SPKInstance CR ParametersΒΆ

SPKInstance CR installs BIG-IP Next for Kubernetes, allowing F5 Orchestrator to access the docker images and helm charts for F5 BIG-IP Next for Kubernetes through FAR.

The table below describes the SPKInstance spec CR parameters.

Parameter Description Default Values
spkInfrastructure
string
Specifies the infrastructure settings for the BIG-IP NEXT for Kubernetes deployment. Must match name of Infrastructure applied in the same namespace
spkManifest
string
Specifies the specify the location of the BIG-IP NEXT for Kubernetes installation files. These files contain everything needed to deploy SPK, like configurations and components Currently not used

The table below describes the SPKInstance CR spec.afm parameters.

Parameter Description Default Values
enabled
boolean
Enable or disable the Edge Firewall container: true or false false
pccd.blob.maxFwBlobSizeMb
string
Specifies the maximum size (in MB) allowed for a Firewall blob 512
pccd.blob.maxNatBlobSizeMb
string
Specifies the maximum allowed size (in MB) for a NAT (Network Address Translation) blob. 512
pccd.enabled
boolean
Enable or disable afm-pccd container: true or false (MUST match enabled value above) false

The table below describes the CR spec.controller parameters.

Parameter Description Default Values
egress.snatpoolName
string
Specifies the Egress snatpoool name egress_snatpool
watchNamespace
string
The Namespace to watch for Ingress resources. MUST be populated with an existing namespace. app-ns

The table below describes the CR spec.cwc parameters.

Parameter Description Default Values
cpclConfig.jwt
string
Specifies the unique JWT (JSON Web token) can be obtained from your MyF5 account. -
cpclConfig.operationMode
string
Specifies the operational mode of the Common Product Component and Libraries (CPCL): connected or disconnected. connected
persistence.accessMode
string
Specifies the access mode for persistent storage used by the Cluster Wide Controller (CWC) ReadWriteOnce
persistence.enabled
boolean
Enable or disable for CWC persistence: true or false false
persistence.size
integer, string
Specifies the size of the persistent storage allocated for the CWC: Available size: integer, String or Pattern. 3Gi
persistence.storageClass
string
Specifies the storageClass to be used for provisioning persistent storage for the CWC. -

The table below describes the CR spec.fluentd parameters.

Parameter Description Default Values
component.additionalProperties.enabled
boolean
Specifies whether additional properties for the Fluentd component are enabled. Default value applies automatically and is not configurable.
component.additionalProperties.stdout
boolean
Specifies whether Fluentd should output logs to the standard output (stdout). Default value applies automatically and is not configurable.
persistence.accessMode
string
Specifies the access mode for the persistent storage used by Fluentd. ReadWriteOnce
persistence.enabled
boolean
Enable or disable the persistent storage for Fluentd: true or false false
persistence.size
integer, string
Specifies the size of the persistent storage allocated for the Fluentd: Available size: integer, String or Pattern. 3Gi
persistence.storageClass
string
Specifies the defines the storageClass to be used for provisioning persistent storage for the Fluentd. -

The table below describes the CR spec.global parameters.

Parameter Description Default Values
certmgr.issuerRef.name
string
Specifies the Issuer or ClusterIssuer name -
certmgr.issuerRef.kind
string
Specifies the Issuer and ClusterIssuer -
certmgr.issuerRef.group
string
Specifies the Group name should be set to cert-manager.io for OSS cert-manager -
debugging.csmOrchestrator.enabled
boolean
Enable or disable csmOrchestrator for debugging: true or false. Note: Currently they are not handled by orchestrator. true
debugging.csmQkview.enabled
boolean
Enable or disable csmQkview for debugging: true or false. Note: Currently they are not handled by orchestrator. true
debugging.prometheus.enabled
boolean
Enable or disable prometheus for debugging: true or false. Note: Currently they are not handled by orchestrator. true
imagePullPolicy
string
Specifies the PullPolicy that describes the condition to pull a container image. Default value applies automatically and is not configurable.
imagePullSecrets
string
LocalObjectReference includes information to locate the referenced object inside the same namespace. -
imageRepository
string
Specifies the image repository name and path to images (ex: repository.com/path/to/images). -
logging.debug
boolean
Enable or disable for debug logging. Default value applies automatically and is not configurable.
logging.fluentbitSidecar.enabled
boolean
Enable or disable Fluent Bit sidecar container should be enabled for logging for fluentbitSidecar logging: true or false. true
logging.fluentbitSidecar.fluentd.host
string
Specifies the hostname or IP address of the Fluentd instance to which Fluent Bit should forward the logs. 'f5-toda-fluentd.f5-utils.svc.cluster.local'
logging.fluentbitSidecar.fluentd.port
string
Specifies the port number that fluentbit uses to connect to the fluentd instance. 54321
logging.fluentbitSidecar.fluentd.loglevel
string
Specifies the logging level specifically for the fluentbit_sidecar container. Available values: trace, debug, info, warning, error info
logging.logLevel
string
Specifies global logging level for the BIG-IP Next for Kuberneters deployment. Available values: trace, debug, info, notice, warning, error, critical, alert or Emergency info

The table below describes the CR spec.sidecar parameters.

Parameter Description Default Values
resources.claims
string
Lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and DynamicResourceAllocation feature gate must be enabled. This field is immutable and can be set only for containers. Note: This refers to only one entry from PodSpec.ResourceClaims Default value applies automatically and is not configurable.
resources.limits
integer, string
Limits describe the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Default value applies automatically and is not configurable.
resources.requests
integer, string
Requests describe the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified; otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Default value applies automatically and is not configurable.

The table below describes the SPKInstance spec.tmm CR parameters.

Parameter Description Default Values
openshiftVFIO
string
References SR-IOV network node policies, and must be in the same order as the network node attachments. Only required for use in OpenShift environments -
palCPUSet
string
The ranges of CPU identifiers that are to be dedicated to TMM instances. If you want multiple TMM threads to specify CPUs "0-3" for 4 TMM threads. That will select CPU 0,1,2,3. 1
replicaCount
integer
Number of SPK TMMs desired in the replicaset. If iswholeClusterMode enabled, this is ignored. 1
resources.limits
integer, string
Resource limits and requests for TMM. TMM does not support resource requests. hugepages-2Mi should change depending on how many TMM threads is desired. The minimum is 3Gi. The general rule is 1.5Gi per TMM thread.
For example: 1 TMM 3Gi. 2 TMM 3Gi. 4 TMM 6Gi. (1.5Gi x 4 TMM threads).
You will also have to check if there is sufficient hugepages. Each hugepage count is 2Mi (2048 KB). If the hugepages is 8192 then 8192 * 2Mi (2048) = 16Gi.
limits: cpu: "1"
hugepages-2Mi: "3Gi"
memory: "2Gi"
sessiondb.useExternalStorage
string
Enable or disable DSSM for sessiondb: true or false false
tlsStore.enabled
boolean
Enable or disable tlsStore: true or false false
tmmMTU
integer
Globally sets the MTU on NICs that are capable of supporting jumbo frames 1500
tmmMapresHalt
boolean
When mapres is finished, execute tail -f /dev/null instead of TMM. false
tmmMapresHugepages
integer
Specify the total number of huge pages for TMM to use. 3,145,728 (3Gi) / 2048 (2Mi) = 1536 1536
usePhysMem
boolean
Provide --physmem the command line option to TMM. Required in order for TMM to be able to use its high-performance drivers, so they are able to enable DMA. true
xnetDPDKAllow
string
Allowed network devices, SF resource names should match the device names in /sys/bus/auxillary/devices -

The table below describes the SPKInstance spec.tmm.blobd CR parameters.

Parameter Description Default Values
enabled
boolean
Enable or disable the blobd container: true or false false
resources.claims
string
Lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and DynamicResourceAllocation feature gate must be enabled. This field is immutable and can be set only for containers. Note: This refers to only one entry from PodSpec.ResourceClaims. Default value applies automatically and is not configurable.
resources.limits
integer, string
Limits describe the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Default value applies automatically and is not configurable.
resources.requests
integer, string
Requests describe the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified; otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Default value applies automatically and is not configurable.

The table below describes the SPKInstance spec.tmm.debug CR parameters.

Parameter Description Default Values
enabled
boolean
Enable or disable the debug container: true or false true
resources.claims
string
Lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and DynamicResourceAllocation feature gate must be enabled. This field is immutable and can be set only for containers. Note: This refers to only one entry from PodSpec.ResourceClaims. Default value applies automatically and is not configurable.
resources.limits
integer, string
Limits describe the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Default value applies automatically and is not configurable.
resources.requests
integer, string
Requests describe the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified; otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Default value applies automatically and is not configurable.

The table below describes the SPKInstance spec.tmm.tmmRouting CR parameters.

Parameter Description Default Values
resources.claims
string
Lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and DynamicResourceAllocation feature gate must be enabled. This field is immutable and can be set only for containers. Note: This refers to only one entry from PodSpec.ResourceClaims. Default value applies automatically and is not configurable.
resources.limits
integer, string
Limits describe the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Default value applies automatically and is not configurable.
resources.requests
integer, string
Requests describe the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified; otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Default value applies automatically and is not configurable.

The table below describes the SPKInstance spec.tmm.tmrouted CR parameters.

Parameter Description Default Values
resources.claims
string
Lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and DynamicResourceAllocation feature gate must be enabled. This field is immutable and can be set only for containers. Note: This refers to only one entry from PodSpec.ResourceClaims. Default value applies automatically and is not configurable.
resources.limits
integer, string
Limits describe the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Default value applies automatically and is not configurable.
resources.requests
integer, string
Requests describe the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified; otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Default value applies automatically and is not configurable.

The table below describes the SPKInstance spec.tmm.dynamicRouting CR parameters.

Parameter Description Default Values
configMapName
string
This name should match the ConfigMap manually created. Required if enabled set to true -
enabled
boolean
Enable or disable dynamic routing: true or false false
exportZebosLogs
boolean
Configure Zebos logs to be sent to fluentbit or not: true or false false

The table below describes the SPKInstance spec.tmm.egress CR parameters.

Parameter Description Default Values
dnsCacheName
string
Specifies the required F5SPKDnscache CR by concatenating the CR's metadata.namespace and metadata.name parameters with a hyphen (-) character. For example, dnsCacheName: dnscache-cr ""
dnsNat46Enabled
boolean
Enable or disable the DNS46/NAT46 feature: true or false false
dnsNat46Ipv4Subnet
string
The pool of private IPv4 addresses used to create DNS A records for the internal Pods. ""
dnsNat46SorryIP
string
IP address for Oops Page if the NAT pool becomes exhausted ""
dnsNat46UpstreamDnsIP
string
- ""
useSnatpools
boolean
Enable or disable useSnatpools: true or false false

The table below describes the SPKInstance spec.tmm.nodeAssign CR parameters.

Parameter Description Default Values
affinity.nodeAffinity Describes node affinity scheduling rules for the pod. -
affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.),compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. -
affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution
string
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. -
affinity.podAffinity Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). -
affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution
string
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. -
affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution
string
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. -
affinity.podAntiAffinity Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). -
affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution
string
The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choos a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. -
affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution
string
If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. -
nodeSelector
string
This is important to set with SPK is run in "Whole Cluster" mode (multiple DPUs). TMM runs as a daemonset and gets deployed on all nodes including the Host Node. Node Selector is used to ensure TMM selects only the DPU node(s). It is similar to tolerations but ensures tmm is deployed to only the DPU Nodes with the "app: f5-tmm" labels.
Example:
app: f5-tmm
-
tolerations
string
Toleration is added to ensure only the TMM and daemonsets like Multus, CNI, etc. can be deployed on the DPU Node. This value is added by the orchestrator code, the value looks like this when you describe the node:
dpu=true:NoSchedule
-

The table below describes the SPKInstance spec.tmm.service CR parameters.

Parameter Description Default Values
create
boolean
- true
name
string
- f5-tmm-service
type
string
- LoadBalancer
annotations
string
- {}
customPorts
string
- []
externalIPs
string
- []
externalTrafficPolicy
string
- Local

The table below describes the SPKInstance spec.tmstats.tmstatsConfig CR parameters.

Parameter Description Default Values
resources.claims
string
Lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and DynamicResourceAllocation feature gate must be enabled. This field is immutable and can be set only for containers. Note: This refers to only one entry from PodSpec.ResourceClaims. Default value applies automatically and is not configurable.
resources.limits
integer, string
Limits describe the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Default value applies automatically and is not configurable.
resources.requests
integer, string
Requests describe the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified; otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Default value applies automatically and is not configurable.