CNEInstance CR¶
The BIG-IP Next for Kubernetes is deployed through the application of the CNEInstance CR, which allows users to specify the desired state of the BIG-IP Next for Kubernetes cluster.
The table below describes the spec parameter.
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the name of the ClusterIssuer to be used for managing TLS certificates in the cluster. |
- |
|
Enables CGNAT functionality. |
- |
|
Enables or disables mounting of relevant core dump locations on the hostPath for the system in all containers and Pods. |
true |
|
Specifies how large the deployment should be, like small, medium, or large, depending on resource requirements. Available options: Small, Medium, Large, Max |
- |
|
Enables or disables the dynamic routing capability. |
true |
|
Enables or disables the Firewall Access Control List (ACL) feature, which manages traffic rules for the system’s network. |
true |
|
Specifies the uri from which to pull the container registry for the CNEInstance CR. |
- |
|
Specifies the name of the secret for authenticating with private registries. |
- |
|
Specifies the image pull policy. Available values: Always, IfNotPresent, Never |
IfNotPresent |
|
Specifies the version of the CNE software that should be installed. |
- |
|
Whether Gateway API is enabled for this product. |
- |
|
The product type for this installation. |
- |
|
The namespaces CNE Controller should watch for CRs. If WholeCluster mode is true, this is ignored.The special “Any” namespace can be used to watch all namespaces when WholeCluster is false. |
Watches no namespaces |
|
When WholeCluster and DPU are both false, this defines how many replicas of TMM should be deployed. |
1 |
|
The DPU Clusters this CNE Installation is associated. |
- |
|
Enables Intrusion prevention functionality. Note: The product type is CNF. |
false |
|
Enables ipIntelligence functionality. Note: The product type is CNF. |
- |
|
Enables or disables pseudo CNI (Container Network Interface) functionality. |
true |
|
Lists the network interfaces the deployment will use. It’s like specifying which network cables to plug into the system. |
- |
|
Enables policy enforcement functionality.Note: The product type is CNF. |
false |
|
Enables or disables the logging subsystem for centralized collection and management of container logs across the system. |
true |
|
Enables or disables the metrics subsystem for collecting and managing performance metrics, exposing them for monitoring and analysis. |
true |
|
Defines a global Storage Class for all Persistent Volume Claims used by components requiring persistent storage. It ensures consistent storage management across components but does not allow different storage classes for individual components. Ensure the configured Storage Class is provisioned with adequate capacity. It is recommended to periodically manage and offload large files like core dumps to permanent storage. |
- |
The table below describes the spec.advance parameters.
Parameter |
Description |
Default Values |
|---|---|---|
|
The ConfigMap that contains a list of CRs to watch. By default, CneController will list all installed CRDs and watch the known CRs. This field is optional. |
- |
The table below describes the spec.advanced.cneController.env.items parameters used to configure environment variables for the CNE Controller.
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the name of the environment variable in a container. This must be in C_IDENTIFIER format. |
- |
|
Defines the value assigned to the environment variable specified by name. This value can be a literal (hardcoded) string or utilize variable interpolation (e.g., $(VAR_NAME) for referencing other variables). |
- |
|
Specifies the source for the environment variable’s value, allowing configuration values to be dynamically fetched from external sources like ConfigMaps, Secrets, Pod fields, or resources. |
- |
|
Specifies the exact key in the ConfigMap to fetch the value from. This key must exist in the referenced ConfigMap. |
- |
|
Name of the ConfigMap to reference. If omitted, defaults to an empty string (“”). |
- |
|
Determines whether the environment variable is optional. If true, a missing ConfigMap or key will not cause an error; otherwise, it will fail. |
false |
|
Specifies the version of the schema the fieldPath is based on v1. |
v1 |
|
Specifies the field path to select within the given API version. |
- |
|
Specifies the name of the container whose resource (e.g., CPU/memory) limits/requests are being referenced. Required for volume configurations, but optional for environment variables. |
- |
|
Specifies the format for the exposed resource value. |
- |
|
Required field specifying the resource to select (e.g., limits.cpu, requests.memory, limits.ephemeral-storage). |
- |
|
Specifies the exact key in the Secret to fetch the value from. This key must exist in the referenced Secret. |
- |
|
Name of the Secret to reference. If omitted, defaults to an empty string (“”). |
- |
|
Determines whether the environment variable is optional. If true, a missing Secret or key will not cause an error; otherwise, it will fail. |
false |
The table below describes the spec.advanced.cneController parameter.
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the maximum number of environment variable entries you can define under |
50 |
The table below describes the spec.advanced.coremond.env.items parameters used to configure environment variables for the Coremond.
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the name of the environment variable in a container. This must be in C_IDENTIFIER format. |
- |
|
Defines the value assigned to the environment variable specified by name. This value can be a literal (hardcoded) string or utilize variable interpolation (e.g., $(VAR_NAME) for referencing other variables). |
- |
|
Specifies the source for the environment variable’s value, allowing configuration values to be dynamically fetched from external sources like ConfigMaps, Secrets, Pod fields, or resources. |
- |
|
Specifies the exact key in the ConfigMap to fetch the value from. This key must exist in the referenced ConfigMap. |
- |
|
Name of the ConfigMap to reference. If omitted, defaults to an empty string (“”). |
- |
|
Determines whether the environment variable is optional. If true, a missing ConfigMap or key will not cause an error; otherwise, it will fail. |
false |
|
Specifies the version of the schema the fieldPath is based on v1. |
v1 |
|
Specifies the field path to select within the given API version. |
- |
|
Specifies the name of the container whose resource (e.g., CPU/memory) limits/requests are being referenced. Required for volume configurations, but optional for environment variables. |
- |
|
Specifies the format for the exposed resource value. |
- |
|
Required field specifying the resource to select (e.g., limits.cpu, requests.memory, limits.ephemeral-storage). |
- |
|
Specifies the exact key in the Secret to fetch the value from. This key must exist in the referenced Secret. |
- |
|
Name of the Secret to reference. If omitted, defaults to an empty string (“”). |
- |
|
Determines whether the environment variable is optional. If true, a missing Secret or key will not cause an error; otherwise, it will fail. |
false |
The table below describes the spec.advanced.coremond parameters.
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the maximum number of environment variable entries you can define under |
50 |
|
Specifies whether a hostPath volume is mounted for the coremond component. |
false |
The table below describes the spec.advanced.cwc.env.items parameters used to configure environment variables for the CWC.
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the name of the environment variable in a container. This must be in C_IDENTIFIER format. |
- |
|
Defines the value assigned to the environment variable specified by name. This value can be a literal (hardcoded) string or utilize variable interpolation (e.g., $(VAR_NAME) for referencing other variables). |
- |
|
Specifies the source for the environment variable’s value, allowing configuration values to be dynamically fetched from external sources like ConfigMaps, Secrets, Pod fields, or resources. |
- |
|
Specifies the exact key in the ConfigMap to fetch the value from. This key must exist in the referenced ConfigMap. |
- |
|
Name of the ConfigMap to reference. If omitted, defaults to an empty string (“”). |
- |
|
Determines whether the environment variable is optional. If true, a missing ConfigMap or key will not cause an error; otherwise, it will fail. |
false |
|
Specifies the version of the schema the fieldPath is based on v1. |
v1 |
|
Specifies the field path to select within the given API version. |
- |
|
Specifies the name of the container whose resource (e.g., CPU/memory) limits/requests are being referenced. Required for volume configurations, but optional for environment variables. |
- |
|
Specifies the format for the exposed resource value. |
- |
|
Required field specifying the resource to select (e.g., limits.cpu, requests.memory, limits.ephemeral-storage). |
- |
|
Specifies the exact key in the Secret to fetch the value from. This key must exist in the referenced Secret. |
- |
|
Name of the Secret to reference. If omitted, defaults to an empty string (“”). |
- |
|
Determines whether the environment variable is optional. If true, a missing Secret or key will not cause an error; otherwise, it will fail. |
false |
The table below describes the spec.advanced.cwc parameter.
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the maximum number of environment variable entries you can define under |
50 |
The table below describes the spec.advanced.demoMode parameter.
Parameter |
Description |
Default Values |
|---|---|---|
|
Enables or disables demo mode configuration. |
false |
The table below describes the spec.advanced.envDiscovery.env.items parameters used to configure environment variables for the discovery jobs.
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the name of the environment variable in a container. This must be in C_IDENTIFIER format. |
- |
|
Defines the value assigned to the environment variable specified by name. This value can be a literal (hardcoded) string or utilize variable interpolation (e.g., $(VAR_NAME) for referencing other variables). |
- |
|
Specifies the source for the environment variable’s value, allowing configuration values to be dynamically fetched from external sources like ConfigMaps, Secrets, Pod fields, or resources. |
- |
|
Specifies the exact key in the ConfigMap to fetch the value from. This key must exist in the referenced ConfigMap. |
- |
|
Name of the ConfigMap to reference. If omitted, defaults to an empty string (“”). |
- |
|
Determines whether the environment variable is optional. If true, a missing ConfigMap or key will not cause an error; otherwise, it will fail. |
false |
|
Specifies the version of the schema the fieldPath is based on v1. |
v1 |
|
Specifies the field path to select within the given API version. |
- |
|
Specifies the name of the container whose resource (e.g., CPU/memory) limits/requests are being referenced. Required for volume configurations, but optional for environment variables. |
- |
|
Specifies the format for the exposed resource value. |
- |
|
Required field specifying the resource to select (e.g., limits.cpu, requests.memory, limits.ephemeral-storage). |
- |
|
Specifies the exact key in the Secret to fetch the value from. This key must exist in the referenced Secret. |
- |
|
Name of the Secret to reference. If omitted, defaults to an empty string (“”). |
- |
The table below describes the spec.advanced.envDiscovery parameter.
Parameter |
Description |
Default Values |
|---|---|---|
|
Enables or disables the environment discovery functionality. Controls whether discovery jobs are run across all nodes in the cluster. |
false |
|
Specifies the maximum number of environment discovery functionality you can define under |
100 |
|
Controls whether the environment discovery jobs should continuously run after successfully completing a cycle. |
- |
|
Indicates whether the discovery jobs should stop executing if any failure occurs during their execution. Useful for debugging scenarios. |
- |
|
SRIOV network resource names to be used by env-discovery job. |
- |
|
Disable specific environment checks. |
false |
|
DisableCheckAnnotations disables checking for required Kubernetes annotations. |
false |
|
DisableCheckVFs disables checking for SR-IOV Virtual Functions. |
false |
|
DisableCheckHugepages disables checking for HugePages. |
false |
|
DisableCheckSFConfig disables checking for SmartNIC SR-IOV configuration. |
false |
|
DisableCheckServerConfig disables checking for server configuration. |
false |
|
DisableCheckTaints disables checking for Kubernetes taints. |
false |
|
DisableCheckLabels disables checking for Kubernetes labels. |
false |
The table below describes the spec.advanced.firewallACL.env.items parameters used to configure environment variables for the firewall Access Control Lists (ACLs).
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the name of the environment variable in a container. This must be in C_IDENTIFIER format. |
- |
|
Defines the value assigned to the environment variable specified by name. This value can be a literal (hardcoded) string or utilize variable interpolation (e.g., $(VAR_NAME) for referencing other variables). |
- |
|
Specifies the source for the environment variable’s value, allowing configuration values to be dynamically fetched from external sources like ConfigMaps, Secrets, Pod fields, or resources. |
- |
|
Specifies the exact key in the ConfigMap to fetch the value from. This key must exist in the referenced ConfigMap. |
- |
|
Name of the ConfigMap to reference. If omitted, defaults to an empty string (“”). |
- |
|
Determines whether the environment variable is optional. If true, a missing ConfigMap or key will not cause an error; otherwise, it will fail. |
false |
|
Specifies the version of the schema the fieldPath is based on v1. |
v1 |
|
Specifies the field path to select within the given API version. |
- |
|
Specifies the name of the container whose resource (e.g., CPU/memory) limits/requests are being referenced. Required for volume configurations, but optional for environment variables. |
- |
|
Specifies the format for the exposed resource value. |
- |
|
Required field specifying the resource to select (e.g., limits.cpu, requests.memory, limits.ephemeral-storage). |
- |
|
Specifies the exact key in the Secret to fetch the value from. This key must exist in the referenced Secret. |
- |
|
Name of the Secret to reference. If omitted, defaults to an empty string (“”). |
- |
The table below describes the spec.advanced.firewallACL parameter.
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the maximum number of environment discovery functionality you can define under |
50 |
The table below describes the spec.advanced.maintenanceMode parameter.
Parameter |
Description |
Default Values |
|---|---|---|
|
Enables or disables maintenance mode for the resource. |
false |
The table below describes the spec.advanced.Otel.env.items parameters used to configure environment variables for the Otel.
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the name of the environment variable in a container. This must be in C_IDENTIFIER format. |
- |
|
Defines the value assigned to the environment variable specified by name. This value can be a literal (hardcoded) string or utilize variable interpolation (e.g., $(VAR_NAME) for referencing other variables). |
- |
|
Specifies the source for the environment variable’s value, allowing configuration values to be dynamically fetched from external sources like ConfigMaps, Secrets, Pod fields, or resources. |
- |
|
Specifies the exact key in the ConfigMap to fetch the value from. This key must exist in the referenced ConfigMap. |
- |
|
Name of the ConfigMap to reference. If omitted, defaults to an empty string (“”). |
- |
|
Determines whether the environment variable is optional. If true, a missing ConfigMap or key will not cause an error; otherwise, it will fail. |
false |
|
Specifies the version of the schema the fieldPath is based on v1. |
v1 |
|
Specifies the field path to select within the given API version. |
- |
|
Specifies the name of the container whose resource (e.g., CPU/memory) limits/requests are being referenced. Required for volume configurations, but optional for environment variables. |
- |
|
Specifies the format for the exposed resource value. |
- |
|
Required field specifying the resource to select (e.g., limits.cpu, requests.memory, limits.ephemeral-storage). |
- |
|
Specifies the exact key in the Secret to fetch the value from. This key must exist in the referenced Secret. |
- |
|
Name of the Secret to reference. If omitted, defaults to an empty string (“”). |
- |
The table below describes the spec.advanced.otel parameter.
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the maximum number of environment variable entries you can define under |
- |
|
Prometheus namespace for metrics collection. |
- |
The table below describes the spec.advanced.pseudoCNI.env.items parameters used to configure environment variables for the pseudoCNI.
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the name of the environment variable in a container. This must be in C_IDENTIFIER format. |
- |
|
Defines the value assigned to the environment variable specified by name. This value can be a literal (hardcoded) string or utilize variable interpolation (e.g., $(VAR_NAME) for referencing other variables). |
- |
|
Specifies the source for the environment variable’s value, allowing configuration values to be dynamically fetched from external sources like ConfigMaps, Secrets, Pod fields, or resources. |
- |
|
Specifies the exact key in the ConfigMap to fetch the value from. This key must exist in the referenced ConfigMap. |
- |
|
Name of the ConfigMap to reference. If omitted, defaults to an empty string (“”). |
- |
|
Determines whether the environment variable is optional. If true, a missing ConfigMap or key will not cause an error; otherwise, it will fail. |
false |
|
Specifies the version of the schema the fieldPath is based on v1. |
v1 |
|
Specifies the field path to select within the given API version. |
- |
|
Specifies the name of the container whose resource (e.g., CPU/memory) limits/requests are being referenced. Required for volume configurations, but optional for environment variables. |
- |
|
Specifies the format for the exposed resource value. |
- |
|
Required field specifying the resource to select (e.g., limits.cpu, requests.memory, limits.ephemeral-storage). |
- |
|
Specifies the exact key in the Secret to fetch the value from. This key must exist in the referenced Secret. |
- |
|
Name of the Secret to reference. If omitted, defaults to an empty string (“”). |
- |
The table below describes the spec.advanced.pseudoCNI parameter.
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the maximum number of environment discovery functionality you can define under |
50 |
The table below describes the spec.advanced.tmm.env.items parameters used to configure environment variables for the TMM.
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the name of the environment variable in a container. This must be in C_IDENTIFIER format. |
- |
|
Defines the value assigned to the environment variable specified by name. This value can be a literal (hardcoded) string or utilize variable interpolation (e.g., $(VAR_NAME) for referencing other variables). |
- |
|
Specifies the source for the environment variable’s value, allowing configuration values to be dynamically fetched from external sources like ConfigMaps, Secrets, Pod fields, or resources. |
- |
|
Specifies the exact key in the ConfigMap to fetch the value from. This key must exist in the referenced ConfigMap. |
- |
|
Name of the ConfigMap to reference. If omitted, defaults to an empty string (“”). |
- |
|
Determines whether the environment variable is optional. If true, a missing ConfigMap or key will not cause an error; otherwise, it will fail. |
false |
|
Specifies the version of the schema the fieldPath is based on v1. |
v1 |
|
Specifies the field path to select within the given API version. |
- |
|
Specifies the name of the container whose resource (e.g., CPU/memory) limits/requests are being referenced. Required for volume configurations, but optional for environment variables. |
- |
|
Specifies the format for the exposed resource value. |
- |
|
Required field specifying the resource to select (e.g., limits.cpu, requests.memory, limits.ephemeral-storage). |
- |
|
Specifies the exact key in the Secret to fetch the value from. This key must exist in the referenced Secret. |
- |
|
Name of the Secret to reference. If omitted, defaults to an empty string (“”). |
- |
The table below describes the spec.advanced.tmm parameter.
Parameter |
Description |
Default Values |
|---|---|---|
|
Specifies the maximum number of environment discovery functionality you can define under |
50 |
|
Used to override the annotations applied to the TMM pods. |
- |
|
Used to override the resource requests/limits for the TMM pods over the values set by the deployment Size attribute. |
- |
The table below describes the status.condition.items parameter.
Parameter |
Description |
Default Values |
|---|---|---|
|
The timestamp indicating the last moment the condition transitioned from one state to another. Used for tracking state change events. |
- |
|
A human-readable message describing details about the condition’s transition or current state. |
- |
|
The generation of the resource metadata at the time the condition was last updated. Helps ensure the condition aligns with the latest resource version. |
- |
|
A programmatic identifier (in CamelCase) explaining the reason behind the condition’s last status transition. Producers may define expected values. |
- |
|
Specifies the current state of the condition. Available values: True, False or Unknown. |
- |
|
Specifies the type of the condition being monitored. |
- |
(2.2.1 and later) Schedule component pods¶
Describes how to configure pod scheduling fields for components so you can place them on the right nodes—for example, schedule TMM on DPUs and prevent F5 ingress, DSSM, and CWC from running on DPUs.
The below table lists the categories in spec.placement section.
Categories |
Included component |
|---|---|
|
TMM |
|
CNE controller, analyzer, CWC and others |
|
fluentd, observer |
|
DSSM |
The table below describes the scheduling fields of each category (eg.spec.placement.dataplane.nodeSelector).
Scheduling fields |
Description |
|---|---|
|
Specifies the labels of nodes on which pod of the components are scheduled. |
|
Defines the scheduling constraints for the component’s pod. |
|
Defines the tolerations for the component’s pod. |
|
Schedule matching pods within the specified topology. |
|
Specifies the name of the Priority Class. |