Release Notes

F5 Cloud-Native Network Functions (CNFs) for OpenShift - 1.2.1

Breaking changes

  • The Traffic Management Microkernel (TMM) Proxy Pods now install using separate Helm Sub-Charts. This is the first step in an effort to enable single Pod upgrades, however, it requires modifications to your existing BIG-IP Controller Helm values file. Refer to the BIG-IP Controller section for the full set of installation instructions.

New Features and Improvements

  • The new F5BigCneIrule CR has been added to support one or multiple iRules within F5BigContextSecure or any other usecase CRs (example: DNS Virtual Server and F5BigAlgFTP). Refer to the F5BigCneIrule section for more information.
  • The new F5BigCneZone CR has been added to support source/destination VLAN Zones as rule-matching criteria in the AFM ACL Policy Rules. Refer to F5BigCneZone section for more information.
  • The new F5BigFwRulelist CR has been added to support rule-lists in the AFM ACL Policy. Refer to the F5BigRulelist section for more information.
  • The new F5BigDohApp CR has been added to provide high-performance DNS resolution, caching and DNS64 translation mapping over secure HTTPS connections. Refer to the F5BigDohApp section for more information.
  • CNFs supports the CRD conversion webhook, which handles the automatic conversion of multiple CRD versions based on the specified namespace and version in the cluster, without affecting existing CRs. Refer to the CRD Conversion Webhook section for more information.
  • Monitor support has been added for the HSL publisher pool. Refer to the F5BigLogHslpub section for more information.
  • Downloader Pod now supports only offline mode. Refer to the BIG-IP Controller section for more information.
  • Added support for Mellanox ConnectX-6 Dx NIC in Openshift version 4.14. Refer to the Supported NICs section of the Cluster Requirements for more information.
  • CNFs supports the f5nxtctl BIGIP Next Control command line tool to abstract and automate the installation and verification of f5-specific components, such as Cert Manager, CWC, RabbitMQ, CRD-Conversion, northbound certificates, curl/Postman commands, and specific services, in a short amount of time. Refer to CNFs Installer section.

Bug Fixes

1475133 (Ingress)

The missing commas in the logprofile handler are now resolved.

1472745 (TMM)

TMM no longer crashes when an HSL pool member goes down.

Known Issues

1354641-1 (TMM)

iRule stats can show in two entry rows.

1490909 (Ingress)

When crdupdater is enabled, the upgrade from CNFs v1.2.0 to CNFs v1.2.1 fails.

Workaround

Remove crdupdater certificate tls-crdupdater-grpc-svr before upgrading to CNFs v1.2.1.

oc delete certificate tls-crdupdater-grpc-svr -n <cnf_namespace>

1492301 (TMM)

Increase in pool member statistics for some time after HSL pool members is down.

Workaround

After pool member goes down, wait for the duration of configured monitor time-out value, before starting the traffic.

Software upgrades

For assistance with software upgrades, refer to the Upgrading CNFs overview.

Next step

Continue to the Cluster Requirements guide to ensure the cluster has the required software components.