Release Notes

F5 Service Proxy for Kubernetes (SPK) - v1.8.0

New Features and Improvements

  • Supports the Canary deployment strategy for upgrading the SPK application pods to a newer version. Refer to the Canary Deployment Strategy guide.
  • Supports the Blue-Green deployment strategy for releasing new software versions. This is done by maintaining two identical environments, one of which is a test environment where new software is deployed. Once confidence in the test environment is built, it is switched into the role of the live environment. This reduces software downtime and makes rollback changes easy. Refer to the Blue-Green Deployment Strategy guide.
  • SPK can now be deployed on a VMware Tanzu application platform.
  • The v2 version of F5SPKIngressGTP Custom Resource (CR) supports category field to configure vlans to accept GTP traffic. Refer to the F5SPKIngressGTP CR overview.
  • The bdt_cli supports the connection list command, which allows you to retrieve a list of connections in the TMM. Refer to the Debug Sidecar guide.
  • The bdt_cli supports the connection delete command with filter operations only, allowing you to specify specific IPs, ports, VLANS, etc. using flags. This enables you to delete connections in the TMM based on defined criteria. Refer to the Debug Sidecar guide.
  • The CWC Debug REST APIs support the showconn command, which allows for selective viewing of connections in the TMM. This command supports both filter and wildcard operations, enabling you to selectively view connections based on specific criteria or use wildcard patterns for a broader range of connections. Refer to the Debug API guide.
  • The CWC Debug REST APIs support the killconn command, which allows you to delete connections in the TMM based on specific criteria such as IP addresses, ports or other attributes. This command specifically supports filter operations for deleting connections. Refer to the Debug API guide.
  • SPK is now deployed securely by enabling the configuration of F5BigContextGlobal and F5BigFwPolicy Custom Resources (CRs) to monitor all the ingress and egress traffic passing through it. Refer to the Secure SPK Deployment guide.
  • The configview utility can now be used to perform queries using the CRD (Custom Resource Definition) type to inspect the running TMM configuration. Refer to the Debug API guide.
  • Added support for Mellanox ConnectX-6, ConnectX-6 Dx and ConnectX-6 Lx NICs in Openshift version 4.12. Refer to the Supported NICs section of the Cluster Requirements guide.
  • New Log Formats have been added for TMM and SPK CWC. Refer to the Log Formats guide.
  • SPK supports the CRD conversion webhook, which handles the automatic conversion of multiple CRD versions based on the specified namespace and version in the cluster, without affecting existing CRs. Refer to the CRD Conversion Webhook guide.
  • Added support to cause TMM not to fail the Startup process if Simultaneous Multithreading (SMT) functionality is enabled by default. However, F5 recommends disabling the SMT functionality in BIOS for better latency and performance. Refer to the Simultaneous Multithreading (SMT) in the CPU Allocation guide.
  • SPK supports handling config inconsistency between controller and backend with the implementation of CR Finalizers. Refer to the Finalizers in the SPK CRs guide and the Uninstallation in the SPK Controller guide.

Limitations

  • Jumbo Frames - The maximum transmission unit (MTU) must be the same size on both ingress and egress interfaces. Packets over 9000 bytes are dropped.

Bug Fixes

1235861 (TMM)

The static routes created by the F5SPKIngressHTTP2 CR are now deleted from TMM configuration when the CR is deleted.

1288913 (Licensing and Toda)

The docker container image.tag values for CWC, RabbitMQ and Fluentd are now displaying consistent with other helm charts.

1228477 (Licensing)

The ‘tcpdump’ Debug API command is now working as expected.

1271949 (Ingress)

The F5Ingress crashing issue has now been resolved in K8S version 1.21 or earlier.

1302225 (Ingress)

Crd-conversion can now connect to the RabbitMQ server if it is deployed in any namespace, as the Rabbitmq namespace can be defined in the crd-conversion values.

1238765 (Licensing)

ping6 and traceroute6 debug utilities are now working as expected with IPv6 address as input.

1307681 (Ingress)

CRD conversion service is now working as expected in the cluster.

1273089 (TMM)

The ‘Configviewer’ tool is no longer supported for the debug sidecar. Instead, we are now using the ‘configview’ tool.

1292621 (TMM)

The ‘tmm_cli’ tool is no longer supported for setting the TMM log level. The same command has now been added to the ‘bdt_cli’ tool.

1296749 (Licensing)

In the order of installation of SPK components, the connection issue between CWC and RabbitMQ has now been resolved.

Known Issues

1182049 (TMM)

TMM may stop processing network packets after numerous DPDK buffer allocation or DPDK transmission errors.

1076457 (Ingress)

When the F5SPKEgress CR’s dnsNat46Enabled parameter is set to enabled, the SPK Controller does not validate that a required F5SPKDnscache CR is referenced using the dnsCacheName parameter.

1135237 (TMM)

When the F5SPKIngressHTTP2 CR’s sslFileWatchMode parameter is set to SSL_FILE_WATCH_MODE_KUBERNETES_SECRET_STORE, TMM does not update the CR configuration after SSL/TLS key/certificate changes occur.

Workaround:

Set the sslFileWatchMode parameter to SSL_FILE_WATCH_MODE_FILES_IN_SHARED_VOLUME to update TMM’s running configuration when Kubernetes Secret values change. This is the default setting.

1495413 (TMM)

TMM drops packets from a tagged interface when TCP Segmentation Offload (TSO) is enabled in the Linux Kernel version 4.18.0-305.65.1.el8_4.x86_64.

Workaround

Disable TSO by editing the f5ingress helm chart values.yaml file. tmm.bigdb.tcpsegmentationoffload.enabled: false

1217229 (TMM)

Tmm_cli -logLevel command no longer works to set TMM log level.

Workaround:

Edit the “tmm-init” ConfigMap and modify the “user_conf.tcl:” section as follows:

user_conf.tcl: |
  bigdb log.tmm.level "Debug"

_images/spk_info.png Note: The changes to ConfigMap may take up to a minute to be applied.

To restore the log level configuration, replace “Debug” with “Notice” as follows:

user_conf.tcl: |    
  bigdb log.tmm.level "Notice"

Software upgrades

Use these steps to upgrade the SPK software components:

_images/spk_warn.png Important: Steps 2 through 5 should be performed together, and during a planned maintenance window.

  1. Review the New Features and Improvements section above, and integrate any updates into the existing configuration. Do not apply Custom Resource (CR) updates until after the SPK Controller has been upgraded (step 3).
  2. Follow Install the CRDs in the SPK Software guide to upgrade the CRDs. Be aware that newly applied CRDs will replace existing CRDs of the same name.
  3. Uninstall the previous version SPK Controller, and follow the Installation procedure in the SPK Controller guide to upgrade the Controller and TMM Pods. Upgrades have not yet been tested using Helm Upgrade.
  4. Once the SPK Controller and TMM Pods are available, apply any updated CR configurations (step 1) using the oc apply -f <file> command.
  5. Follow the Upgrading DNS46 entries section of the F5SPKEgress CR guide to upgrade any entries created in versions 1.4.9 and earlier.
  6. Uninstall the previous version SPK CWC, and for 1.7.0 and later installations RabbitMQ, and follow the Install RabbitMQ and Install CWC procedures in the SPK CWC guide to upgrade the Pods. Upgrades have not yet been tested using Helm Upgrade.
  7. The dSSM Databases can be upgraded at anytime using the Upgrading dSSM guide.
  8. The Fluentd Logging collector can be upgraded anytime using Helm Upgrade. Review Extract the Images in the SPK Software guide for the new Fluentd Helm chart location.

Next step

Continue to the Cluster Requirements guide to ensure the OpenShift cluster has the required software components.