F5 Service Proxy for Kubernetes (SPK) - v1.6.1
- When generating Secrets used to secure the RabbitMQ and CWC channel, the svc.cluster.local DNS suffix has been removed from the subject alternate name (SAN). If you previously generated Secrets including the DNS suffix, refer to the Create cluster Secrets and CWC certificates section of the SPK CWC installation guide for the updated command syntax. This change was implemented with improvement bug 1137789.
New Features and Improvements¶
- The SPK CWC telemetry report has been enhanced with Custom Resource Definition (CRD) usage summary details for cluster billing purposes. Refer to SPK Licensing guide.
- Jumbo Frames - The maximum transmission unit (MTU) must be the same size on both ingress and egress interfaces. Packets over 9000 bytes are dropped.
Custom Resources (CR) like the F5SPKIngressHTTP2 CR now process bi-directional traffic in non-ICNI2.0 environments.
When TMM is configured to use the F5SPKEgress CR’s DNS46 feature, processing performance is now equal to the previous SPK software releases.
The F5SPKIngressHTTP2 CR requires SSL/TLS for both server-side and client-side traffic. The CR now supports non-SSL and TLS traffic toward the service object endpoints.
Static routes created by the F5SPKIngressGTP CR no longer remain in the TMM configuration after the CR is deleted, or the service object endpoints are scaled down.
When TMM processes application traffic using an F5SPKIngressTCP or F5SPKIngressUDP CR’s and persistence is enabled, TMM no longer sends traffic to unavailable service endpoints (pool members) after scaling down the application pods.
When the F5SPKIngressTCP or F5SPKIngressUDP CR’s
spec.persist.mode parameter is set to
PERSIST_TYPE_SRCADDR, the persistence records no longer delete from the dSSM database after the configured timeout period, even though the session is active. The database entry is now reset to the timeout value when connection responses are received.
Static routes are not created when the F5SPKStaticRoute CR’s
interface parameter sets the routing destination.
Ingress transactions per section (TPS) is lower when TMM is configured with the maxiumum MTU of 9000.
TMM may stop processing network packets after numerous DPDK buffer allocation or DPDK transmission errors.
When the F5SPKEgress CR’s
dnsNat46Enabled parameter is set to enabled, the SPK Controller does not validate that a required F5SPKDnscache CR is referenced using the
When TMM processes application traffic using an F5SPKIngressTCP CR, the virtual server used to process application traffic is not deleted from the configuration after the referenced service object is deleted.
Perform one of the following workarounds:
- Delete the F5SPKIngressTCP CR and re-apply it.
- Before deleting the service, scale the endpoints to zero.
When the F5SPKIngressHTTP2 CR’s
sslFileWatchMode parameter is set to SSL_FILE_WATCH_MODE_KUBERNETES_SECRET_STORE, TMM does not update the CR configuration after SSL/TLS key/certificate changes occur.
sslFileWatchMode parameter to SSL_FILE_WATCH_MODE_FILES_IN_SHARED_VOLUME to update TMM’s running configuration when Kubernetes Secret values change. This is the default setting.
Use these steps to upgrade the SPK software components:
Important: Steps 2 through 5 should be performed together, and during a planned maintenance window.
- Review the New Features and Improvements section above, and integrate any updates into the existing configuration. Do not apply Custom Resource (CR) updates until after the SPK Controller has been upgraded (step 3).
- Follow Install the CRDs in the SPK Software guide to upgrade the CRDs. Be aware that newly applied CRDs will replace existing CRDs of the same name.
- Uninstall the previous version SPK Controller, and follow the Installation procedure in the SPK Controller guide to upgrade the Controller and TMM Pods. Upgrades have not yet been tested using Helm Upgrade.
- Once the SPK Controller and TMM Pods are available, apply any updated CR configurations (step 1) using the
oc apply -f <file>command.
- Follow the Upgrading DNS46 entries section of the F5SPKEgress CR guide to upgrade any entries created in versions 1.4.9 and earlier.
- Uninstall the previous version SPK CWC, and follow the Install the CWC procedure in the SPK CWC guide to upgrade the CWC Pod. Upgrades have not yet been tested using Helm Upgrade.
- The dSSM Databases can be upgraded at anytime using the Upgrading dSSM guide.
- The Fluentd Logging collector can be upgraded anytime using Helm Upgrade. Review Extract the Images in the SPK Software guide for the new Fluentd Helm chart location.
Continue to the Cluster Requirements guide to ensure the OpenShift cluster has the required software components.