F5 Service Proxy for Kubernetes (SPK) - v1.8.0
New Features and Improvements¶
- Supports the Canary deployment strategy for upgrading the SPK application pods to a newer version. Refer to the Canary Deployment Strategy guide.
- Supports the Blue-Green deployment strategy for releasing new software versions. This is done by maintaining two identical environments, one of which is a test environment where new software is deployed. Once confidence in the test environment is built, it is switched into the role of the live environment. This reduces software downtime and makes rollback changes easy. Refer to the Blue-Green Deployment Strategy guide.
- SPK can now be deployed on a VMware Tanzu application platform.
- The v2 version of F5SPKIngressGTP Custom Resource (CR) supports category field to configure vlans to accept GTP traffic. Refer to the F5SPKIngressGTP CR overview.
connection listcommand, which allows you to retrieve a list of connections in the TMM. Refer to the Debug Sidecar guide.
connection deletecommand with filter operations only, allowing you to specify specific IPs, ports, VLANS, etc. using flags. This enables you to delete connections in the TMM based on defined criteria. Refer to the Debug Sidecar guide.
- The CWC Debug REST APIs support the
showconncommand, which allows for selective viewing of connections in the TMM. This command supports both filter and wildcard operations, enabling you to selectively view connections based on specific criteria or use wildcard patterns for a broader range of connections. Refer to the Debug API guide.
- The CWC Debug REST APIs support the
killconncommand, which allows you to delete connections in the TMM based on specific criteria such as IP addresses, ports or other attributes. This command specifically supports filter operations for deleting connections. Refer to the Debug API guide.
- SPK is now deployed securely by enabling the configuration of F5BigContextGlobal and F5BigFwPolicy Custom Resources (CRs) to monitor all the ingress and egress traffic passing through it. Refer to the Secure SPK Deployment guide.
- The configview utility can now be used to perform queries using the CRD (Custom Resource Definition) type to inspect the running TMM configuration. Refer to the Debug API guide.
- Added support for Mellanox ConnectX-6, ConnectX-6 Dx and ConnectX-6 Lx NICs in Openshift version 4.12. Refer to the Supported NICs section of the Cluster Requirements guide.
- New Log Formats have been added for TMM and SPK CWC. Refer to the Log Formats guide.
- SPK supports the CRD conversion webhook, which handles the automatic conversion of multiple CRD versions based on the specified namespace and version in the cluster, without affecting existing CRs. Refer to the CRD Conversion Webhook guide.
- SPK supports Simultaneous Multithreading (SMT) functionality, enabling multiple execution threads to run on a single physical CPU core, which improves system performance. This is not a modification or enhancement to new functionality. We have enabled the configuration in the TMM container to support SMT. Refer to the Simultaneous Multithreading (SMT) in the CPU Allocation guide.
- SPK supports handling config inconsistency between controller and backend with the implementation of CR Finalizers. Refer to the Finalizers in the SPK CRs guide and the Uninstallation in the SPK Controller guide.
- Jumbo Frames - The maximum transmission unit (MTU) must be the same size on both ingress and egress interfaces. Packets over 9000 bytes are dropped.
The static routes created by the F5SPKIngressHTTP2 CR are now deleted from TMM configuration when the CR is deleted.
1288913 (Licensing and Toda)
The docker container image.tag values for CWC, RabbitMQ and Fluentd are now displaying consistent with other helm charts.
The ‘tcpdump’ Debug API command is now working as expected.
The F5Ingress crashing issue has now been resolved in K8S version 1.21 or earlier.
Crd-conversion can now connect to the RabbitMQ server if it is deployed in any namespace, as the Rabbitmq namespace can be defined in the crd-conversion values.
ping6 and traceroute6 debug utilities are now working as expected with IPv6 address as input.
CRD conversion service is now working as expected in the cluster.
The ‘Configviewer’ tool is no longer supported for the debug sidecar. Instead, we are now using the ‘configview’ tool.
The ‘tmm_cli’ tool is no longer supported for setting the TMM log level. The same command has now been added to the ‘bdt_cli’ tool.
In the order of installation of SPK components, the connection issue between CWC and RabbitMQ has now been resolved.
TMM may stop processing network packets after numerous DPDK buffer allocation or DPDK transmission errors.
When the F5SPKEgress CR’s
dnsNat46Enabled parameter is set to enabled, the SPK Controller does not validate that a required F5SPKDnscache CR is referenced using the
When the F5SPKIngressHTTP2 CR’s
sslFileWatchMode parameter is set to SSL_FILE_WATCH_MODE_KUBERNETES_SECRET_STORE, TMM does not update the CR configuration after SSL/TLS key/certificate changes occur.
sslFileWatchMode parameter to SSL_FILE_WATCH_MODE_FILES_IN_SHARED_VOLUME to update TMM’s running configuration when Kubernetes Secret values change. This is the default setting.
Tmm_cli -logLevel command no longer works to set TMM log level.
Edit the “tmm-init” ConfigMap and modify the “user_conf.tcl:” section as follows:
user_conf.tcl: | bigdb log.tmm.level "Debug"
Note: The changes to ConfigMap may take up to a minute to be applied.
To restore the log level configuration, replace “Debug” with “Notice” as follows:
user_conf.tcl: | bigdb log.tmm.level "Notice"
Use these steps to upgrade the SPK software components:
Important: Steps 2 through 5 should be performed together, and during a planned maintenance window.
- Review the New Features and Improvements section above, and integrate any updates into the existing configuration. Do not apply Custom Resource (CR) updates until after the SPK Controller has been upgraded (step 3).
- Follow Install the CRDs in the SPK Software guide to upgrade the CRDs. Be aware that newly applied CRDs will replace existing CRDs of the same name.
- Uninstall the previous version SPK Controller, and follow the Installation procedure in the SPK Controller guide to upgrade the Controller and TMM Pods. Upgrades have not yet been tested using Helm Upgrade.
- Once the SPK Controller and TMM Pods are available, apply any updated CR configurations (step 1) using the
oc apply -f <file>command.
- Follow the Upgrading DNS46 entries section of the F5SPKEgress CR guide to upgrade any entries created in versions 1.4.9 and earlier.
- Uninstall the previous version SPK CWC, and for 1.7.0 and later installations RabbitMQ, and follow the Install RabbitMQ and Install CWC procedures in the SPK CWC guide to upgrade the Pods. Upgrades have not yet been tested using Helm Upgrade.
- The dSSM Databases can be upgraded at anytime using the Upgrading dSSM guide.
- The Fluentd Logging collector can be upgraded anytime using Helm Upgrade. Review Extract the Images in the SPK Software guide for the new Fluentd Helm chart location.