Release Notes

F5 Cloud-Native Network Functions (CNF) - 1.0.3

New Features and Improvements

  • The OTEL Collectors gather CNFs Pod metrics and statistics for third-party visualization software such as Prometheus and Grafana. Important: The OTEL Collectors require new CNFs Secrets.
  • The CNFs validation service ensures that CNFs CRs such as the F5BigTcpSetting profile are not eligible for deletion when referenced by traffic management CRs such as the F5BigContextSecure. Important: The CNFs Validation service requires new CNFs Secrets.
  • Role-based Access Control (RBAC) can now be applied to limit the resources and namespaces that the BIG-IP Controller can manage. Refer to the CNFs RBAC guide.
  • The cert-gen utility can automatically generate the Secrets used to secure CNFs Pod communication. Refer to Using cert-gen in the CNFs Secrets guide.

Bug Fixes

1122713 (TMM)

The TMM Pod can now be configured to use a service account other than the default.

Known Issues

1141789 (TMM)

The tmctl -d blade protocol_inspection_stats command may fail to display traffic statistics after the TMM process restarts and creates a core file.

1141413 (TMM)

The F5BigIpsPolicy may fail to process application traffic after the TMM Pod restarts.

Workaround: Delete the installed CRs, reinstall the F5BigIpsPolicy first, and then the F5BigContextSecure.

kubectl delete -f f5-big-context-secure.yaml
kubectl delete -f f5-big-ips-policy.yaml
kubectl apply -f f5-big-ips-policy.yaml
kubectl apply -f f5-big-context-secure.yaml

1122093 (TMM)

When modifying the value of the F5BigPePolicy CR’s ratePacing.udp.maxRate parameter, the new value may not be applied to the TMM Proxy Pod.

Workaround: Delete and reapply the F5BigPePolicy CR after updating the ratePacing.udp.maxRate parameter.

kubectl delete -f <policy-name>.yaml
kubectl apply -f <policy-name>.yaml

1120941 (TMM)

The TMM Proxy Pod may restart when the F5BigContextSecure CR processes UDP packets. This issue occurs when the F5BigContextSecure CR profile value is set to fastL4, the ipProtocol value is set to any, and the CR references a F5BigPeProfile CR.

Workaround: When setting the F5BigContextSecure CR profile value to fastL4, ensure the ipProtocol value is set to tcp.

1112949 (Controller)

The F5BigNatPolicy configuration may appear missing after restarting the TMM Proxy Pod, causing subscriber NAT connections to fail.

Workaround: Delete the AFM Pod to spawn a new instance, and restore gRPC communication between the BIG-IP controller and PCCD.

kubectl delete pod <afm-pod-name> -n <namespace>

1072413 (Controller)

When trying to identify applications detected by the F5BigClassificationprofile CR, the tmctl -d blade gpa_classification_stats command output displays application IDs (205.5460) instead of application names (tcp.open_ssh).

Workaround: Perform the following steps to display the application names.

  1. Helm uninstall the f5ingress deployment.

    helm uninstall f5ingress -n cnf-gateway

  2. Delete the mapping CR that was provided in the CRD bundle, and apply it again, targetting the BIG-IP Controller’s namespace.

    kubectel delete -f f5-cnf-crds-n6lan/templates/f5-big-classification_mapping.yaml

    kubectel apply -f f5-cnf-crds-n6lan/templates/f5-big-classification_mapping.yaml -n <namespace>

  3. Delete the F5BigClassificationprofile CR.

    kubectl delete -f cnf-class-profile.yaml

  4. Helm install the f5ingress delployment.

    helm uninstall f5ingress tar/f5ingress-6.0.14.tgz -n cnf-gateway

  5. Check the f5ingress logs for Adding or Updating F5DynamicAppsCategories message.

  6. Reapply the classification CR

    kubectl apply -f cnf-class-profile.yaml

1063321 (TMM)

When multiple TMMs are running in a single Namespace, the IP addresses allocated by the F5BigNatPolicy are not reclaimed and reallocated after scaling the TMM deployment down and back up. Client connections may fail due to NAT IP address exhaustion.

Workaround: Delete and reinstall the F5BigNatPolicy CR.

1053293 (Controller)

TMM Proxy Pods may fail to receive a self-IP address when the F5BigNetVlan CR allocates the same number self-IPs as running TMM Proxy Pods.

Workaround: Configure the F5BigNetVlan to allocate twice the number of self-IP addresses as running TMM Proxy Pods.

Software upgrades

Use these steps to upgrade the CNFs software components:

_images/spk_warn.png Important: Steps 2 through 4 should be performed together, and during a planned maintenance window.

  1. Review the New Features and Improvements section above, and integrate any updates into the existing configuration. Do not apply Custom Resource (CR) updates until after the BIG-IP Controller has been upgraded.
  2. Follow Install the CRDs in the CNFs Software guide to upgrade the CRDs. Be aware that newly applied CRDs will replace existing CRDs of the same name.
  3. Uninstall the previous version BIG-IP Controller, and follow the Installation procedure in the BIG-IP Controller guide to upgrade the Controller and TMM Proxy Pods. Upgrades have not yet been tested using Helm Upgrade.
  4. Once the BIG-IP Controller and TMM Proxy Pods are available, apply any updated CR configurations (step 1) using the kubectl apply -f <file> command.
  5. The dSSM Databases can be upgraded at anytime using the Upgrading dSSM guide.
  6. The Fluentd Logging collector can be upgraded anytime using Helm Upgrade. Review Extract the Images in the CNF Software guide for the new Fluentd Helm chart location.

Next step

Continue to the Cluster Requirements guide to ensure the cluster has the required software components.