CES Release v0.5.0

Container Egress Service (CES) Controller. V0.5.0

Publish date

2021.Dec 1

New

In this release, include below features:

• Egress policy on cluster level
• Egress policy on per namespace level
• Egress policy on per k8s svc
• Egress policy for strict network isolation(tenant)
• Support dynamic bandwidth limit for each egress policy rule
• Support High speed log for events
• Support events/policy visualization and analytics
• Support traffic programming base on policy rule
• Support TCP, UDP or any IP protocol
• Support custom logging fields/formats

Behavior

• It will be into explicit allow mode, once you set any policy.
• Rules changing trigger configurations into F5. The best practice is create create external service first, then create policy rule.
• Delete the associate externalservice will also delete the rule(only for 1:1 mapping between rule and externalservce CRD.see Known issues for detail).
• The externalservice will be splitted to serval objects name if it is referenced by muliti policy rules.
• The blank setting of namespaces in configmap's Common tenant means the controller will not monitor any namespaces.
• Delete externalservice and recreate again, will not trigger update to the F5. Pls delete the associate rule and recreate it.

Known issues

• System will not log event into F5 local db if logging profile use both local and remote destion, and the remote destion is unable reached.
• When an externalservice is referenced by more than one rules. Delete the externalservice CRD first, will cause unexpected result. Pls delete the rule first.

Image

There are 2 options:

1. Download the image on this page directly and load it manually
2. Use f5devcentral/ces-controller:0.5.0 docker hub repo. Pls note the version number.

Please check Github Wiki for all documents.