Configuration Parameters

CIS Deployment Parameters

General

Parameter Type Required Default Description Allowed Values Minimum Supported Version
http-listen-address String Optional “0.0.0.0:8080”
Address at which to serve HTTP-based information (for example,
/metrics, health) to Prometheus.
   
version Boolean Optional false Print CIS version. true, false  
deploy-config-cr String Required N/A
Specify deployConfig CR that holds additional configuration for
CIS controller.
   

Important

See DeployConfigCR-param.

Logging

Parameter Type Required Default Description Allowed Values Minimum Supported Version
log-level String Optional INFO Log level INFO, DEBUG, AS3DEBUG CRITICAL, WARNING, ERROR  
log-file String Optional N/A File path to store the CIS logs.    

Note

AS3DEBUG should only be used for debugging purposes, as it may impact CIS performance.

BIG-IP Next Central Manager

Parameter Type Required Default Description Allowed Values Minimum Supported Version
cm-password String Required N/A
BIG-IP Next Central Manager password for the user account
You can secure your CentralManager credentials using a Kubernetes Secret.
   
cm-url String Required N/A
BIG-IP Next Central Manager URL
Examples: URL with non-standard port –cm-url= `https://x.x.x.x:8443<https://x.x.x.x:8443/>`_ IP address –cm-url= x.x.x.xIP address with port –cm-url= x.x.x.x:8080IPv6 address –cm-url= ‘[2001:db8::6]’
IP address
URL:PORT IP-addr:PORT For IPv6 address as string inside []
 
cm-username String Required N/A BIG-IP Next Central Manager username for the user account    
credentials-directory String Optional N/A
Directory that contains the BIG-IP Next Central Manager
username, password, or url files.
   
no-verify-ssl Boolean Optional false
When set to true, enable insecure SSL communication to BIG-IP
Next Central Manager.
true, false  
trusted-certs-cfgmap String Required N/A
When certificates are provided, adds them to controller trusted
certificate store.
   

Important

  • The credentials-directory option is an alternative to using the cm-username, cm-password, or cm-url arguments. When you use this argument, the controller looks for three files in the specified directory: username, password, and url.
  • If any of these files do not exist, the controller falls back to using the CLI arguments as parameters.
  • Each file should contain only the username, password, and url, respectively. You can create and mount the files as Kubernetes Secrets.
  • It is important to not project the Secret keys to specific paths, as the controller looks for the username, password, and url files directly within the credentials directory.

Kubernetes

Parameter Type Required Default Description Allowed Values Minimum Supported Version
kubeconfig String Optional ./config Path to the kubeconfig file    
manage-custom-resources Boolean Optional true
Specify whether or not to manage custom resources i.e. transport
server
true, false  
use-node-internal Boolean Optional true filter Kubernetes InternalIP addresses for pool members true, false  
ipam Boolean Optional false
Specify if CIS provides the ability to interface with F5 IPAM
Controller (FIC)
true, false  
ipam-namespace String Optional kube-system Specify the namespace of ipam custom resource true, false  

CIS DeployConfig CR Parameters

BIG-IP Next CIS deployConfig CR newly introduced to configure and monitor the CIS controller.

deployConfig CR specification is divided into below spec parameters. See Example of DeployConfig CR.

baseConfig

Property Type Required Reboot Required Default Allowed Values Description
namespaceLabel String Optional No   Any namespace labels i.e. controller=cis It is used to define the namespces which can be monitored by CIS
nodeLabel String Optional No   Any namespace labels i.e. controller=cis It is used to define the nodes which can be monitored by CIS
controllerIdentifier String Optional No   Any String It is used to identify the unique CIS cluster/instance

Important

When updating the controllerIdentifier, you need to clean up the static routes(created by CIS) manually on the BIG-IP Next instance if you are using staticRoutes.

networkConfig

Property Type Required Reboot Required Default Allowed Values Description
orchestrationCNI String Yes yes   flannel, ovn-k8s K8s cluster’s CNI name
metaData Object Optional yes     It is used to define the nodes which can be monitored by CIS
metadata. poolMemberType String Optional yes nodeport nodeport/cluster/auto It is used to specify the pool member type in CIS
metadata. staticRoutingMode boolean Optional yes false true/false
If set to true, CIS will create the Static routes for the
podNetwork on the BIG-IP Next Instance
metadata. networkCIDR String Optional yes   Any networks cidrs
If your nodes are using multiple network interfaces, you can
define the network address using this parameter

as3Config

Property Type Required Reboot Required Default Allowed Values Description
debugAS3 boolean Optional No false true/false It is used to enable the debug logs for AS3
postDelayAS3 Integer Optional No 0  
It is used if AS3 API on BIG-IP Next Central Manager is taking
more time to apply the configuration

bigIpConfig

Below are the list of BIGIP Next instaces which needs to be managed by CIS.

Property Type Required Reboot Required Default Allowed Values Description
bigIpAddress String Optional No false true/false It’s used to enable the debug logs for AS3
defaultPartition String Optional No 0   It’s to define the default partition for the BIGIP next objects.
bigIpLabel String Optional No    
It is used to map the ingress resource to the BIG-IP Next, you
can specify the bigip label in policy CR

Important

Policy CR is not supported in BIG-IP Next CIS 20.3.0.


Note

To provide feedback on Container Ingress Services or this documentation, please file a GitHub Issue.