diff --git a/docs/RELEASE-NOTES.rst b/docs/RELEASE-NOTES.rst index 571805547..8ee0a1bd8 100644 --- a/docs/RELEASE-NOTES.rst +++ b/docs/RELEASE-NOTES.rst @@ -1,13 +1,13 @@ Release Notes for Container Ingress Services for Kubernetes & OpenShift ======================================================================= -Next Release +2.12.0 ------------- Added Functionality ``````````````````` **What’s new:** - * Next generation routes preview. See `Documentation `_ for more details. + * Next generation routes. See `Documentation `_ for more details. * Support for rewrite-app-root annotation in routes * Support for WAF annotation in routes * Support for allow-source-range annotation in routes @@ -15,26 +15,27 @@ Added Functionality * Ingress * Support for partition annotation in Ingress * Added wildcard character(*) validation for ingress path - * Deprecated extensions/v1beta1 ingress API and it's no longer processed by CIS >=2.12 * CRD - * Support for ipIntelligencePolicy with policy CR - * Support for configuring ratio on GSLBDomainPool with externaldns CR - * Add partition support for custom resources - VS, TS and IngressLink + * Support for ipIntelligencePolicy with policy CR. See `Examples `_ + * Support for configuring ratio on GSLBDomainPool with externaldns CR. See `Examples `_ + * Support for BIGIP partition with Virtual Server, Transport Server and IngressLink custom resources See `Examples `_ * Support for none as value for iRules in policy CR and virtual server CR to disable adding default CIS iRule on BIGIP. See `Documentation `_ for more details. - * `Issue 2737 `_: Support for serviceNamespace field in transport server spec that allows to define a pool service from another namespace for transport server CR. - * `Issue 2682 `_: Support to Enable "HTTP MRF Router" on VirtualServer CRD required for HTTP2 Full Proxy feature - * `Issue 2666 `_: Support multiple virtual addresses on VirtualServer CR - * `Issue 2703 `_: Support host group having multiple hosts with EDNS - * `Issue 2729 `_: Support for named port with servicePort - * `Issue 2744 `_: Support for Host header rewrite in VirtualServer CR + * Support for path/pool based WAF for VS CR. See `Examples `_ + * `Issue 2737 `_: Support for serviceNamespace field in transport server spec that allows to define a pool service from another namespace for transport server CR. See `Examples `_ + * `Issue 2682 `_: Support to Enable "HTTP MRF Router" on VirtualServer CRD required for HTTP2 Full Proxy feature. See `Examples `_ + * `Issue 2666 `_: Support for multiple virtual addresses on VirtualServer CR. See `Examples `_ + * `Issue 2729 `_: Support for named port with servicePort. See `Examples `_ + * `Issue 2744 `_: Support for Host header rewrite in VirtualServer CR. See `Examples `_ * Helm Chart Enhancements * Support for podSecurityContext * Support for bigip-login secret creation * Support for latest CRD schema + * Fix for nesting of ingressClass definitions * Support for --http-client-metrics deployment parameter to export the AS3 http client prometheus metrics Bug Fixes ````````` +* `Issue 2703 `_: Fix host group having multiple hosts with EDNS. * `Issue 2726 `_: Fix prometheus metrics broken in v2.11.1 * `Issue 2767 `_: Fix wrong pool member port configured * `Issue 2764 `_: Remove unwanted TLS iRule deployed on reencrypt when passing XFF @@ -51,11 +52,37 @@ Vulnerability Fixes +------------------+------------------------------------------------------------------+ | CVE-2022-23491 | Upgraded certifi package in f5-cccl repository | +------------------+------------------------------------------------------------------+ +| CVE-2022-21698 | Upgraded prometheus vendor package in k8s-bigip-ctlr repository | ++------------------+------------------------------------------------------------------+ +| CVE-2022-27664 | Upgraded golang in k8s-bigip-ctlr repository | ++------------------+------------------------------------------------------------------+ +| CVE-2021-43565 | Upgraded golang in k8s-bigip-ctlr repository | ++------------------+------------------------------------------------------------------+ +| CVE-2022-27191 | Upgraded golang in k8s-bigip-ctlr repository | ++------------------+------------------------------------------------------------------+ Known Issues ````````````` -Partition annotation change for ingress intermittently cause AS3 422 error. If you encounter this issue it's advised to delete the old ingress & recreate the ingress with new partition. +* Partition annotation change for ingress intermittently cause AS3 422 error. When error, delete the old ingress & recreate the ingress with new partition. +* Partition change for custom resources (VS/TS/IngressLink) may cause AS3 422 error for default partition. When error, restart the CIS controller. +Upgrade notes +`````````````` +* Refer `guide `_ to migrate to next generation routes. +* Deprecated extensions/v1beta1 ingress API and it's no longer processed by CIS >=2.12. Use the networking.k8s.io/v1 API for ingress. +* Deprecated CommonName support for host certificate verification in secrets, use subject alternative name(SAN) in certificates instead. + +FIC 0.1.9 Release notes : +------------------------- + +Added Functionality +``````````````````` +**What’s new:** + * Base image upgraded to RedHat UBI-9 for FIC Container image + +Bug Fixes +```````````` +* `Issue 2747 `_ Fix to persist IP addresses after CIS restart 2.11.1 @@ -727,7 +754,6 @@ Added Functionality * VirtualServer Custom Resource without Host Parameter. * Share Nodes implementation for CRD, Ingress and Routes. * WAF Integration. -* Support Pool Based WAF for VS CR * SNAT in VirtualServer CRD. * Option to configure Virtual address port. * App-Root Rewrite and Path Rewrite. diff --git a/docs/config_examples/customResource/Policy/extended-configmap-routes-with-policy.yaml b/docs/config_examples/customResource/Policy/extended-configmap-routes-with-policy.yaml index 87fa7e057..c1814fe28 100644 --- a/docs/config_examples/customResource/Policy/extended-configmap-routes-with-policy.yaml +++ b/docs/config_examples/customResource/Policy/extended-configmap-routes-with-policy.yaml @@ -11,10 +11,6 @@ data: vserverName: nextgenroutes allowOverride: true policyCR: default/sample-policy - tls: - clientSSL: /Common/clientssl - serverSSL: /Common/serverssl - reference: bigip - namespace: bar vserverAddr: 10.8.3.12 allowOverride: true diff --git a/docs/upgradeProcess.md b/docs/upgradeProcess.md index 51ac4bbc4..32b8781d6 100644 --- a/docs/upgradeProcess.md +++ b/docs/upgradeProcess.md @@ -35,7 +35,8 @@ Compatibility Matrix | v2.10.0 | v16.0 | v1.24 | v4.11.1 | Yes | Yes | v3.38 | v0.1.8 | v0.0.2 | v0.0.22 |Red Hat Enterprise Linux release 8.6 (Ootpa)| | v2.10.1 | v16.0 | v1.24 | v4.11.1 | Yes | Yes | v3.38 | v0.1.8 | v0.0.2 | v0.0.22 |Red Hat Enterprise Linux release 8.6 (Ootpa)| | v2.11.0 | v16.0 | v1.24 | v4.11.1 | Yes | Yes | v3.38 | v0.1.8 | v0.0.3 | v0.0.22 |Red Hat Enterprise Linux release 8.7 (Ootpa)| -| v2.11.1 | v16.0 | v1.24 | v4.11.1 | Yes | Yes | v3.41 | v0.1.8 | v0.0.4 | v0.0.23 |Red Hat Enterprise Linux release 9.1 (Plow)| +| v2.11.1 | v16.0 | v1.24 | v4.11.1 | Yes | Yes | v3.41 | v0.1.8 | v0.0.4 | v0.0.23 |Red Hat Enterprise Linux release 9.1 (Plow)| +| v2.12.0 | v16.0 | v1.24 | v4.11.1 | Yes | Yes | v3.41 | v0.1.9 | v0.0.4 | v0.0.24 |Red Hat Enterprise Linux release 9.1 (Plow)| CIS Features and Examples @@ -258,5 +259,7 @@ Refer Release Notes for [CIS v2.11.1](https://github.com/F5Networks/k8s-bigip-ct * RBAC changes to read the openshift network config * Moving to CIS > 2.11.1 requires an update to RBAC and CR schema definition. See [RBAC](https://raw.githubusercontent.com/F5Networks/k8s-bigip-ctlr/master/docs/config_examples/rbac/clusterrole.yaml) and [CR schema](https://raw.githubusercontent.com/F5Networks/k8s-bigip-ctlr/master/docs/config_examples/customResourceDefinitions/customresourcedefinitions.yml) -### **Upgrading from 2.11.1 to 2.12:** -* Deprecated extensions/v1beta1 ingress API and it's no longer processed by CIS >=2.12.Use networking.k8s.io/v1 API for ingress \ No newline at end of file +### **Upgrading from 2.11.1 to 2.12.0:** +* Deprecated extensions/v1beta1 ingress API and it's no longer processed by CIS >=2.12.Use networking.k8s.io/v1 API for ingress. +* Refer [guide](https://github.com/F5Networks/k8s-bigip-ctlr/blob/master/docs/config_examples/next-gen-routes/migration-guide.md) to migrate to next generation routes. +* Deprecated CommonName support for host certificate verification in secrets, use subject alternative name(SAN) in certificates instead. \ No newline at end of file diff --git a/f5-bigip-ctlr-operator/Dockerfile b/f5-bigip-ctlr-operator/Dockerfile index ec7b3dc2a..8d8d31bef 100644 --- a/f5-bigip-ctlr-operator/Dockerfile +++ b/f5-bigip-ctlr-operator/Dockerfile @@ -7,7 +7,7 @@ ENV HOME=/opt/helm LABEL name="F5 Container Ingress Services Operator" \ maintainer="f5_cis_operators@f5.com" \ vendor="F5 Networks Inc." \ - version="v1.12.0" \ + version="v1.13.0" \ release="1" \ summary="Container Ingress Services Operator for F5 BIG-IP" \ description="F5 BIG-IP Controller Operator is a Service Operator which installs F5 BIG-IP Controller (Container Ingress Services) on Kubernetes and OpenShift platforms and respective supported versions." diff --git a/f5-bigip-ctlr-operator/bundle/manifests/f5-bigip-ctlr-operator.clusterserviceversion.yaml b/f5-bigip-ctlr-operator/bundle/manifests/f5-bigip-ctlr-operator.clusterserviceversion.yaml index ea662b2af..6f1fe1ee7 100644 --- a/f5-bigip-ctlr-operator/bundle/manifests/f5-bigip-ctlr-operator.clusterserviceversion.yaml +++ b/f5-bigip-ctlr-operator/bundle/manifests/f5-bigip-ctlr-operator.clusterserviceversion.yaml @@ -50,13 +50,13 @@ metadata: categories: Networking certified: "false" containerImage: registry.connect.redhat.com/f5networks/k8s-bigip-ctlr-operator@sha256:560aff6297fa8d5c13d830b0186035205abb1785d62f310a268054fbfd3ae7d1 - createdAt: "2023-01-05T03:01:48Z" + createdAt: "2023-03-02T03:01:48Z" description: Operator to install F5 Container Ingress Services (CIS) for BIG-IP. operators.operatorframework.io/builder: operator-sdk-v1.26.0 operators.operatorframework.io/project_layout: helm.sdk.operatorframework.io/v1 repository: https://github.com/F5Networks/k8s-bigip-ctlr support: F5 Operators Team - name: f5-bigip-ctlr-operator.v1.12.0 + name: f5-bigip-ctlr-operator.v1.13.0 namespace: placeholder spec: apiservicedefinitions: {} @@ -392,4 +392,4 @@ spec: minKubeVersion: 1.13.0 provider: name: F5 Networks Inc. - version: 1.12.0 + version: 1.13.0