Release Notes¶
F5 Cloud-Native Network Functions (CNFs) for OpenShift - 1.4.0
What’s new in CNFs v1.4.0¶
Core File Management – Coremond Tool¶
From this release, core file management will be handled using Coremond tool. This tool is specifically designed to assist in the collection of core files and appending additional metadata. This functionality allows the support or development team to open and debug the core files with the relevant source code. For more information on how the Coremond tool works, how to collect and how to validate the core files, see Coremond.
Open Source Cert Manager support¶
The user can now configure the F5 components using an Open Source Cert Manager. The Cert Manager component used can be open source cert manager or F5 Cert Manager. To install the Cert Manager, follow the procedure mentioned in Integration Stages. For more information on how to install and use the open source cert manager, see Open Source Cert Manager.
Enhancements in CNFs v1.4.0¶
Deterministic IP address allocation¶
Enabled Deterministic Configuration Allocation feature to provide deterministic allocation of IP addresses for a pod. This can be acheived by configuring the maxActiveReplicas
option in BIG-IP Controller Reference. The maxActiveReplicas
is a helm parameter that defines the maximum limit of active TMM replicas with default value set to 32, and can be configured using values override. For more information, see, Deterministic Configuration Allocation, F5BigCneSnatpool and F5BigNetVlan.
Enhanced DNS Profile for Security¶
Updated DNS compliance checks with dns_disallowed_resource_records
and dns_disallowed_query_type
to achieve parity with DNS Profile security.
For more information, see F5BigIpsPolicy, F5BigDnsApp and F5BigContextSecure.
Configurable source (IPv4 & IPv6) address for DNS cache resolver¶
Added support to allow configurable source (IPv4 & IPv6) address for DNS cache resolver. The F5BigGlobalOptions CR contains optional settings that allow users to enable non-standard behaviors or features. For more information, see F5BigGlobalOptions CR and Forward Zones section in F5BigDnsCache Reference.
DNS over HTTPS (DoH)¶
From this release, the DoH listener can be configured using F5BigDnsApp, for which DoH CRD was used earlier. The DoH CRD was merged with F5BigDnsApp CRD making this CRD applicable to configure both DNS and DoH listeners. Additionally F5BigHttp2Setting, F5BigHttpSetting, F5ClientSslSetting profiles were created similar to F5TcpSetting and F5UDPSetting, which can be referenced by the F5BigDnsApp CRD.
FastL4 Reassemble Fragments Option¶
Added a configurable option (ipFragReass
) in the fastl4 profile to enable or disable fragmentation reassembly in TMM with the default value as false
. For more information, see F5BigFastl4Setting and F5BigContextSecure.
Flow Idle Timer Enhancements through EdgeFirewall rules¶
From this release, the operators can define timer policy through F5BigSvcPolicy (Service Policy) CR for individual rule to control the flow idle timeouts
, in the CNFs Edge Firewall rules.
Enabled the defaults quota or recommended deployment values¶
Added resource request and limits for TMM, AFM, IPSD, OTEL, Downloader, Crd-Conversion, Fluentbit sidecar, blobd, debug, tmrouted and tmmRouting helm charts. For more information, see BIG-IP Controller, CRD Conversion Webhook and OTEL Collectors sections.
Enabled default deployment values in helm charts¶
Added support to preserve the existing changes made to tmm-init
and f5-tmm-dynamic-routing-template
configmaps in an earlier CNFs version while upgrading to the CNFs 1.4.0 version.
Fixes and Known Issue¶
Refer to Fixes and Known Issues section to known about fixes and known issues for this CNF release.
Software upgrades¶
For assistance with software upgrades, refer to the Upgrading CNFs overview.
CNFs can be upgraded from v1.3.x (1.3.0/1.3.1/1.3.2) to v1.4.0. Refer to Upgrading CNFs from v1.3.x to v1.4.0 section.
Upgrading CNFs from v1.3.1 to v1.3.2.
CNFs 1.3.2 version contains an updated version of the TMM pod. Hence, upgrading the F5ingress helm chart will update the TMM pod, allowing a smooth transition from version 1.3.1 to version 1.3.2.
To upgrade from CNF v1.3.1 to v1.3.2, please follow the steps below.
Upgrade the f5ingress Pod using the newer version Helm chart of CNFs v1.3.2:
helm upgrade <release> tar/<helm-chart>.tgz -n <namespace> -f <values>.yaml
In this example, the Helm chart new version of CNFs v1.3.2 is v150.480.0-0.1.52.
helm upgrade f5ingress tar/f5ingress-v150.480.0-0.1.52.tgz -n cnf-gateway -f f5ingress_overrides.yaml
Now, the CNF is upgraded from v1.3.1 to v1.3.2.
CNFs can be upgraded from v1.2.1 to v1.3.0. Refer to Upgrading CNFs from v1.2.1 to v1.3.0 section.
Next step¶
Continue to the Cluster Requirements to ensure the cluster has the required software components.