Upgrading CNFs¶
Overview¶
This document discusses how to upgrade the various Cloud-Native Network Functions (CNFs) software components. Each section represents the independent upgradable components.
Important: F5 recommends that you perform software upgrades during a planned maintenance window.
Requirements¶
Ensure you have:
- Reviewed the CNF Release Notes
- Extracted the CNFs Software.
- A workstation with Helm installed.
BIG-IP Controller¶
The BIG-IP Controller installs using the f5ingress Helm chart, released as a versioned tarball, for example f5ingress-9.0.0.tgz. When extracted from the tarball, the f5ingress Helm chart also contains multiple subcharts that will in the future enable upgrading CNFs Pods independently. The table below lists the Pods and their charts or subcharts:
Charts/Subcharts¶
Chart/Subchart | Pod | Containers |
---|---|---|
f5ingress | f5ingress | f5ingress and f5-license-helper |
f5ingress | f5-tmm | f5-tmm and f5-debug-sidecar |
f5-afm | f5-afm | f5-l4p-engine and f5-fluentbit |
f5-ipsd | f5-ipds | f5-nsec-ips-daemon and f5-fluentbit |
f5-stats_collector | otel-collector | opentelemetry-collector |
TMM RollingUpdate¶
When upgrading CNFs installations with multiple f5-tmm replicas (Pods) running, CNFS uses the Kubernetes RollingUpdate feature; terminating and upgrading one f5-tmm Pod at a time, leaving the remaining f5-tmm replicas available to process application traffic.
Full upgrade¶
Use these steps to upgrade all of the CNFs Pods.
Change into the directory containing the latest CNFs Software, and list the f5ingress Helm chart:
cd cnfinstall; ls -1 tar | grep f5ingress
f5ingress-9.0.0.tgz
Obtain the Helm release name for the current CNFs installation:
helm list -n cnf-gateway
In this example, the Helm release named f5ingress is in the cnf-gateway namespace.
NAME NAMESPACE REVISION STATUS CHART f5ingress cnf-gateway 1 deployed f5ingress-8.0.0
Use the new Helm chart to upgrade the installation:
helm upgrade f5ingress tar/f5ingress-<version>.tgz \ -f <values>.yaml -n namespace
In this example, all of the CNFs Pods will be upgraded using the f5ingress-9.0.0.tgz Helm chart.
helm upgrade f5ingress tar/f5ingress-9.0.0.tgz \ -f values.yaml -n cnf-gateway
Verify the Helm CHART and REVISION have incremented:
helm list -n cnf-gateway
In this example, the Helm CHART is now 9.0.0 and the REVISION is now 2.
NAME NAMESPACE REVISION STATUS CHART f5ingress cnf-gateway 2 deployed f5ingress-9.0.0
Verify the Pods have a STATUS of Running:
oc get pods -n cnf-gateway
In this example, the upgraded Pods have a STATUS of Running.
NAME READY STATUS f5-afm-54d66946cd-5dmvs 2/2 Running f5-ipsd-54df45c9cf-tmvqv 2/2 Running f5-tmm-6fbbbcfb8-8jvkh 4/4 Running f5ingress-f5ingress-597894b455-4hglb 2/2 Running
Partial upgrade¶
The ability to perform parital, or single CNFs Pod upgrades is not yet supported.
CRDs¶
CRD upgrades should be performed after installing the latest BIG-IP Controller that came packaged with the CRD bundle. If the CRD bundle is newer than the BIG-IP Controller, it will not not recognize the newer CRD paramaters, and the expected configuration will not be applied to the Service Proxy TMM. Use these steps to upgrade the CRDs:
Important: Helm currently does not support upgrading or deleting CRDs. Refer to Helm Custom Resource Definitions.
Full upgrade¶
Use these steps to upgrade all of the CNFs CRDs.
Change into the directory containing the latest CNFs Software, and list the CRD bundle:
cd cnfinstall; ls -1 | grep crds
f5-cnf-crds-n6lan-0.40.0.tgz
Extract the Helm subcharts from the f5ingress tarball:
tar xvf f5-cnf-crds-n6lan-0.40.0.tgz
Install the CRDs:
oc apply -f f5-cnf-crds-n6lan/crds
Partial upgrade¶
Use these steps to upgrade a single CNFs CRD.
Change into the directory containing the latest CNFs Software, and list the CRD bundle:
cd cnfinstall; ls -1 | grep crds
f5-cnf-crds-n6lan-0.40.0.tgz
Extract the Helm subcharts from the f5ingress tarball:
tar xvf f5-cnf-crds-n6lan-0.40.0.tgz
Install a specific CRD:
Note: In this example, only the f5-big-nat-policy.yaml CRD is upgraded.
oc apply -f f5-cnf-crds-n6lan/crds/f5-big-nat-policy.yaml
dSSM database¶
To ensure there is no loss of data or downtime, the dSSM Databases should be upgraded using the Upgrading dSSM guide.
Fluentd logging¶
Use these steps to upgrade the Fluentd Logging collector.
Change into the directory containing the latest CNFs Software, and list the f5-fluentd Helm chart:
cd cnfinstall; ls -1 tar | grep fluentd
f5-toda-fluentd-1.5.0.tgz
Obtain the Helm release name for the current CNFs installation:
helm list -n cnf-gateway
In this example, the release name is f5-fluentd.
NAME NAMESPACE REVISION STATUS CHART f5-fluentd cnf-gateway 1 deployed f5-toda-fluentd-1.0.0
Use the new Helm chart to upgrade the installation:
helm upgrade f5-fluentd tar/f5-toda-fluentd-<version>.tgz \ -f <values>.yaml -n cnf-gateway
In this example, the Fluend Pod will be upgraded using the f5-toda-fluentd-1.5.0.tgz Helm chart.
helm upgrade f5-fluentd tar/f5-toda-fluentd-1.5.0.tgz \ -f fluentd-values.yaml -n cnf-gateway
Verify the Helm CHART and REVISION have both incremented:
helm list -n cnf-gateway
In this example, the Helm CHART is now 1.5.0 and the REVISION is now 2.
NAME NAMESPACE REVISION STATUS CHART f5-fluentd cnf-gateway 2 deployed f5-toda-fluentd-1.5.0
Verify the Fluentd Pod is Running:
oc get pods -n cnf-gateway | grep fluent
In this example, the Fluentd Pod is Running.
f5-toda-fluentd-5c4876d88f-99n94 1/1 Running
Feedback¶
Provide feedback to improve this document by emailing cnfdocs@f5.com.