Deploying F5 Insight Services on OpenStack Instance¶
This guide walks you through the process of creating and deploying an F5 Insight Services virtual machine instance from a qcow2 image on a KVM hypervisor.
Overview¶
F5 Insight Services is a comprehensive monitoring and analytics platform designed specifically for F5 BIG-IP devices. It delivers powerful capabilities to help you manage and optimize your infrastructure:
Benefits and Key Features¶
- Real-time Device Monitoring: Continuously monitors F5 BIG-IP devices at configurable intervals
- AI-Powered Insights: Leverages artificial intelligence to analyze metrics and provide intelligent recommendations
- Advanced Data Pipeline: Built on OpenTelemetry with Prometheus for metrics collection and ClickHouse for high-performance data storage
- Modern UI: Features a React-based dashboard with customizable visualizations
- External Grafana Integration: Seamlessly integrates with external Grafana instances for advanced dashboards and analytics
By following this guide, you will successfully deploy F5 Insight Services as a virtual machine on your KVM-based hypervisor using pre-built qcow2 disk images, giving you immediate access to powerful monitoring and analytics capabilities for your F5 BIG-IP environment.
Prerequisites¶
Before you begin, ensure you have the following requirements in place:
F5 Insight VM Hardware Requirements¶
Configure the virtual machine with these minimum resources:
| Resource | Minimum Requirement | Notes |
|---|---|---|
| CPU | 8 cores | Analysis requirements vary by workload, please monitor the CPU and add additional CPU as necessary. |
| Memory | 16 GB RAM | Standard minimum for F5 Insight operations. |
| Disk Space | 600 GB Total | Includes 500GB for initial installation and 100GB for OS and updates. The 500GB initial allocation supports 50 BIG-IP instances. Plan for an additional 500GB for every incremental 50 BIG-IP instances added. |
Network and Connectivity Requirements¶
Ensure the following network connectivity:
| Category | Requirement / Rule | Direction |
|---|---|---|
| External Access | Connectivity from F5 Insight to product.apis.f5.com:443 for “connected” license activation and updates. (optional if using Disconnected Mode Licensing)
See Licensing and Entitlement for Disconnected Mode Licensing for environments that do not allow outbound internet access. |
Outbound |
| External Access | Connectivity from F5 Insight to us.edge.df.f5.com:443 for F5 AI Data Fabric (AIDF) (optional) |
Outbound |
| External Access | Connectivity from F5 Insight to OpenAI compatible/Anthropic server for LLM Insights (optional) | Outbound |
| Internal Access | Connectivity from F5 Insight to BIG-IP devices | Outbound |
| Internal Access | Connectivity from F5 Insight to OpenAI compatible server for LLM Insights (optional) | Outbound |
| Firewall (SSH) | Port 22 | Inbound to F5 Insight |
| Firewall (HTTPS) | Port 443 | Inbound to F5 Insight |
| Firewall (Mgmt) | Port 443 | Outbound to BIG-IP Management Port |
Architecture Overview¶
F5 Insight Services operates as a collection of containerized microservices orchestrated by K3s, a lightweight Kubernetes distribution designed for resource-efficient deployments.
Key Components¶
Kubernetes Platform:
- K3s: Lightweight Kubernetes distribution (automatically installed)
- Helm: Package manager for Kubernetes (pre-installed)
- Application Services:
- Container Images: All service images are pre-loaded during image build
- Persistent Storage: F5 Insight stores data in persistent storage
Download the F5 Insight qcow2 Image¶
Log into my.f5.com credentials
Scroll down to the bottom of the page and choose f5insight-<version>.qcow2
Creating the VM instance¶
Creating the VM Instance
Using OpenStack GUI¶
Open Openstack:
https://"insertyouropenstackurlhere"/project/instances/
Import the qcow2 image in Horizon:
Reference: Create and manage images in Horizon
- In Horizon, open the project where you plan to launch the VM.
- Navigate to Compute -> Images.
- Click Create Image.
- Complete the image fields:
- Name: for example,
f5-insight-<version> - Description: optional
- Image Source:
Image File - Image File: select the downloaded
f5insight-<version>.qcow2 - Format:
QCOW2 - QEMU Emulator - Architecture:
x86_64 - Minimum Disk (GB) and Minimum RAM (MB): We recommend 600 GB and 16384 MB respectively, but you can adjust based on your needs.
- Public: select only if the image should be shared across projects
- Protected: optional, prevents accidental image deletion
- Name: for example,
- Click Create Image.
- Wait until image status changes from
QueuedtoActivebefore launching the instance.
Create New VM:
- Navigate to “Instances”
- Click “Launch Instance”
- Type the Instance Name for ex: f5-insight-01
- Click “Next”
Specify Disk Image:
- Select Boot Source as Image
- Search for your f5insight-<VERSION>
- Select the Image
- Click “Next”
Configure Memory and CPU:
- Select Flavor (for ex: CPUs: 8, RAM 16GB, Disk 600GB)
- Click “Next”
Configure Network:
- Configure your settings
Add Cloud-Init:
- Click Configuration
- Input the Cloud-Init for ex: following is config for setting admin/admin creds
- Please refer for different cloud-init configs
- Do not remove “#cloud-config” from the cloud-init file.
- Click “Next”
#cloud-config chpasswd: expire: false users: - name: admin # you can change the password here password: "F5ChangeM3" type: text
Start VM:
- Click Launch Instance
The VM will start and boot into F5 Insight
Initial VM Configuration¶
Wait for First Boot to Complete
The F5 Insight VM runs an automated first-boot setup script that:
- Initializes K3s cluster
- Deploys all services via Helm
- Configures persistent storage
- Sets up secrets and certificates
This takes approximately 5-10 minutes.
Monitor the first boot progress:
# SSH into the VM (use the IP address shown in Horizon instance details) ssh admin@<VM_IP_ADDRESS> # Watch the first boot logs sudo tail -f /opt/f5insight/logs/f5insight-startup.log # Check systemd service status sudo systemctl status f5insight-first-boot.service # When complete, you should see: # f5insight-first-boot.service - F5 Insight First Boot Setup # Loaded: loaded (/etc/systemd/system/f5insight-first-boot.service; enabled) # Active: inactive (dead) since ...
Note
You can find the VM IP address from the OpenStack Horizon instance details page or from the instance console after boot.
Verify Services are Running
# Check K3s status sudo systemctl status k3s # Check all pods in f5-insight namespace sudo kubectl get pods -n f5-insight # Expected output (all pods should be Running or Completed): # admin@f5-insight-xx:~$ sudo kubectl get pods -n f5-insight # NAME READY STATUS RESTARTS AGE # backend-xxxx 2/2 Running 0 45s # cacher-xxxx 2/2 Running 0 45s # clickhouse-0 2/2 Running 0 44s # f5-insight-node-exporter-xxxx 2/2 Running 0 45s # f5-insight-postgres-0 2/2 Running 0 44s # f5-insight-postgres-init-xxxx 0/1 Completed 0 44s # f5-insight-vault-0 3/3 Running 0 44s # frontend-xxxx 2/2 Running 0 45s # otel-collector-xxxx 2/2 Running 0 45s # system-manager-xxxx 2/2 Running 0 45s # victoriametrics-0 2/2 Running 0 44s # vmagent-xxxx 2/2 Running 0 45s # vmalert-xxxx 2/2 Running 0 45s # Check services sudo kubectl get svc -n f5-insight
Verify Network Connectivity
# Test external connectivity curl -I https://www.google.com # Check if VM can reach your BIG-IP devices ping <BIGIP_IP_ADDRESS> telnet <BIGIP_IP_ADDRESS> 443
Accessing F5 Insight Services¶
Once the VM is fully initialized, you can access the services:
Web Interfaces¶
| Service | URL | Default Credentials |
|---|---|---|
| F5 Insight UI | https://<VM_IP> | Credentials provisioned via cloud-init |
First Time Access¶
Open F5 Insight UI:
https://<VM_IP>:443Login with your credentials
Post-Installation Configuration and Licensing¶
- Login with your credentials to F5 Insight
https://<VM_IP>:443 - Once you login, click “Get Started”
- Input JWT and Click “Validate & Activate License”
Configure AI Provider API Keys¶
- Select your LLM provider and fill the corresponding credentials and Click “Save & Continue”
- Insert your AIDF credentials. You can get the credentials from your account team. However, for now due to beta, please click “Skip for Now”.
Add BIG-IP Devices to F5-Insights¶
Once you press “Skip for Now” you will be greeted with a page to “Start Fresh or Import configuration from Existing Application Study Tool Instance.
If you choose to “Start Fresh” you’ll have the option to add a CA, add devices via YAML, or add individual devices manually. In addition, you must choose which module or data you would like to see populated.
Note
We recommended using a CA when adding devices, but that configuration is optional.
Note
In addition, we’re going to ask that you sort your BIG-IP devices by datacenter. Tagging of devices to a specific datacenter is crucial in providing timely alerts, cross comparison of performance and much more.
If you choose to go the YAML route, please paste the following files.
Once done, you’ll be sent to the homepage
Configure BIG-IP for additional Application Logs/Telemetry¶
F5 Insight OTEL Syslog receiver will be listening on 30514 port for SSLO logs / iRule Telemetry
On BIG-IP (via TMSH or GUI):
# Create a pool for F5 Insight (replace <VM_IP> with your F5 Insight VM IP address)
tmsh create ltm pool f5insight_hsl_pool \
members add { <VM_IP>:514 } \
monitor tcp
# Create remote high-speed log destination
tmsh create sys log-config destination remote-high-speed-log f5insight_hsl \
pool-name f5insight_hsl_pool \
protocol tcp
# Create Splunk-formatted log destination for structured messages
tmsh create sys log-config destination splunk f5insight_splunk \
forward-to f5insight_hsl
# Create log publisher to route logs to the destination
tmsh create sys log-config publisher f5insight_publisher \
destinations add { f5insight_splunk }
# Save the configuration changes
tmsh save sys config