SPKInstance CR ParametersΒΆ
SPKInstance CR installs BIG-IP Next for Kubernetes, allowing F5 Orchestrator to access the docker images and helm charts for F5 BIG-IP Next for Kubernetes through FAR.
The table below describes the SPKInstance spec
CR parameters.
Parameter | Description | Default Values |
---|---|---|
spkInfrastructure string |
Specifies the infrastructure settings for the BIG-IP NEXT for Kubernetes deployment. | Must match name of Infrastructure applied in the same namespace |
spkManifest string |
Specifies the specify the location of the BIG-IP NEXT for Kubernetes installation files. These files contain everything needed to deploy SPK, like configurations and components | Currently not used |
The table below describes the SPKInstance CR spec.afm
parameters.
Parameter | Description | Default Values |
---|---|---|
enabled boolean |
Enable or disable the Edge Firewall container: true or false | false |
pccd.blob.maxFwBlobSizeMb string |
Specifies the maximum size (in MB) allowed for a Firewall blob | 512 |
pccd.blob.maxNatBlobSizeMb string |
Specifies the maximum allowed size (in MB) for a NAT (Network Address Translation) blob. | 512 |
pccd.enabled boolean |
Enable or disable afm-pccd container: true or false (MUST match enabled value above) | false |
The table below describes the CR spec.controller
parameters.
Parameter | Description | Default Values |
---|---|---|
egress.snatpoolName string |
Specifies the Egress snatpoool name | egress_snatpool |
watchNamespace string |
The Namespace to watch for Ingress resources. MUST be populated with an existing namespace. | app-ns |
The table below describes the CR spec.cwc
parameters.
Parameter | Description | Default Values |
---|---|---|
cpclConfig.jwt string |
Specifies the unique JWT (JSON Web token) can be obtained from your MyF5 account. | - |
cpclConfig.operationMode string |
Specifies the operational mode of the Common Product Component and Libraries (CPCL): connected or disconnected. | connected |
persistence.accessMode string |
Specifies the access mode for persistent storage used by the Cluster Wide Controller (CWC) | ReadWriteOnce |
persistence.enabled boolean |
Enable or disable for CWC persistence: true or false | false |
persistence.size integer, string |
Specifies the size of the persistent storage allocated for the CWC: Available size: integer, String or Pattern. | 3Gi |
persistence.storageClass string |
Specifies the storageClass to be used for provisioning persistent storage for the CWC. | - |
The table below describes the CR spec.fluentd
parameters.
Parameter | Description | Default Values |
---|---|---|
component.additionalProperties.enabled boolean |
Specifies whether additional properties for the Fluentd component are enabled. | Default value applies automatically and is not configurable. |
component.additionalProperties.stdout boolean |
Specifies whether Fluentd should output logs to the standard output (stdout). | Default value applies automatically and is not configurable. |
persistence.accessMode string |
Specifies the access mode for the persistent storage used by Fluentd. | ReadWriteOnce |
persistence.enabled boolean |
Enable or disable the persistent storage for Fluentd: true or false | false |
persistence.size integer, string |
Specifies the size of the persistent storage allocated for the Fluentd: Available size: integer, String or Pattern. | 3Gi |
persistence.storageClass string |
Specifies the defines the storageClass to be used for provisioning persistent storage for the Fluentd. | - |
The table below describes the CR spec.global
parameters.
Parameter | Description | Default Values |
---|---|---|
certmgr.issuerRef.name string |
Specifies the Issuer or ClusterIssuer name | - |
certmgr.issuerRef.kind string |
Specifies the Issuer and ClusterIssuer | - |
certmgr.issuerRef.group string |
Specifies the Group name should be set to cert-manager.io for OSS cert-manager | - |
debugging.csmOrchestrator.enabled boolean |
Enable or disable csmOrchestrator for debugging: true or false. Note: Currently they are not handled by orchestrator. | true |
debugging.csmQkview.enabled boolean |
Enable or disable csmQkview for debugging: true or false. Note: Currently they are not handled by orchestrator. | true |
debugging.prometheus.enabled boolean |
Enable or disable prometheus for debugging: true or false. Note: Currently they are not handled by orchestrator. | true |
imagePullPolicy string |
Specifies the PullPolicy that describes the condition to pull a container image. | Default value applies automatically and is not configurable. |
imagePullSecrets string |
LocalObjectReference includes information to locate the referenced object inside the same namespace. | - |
imageRepository string |
Specifies the image repository name and path to images (ex: repository.com/path/to/images). | - |
logging.debug boolean |
Enable or disable for debug logging. | Default value applies automatically and is not configurable. |
logging.fluentbitSidecar.enabled boolean |
Enable or disable Fluent Bit sidecar container should be enabled for logging for fluentbitSidecar logging: true or false. | true |
logging.fluentbitSidecar.fluentd.host string |
Specifies the hostname or IP address of the Fluentd instance to which Fluent Bit should forward the logs. | 'f5-toda-fluentd.f5-utils.svc.cluster.local' |
logging.fluentbitSidecar.fluentd.port string |
Specifies the port number that fluentbit uses to connect to the fluentd instance. | 54321 |
logging.fluentbitSidecar.fluentd.loglevel string |
Specifies the logging level specifically for the fluentbit_sidecar container. Available values: trace, debug, info, warning, error | info |
logging.logLevel string |
Specifies global logging level for the BIG-IP Next for Kuberneters deployment. Available values: trace, debug, info, notice, warning, error, critical, alert or Emergency | info |
The table below describes the CR spec.sidecar
parameters.
Parameter | Description | Default Values |
---|---|---|
resources.claims string |
Lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and DynamicResourceAllocation feature gate must be enabled. This field is immutable and can be set only for containers. Note: This refers to only one entry from PodSpec.ResourceClaims | Default value applies automatically and is not configurable. |
resources.limits integer, string |
Limits describe the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | Default value applies automatically and is not configurable. |
resources.requests integer, string |
Requests describe the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified; otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | Default value applies automatically and is not configurable. |
The table below describes the SPKInstance spec.tmm
CR parameters.
Parameter | Description | Default Values |
---|---|---|
openshiftVFIO string |
References SR-IOV network node policies, and must be in the same order as the network node attachments. Only required for use in OpenShift environments | - |
palCPUSet string |
The ranges of CPU identifiers that are to be dedicated to TMM instances. If you want multiple TMM threads to specify CPUs "0-3" for 4 TMM threads. That will select CPU 0,1,2,3. | 1 |
replicaCount integer |
Number of SPK TMMs desired in the replicaset. If iswholeClusterMode enabled, this is ignored. |
1 |
resources.limits integer, string |
Resource limits and requests for TMM. TMM does not support resource requests. hugepages-2Mi should change depending on how many TMM threads is desired. The minimum is 3Gi. The general rule is 1.5Gi per TMM thread. For example: 1 TMM 3Gi. 2 TMM 3Gi. 4 TMM 6Gi. (1.5Gi x 4 TMM threads). You will also have to check if there is sufficient hugepages. Each hugepage count is 2Mi (2048 KB). If the hugepages is 8192 then 8192 * 2Mi (2048) = 16Gi. |
limits: cpu: "1" hugepages-2Mi: "3Gi" memory: "2Gi" |
sessiondb.useExternalStorage string |
Enable or disable DSSM for sessiondb: true or false | false |
tlsStore.enabled boolean |
Enable or disable tlsStore: true or false | false |
tmmMTU integer |
Globally sets the MTU on NICs that are capable of supporting jumbo frames | 1500 |
tmmMapresHalt boolean |
When mapres is finished, execute tail -f /dev/null instead of TMM. |
false |
tmmMapresHugepages integer |
Specify the total number of huge pages for TMM to use. 3,145,728 (3Gi) / 2048 (2Mi) = 1536 | 1536 |
usePhysMem boolean |
Provide --physmem the command line option to TMM. Required in order for TMM to be able to use its high-performance drivers, so they are able to enable DMA. |
true |
xnetDPDKAllow string |
Allowed network devices, SF resource names should match the device names in /sys/bus/auxillary/devices | - |
The table below describes the SPKInstance spec.tmm.blobd
CR parameters.
Parameter | Description | Default Values |
---|---|---|
enabled boolean |
Enable or disable the blobd container: true or false | false |
resources.claims string |
Lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and DynamicResourceAllocation feature gate must be enabled. This field is immutable and can be set only for containers. Note: This refers to only one entry from PodSpec.ResourceClaims. | Default value applies automatically and is not configurable. |
resources.limits integer, string |
Limits describe the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | Default value applies automatically and is not configurable. |
resources.requests integer, string |
Requests describe the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified; otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | Default value applies automatically and is not configurable. |
The table below describes the SPKInstance spec.tmm.debug
CR parameters.
Parameter | Description | Default Values |
---|---|---|
enabled boolean |
Enable or disable the debug container: true or false | true |
resources.claims string |
Lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and DynamicResourceAllocation feature gate must be enabled. This field is immutable and can be set only for containers. Note: This refers to only one entry from PodSpec.ResourceClaims. | Default value applies automatically and is not configurable. |
resources.limits integer, string |
Limits describe the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | Default value applies automatically and is not configurable. |
resources.requests integer, string |
Requests describe the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified; otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | Default value applies automatically and is not configurable. |
The table below describes the SPKInstance spec.tmm.tmmRouting
CR parameters.
Parameter | Description | Default Values |
---|---|---|
resources.claims string |
Lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and DynamicResourceAllocation feature gate must be enabled. This field is immutable and can be set only for containers. Note: This refers to only one entry from PodSpec.ResourceClaims. | Default value applies automatically and is not configurable. |
resources.limits integer, string |
Limits describe the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | Default value applies automatically and is not configurable. |
resources.requests integer, string |
Requests describe the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified; otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | Default value applies automatically and is not configurable. |
The table below describes the SPKInstance spec.tmm.tmrouted
CR parameters.
Parameter | Description | Default Values |
---|---|---|
resources.claims string |
Lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and DynamicResourceAllocation feature gate must be enabled. This field is immutable and can be set only for containers. Note: This refers to only one entry from PodSpec.ResourceClaims. | Default value applies automatically and is not configurable. |
resources.limits integer, string |
Limits describe the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | Default value applies automatically and is not configurable. |
resources.requests integer, string |
Requests describe the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified; otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | Default value applies automatically and is not configurable. |
The table below describes the SPKInstance spec.tmm.dynamicRouting
CR parameters.
Parameter | Description | Default Values |
---|---|---|
configMapName string |
This name should match the ConfigMap manually created. Required if enabled set to true | - |
enabled boolean |
Enable or disable dynamic routing: true or false | false |
exportZebosLogs boolean |
Configure Zebos logs to be sent to fluentbit or not: true or false | false |
The table below describes the SPKInstance spec.tmm.egress
CR parameters.
Parameter | Description | Default Values |
---|---|---|
dnsCacheName string |
Specifies the required F5SPKDnscache CR by concatenating the CR's metadata.namespace and metadata.name parameters with a hyphen (-) character. For example, dnsCacheName: dnscache-cr |
"" |
dnsNat46Enabled boolean |
Enable or disable the DNS46/NAT46 feature: true or false | false |
dnsNat46Ipv4Subnet string |
The pool of private IPv4 addresses used to create DNS A records for the internal Pods. | "" |
dnsNat46SorryIP string |
IP address for Oops Page if the NAT pool becomes exhausted | "" |
dnsNat46UpstreamDnsIP string |
- | "" |
useSnatpools boolean |
Enable or disable useSnatpools: true or false | false |
The table below describes the SPKInstance spec.tmm.nodeAssign
CR parameters.
Parameter | Description | Default Values |
---|---|---|
affinity.nodeAffinity |
Describes node affinity scheduling rules for the pod. | - |
affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution |
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. | - |
affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution string |
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. | - |
affinity.podAffinity |
Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). | - |
affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution string |
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. | - |
affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution string |
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. | - |
affinity.podAntiAffinity |
Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). | - |
affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution string |
The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choos a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. | - |
affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution string |
If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. | - |
nodeSelector string |
This is important to set with SPK is run in "Whole Cluster" mode (multiple DPUs). TMM runs as a daemonset and gets deployed on all nodes including the Host Node. Node Selector is used to ensure TMM selects only the DPU node(s). It is similar to tolerations but ensures tmm is deployed to only the DPU Nodes with the "app: f5-tmm" labels. Example: app: f5-tmm |
- |
tolerations string |
Toleration is added to ensure only the TMM and daemonsets like Multus, CNI, etc. can be deployed on the DPU Node. This value is added by the orchestrator code, the value looks like this when you describe the node: dpu=true:NoSchedule |
- |
The table below describes the SPKInstance spec.tmm.service
CR parameters.
Parameter | Description | Default Values |
---|---|---|
create boolean |
- | true |
name string |
- | f5-tmm-service |
type string |
- | LoadBalancer |
annotations string |
- | {} |
customPorts string |
- | [] |
externalIPs string |
- | [] |
externalTrafficPolicy string |
- | Local |
The table below describes the SPKInstance spec.tmstats.tmstatsConfig
CR parameters.
Parameter | Description | Default Values |
---|---|---|
resources.claims string |
Lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and DynamicResourceAllocation feature gate must be enabled. This field is immutable and can be set only for containers. Note: This refers to only one entry from PodSpec.ResourceClaims. | Default value applies automatically and is not configurable. |
resources.limits integer, string |
Limits describe the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | Default value applies automatically and is not configurable. |
resources.requests integer, string |
Requests describe the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified; otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | Default value applies automatically and is not configurable. |