Rollback CNFs v2.0.0 to v1.4.0¶
This section outlines the rollback procedures for various F5 components deployed using Helm. Follow the instructions for each component carefully to ensure successful rollbacks.
F5 recommends you rollback to a previous version when a newly deployed CNF pod in your cluster runs into any issue. For example, an application downtime due to errors while upgrading or the deployment process does not complete successfully.
Important: Before you perform a rollback, ensure that you identify the cause of the failure and confirm whether a rollback will resolve the issue.
To successfully rollback to CNFs v1.4.0 from v2.0.0, follow the instructions provided in the following sections:
- Rollback the F5Ingress
- Rollback the dSSM
- Rollback the Toda-fluentd
- Rollback the CWC Pod
- Rollback the RabbitMQ Pod
- Rollback the Cert Manager
Rollback the F5Ingress¶
Following is the procedure to rollback f5ingress pod:
Run the helm upgrade command to rollback to desired version since helm rollback command is not supported.
helm upgrade <deployment-name> <1.4.0 tarball-path> -f <values.yaml>
Example:
In the following example, the Helm chart new version of CNFs v2.0.0 is 0.161.0-0.1.2.
helm upgrade f5ingress tar/f5ingress-v0.480.0-0.1.30.tgz -n cnf-gateway -f f5ingress_overrides.yaml.
Verify the rollback process and deployment status.
helm list -n productns
Sample output:
Release "f5ingress" has been upgraded. Happy Helming!
Rollback the dSSM¶
If the dSSM database is not performing as expected after the upgrade, rollback to the previous dSSM database version using the steps below:
List the current version of the dSSM database.
helm list -n cnf-gateway
In this example, the dSSM database version is v.22.1 and the REVISION version is 2:
NAME NAMESPACE REVISION STATUS CHART f5-dssm cnf-gateway 1 deployed f5-dssm-1.0.0
To grant the dssm-upgrade-hook container access the K8S API, create two YAML files with the following code, and set the
namespaceparameter to the dSSM installation Project:
Important: The dssm-upgrade-hook will fail to complete the upgrade without proper access to the K8S API.Example Role
kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: pods-list namespace: cnf-gateway rules: - apiGroups: ["", "apps"] resources: ["pods", "statefulsets", "statefulset"] verbs: ["get", "delete", "list", "watch"]
Example RoleBinding
kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: pods-list subjects: - kind: ServiceAccount name: default namespace: cnf-gateway roleRef: kind: Role name: pods-list apiGroup: rbac.authorization.k8s.io
Create the
RoleandRoleBindingobjects using example contents in the previous step.oc create -f role.yaml
oc create -f role-binding.yaml
Rollback the dSSM database to the previous REVISION (installation version).
In this example, the previous REVISION is 1:
helm rollback f5-dssm 1
List the Helm REVISION (installation versions) of the dSSM database.
helm history f5-dssm
REVISION STATUS CHART APP VERSION DESCRIPTION 1 superseded f5-dssm-0.16.1 v0.16.1 Install complete 2 superseded f5-dssm-0.22.1 v0.22.1 Upgrade complete 3 deployed f5-dssm-0.16.1 v0.16.1 Rollback to 1
Verify the dSSM Pod STATUS is currently Running.
Note: It may take a few minutes for the rollback to complete.
oc get pods
NAME READY STATUS f5-dssm-db-0 2/2 Running f5-dssm-db-1 2/2 Running f5-dssm-db-2 2/2 Running f5-dssm-sentinel-0 2/2 Running f5-dssm-sentinel-1 2/2 Running f5-dssm-sentinel-2 2/2 Running
Rollback the Toda-fluentD¶
Rollback Toda-fluentD to the previous version.
In the example below,
1is the REVISION number for downgrading the pod. To find the most recent previous version’s revision number, use thehelm history <release-name>command.helm rollback f5-toda-fluentd 1 -n cnf-gateway
Sample Output:
Rollback was a success! Happy Helming!
View the historical revisions (versions) of a deployed Toda-fluentD release.
helm history f5-toda-fluentd -n cnf-gateway
Sample Output:
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION 1 Sun Apr 6 00:18:32 2025 superseded f5-toda-fluentd-3.0.28 3.0.28 Install complete 2 Mon Apr 7 16:16:46 2025 superseded f5-toda-fluentd-1.31.12-10.0.8 1.31.12-10.0.8 Upgrade complete 3 Fri Apr 11 15:55:28 2025 deployed f5-toda-fluentd-3.0.28 3.0.28 Rollback to 1
Rollback the CWC Pod¶
Important:
- This note applies only to the CWC pod. When using Helm rollback or downgrading by using Helm upgrade from CNFs v2.0.0 to an earlier version (CNFs versions < 2.0.0), you must include the
--forceflag to successfully perform the rollback.- If you use the helm upgrade command to rollback to an earlier version (CNFs versions < 2.0.0), use the CWC Helm chart version specified in the desired CNF version tarball.
Rollback CWC pod to the previous version.
In the example below,
1is the REVISION number for downgrading the pod. To find the most recent previous version’s revision number, use thehelm history <release-name>command.helm rollback cwc 1 -n cnf-telemetry --force
Sample Output:
Rollback was a success! Happy Helming!
View the installed releases in
cnf-telemetrynamespace.helm list -n cnf-telemetry
View the historical revisions (versions) of a deployed CWC release.
helm history cwc -n cnf-telemetry
Sample Output:
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION 1 Fri Apr 11 11:42:30 2025 superseded cwc-2.0.21 2.0.21 Install complete 2 Fri Apr 11 12:11:52 2025 superseded cwc-0.41.34-10.0.18 0.41.34-10.0.18 Upgrade complete 3 Fri Apr 11 16:01:38 2025 deployed cwc-2.0.21 2.0.21 Rollback to 1
Rollback the RabbitMQ Pod¶
Important:
- This note applies only to the RabbitMQ pod. When using Helm rollback or downgrading by using Helm upgrade from CNFs v2.0.0 to an earlier version (CNFs versions < 2.0.0), you must include the
--forceflag to successfully perform the rollback.- If you use the helm upgrade command to rollback to an earlier version (CNFs versions < 2.0.0), use the RabbitMQ Helm chart version specified in the desired CNF version tarball.
Rollback RabbitMQ to the previous version.
In the example below,
1is the REVISION number for downgrading the pod. To find the most recent previous version’s revision number, use thehelm history <release-name>command.helm rollback rabbitmq 1 -n cnf-telemetry --force
Sample Output:
Rollback was a success! Happy Helming!
View the installed releases in
cnf-telemetrynamespace.helm list -n cnf-telemetry
Sample Output:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION cwc cnf-telemetry 4 2025-04-11 16:01:38.825916077 +0000 UTC deployed cwc-2.0.21 2.0.21 f5-certificate-manager cnf-telemetry 2 2025-04-09 13:52:48.330358417 +0000 UTC deployed f5-cert-manager-0.23.28-0.0.8 v2.2.3 f5-crd-conversion cnf-telemetry 1 2025-04-09 13:51:19.215929374 +0000 UTC deployed f5-crdconversion-0.16.15-0.0.10 v1.63.2 rabbitmq cnf-telemetry 4 2025-04-11 16:15:09.362891269 +0000 UTC deployed rabbitmq-2.0.8 2.0.8
View the historical revisions (versions) of a deployed RabbitMQ release.
helm history cwc -n cnf-telemetry
Sample Output:
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION 1 Mon Apr 21 13:02:57 2025 superseded rabbitmq-2.0.8 2.0.8 Install complete 2 Mon Apr 21 08:26:57 2025 superseded rabbitmq-0.5.10-10.0.14 0.5.10-10.0.14 Upgrade complete 3 Mon Apr 21 08:29:22 2025 deployed rabbitmq-2.0.8 2.0.8 Rollback to 1
Rollback the Cert Manager¶
Important:
- This note applies only to the Cert Manager. When using Helm rollback or downgrading via Helm upgrade from CNFs v2.0.0 to an earlier version (CNFs versions < 2.0), you must include the
--forceflag to successfully perform the rollback.- If you use the helm upgrade command to rollback to an earlier version (CNFs versions < 2.0), use the Cert Manager Helm chart version specified in the desired CNFs version tarball.
Downgrade Cert Manager to the previous version.
In the example below,
1is the REVISION number for downgrading the pod. To find the most recent previous version’s REVISION number, use thehelm history <release-name>command.helm rollback f5-certificate-manager 1 -n certmanager --force
Sample Output:
Rollback was a success! Happy Helming!
View the installed releases in
certmanagernamespace.helm list -n certmanager
View the historical revisions (versions) of a deployed Cert Manager release.
helm history f5-certificate-manager -n certmanager
Sample Output:
REVISION UPDATED STATUS CHART APP VERSION DESCRIPTION 1 Tue Apr 8 16:59:12 2025 superseded f5-cert-manager-0.5.12-0.0.5 v1.3.2 Install complete 2 Wed Apr 9 13:52:48 2025 superseded f5-cert-manager-0.23.28-0.0.8 v2.2.3 Upgrade complete 3 Sat Apr 12 12:46:29 2025 deployed f5-cert-manager-0.5.12-0.0.5 v1.3.2 Rollback to 1
Feedback
To provide feedback and help improve this document, please email us at cnfdocs@f5.com.]