Configuration Parameters¶
CIS Deployment Parameters¶
General¶
Parameter | Type | Required | Default | Description | Allowed Values | Minimum Supported Version |
---|---|---|---|---|---|---|
http-listen-address | String | Optional | “0.0.0.0:8080” |
|
||
version | Boolean | Optional | false | Print CIS version. | true, false | |
deploy-config-cr | String | Required | N/A |
|
Important
See DeployConfigCR-param.
Logging¶
Parameter | Type | Required | Default | Description | Allowed Values | Minimum Supported Version |
---|---|---|---|---|---|---|
log-level | String | Optional | INFO | Log level | INFO, DEBUG, AS3DEBUG CRITICAL, WARNING, ERROR | |
log-file | String | Optional | N/A | File path to store the CIS logs. |
Note
AS3DEBUG
should only be used for debugging purposes, as it may impact CIS performance.
BIG-IP Next Central Manager¶
Parameter | Type | Required | Default | Description | Allowed Values | Minimum Supported Version |
---|---|---|---|---|---|---|
cm-password | String | Required | N/A |
|
||
cm-url | String | Required | N/A |
|
|
|
cm-username | String | Required | N/A | BIG-IP Next Central Manager username for the user account | ||
credentials-directory | String | Optional | N/A |
|
||
no-verify-ssl | Boolean | Optional | false |
|
true, false | |
trusted-certs-cfgmap | String | Required | N/A |
|
Important
- The credentials-directory option is an alternative to using the
cm-username
,cm-password
, orcm-url
arguments. When you use this argument, the controller looks for three files in the specified directory:username
,password
, andurl
. - If any of these files do not exist, the controller falls back to using the CLI arguments as parameters.
- Each file should contain only the username, password, and url, respectively. You can create and mount the files as Kubernetes Secrets.
- It is important to not project the Secret keys to specific paths, as the controller looks for the
username
,password
, andurl
files directly within the credentials directory.
Kubernetes¶
Parameter | Type | Required | Default | Description | Allowed Values | Minimum Supported Version |
---|---|---|---|---|---|---|
kubeconfig | String | Optional | ./config | Path to the kubeconfig file | ||
manage-custom-resources | Boolean | Optional | true |
|
true, false | |
use-node-internal | Boolean | Optional | true | filter Kubernetes InternalIP addresses for pool members | true, false | |
ipam | Boolean | Optional | false |
|
true, false | |
ipam-namespace | String | Optional | kube-system | Specify the namespace of ipam custom resource | true, false |
CIS DeployConfig CR Parameters¶
BIG-IP Next CIS deployConfig CR newly introduced to configure and monitor the CIS controller.
deployConfig
CR specification is divided into below spec parameters. See Example of DeployConfig CR.
baseConfig¶
Property | Type | Required | Reboot Required | Default | Allowed Values | Description |
---|---|---|---|---|---|---|
namespaceLabel | String | Optional | No | Any namespace labels i.e. controller=cis |
It is used to define the namespces which can be monitored by CIS | |
nodeLabel | String | Optional | No | Any namespace labels i.e. controller=cis |
It is used to define the nodes which can be monitored by CIS | |
controllerIdentifier | String | Optional | No | Any String | It is used to identify the unique CIS cluster/instance |
Important
When updating the controllerIdentifier, you need to clean up the static routes(created by CIS) manually on the BIG-IP Next instance if you are using staticRoutes.
networkConfig¶
Property | Type | Required | Reboot Required | Default | Allowed Values | Description |
---|---|---|---|---|---|---|
orchestrationCNI | String | Yes | yes | flannel, ovn-k8s | K8s cluster’s CNI name | |
metaData | Object | Optional | yes | It is used to define the nodes which can be monitored by CIS | ||
metadata. poolMemberType | String | Optional | yes | nodeport | nodeport/cluster/auto | It is used to specify the pool member type in CIS |
metadata. staticRoutingMode | boolean | Optional | yes | false | true/false |
|
metadata. networkCIDR | String | Optional | yes | Any networks cidrs |
|
as3Config¶
Property | Type | Required | Reboot Required | Default | Allowed Values | Description |
---|---|---|---|---|---|---|
debugAS3 | boolean | Optional | No | false | true/false | It is used to enable the debug logs for AS3 |
postDelayAS3 | Integer | Optional | No | 0 |
|
bigIpConfig¶
Below are the list of BIGIP Next instaces which needs to be managed by CIS.
Property | Type | Required | Reboot Required | Default | Allowed Values | Description |
---|---|---|---|---|---|---|
bigIpAddress | String | Optional | No | false | true/false | It’s used to enable the debug logs for AS3 |
defaultPartition | String | Optional | No | 0 | It’s to define the default partition for the BIGIP next objects. | |
bigIpLabel | String | Optional | No |
|
Important
Policy CR is not supported in BIG-IP Next CIS 20.3.0.
Note
To provide feedback on Container Ingress Services or this documentation, please file a GitHub Issue.