mgmtHttpPort | quote }}
           - name: "MGMT_HTTPS_PORT"
             value: {{ .Values.mgmtHttpsPort | quote }}
+{{- end }}
+{{- if .Values.cpxBgpRouter }}
+          - name: NS_NETMODE
+            value: HOST
+{{- if .Values.nsIP }}
+          - name: "NS_IP"
+            value: "{{ .Values.nsIP }}"
+{{- end }}
+{{- if .Values.nsGateway }}
+          - name: "NS_GATEWAY"
+            value: "{{ .Values.nsGateway }}"
+{{- end }}
+{{- end }}
 {{- if .Values.ADMSettings.ADMIP }}
           - name: "NS_MGMT_SERVER"
             value: {{ .Values.ADMSettings.ADMIP | quote }}
@@ -97,17 +117,43 @@ spec:
           env:
           - name: "EULA"
             value: "{{ .Values.license.accept }}"
+{{- if .Values.cpxBgpRouter }}
+          - name: "NS_IP"
+            value: {{ .Values.nsIP | default  "192.168.1.2" | quote }}
+{{- else }}
           - name: "NS_IP"
             value: "127.0.0.1"
+{{- end }}
           - name: "NS_APPS_NAME_PREFIX"
             value: {{ .Values.entityPrefix | default "k8s"}}
           - name: "NS_DEPLOYMENT_MODE"
             value: "SIDECAR"
+{{- if .Values.cpxBgpRouter }}
+{{- if eq (upper .Values.nsProtocol) "HTTPS" }}
+          - name: NS_PROTOCOL
+            value: HTTPS
+          - name: NS_PORT
+            value: "9443"
+{{- else }}
+          - name: NS_PROTOCOL
+            value: HTTP
+          - name: NS_PORT
+            value: "9080"
+{{- end }}
+{{- if .Values.bgpPort }}
+          - name: "BGP_PORT"
+            value: {{ .Values.bgpPort | quote }}
+{{- end }}
+{{- end }}
           - name: "NS_ENABLE_MONITORING"
             value: "YES"
 {{- if .Values.logProxy }}
           - name: "NS_LOGPROXY"
             value: {{ .Values.logProxy | quote }}
+{{- end }}
+{{- if .Values.ingressIP }}
+          - name: "NS_VIP"
+            value: {{ .Values.ingressIP | quote }}
 {{- end }}
           - name: POD_NAME
             valueFrom:
@@ -119,13 +165,33 @@ spec:
               fieldRef:
                 apiVersion: v1
                 fieldPath: metadata.namespace
+          - name: NODE_NAME
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: spec.nodeName
 {{- if .Values.kubernetesURL }}
           - name: "kubernetes_url"
             value: "{{ .Values.kubernetesURL }}"
+{{- end }}
+{{- if .Values.cpxBgpRouter }}
+          securityContext:
+            runAsUser: 0
+            capabilities:
+              add:
+              - NET_ADMIN
 {{- end }}
           args:
             - --configmap
               {{ .Release.Namespace }}/cpx-{{ .Release.Name }}-configmap
+{{- if .Values.ipam }}
+            - --ipam
+              citrix-ipam-controller
+{{- end }}
+{{- if .Values.cpxBgpRouter }}
+            - --deployment-type
+              kube-bgp-router
+{{- end }}
 {{- if .Values.ingressClass }}
             - --ingress-class
 {{- range .Values.ingressClass}}
@@ -146,7 +212,11 @@ spec:
           imagePullPolicy: {{ .Values.exporter.pullPolicy }}
           args:
             - "--secure=no"
+{{- if .Values.cpxBgpRouter }}
+            - --target-nsip={{ .Values.nsIP | default "192.168.1.2" }}:9080
+{{- else }}
             - "--target-nsip=127.0.0.1"
+{{- end }}
             - "--port={{ .Values.exporter.ports.containerPort }}"
           env:
           - name: "NS_DEPLOYMENT_MODE"
@@ -170,7 +240,25 @@ spec:
 {{- end }}
 
 ---
-
+{{- if .Values.cpxBgpRouter }}
+{{- if .Values.exporter.required }}
+apiVersion: v1
+kind: Service
+metadata:
+   name: exporter
+   labels:
+     app: exporter
+     service-type: citrix-adc-cpx-monitor
+spec:
+   type: ClusterIP
+   ports:
+   - port: {{ .Values.exporter.ports.containerPort }}
+     targetPort: {{ .Values.exporter.ports.containerPort }}
+     name: exporter-port
+   selector:
+     app: {{ include "citrix-cpx-ingress-controller.fullname" . }}
+{{- end }}
+{{- else }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -182,23 +270,23 @@ metadata:
 {{- if .Values.aws }}
 {{- if or .Values.sslCertManagedByAWS .Values.serviceAnnotations.aws.sslCert }}
     service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ required "Please provide details of SSL Cert" .Values.serviceAnnotations.aws.sslCert | quote }}
-{{- end}}
+{{- end }}
 {{- if or .Values.sslCertManagedByAWS .Values.serviceAnnotations.aws.backendProtocol }}
     service.beta.kubernetes.io/aws-load-balancer-backend-protocol: {{ .Values.serviceAnnotations.aws.backendProtocol | default "http" | quote }}
-{{- end}}
+{{- end }}
 {{- if or .Values.sslCertManagedByAWS .Values.serviceAnnotations.aws.sslPorts }}
     service.beta.kubernetes.io/aws-load-balancer-ssl-ports: {{ .Values.serviceAnnotations.aws.sslPorts | default "https" | quote }}
-{{- end}}
+{{- end }}
 {{- if .Values.serviceAnnotations.aws.negotiationPolicy }}
     service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: {{ .Values.serviceAnnotations.aws.negotiationPolicy | quote }}
-{{- end}}
+{{- end }}
 {{- if or .Values.sslCertManagedByAWS .Values.serviceAnnotations.aws.proxyProtocol }}
     service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
-{{- end}}
+{{- end }}
 {{- if .Values.serviceAnnotations.aws.resourcesTags }}
     service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: {{ .Values.serviceAnnotations.aws.resourcesTags | quote }}
-{{- end}}
-{{- end}}
+{{- end }}
+{{- end }}
 spec:
 {{- if or ( and .Values.aws .Values.sslCertManagedByAWS) .Values.serviceType.loadBalancer.enabled }}
   externalTrafficPolicy: {{ .Values.serviceType.loadBalancer.externalTrafficPolicy }}
@@ -233,6 +321,7 @@ spec:
 {{- end }}
   selector:
     app: {{ include "citrix-cpx-ingress-controller.fullname" . }}
+{{- end }}
 
 ---
 

diff --git a/citrix-cloud-native/charts/citrix-cpx-with-ingress-controller/templates/configmap.yaml b/citrix-cloud-native/charts/citrix-cpx-with-ingress-controller/templates/configmap.yaml
@@ -1,11 +1,24 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: cpx-{{ .Release.Name }}-configmap 
+  name: cpx-{{ .Release.Name }}-configmap
 data:
   LOGLEVEL: {{ .Values.logLevel | quote | lower }}
+{{- if eq (upper .Values.nsProtocol) "HTTPS" }}
+  NS_PROTOCOL: "https"
+{{- if .Values.cpxBgpRouter }}
+  NS_PORT: "9443"
+{{- else }}
+  NS_PORT: "443"
+{{- end }}
+{{- else }}
   NS_PROTOCOL: "http"
+{{- if .Values.cpxBgpRouter }}
+  NS_PORT: "9080"
+{{- else }}
   NS_PORT: "80"
+{{- end }}
+{{- end }}
 
 {{- if .Values.cicSettings.required }}
 {{- with .Values.cicSettings.cicConfig }}
@@ -33,3 +46,13 @@ data:
       enable: {{ .Values.coeConfig.transactions.enable | quote }}
       port: {{ .Values.coeConfig.transactions.port }}
 {{- end }}
+
+{{- if .Values.cpxBgpRouter }}
+{{- if .Values.bgpSettings.required }}
+  NS_BGP_CONFIG: |
+{{- with .Values.bgpSettings.bgpConfig }}
+    bgpConfig:
+{{ toYaml . | indent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/citrix-cloud-native/charts/citrix-cpx-with-ingress-controller/values.yaml b/citrix-cloud-native/charts/citrix-cpx-with-ingress-controller/values.yaml
@@ -3,7 +3,7 @@
 # Declare variables to be passed into your templates.
 
 # Citrix ADC CPX config details
-image: quay.io/citrix/citrix-k8s-cpx-ingress:13.0-64.35
+image: quay.io/citrix/citrix-k8s-cpx-ingress:13.0-67.39
 pullPolicy: IfNotPresent
 
 mgmtHttpPort: 9080
@@ -13,6 +13,26 @@ openshift: false
 routeLabels:
 namespaceLabels:
 
+# Service Type LoadBalancer and ingress support  with CPX through BGP advertisement
+# If you enable this, CPX is run as DaemonSet. Please edit the bgpSettings for configuring
+# BGP neighbors for propgation of external IPs.
+cpxBgpRouter: false
+
+# If cpxBgpRouter is true, then this is the NSIP used by CPX for internal communication
+nsIP: 192.168.1.2
+
+# If cpxBgpRouter is true, then this is the Gateway used by CPX for internal communication
+nsGateway: 192.168.1.1
+
+# Protocol used for communication between Citrix Ingress Controller sidecar and Citrix CPX
+nsProtocol: http
+
+# External IP for ingress resource when bgpRouter is set to True
+ingressIP:
+
+# If IPAM controller is used for auto allocation of the external IP for service of type LoadBalancer, set this option to true
+ipam: False
+
 aws: False
 sslCertManagedByAWS: False
 
@@ -40,7 +60,7 @@ serviceAnnotations:
 
 # Citrix Ingress Controller config details
 cic:
-  image: quay.io/citrix/citrix-k8s-ingress-controller:1.9.20
+  image: quay.io/citrix/citrix-k8s-ingress-controller:1.10.2
   pullPolicy: IfNotPresent
   required: true
 entityPrefix:
@@ -105,6 +125,22 @@ coeConfig:
     enable: false
     port: 5557
 
+# BGP configurations: local AS, remote AS and remote address is mandatory to provide. Please do the approrpiate changes with respect to your environment
+bgpSettings:
+  # When bgpConfig is configured correctly, set the required to true for the configuration to be applied.
+  required: false
+  bgpConfig:
+  - bgpRouter:
+      # Local AS number for BGP advertisement
+      localAS: 100
+      neighbor:
+        # Address of the nighbor router for BGP advertisement
+      - address:
+        # Remote AS number
+        remoteAS: 100
+        advertisementInterval: 10
+        ASOriginationInterval: 10
+
 # Specifies whether a ServiceAccount should be created
 serviceAccount:
   create: true

diff --git a/citrix-cloud-native/charts/citrix-gslb-controller/templates/_helpers.tpl b/citrix-cloud-native/charts/citrix-gslb-controller/templates/_helpers.tpl