Merge pull request #1074 from trinaths/1.11-stable

1.11.1 patch release

Author: trinaths

build-tools/Dockerfile.debian.runtime

@@ -21,7 +21,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 RUN apt-get remove -y libidn11
 
 COPY bigip-virtual-server_v*.json $APPPATH/vendor/src/f5/schemas/
-COPY as3-schema-3.11.0-3-cis.json $APPPATH/vendor/src/f5/schemas/
+COPY as3-schema-3.13.2-1-cis.json $APPPATH/vendor/src/f5/schemas/
 COPY k8s-bigip-ctlr $APPPATH/bin
 COPY VERSION_BUILD.json $APPPATH/vendor/src/f5/
 

build-tools/Dockerfile.debug.runtime

@@ -26,7 +26,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 RUN apt-get remove -y libidn11
 
 COPY bigip-virtual-server_v*.json $APPPATH/vendor/src/f5/schemas/
-COPY as3-schema-3.11.0-3-cis.json $APPPATH/vendor/src/f5/schemas/
+COPY as3-schema-3.13.2-1-cis.json $APPPATH/vendor/src/f5/schemas/
 COPY k8s-bigip-ctlr $APPPATH/bin
 COPY VERSION_BUILD.json $APPPATH/vendor/src/f5/
 COPY --from=builder /go/bin/dlv /app/bin

build-tools/Dockerfile.rhel7.runtime

@@ -43,7 +43,7 @@ RUN microdnf --enablerepo=rhel-7-server-rpms --enablerepo=rhel-7-server-optional
     microdnf clean all
 
 COPY bigip-virtual-server_v*.json $APPPATH/vendor/src/f5/schemas/
-COPY as3-schema-3.11.0-3-cis.json $APPPATH/vendor/src/f5/schemas/
+COPY as3-schema-3.13.2-1-cis.json $APPPATH/vendor/src/f5/schemas/
 COPY k8s-bigip-ctlr $APPPATH/bin/k8s-bigip-ctlr.real
 COPY VERSION_BUILD.json $APPPATH/vendor/src/f5/
 

build-tools/build-release-images.sh

@@ -34,7 +34,7 @@ docker rm -f cp-temp
 
 cp requirements.txt $WKDIR/
 cp schemas/bigip-virtual-server_v*.json $WKDIR/
-cp schemas/as3-schema-3.11.0-3-cis.json $WKDIR/
+cp schemas/as3-schema-3.13.2-1-cis.json $WKDIR/
 cp LICENSE $WKDIR/
 cp $CURDIR/help.md $WKDIR/help.md
 echo "{\"version\": \"${VERSION_INFO}\", \"build\": \"${BUILD_INFO}\"}" \

cmd/k8s-bigip-ctlr/main.go

@@ -51,7 +51,8 @@ import (
 	routeclient "github.com/openshift/client-go/route/clientset/versioned/typed/route/v1"
 )
 
-const as3SchemaLatestUrl = "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json"
+const as3SchemaLatestURL = "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/latest/as3-schema.json"
+const as3SchemaFileName = "as3-schema-3.13.2-1-cis.json"
 
 type globalSection struct {
 	LogLevel       string `json:"log-level,omitempty"`
@@ -780,34 +781,46 @@ func main() {
 
 func fetchAS3Schema(appMgr *appmanager.Manager) {
 
-	res, resErr := http.Get(as3SchemaLatestUrl)
+	res, resErr := http.Get(as3SchemaLatestURL)
 	if resErr != nil {
-		log.Debugf("error while fetching latest as3 schema : %v", resErr)
+		log.Debugf("Error while fetching latest as3 schema : %v", resErr)
+		fallbackToLocalAS3Schema(appMgr)
+		return
 	}
-
 	if res.StatusCode == http.StatusOK {
 		body, err := ioutil.ReadAll(res.Body)
 		if err != nil {
-			log.Debugf("unable to read the as3 template from json response body : %v", err)
+			log.Debugf("Unable to read the as3 template from json response body : %v", err)
+			fallbackToLocalAS3Schema(appMgr)
+			return
 		}
 		defer res.Body.Close()
 
 		jsonMap := make(map[string]interface{})
 		err = json.Unmarshal(body, &jsonMap)
 		if err != nil {
-			log.Debugf("unable to unmarshal json response body : %v", err)
+			log.Debugf("Unable to unmarshal json response body : %v", err)
+			fallbackToLocalAS3Schema(appMgr)
+			return
 		}
 
-		jsonMap["$id"] = as3SchemaLatestUrl
+		jsonMap["$id"] = as3SchemaLatestURL
 		byteJSON, err := json.Marshal(jsonMap)
 		if err != nil {
-			log.Debugf("unable to marshal : %v", err)
+			log.Debugf("Unable to marshal : %v", err)
+			fallbackToLocalAS3Schema(appMgr)
+			return
 		}
 		appMgr.As3SchemaLatest = string(byteJSON)
-
-	} else {
-		log.Debugf("unable to fetch the latest AS3 schema")
-		appMgr.As3SchemaLatest = ""
+		return
 	}
+	fallbackToLocalAS3Schema(appMgr)
+	return
+}
 
+func fallbackToLocalAS3Schema(appMgr *appmanager.Manager) {
+	appMgr.As3SchemaFlag = true
+	log.Debugf("Unable to fetch the latest AS3 schema : validating AS3 schema with %v", as3SchemaFileName)
+	appMgr.As3SchemaLatest = appMgr.SchemaLocalPath + as3SchemaFileName
+	return
 }

docs/RELEASE-NOTES.rst

@@ -1,6 +1,19 @@
 Release Notes for BIG-IP Controller for Kubernetes
 ==================================================
 
+v1.11.1
+------------
+Bug Fixes
+`````````
+* Controller handles WAF Policy in the root path of a domain in OpenShift Routes.
+* Controller handles OpenShift Routes with WAF Policy in multiple namespaces.
+* Controller now does not push configuration to BIG-IP using AS3 for every 30 seconds with no changes.
+* :issues:`1041` Controller now does not log dozens of "INFO" log messages frequently.
+* :issues:`1040` Controller does not crashes if latest AS3 schema is not available.
+* Controller updates Route Status in OpenShift Management Console (OCP 4.x)
+* Controller does not crash when handling Route with WAF Policy that does not have a service.
+
+
 v1.11.0
 ------------
 Added Functionality

pkg/appmanager/appManager.go

@@ -72,6 +72,8 @@ const f5VsWAFPolicy = "virtual-server.f5.com/waf"
 
 type ResourceMap map[int32][]*ResourceConfig
 
+type RouteMap map[string]*routeapi.Route
+
 type Manager struct {
 	resources         *Resources
 	customProfiles    *CustomProfileStore
@@ -145,7 +147,12 @@ type Manager struct {
 	WatchedNS       WatchedNamespaces
 	as3RouteCfg     ActiveAS3Route
 	As3SchemaLatest string
-	intF5Res        InternalF5Resources // AS3 Specific features that can be applied to a Route/Ingress
+	intF5Res        InternalF5ResourcesGroup // AS3 Specific features that can be applied to a Route/Ingress
+	// Path of schemas reside locally
+	SchemaLocalPath string
+	// Flag to check schema validation using reference or string
+	As3SchemaFlag   bool
+	RoutesProcessed RouteMap // Processed routes for updating Admit Status
 }
 
 // FIXME: Refactor to have one struct to hold all AS3 specific data.
@@ -193,6 +200,7 @@ type Params struct {
 	SSLInsecure        bool
 	TrustedCertsCfgmap string
 	Agent              string
+	SchemaLocalPath    string
 }
 
 // Configuration options for Routes in OpenShift
@@ -248,6 +256,8 @@ func NewManager(params *Params) *Manager {
 		sslInsecure:        params.SSLInsecure,
 		trustedCertsCfgmap: params.TrustedCertsCfgmap,
 		Agent:              getValidAgent(params.Agent),
+		intF5Res:           make(map[string]InternalF5Resources),
+		SchemaLocalPath:    params.SchemaLocal,
 	}
 	if nil != manager.kubeClient && nil == manager.restClientv1 {
 		// This is the normal production case, but need the checks for unit tests.
@@ -439,7 +449,6 @@ func (appMgr *Manager) syncNamespace(nsName string) error {
 		appMgr.removeNamespaceLocked(nsName)
 		appMgr.eventNotifier.deleteNotifierForNamespace(nsName)
 		appMgr.resources.Lock()
-		defer appMgr.resources.Unlock()
 		rsDeleted := 0
 		appMgr.resources.ForEach(func(key serviceKey, cfg *ResourceConfig) {
 			if key.Namespace == nsName {
@@ -448,8 +457,9 @@ func (appMgr *Manager) syncNamespace(nsName string) error {
 				}
 			}
 		})
+		appMgr.resources.Unlock()
 		if rsDeleted > 0 {
-			appMgr.outputConfigLocked()
+			appMgr.outputConfig()
 		}
 	}
 
@@ -1353,6 +1363,7 @@ func (appMgr *Manager) syncRoutes(
 	appInf *appInformer,
 	dgMap InternalDataGroupMap,
 ) error {
+	appMgr.RoutesProcessed = make(RouteMap)
 	routeByIndex, err := appInf.getOrderedRoutes(sKey.Namespace)
 	if nil != err {
 		log.Warningf("Unable to list routes for namespace '%v': %v",
@@ -1364,13 +1375,13 @@ func (appMgr *Manager) syncRoutes(
 	svcFwdRulesMap := NewServiceFwdRuleMap()
 
 	// buffer to hold F5Resources till all routes are processed
-	bufferF5Res := map[Record]F5Resources{}
+	bufferF5Res := InternalF5Resources{}
 
 	for _, route := range routeByIndex {
 		if route.ObjectMeta.Namespace != sKey.Namespace {
 			continue
 		}
-		RoutesProcessed = append(RoutesProcessed, route)
+		appMgr.RoutesProcessed[route.ObjectMeta.Name] = route
 
 		//FIXME(kenr): why do we process services that aren't associated
 		//             with a route?
@@ -1521,8 +1532,10 @@ func (appMgr *Manager) syncRoutes(
 	}
 
 	// if buffer is updated then update the appMgr and stats
-	if !reflect.DeepEqual(appMgr.intF5Res, bufferF5Res) {
-		appMgr.intF5Res = bufferF5Res
+	if (len(appMgr.intF5Res[sKey.Namespace]) != 0 || len(bufferF5Res) != 0) &&
+		(!reflect.DeepEqual(appMgr.intF5Res[sKey.Namespace], bufferF5Res)) {
+
+		appMgr.intF5Res[sKey.Namespace] = bufferF5Res
 		stats.vsUpdated++
 	}