Release Notes

F5 Service Proxy for Kubernetes (SPK) - v1.4.10

Important Changes

  • The SPK Controller values.yaml file contains Helm entries for the AFM and IPSD products. These configurations are disabled, and should not be enabled for this software release.

New Features and Improvements

The F5SPKEgress CR’s DNS46 feature includes the following updates:

  • Support for both TCP and UDP DNS connectivity.
  • The mrfdb tool simplifies manually creating DNS46 mapping entries in the dSSM database.
  • New maxTmmReplicas and maxReservedStaticIps parameters improve IPv4 address mapping allocation.

Software upgrades

Use these following steps to upgrade the SPK software components:

_images/spk_warn.png Important: Steps 2 through 4 should be performed together, and during a planned maintenance window.

  1. Review the New Features and Improvements section above, and integrate any updates into the existing configuration. Do not apply Custom Resource (CR) updates until after the SPK Controller has been upgraded (step 3).
  2. Follow Install the CRDs in the SPK Software guide to upgrade the CRDs. Be aware that newly applied CRDs replace existing CRDs of the same name.
  3. Uninstall the previous version SPK Controller, and follow the Installation procedure in the SPK Controller guide to upgrade the Controller and TMM Pods. Upgrades have not yet been tested using Helm Upgrade.
  4. Once the SPK Controller and TMM Pods are available, apply updated CR configurations using the oc apply -f <file> command.
  5. Follow the Upgrading DNS46 entries section of the F5SPKEgress CR guide to upgrade entries created in versions 1.4.9 and earlier.
  6. The dSSM Databases can be upgraded anytime using the Upgrading dSSM guide.
  7. The Fluentd Logging collector can be upgraded anytime using Helm Upgrade. Review Extract the Images in the SPK Software guide for the new Fluentd Helm chart location.

Limitations

  • Jumbo Frames - The maximum transmission unit (MTU) must be the same size on both ingress and egress interfaces. Packets over 8000 bytes are dropped.

Bug Fixes

No bug fixes are included in this release.

Known Issues

1092013 (TMM Routing)

The IMI shell (imish) may not be accessible after a TMM container restart.

Workaround:

Log in to the f5-tmm-routing container and restart the imi process.

1. oc exec -it deploy/f5-tmm -c f5-tmm-routing -- bash
2. ps ax | grep imi
3. kill -9 482

1091997 (TMM)

In dual-stack configurations, application traffic SPK CRs remain in the TMM configuration, even when the watched application is scaled to 0.

Workaround:

Scale the TMM Pod down/up.

1. oc scale deploy/f5-tmm --replicas 0
2. Wait for f5-tmm to terminate
3. oc scale deploy/f5-tmm --replicas 1

1091937 (Controller)

When an F5SPKSnatpool CR is installed and the TMM container restarts, TMM may receive the wrong SNAT Pool IP address, causing some egress connnections to fail.

1090249 (Controller)

When one of the application traffic SPK CRs is installed and the TMM container restarts, TMM may not receive the application traffic configuration, causing traffic processing to fail.

1089509 (Controller)

When an F5SPKVlan CR is installed and the TMM container restarts, TMM may not receive the network interface configuration, causing traffic processing for the TMM Pod to fail.

1072957 (Controller)

SNAT IP addresses are selected randomly from the SNAT pool for UDP connections, causing Pods to send packets to destinations outside of the cluster.

Workaround:

Delete the internal VLAN, scale the TMM Pod down/up, and then reinstall the VLAN.

1. oc delete -f vlan.yaml
2. oc scale deploy/f5-tmm --replicas 0
3. Wait for f5-tmm to terminate
4. oc scale deploy/f5-tmm --replicas 1
5. ip route show
6. oc apply -f vlan.yaml

Next step

Continue to the Cluster Requirements guide to ensure the OpenShift cluster has the required software components.