feature request: container egress service
After installing cis in a test environment and getting ready to install in a new production environment I wonder if there also will be a container egress service (CES)? It is very easy to set a gateway for selected namespaces with AdminPolicyBasedExternalRoute in Openshift. See, F5 BIG-IP deployment with Red Hat OpenShift - keeping client IP addresses and egress flows | DevCentral The solution above does not scale well if multiple namespace-egress IP address mappings are desired. A nice solution would be a CES that watches the creating and deletion of pods in selected namespaces. Then it can manage address lists with the pods ip addresses in the F5 ltm. Forwarding ip virtual services will use these address lists to match pod ip addresses to an egress ip defined in a snat pool. Also the creation and deletion of forwarding ip virtual servers and address lists could be managed with a "CES". A possible issue is that a container in a pod can start network connections before the forwarding IP virtual server accepts the new pod IP address. But this can easily be solved with adding an initcontainer in the pod that tests the network connectivity. This would be a good alternative for Openshift egress IPs or Istio gateways. Reason to want this, is to offer applications on Openshift an own egress IP address and stop using the node IP address for external network connections of the pods.
CIS CRD http compression profile
Hi all, I am trying to add http compression profile to my virtual server with cis CRD. So far, I came across with two solutions. ConfigMap: However, in my scenario, I need to use only CRD. iRule: I attempted to create two iRules to mimic the functionality of the httpcompression and wan-optimized-compression profiles. However, I'm uncertain if they fully replicate the intended functionality. Below are the iRules I created: httpcompression when HTTP_RESPONSE { COMPRESS::disable if { [HTTP::header "Content-Length"] >= 1024 && ( [HTTP::header "Content-Type"] starts_with "text/" || [HTTP::header "Content-Type"] starts_with "application/xml" || [HTTP::header "Content-Type"] starts_with "application/x-javascript" ) } { COMPRESS::gzip memory_level 8 COMPRESS::gzip window_size 16 COMPRESS::gzip level 1 COMPRESS::buffer_size 4096 COMPRESS::enable } } wan-optimized-compression when HTTP_RESPONSE { COMPRESS::disable if { [HTTP::header "Content-Length"] >= 1024 && ( [HTTP::header "Content-Type"] starts_with "text/" || [HTTP::header "Content-Type"] starts_with "application/xml" || [HTTP::header "Content-Type"] starts_with "application/x-javascript" ) } { COMPRESS::gzip memory_level 16 COMPRESS::gzip window_size 64 COMPRESS::gzip level 1 COMPRESS::buffer_size 131072 COMPRESS::enable } } Do you have any suggestions for further improvements? Also, where can I submit a feature request to add HTTP compression profile support to the CRD? Thank you in advance for your assistance.
Upgrade to CIS 2.16.1 with CCCL agent
Hello colleagues, I have read in the release notes [1] that AS3 was introduced in 1.9.0 I know that ConfigMap(s) in CIS differs from agent to agent and from CIS v2.0, AS3 is the default agent. We have CIS 1.8.1 and would like to upgrade to 2.16.1. Could we use deployment argument --agent to configure CCCL agent and upgrade to 2.16.1 ? PD: I know the recommendation is to migrate to agent AS3 but as for now, we only want to upgrade our k8s-bigip-ctlr [1] https://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/v1.14/RELEASE-NOTES.html#v1-9-0
