Skip to content

Commit

Permalink
Releasing NSIC v2.2.10, IPAM v2.0.1 and adm-agent v141.37.40 (#196)
Browse files Browse the repository at this point in the history 
* Releasing NSIC v2.2.10, IPAM v2.0.1 and adm-agent v141.37.40

Signed-off-by: Subash Dangol[Subash.Dangol] <Subash.Dangol@cloud.com>
  • Loading branch information
@subashd
subashd authored Nov 15, 2024
1 parent 6bad625 commit dbec4b3
Show file tree
Hide file tree
Showing 23 changed files with 509 additions and 40 deletions.
4 changes: 2 additions & 2 deletions adm-agent/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 141.31.38
appVersion: 141.37.40
description: A Helm chart for NetScaler ADM Agent
home: https://adm.cloud.com
kubeVersion: '>=v1.16.0-0'
Expand All @@ -11,4 +11,4 @@ maintainers:
name: swapnil
name: adm-agent
type: application
version: 141.31.38
version: 141.37.40
2 changes: 1 addition & 1 deletion adm-agent/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ The following table provides the configurable parameters and their default value
|--------------------------------|-------------------------------|---------------------------|
| `imageRegistry` | Image registry of the ADM agent onboarding container | `quay.io` |
| `imageRepository` | Image repository of the ADM agent onboarding container | `citrix/adm-agent` |
| `imageTag` | Image tag of the ADM agent container | `141.31.38` |
| `imageTag` | Image tag of the ADM agent container | `141.37.40` |
| `pullPolicy` | Specifies the image pull policy for ADM agent. | IfNotPresent |
| `accessSecret`| Specifies the ID and Secret to access ADM Service.| Nil|
| `loginSecret`| Specifies the login Secret of NetScaler ADM agent.| Nil|
Expand Down
2 changes: 1 addition & 1 deletion adm-agent/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

imageRegistry: quay.io
imageRepository: citrix/adm-agent
imageTag: 14.1-31.38
imageTag: 14.1-37.40
image: "{{ .Values.imageRegistry }}/{{ .Values.imageRepository }}:{{ .Values.imageTag }}"
pullPolicy: IfNotPresent

Expand Down
4 changes: 2 additions & 2 deletions netscaler-cpx-with-ingress-controller/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
apiVersion: v2
appVersion: "2.1.4"
appVersion: "2.2.10"
kubeVersion: ">=v1.16.0-0"
description: A Helm chart for NetScaler CPX with NetScaler ingress Controller running as sidecar.
name: netscaler-cpx-with-ingress-controller
version: 2.1.4
version: 2.2.10
icon: https://raw.githubusercontent.com/netscaler/netscaler-helm-charts/gh-pages/netscaler.png
home: https://www.netscaler.com
sources:
Expand Down
4 changes: 2 additions & 2 deletions netscaler-cpx-with-ingress-controller/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -612,7 +612,7 @@ The following table lists the configurable parameters of the NetScaler CPX with
| hostName | Optional | N/A | This entity will be used to set Hostname of the CPX |
| nsic.imageRegistry | Mandatory | `quay.io` | The NetScaler ingress controller image registry |
| nsic.imageRepository | Mandatory | `netscaler/netscaler-k8s-ingress-controller` | The NetScaler ingress controller image repository |
| nsic.imageTag | Mandatory | `2.1.4` | The NetScaler ingress controller image tag |
| nsic.imageTag | Mandatory | `2.2.10` | The NetScaler ingress controller image tag |
| nsic.pullPolicy | Mandatory | IfNotPresent | The NetScaler ingress controller image pull policy. |
| nsic.required | Mandatory | true | NSIC to be run as sidecar with NetScaler CPX |
| nsic.enableLivenessProbe| Optional | True | Enable liveness probe settings for NetScaler Ingress Controller |
Expand Down Expand Up @@ -653,7 +653,7 @@ The following table lists the configurable parameters of the NetScaler CPX with
| entityPrefix | Optional | k8s | The prefix for the resources on the NetScaler CPX. |
| ingressClass | Optional | N/A | If multiple ingress load balancers are used to load balance different ingress resources. You can use this parameter to specify NetScaler ingress controller to configure NetScaler associated with specific ingress class. For more information on Ingress class, see [Ingress class support](https://docs.netscaler.com/en-us/citrix-k8s-ingress-controller/configure/ingress-classes/). For Kubernetes version >= 1.19, this will create an IngressClass object with the name specified here |
| setAsDefaultIngressClass | Optional | False | Set the IngressClass object as default. New Ingresses without an "ingressClassName" field specified will be assigned the class specified in ingressClass. Applicable only for kubernetes versions >= 1.19 |
| updateIngressStatus | Optional | False | Set this argument if you want to update ingress status of the ingress resources exposed via CPX. This is only applicable if servicetype of CPX service is LoadBalancer. |
| updateIngressStatus | Optional | False | Set this argument if you want to update ingress status of the ingress resources exposed via CPX. |
| disableAPIServerCertVerify | Optional | False | Set this parameter to True for disabling API Server certificate verification. |
| openshift | Optional | false | Set this argument if OpenShift environment is being used. |
| disableOpenshiftRoutes | false | By default Openshift routes are processed in openshift environment, this variable can be used to disable Ingress controller processing the openshift routes. |
Expand Down
206 changes: 205 additions & 1 deletion netscaler-cpx-with-ingress-controller/crds/crds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -603,11 +603,14 @@ spec:
type: string
kind:
type: string
enum: ["service", "ingress"]
enum: ["service", "ingress", "listener"]
description:
type: string
range-name:
type: string
multicluster:
description: "The setting of this indicates that the VIP/csvserver IP address is shared by multiple netscaler ingress controllers on the VPX/MPX. For CPX, this field is not applicable"
type: boolean
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
Expand Down Expand Up @@ -2500,3 +2503,204 @@ spec:
resource records that are of the same record type
and belong to the specified domain name
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: icappolicies.citrix.com
spec:
group: citrix.com
names:
kind: icappolicy
plural: icappolicies
singular: icappolicy
scope: Namespaced
versions:
- name: v1beta1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: Status
type: string
description: "Current Status of the CRD"
jsonPath: .status.state
- name: Message
type: string
description: "Status Message"
jsonPath: .status.status_message
schema:
openAPIV3Schema:
type: object
properties:
status:
type: object
properties:
state:
type: string
status_message:
type: string
spec:
type: object
properties:
ingressclass:
description: "Ingress class, if not specified then all NetScaler ingress controllers in the cluster will process the resource otherwise only the controller with that ingress class will process this resource"
type: string
maxLength: 127
services:
type: array
description: 'Name of the services for which the icap policy needs to be bound'
items:
type: string
icap-servers:
type: object
description: "ICAP service for the ICAP server that will be part of the load balancing setup. The service that you add provides the ICAP connection between the NetScaler appliance and load balancing virtual servers."
properties:
servers:
type: array
items:
type: object
properties:
ip:
type: string
description: 'IP of the ICAP Server'
format: ipv4
port:
type: integer
description: 'Port number of the ICAP Server.'
minimum: 1
maximum: 65535
required:
- ip
- port
server-type:
type: string
description: 'Type of ICAP Server.'
enum: ['TCP', 'SSL_TCP']
default: 'SSL_TCP'
server_host_cert:
description: |+
'Name of the SSL certificate to be used with ICAP server.
This certificate is mandatory for server-type SSL_TCP'
type: object
properties:
tls_secret:
type: string
description: 'Name of the Kubernetes Secret of type tls referring to Certificate'
pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
preconfigured:
type: string
maxLength: 63
description: |+
'Preconfigured SSL certkey name on NetScaler with the
certificate and key already added on NetScaler'
oneOf:
- required: [tls_secret]
- required: [preconfigured]
required:
- servers
icap:
type: array
items:
type: object
properties:
preconfigured-profile:
description: 'Names of the preconfigured ICAP profile.'
type: string
maxLength: 127
direction:
description: 'ICAP Mode of operation. It is a mandatory argument while creating an icapprofile.'
type: string
enum: ['REQUEST','RESPONSE']
profile:
type: object
description: 'ICAP profile(s) of the NetScaler.'
properties:
preview:
description: 'Enable or Disable preview header with ICAP request. This feature allows an ICAP server to see the beginning of a transaction, then decide if it wants to opt-out of the transaction early instead of receiving the remainder of the request message.'
type: string
enum: ["ENABLED", "DISABLED"]
preview-length:
description: 'Value of Preview Header field. NetScaler uses the minimum of this set value and the preview size received on OPTIONS'
type: integer
minimum: 0
maximum: 4294967294
uri:
description: 'URI representing icap service. It is a mandatory argument while creating an icapprofile.'
type: string
maxLength: 511
host-header:
description: 'ICAP Host Header.'
type: string
maxLength: 255
user-agent-header:
description: 'ICAP User Agent Header'
type: string
maxLength: 255
query-params:
description: 'Query parameters to be included with ICAP request URI. Entered values should be in arg=value format. For more than one parameters, add & separated values. e.g.: arg1=val1&arg2=val2'
type: string
maxLength: 511
connection-keep-alive:
description: 'Enable or Disable sending Allow: 204 header in ICAP request.'
type: string
enum: ["ENABLED", "DISABLED"]
insert-icap-headers:
description: 'Insert custom ICAP headers in the ICAP request to send to ICAP server. The headers can be static or can be dynamically constructed using PI Policy Expression. For example, to send static user agent and Client''s IP address, the expression can be specified as "User-Agent: NS-ICAP-Client/V1.0r0-Client-IP: "+CLIENT.IP.SRC+"r0. The NetScaler does not check the validity of the specified header name-value. You must manually validate the specified header syntax.'
type: string
maxLength: 8191
insert-http-request:
description: 'Exact HTTP request, in the form of an expression, which the NetScaler encapsulates and sends to the ICAP server. If you set this parameter, the ICAP request is sent using only this header. This can be used when the HTTP header is not available to send or ICAP server only needs part of the incoming HTTP request. The request expression is constrained by the feature for which it is used. The NetScaler does not check the validity of this request. You must manually validate the request.'
type: string
maxLength: 8191
req-timeout:
description: 'Time, in seconds, within which the remote server should respond to the ICAP-request. If the Netscaler does not receive full response with this time, the specified request timeout action is performed. Zero value disables this timeout functionality.'
type: integer
minimum: 0
maximum: 86400
req-timeout-action:
description: 'Name of the action to perform if the Vserver/Server representing the remote service does not respond with any response within the timeout value configured. The Supported actions are * BYPASS - This Ignores the remote server response and sends the request/response to Client/Server. * If the ICAP response with Encapsulated headers is not received within the request-timeout value configured, this Ignores the remote ICAP server response and sends the Full request/response to Server/Client'
type: string
enum: ['BYPASS', 'DROP', 'RESET']
log-action:
description: 'Name of the audit message action which would be evaluated on receiving the ICAP response to emit the logs'
type: string
maxLength: 127
required:
- uri
content-inspection-criteria:
description: 'Expression that the policy uses to determine whether to execute the specified action.'
type: string
maxLength: 1499
default-action:
description: 'Action to perform if the result of policy evaluation is undefined (UNDEF). An UNDEF event indicates an internal error condition. Only the above built-in actions can be used'
type: string
maxLength: 127
log-action:
description: 'Name of the messagelog action to use for requests that match this policy.'
type: string
maxLength: 127
goto-priority-expression:
description: 'Expression or other value specifying the next policy to be evaluated if the current policy evaluates to TRUE.Specify one of the following values:* NEXT - Evaluate the policy with the next higher priority number.* END - End policy evaluation.Default value of goto-priority-expression: END'
type: string
operation:
description: 'Type of operation this action is going to perform. following actions are available to configure: * ICAP - forward the incoming request or response to an ICAP server for modification. * INLINEINSPECTION - forward the incoming or outgoing packets to IPS server for Intrusion Prevention. * MIRROR - Forwards cloned packets for Intrusion Detection. * NOINSPECTION - This does not forward incoming and outgoing packets to the Inspection device. * NSTRACE - capture current and further incoming packets on this transaction.'
type: string
enum: ['ICAP', 'INLINEINSPECTION', 'MIRROR', 'NOINSPECTION']
server-failure-action:
description: 'Name of the action to perform if the Vserver representing the remote service is not UP. This is not supported for NOINSPECTION Type. The Supported actions are: * RESET - Reset the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired. * DROP - Drop the request without sending a response to the user. * CONTINUE - It bypasses the ContentIsnpection and Continues/resumes the Traffic-Flow to Client/Server.'
type: string
enum: ['CONTINUE', 'DROP', 'RESET']
oneOf:
- required: [preconfigured-profile]
- required: [profile]
required:
- direction
- content-inspection-criteria
- operation
required:
- ingressclass
- services
- icap-servers
- icap
---
2 changes: 1 addition & 1 deletion netscaler-cpx-with-ingress-controller/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,4 +90,4 @@ Create the name of the service account to use
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{- end -}}
13 changes: 6 additions & 7 deletions netscaler-cpx-with-ingress-controller/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,8 @@ spec:
- name: "LIVENESS_FILE_PATH"
value: '/tmp/liveness_path.log'
{{- end }}
- name: "ENABLE_LIVENESS_PROBE"
value: {{ .Values.nsic.enableLivenessProbe | quote }}
{{- if .Values.analyticsConfig.timeseries.metrics.enableNativeScrape }}
- name: "PROM_USER"
valueFrom:
Expand Down Expand Up @@ -305,13 +307,8 @@ spec:
{{ .Release.Namespace }}/{{ .Values.defaultSSLSNICertSecret }}
{{- end }}
{{- if .Values.updateIngressStatus }}
{{- if .Values.cpxBgpRouter }}
- --update-ingress-status
yes
{{- else }}
- --cpx-service
{{ .Release.Namespace }}/{{ include "cpxservice.fullname" . }}
{{- end }}
{{- end }}
volumeMounts:
- mountPath: /var/deviceinfo
Expand Down Expand Up @@ -399,22 +396,24 @@ metadata:
labels:
app: cpx-service
service-type: {{ include "cpxservicemonitorlabel" . }}
cpx: {{ include "netscaler-cpx-ingress-controller.fullname" . }}
{{- if .Values.serviceAnnotations }}
annotations:
{{- with .Values.serviceAnnotations }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- end }}
spec:
{{- if or .Values.serviceType.loadBalancer.enabled ( and (.Values.updateIngressStatus) (not .Values.cpxBgpRouter)) }}
{{- if or .Values.serviceType.loadBalancer.enabled .Values.serviceType.nodePort.enabled }}
externalTrafficPolicy: {{ .Values.serviceSpec.externalTrafficPolicy }}
{{- end }}
{{- if .Values.serviceType.loadBalancer.enabled }}
type: LoadBalancer
{{- if .Values.serviceSpec.loadBalancerIP }}
loadBalancerIP: {{ .Values.serviceSpec.loadBalancerIP }}
{{- end }}
{{- else if .Values.serviceType.nodePort.enabled }}
type: NodePort
externalTrafficPolicy: {{ .Values.serviceSpec.externalTrafficPolicy }}
{{- end }}
{{- if and .Values.serviceType.loadBalancer.enabled .Values.serviceSpec.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
Expand Down
Loading

0 comments on commit dbec4b3

Please sign in to comment.