Deploy F5 Insight Services on OpenStack Instance

This guide walks you through the process of creating and deploying an F5 Insight Services virtual machine instance from a qcow2 image on a KVM hypervisor.

Overview

F5 Insight Services is a comprehensive monitoring and analytics platform designed specifically for F5 BIG-IP devices. It delivers powerful capabilities to help you manage and optimize your infrastructure:

Benefits and key features

  • Real-time device monitoring — Continuously monitors F5 BIG-IP devices at configurable intervals.
  • AI-powered insights — Uses artificial intelligence to analyze metrics and provide intelligent recommendations.
  • Advanced data pipeline — Built on OpenTelemetry with Prometheus for metrics collection and ClickHouse for high-performance data storage.
  • Modern UI — Features a React-based dashboard with customizable visualizations.
  • External Grafana integration — Integrates with external Grafana instances for advanced dashboards and analytics.

By following this guide, you will deploy F5 Insight as a virtual machine on your VMware infrastructure using the pre-built OVA image. This gives you immediate access to monitoring and analytics capabilities for your F5 BIG-IP environment.

Prerequisites

Before you begin, confirm the following requirements are in place.

VMware environment specifications

Configure the virtual machine with these minimum resources:

Resource Minimum requirement Notes
CPU 8 cores Analysis requirements vary by workload. Monitor and scale CPU as necessary.
Memory 16 GB RAM Standard minimum for F5 Insight operations.
Disk space 600 GB total Includes 500 GB for initial installation and 100 GB for OS and updates. The 500 GB initial allocation supports approximately 50 BIG-IP instances. For every additional 50 BIG-IP instances, plan to add an incremental 500 GB of storage.

Network and Connectivity Requirements

Ensure the following network connectivity:

Category Requirement / Rule Direction
External access Connectivity from F5 Insight to product.apis.f5.com:443 for “connected” license activation and updates (optional if using disconnected mode licensing) See Licensing and entitlement for disconnected mode licensing for environments that do not allow outbound internet access Outbound
External access Connectivity from F5 Insight to us.edge.df.f5.com:443 for F5 AI Data Fabric (AIDF) (optional) Outbound
External access Connectivity from F5 Insight to an OpenAI-compatible or Anthropic server for large language model (LLM) insights (optional) Outbound
Internal access Connectivity from F5 Insight to BIG-IP devices Outbound
Internal access Connectivity from F5 Insight to an OpenAI-compatible server for LLM insights (optional) Outbound
Firewall (SSH) Port 22 Inbound to F5 Insight
Firewall (HTTPS) Port 443 Inbound to F5 Insight
Firewall (management) Port 443 Outbound to BIG-IP management port

Access requirements

  • Valid my.f5.com credentials
  • Admin credentials for your BIG-IP device

Architecture overview

F5 Insight operates as a collection of containerized microservices orchestrated by K3s, a lightweight Kubernetes distribution designed for resource-efficient deployments.

Key components

Kubernetes platform:

  • K3s — Lightweight Kubernetes distribution (automatically installed).
  • Helm — Package manager for Kubernetes (pre-installed).

Application services:

  • Container images — All service images are pre-loaded during image build.
  • Persistent storage — F5 Insight stores data in persistent storage.

Download the F5 Insight qcow2 Image

Log into my.f5.com credentials

Scroll down to the bottom of the page and choose f5insight-<version>.qcow2

Creating the VM instance

Creating the VM Instance

Using OpenStack GUI

  1. Open Openstack:

    https://"insertyouropenstackurlhere"/project/instances/

  2. Import the qcow2 image in Horizon:

    Reference: Create and manage images in Horizon

    • In Horizon, open the project where you plan to launch the VM.
    • Navigate to Compute -> Images.
    • Click Create Image.
    • Complete the image fields:
      • Name: for example, f5-insight-<version>
      • Description: optional
      • Image Source: Image File
      • Image File: select the downloaded f5insight-<version>.qcow2
      • Format: QCOW2 - QEMU Emulator
      • Architecture: x86_64
      • Minimum Disk (GB) and Minimum RAM (MB): We recommend 600 GB and 16384 MB respectively, but you can adjust based on your needs.
      • Public: select only if the image should be shared across projects
      • Protected: optional, prevents accidental image deletion
    • Click Create Image.
    • Wait until image status changes from Queued to Active before launching the instance.

  3. Create New VM:

    1. Navigate to “Instances”
    2. Click “Launch Instance”
    3. Type the Instance Name for ex: f5-insight-01
    4. Click “Next”

  4. Specify Disk Image:

    1. Select Boot Source as Image
    2. Search for your f5insight-<VERSION>
    3. Select the Image
    4. Click “Next”

  5. Configure Memory and CPU:

    1. Select Flavor (for ex: CPUs: 8, RAM 16GB, Disk 600GB)
    2. Click “Next”

  6. Configure Network:

    1. Configure your settings

  7. Add Cloud-Init:

    1. Click Configuration.
    2. Input the Cloud-Init. For example, the following config sets admin/admin credentials.
    3. Please refer for different cloud-init configs
    4. Do not remove #cloud-config from the Cloud-Init file.
    5. Click Next.
    #cloud-config
chpasswd:
  expire: false
  users:
    - name: admin
    # you can change the password here
      password: "F5ChangeM3"
      type: text
    Add Cloud Init

  8. Start VM:

    1. Click Launch Instance

    The VM will start and boot into F5 Insight

Initial VM configuration

  1. Wait for first boot to complete.

    The F5 Insight VM runs an automated first-boot setup script that:

    1. Initializes the K3s cluster.
    2. Deploys all services through Helm.
    3. Configures persistent storage.
    4. Sets up secrets and certificates.

    This process takes approximately five to 10 minutes.

    Monitor the first boot progress:

    # SSH into the VM (use the IP address shown in Horizon instance details)
ssh admin@<VM_IP_ADDRESS>

# Watch the first boot logs
sudo tail -f /opt/f5insight/logs/f5insight-startup.log

# Check systemd service status
sudo systemctl status f5insight-first-boot.service

# When complete, you should see:
# f5insight-first-boot.service - F5 Insight First Boot Setup
# Loaded: loaded (/etc/systemd/system/f5insight-first-boot.service; enabled)
# Active: inactive (dead) since ...

    Note

    You can find the VM IP address from the OpenStack Horizon instance details page or from the instance console after boot.

  2. Verify services are running.

    # Check K3s status
sudo systemctl status k3s

# Check all pods in f5-insight namespace
sudo kubectl get pods -n f5-insight

# Expected output (all pods should be Running or Completed):
# admin@f5-insight-xx:~$ sudo kubectl get pods -n f5-insight
# NAME                              READY   STATUS      RESTARTS   AGE
# backend-xxxx                      2/2     Running     0          45s
# cacher-xxxx                       2/2     Running     0          45s
# clickhouse-0                      2/2     Running     0          44s
# f5-insight-node-exporter-xxxx     2/2     Running     0          45s
# f5-insight-postgres-0             2/2     Running     0          44s
# f5-insight-postgres-init-xxxx     0/1     Completed   0          44s
# f5-insight-vault-0                3/3     Running     0          44s
# frontend-xxxx                     2/2     Running     0          45s
# otel-collector-xxxx               2/2     Running     0          45s
# system-manager-xxxx               2/2     Running     0          45s
# victoriametrics-0                 2/2     Running     0          44s
# vmagent-xxxx                      2/2     Running     0          45s
# vmalert-xxxx                      2/2     Running     0          45s

# Check services
sudo kubectl get svc -n f5-insight

  3. Verify network connectivity.

    # Test external connectivity
curl -I https://www.google.com

# Check if VM can reach your BIG-IP devices
ping <BIGIP_IP_ADDRESS>
telnet <BIGIP_IP_ADDRESS> 443

Accessing F5 Insight Services

Once the VM is fully initialized, you can access the following services.

Web interface

Service URL Default credentials
F5 Insight UI https://<VM_IP> Credentials provisioned through cloud-init

First-time access

  1. Open the F5 Insight UI: https://<VM_IP>:443
  2. Log in with the credentials you configured in cloud-init.

Post-Installation configuration and licensing

  1. Login with your credentials to F5 Insight https://<VM_IP>:443
  2. Once you login, click “Get Started”
  1. Input JWT and Click “Validate & Activate License”

Configure AI Provider API Keys

  1. Select your large language model (LLM) provider, enter the corresponding credentials, and click Save & Continue.

  2. Enter your F5 AI Data Fabric (AIDF) credentials. You can get the credentials from your account team.

    Note

    If AIDF is not yet available for your deployment, click Skip for Now.

Add BIG-IP devices to F5 Insight

After you click Skip for Now, you will see a page to start fresh or import configuration from an existing Application Study Tool instance.

If you choose Start Fresh, you can add a certificate authority (CA), add devices through YAML, or add individual devices manually. You must also choose which module or data you want to see populated.

Note

We recommended using a CA when adding devices, but that configuration is optional.

Note

In addition, we’re going to ask that you sort your BIG-IP devices by datacenter. Tagging of devices to a specific datacenter is crucial in providing timely alerts, cross comparison of performance and much more.

If you choose to go the YAML route, please paste the following files.

Once done, you’ll be sent to the homepage

Configure BIG-IP for additional application telemetry

F5 Insight OTEL Syslog receiver will be listening on 30514 port for SSLO logs / iRule Telemetry

On BIG-IP (via TMSH or GUI):