Release Notes

F5 Service Proxy for Kubernetes (SPK) - v1.7.8

New Features and Improvements

The SPK v1.7.8 release is a bug fix only release.

Limitations

  • Jumbo Frames - The maximum transmission unit (MTU) must be the same size on both ingress and egress interfaces. Packets over 9000 bytes are dropped.

Bug Fixes

1576269 (Drivers)

TMM crashes when an invalid packet fragment is received from the driver. When the TMM container is deployed with a dpdk driver, it goes in to a restart loop upon receiving an invalid packet fragment.

Fix:

TMM drops the invalid packet fragments and updates the driver statistics to reflect the drop.

1575605 (Ingress)

Upon scaling, restart, or upgrade of the TMM pods, multiple TMMs are configured with same Self IPs. The TMM only picks up the Self IP, which was sent first and ignores the subsequent updates received from the f5ingress controller. The TMMs with duplicate Self IPs will not process the traffic.

Fix:

The F5ingress controller is hardened with a consistent way of identifying the ready TMMs. Based on that, managing self IPs across ready TMMs is refactored and fixed.

1572977 (Ingress)

If the controller pod restarts first and the TMM container restarts later, or when both restart simultaneously, then the restarted TMM pod will not have the VLAN and Self-IP configuration. Also, the restarted pod will not be able to process the traffic.

Fix:

This issues is now fixed. After restart, the controller pushes complete configuration again to all the TMMs, where only common configurations were sent earlier. The controller is also enhanced to send the TMM specific configurations as well.

Known Issues

1134241-2 (Egress)

The TMM Pod configuration may encounter a race condition after a restart or scaling up, leading to networking issues such as incorrect routing or address translations. This typically occurs within the first few seconds of the TMM Pod accepting traffic.

Workaround:

Delete all instances of Custom Resources that configure the TMM to process traffic before scaling the TMM pod, and reapply them after the newly scaled pods are in the ‘Running’ state.

Mitigation:

When ICNI2 is enabled, SPK controller applies OVN annotations to the Service Proxy TMM Pod. OVN then uses SR-IOV and TMM’s internal interface as a gateway for all egress traffic in the Project. SPK controller adds the annotation once it has sent all the config to the newly scaled up TMM Pod. In rare scenarios, the config on TMM might not have taken effect when the SPK controller adds the annotations leading to traffic problem. The workaround is for SPK controller to wait for a period after sending the config and before annotating the pod. The delay is configurable in ingress-values.yaml file as shown below.

  controller:
    annotationDelay: 20

Min value - 10, Max value - 60, and Default value - 20 (The value is in seconds).

If the deployment involves large number of CRs or applications, it is recommended to use a higher values since the newly scaled up TMM would have to process a larger configuration blob.

Software upgrades

Use these steps to upgrade the SPK software components:

_images/spk_warn.png Important: Steps 2 through 5 should be performed together, and during a planned maintenance window.

  1. Review the New Features and Improvements section above, and integrate any updates into the existing configuration. Do not apply Custom Resource (CR) updates until after the SPK Controller has been upgraded (step 3).
  2. Follow Install the CRDs in the SPK Software guide to upgrade the CRDs. Be aware that newly applied CRDs will replace existing CRDs of the same name.
  3. Uninstall the previous version SPK Controller, and follow the Installation procedure in the SPK Controller guide to upgrade the Controller and TMM Pods. Upgrades have not yet been tested using Helm Upgrade.
  4. Once the SPK Controller and TMM Pods are available, apply any updated CR configurations (step 1) using the oc apply -f <file> command.
  5. Follow the Upgrading DNS46 entries section of the F5SPKEgress CR guide to upgrade any entries created in versions 1.4.9 and earlier.
  6. Uninstall the previous version SPK CWC, and for 1.7.0 and later installations RabbitMQ, and follow the Install RabbitMQ and Install CWC procedures in the SPK CWC guide to upgrade the Pods. Upgrades have not yet been tested using Helm Upgrade.
  7. The dSSM Databases can be upgraded at anytime using the Upgrading dSSM guide.
  8. The Fluentd Logging collector can be upgraded anytime using Helm Upgrade. Review Extract the Images in the SPK Software guide for the new Fluentd Helm chart location.

Next step

Continue to the Cluster Requirements guide to ensure the OpenShift cluster has the required software components.