Releasing NSIC/GSLB v3.1.34 and Gateway Controller v1.1.0 (#204)

* Releasing NSIC/GSLB v3.1.34 and Gateway Controller v1.1.0

Signed-off-by: Subash Dangol <[email protected]>

---------

Author: subashd

netscaler-cpx-with-ingress-controller/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: "3.0.6"
+appVersion: "3.1.34"
 kubeVersion: ">=v1.24.0-0"
 description: A Helm chart for NetScaler CPX with NetScaler ingress Controller running as sidecar.
 name: netscaler-cpx-with-ingress-controller
-version: 3.0.6
+version: 3.1.34
 icon: https://raw.githubusercontent.com/netscaler/netscaler-helm-charts/gh-pages/netscaler.png
 home: https://www.netscaler.com
 sources:

netscaler-cpx-with-ingress-controller/README.md

@@ -612,7 +612,7 @@ The following table lists the configurable parameters of the NetScaler CPX with
 | hostName | Optional | N/A | This entity will be used to set Hostname of the CPX |
 | nsic.imageRegistry                   | Mandatory  |  `quay.io`               |  The NetScaler ingress controller image registry             |  
 | nsic.imageRepository                 | Mandatory  |  `netscaler/netscaler-k8s-ingress-controller`              |   The NetScaler ingress controller image repository             | 
-| nsic.imageTag                  | Mandatory  |  `3.0.5`               |   The NetScaler ingress controller image tag            | 
+| nsic.imageTag                  | Mandatory  |  `3.1.34`               |   The NetScaler ingress controller image tag            | 
 | nsic.pullPolicy | Mandatory | IfNotPresent | The NetScaler ingress controller image pull policy. |
 | nsic.required | Mandatory | true | NSIC to be run as sidecar with NetScaler CPX |
 | nsic.enableLivenessProbe| Optional | True | Enable liveness probe settings for NetScaler Ingress Controller |
@@ -721,6 +721,7 @@ The following table lists the configurable parameters of the NetScaler CPX with
 | serviceAccount.tokenExpirationSeconds | Mandatory | 31536000 | Time in seconds when the token of serviceAccount get expired |
 | serviceAccount.name | Optional | "" | Name of the ServiceAccount for the NetScaler CPX with Ingress Controller. If you want to use a ServiceAccount that you have already created and manage yourself, specify its name here and set serviceAccount.create to false. |
 | createClusterRoleAndBinding | Mandatory | true | If you want to use a ClusterRole and Cluster Role Binding that you have already created and manage yourself then set to false. Please make sure you have bound the serviceaccount with the cluster role properly.  |
+| certBundle | Optional | false |When set to true this will bind certificate key bundle in frontend vservers. Please refer [this](https://docs.netscaler.com/en-us/citrix-adc/current-release/ssl/ssl-certificates/install-link-and-update-certificates.html#support-for-ssl-certificate-key-bundle).
 
 > **Note:**
 >

netscaler-cpx-with-ingress-controller/crds/crds.yaml

@@ -1811,6 +1811,28 @@ spec:
                     items:
                       type: string
                       description: "header name"
+              exclude:
+                description: 'To control what traffic to be excluded by Web Application Firewall. If you do not provide the exclude list, nothing will be skipped by default explicitly'
+                type: object
+                properties:
+                  path:
+                    type: array
+                    description: "List of http urls to exclude"
+                    items:
+                      type: string
+                      description: "URL path"
+                  method:
+                    type: array
+                    description: "List of http methods to exclude"
+                    items:
+                      type: string
+                      enum: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT', 'UNKNOWN_METHOD']
+                  header:
+                    type: array
+                    description: "List of http headers to exclude"
+                    items:
+                      type: string
+                      description: "header name"
               security_checks:
                 description: 'To enable/disable application firewall security checks'
                 type: object

netscaler-cpx-with-ingress-controller/templates/deployment.yaml

@@ -181,6 +181,10 @@ spec:
           - name: "NS_IP"
             value: "127.0.0.1"
 {{- end }}
+{{- if .Values.certBundle }}
+          - name: "CERT_BUNDLE"
+            value: "True"
+{{- end }}
 {{- if .Values.rbacRole }}
           - name: "SCOPE"
             value: "local"

netscaler-cpx-with-ingress-controller/values.yaml

@@ -82,7 +82,7 @@ servicePorts: []
 nsic:
   imageRegistry: quay.io
   imageRepository: netscaler/netscaler-k8s-ingress-controller
-  imageTag: 3.0.5
+  imageTag: 3.1.34
   image: "{{ .Values.nsic.imageRegistry }}/{{ .Values.nsic.imageRepository }}:{{ .Values.nsic.imageTag }}"
   pullPolicy: IfNotPresent
   required: true
@@ -140,6 +140,7 @@ updateIngressStatus: False
 logProxy: ""
 kubernetesURL: ""
 disableOpenshiftRoutes: false
+certBundle: false
 profileSslFrontend: {}
   # preconfigured: my_ssl_profile
   #  OR

netscaler-gslb-controller/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
-appVersion: "3.0.5"
+appVersion: "3.1.34"
 description: A Helm chart for NetScaler GSLB Controller configuring MPX/VPX.
 name: netscaler-gslb-controller
-version: 3.0.5
+version: 3.1.34
 icon: https://raw.githubusercontent.com/netscaler/netscaler-helm-charts/gh-pages/netscaler.png
 home: https://www.cloud.com
 maintainers:

netscaler-gslb-controller/README.md

@@ -212,7 +212,7 @@ The following table lists the mandatory and optional parameters that you can con
 | license.accept | Mandatory | no | Set `yes` to accept the NSIC end user license agreement. |
 | imageRegistry                   | Optional  |  `quay.io`               |  The NetScaler ingress controller image registry             |  
 | imageRepository                 | Optional  |  `netscaler/netscaler-k8s-ingress-controller`              |   The NetScaler ingress controller image repository             | 
-| imageTag                  | Optional  |  `3.0.5`               |   The NetScaler ingress controller image tag            | 
+| imageTag                  | Optional  |  `3.1.34`               |   The NetScaler ingress controller image tag            | 
 | pullPolicy | Optional | Always | The NSIC image pull policy. |
 | imagePullSecrets | Optional | N/A | Provide list of Kubernetes secrets to be used for pulling the images from a private Docker registry or repository. For more information on how to create this secret please see [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). |
 | nsIP | Optional | N/A | The IP address of the NetScaler device. For details, see [Prerequisites](#prerequistes). |
@@ -233,6 +233,8 @@ The following table lists the mandatory and optional parameters that you can con
 | localSiteSelection | Optional | false | Set this parameter to prioritize the local site when configuring the priority order for GSLB services. Enabling this will create a ConfigMap to apply the configuration on the NetScaler. |
 | serviceAccount.create | Mandatory | true | Create serviceAccount for NetScaler GSLB Controller |
 | serviceAccount.tokenExpirationSeconds | Mandatory | 31536000 | Time in seconds when the token of serviceAccount get expired |
+| serviceAccount.name | Optional | "" | Name of the ServiceAccount for the NetScaler GSLB Controller. If you want to use a ServiceAccount that you have already created and manage yourself, specify its name here and set serviceAccount.create to false. |
+| createClusterRoleAndBinding | Mandatory | true | If you want to use a ClusterRole and Cluster Role Binding that you have already created and manage yourself then set to false. Please make sure you have bound the serviceaccount with the cluster role properly.  |
 | sitedata | Mandatory | N/A | The list containing NetScaler Site details like IP, Name, Region, Secret |
 | sitedata[0].siteName | Mandatory | N/A | The siteName of the first GSLB site |
 | sitedata[0].siteIp | Mandatory | N/A | The siteIp of the first GSLB Site |

netscaler-gslb-controller/templates/deployment.yaml

@@ -28,7 +28,7 @@ spec:
     spec:
       serviceAccountName: {{ include "netscaler-gslb-controller.serviceAccountName" . }}
       containers:
-      - name: {{ include "netscaler-gslb-controller.name" . }}
+      - name: nsgslbc
         image: "{{ tpl .Values.image . }}"
         imagePullPolicy: {{ .Values.pullPolicy }}
         env:

netscaler-gslb-controller/templates/rbac.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.createClusterRoleAndBinding }}
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -59,7 +60,8 @@ subjects:
   namespace: {{ .Release.Namespace }}
 
 ---
-
+{{- end }}
+{{- if .Values.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -73,3 +75,4 @@ imagePullSecrets:
 {{- end }}
 {{- end }}
 ---
+{{- end }}

netscaler-gslb-controller/values.yaml

@@ -5,7 +5,7 @@
 # image contains information needed to fetch NSIC image
 imageRegistry: quay.io
 imageRepository: netscaler/netscaler-k8s-ingress-controller
-imageTag: 3.0.5
+imageTag: 3.1.34
 image: "{{ .Values.imageRegistry }}/{{ .Values.imageRepository }}:{{ .Values.imageTag }}"
 pullPolicy: IfNotPresent
 imagePullSecrets: []
@@ -66,10 +66,11 @@ sitedata:
 # Specifies whether a ServiceAccount should be created
 serviceAccount:
   create: true
-  # The name of the ServiceAccount to use.
-  # If not set and `create` is true, a name is generated using the fullname template
-  # name:
   tokenExpirationSeconds: 31536000
+  # The name of the ServiceAccount to use.
+  # If not set and `serviceAccount.create` is true, a name is generated using the fullname template
+  # If you want to use pre-created serviceAccount, set the name and serviceAccount.create to false.
+  name:
 
 podAnnotations: {}
 resources:
@@ -85,3 +86,4 @@ nodeSelector: {}
 tolerations: []
 extraVolumeMounts: []
 extraVolumes: []
+createClusterRoleAndBinding: true