Release Notes

F5 Service Proxy for Kubernetes (SPK) - v1.8.2

New Features and Improvements

The SPK v1.8.2 release is a bug fix only release.

Limitations

  • Jumbo Frames - The maximum transmission unit (MTU) must be the same size on both ingress and egress interfaces. Packets over 9000 bytes are dropped.

Bug Fixes

1329785 (crd-conversion)

When deploying the CRDs, we now have to define the namespace for the conversion webhook.

1325233 (Ingress)

The F5SPKIngressHTTP2 CR can now be created before or after the F5SPKVlan CR, with the ‘internal’ option set to true. After internal VLANs are set up and TMM pods are marked, the configuration for HTTP2 virtual servers will start automatically.

1294425 (Ingress)

The F5SPKIngressHTTP2 CR configuration now works with TLS or mTLS on both client side and server side.

1327949 (CNI)

The Kube-api server no longer routes traffic to TMM.

1328269-1 (Ingress)

The lifetime of all certificates has now been extended to a duration of 360 days, aiming to eliminate the need for frequent certificate renewal and minimize the occurrence of potential issues.

1353661 (DSSM)

The DSSM is now packaged with f5-cert-client.

1353665 (Cert-Mgr)

The f5-cert-manager is now packaged with valid version.

1355237 (crd-conversion)

The CRD Conversion Webhook now functions effectively when it is installed in a non-default namespace.

Known Issue

1495413 (TMM)

TMM drops packets from a tagged interface when TCP Segmentation Offload (TSO) is enabled in the Linux Kernel version 4.18.0-305.65.1.el8_4.x86_64.

Workaround

Disable TSO by editing the f5ingress helm chart values.yaml file. tmm.bigdb.tcpsegmentationoffload.enabled: false

Software upgrades

Use these steps to upgrade the SPK software components:

_images/spk_warn.png Important: Steps 2 through 5 should be performed together, and during a planned maintenance window.

  1. Review the New Features and Improvements section above, and integrate any updates into the existing configuration. Do not apply Custom Resource (CR) updates until after the SPK Controller has been upgraded (step 3).
  2. Follow Install the CRDs in the SPK Software guide to upgrade the CRDs. Be aware that newly applied CRDs will replace existing CRDs of the same name.
  3. Uninstall the previous version SPK Controller, and follow the Installation procedure in the SPK Controller guide to upgrade the Controller and TMM Pods. Upgrades have not yet been tested using Helm Upgrade.
  4. Once the SPK Controller and TMM Pods are available, apply any updated CR configurations (step 1) using the oc apply -f <file> command.
  5. Follow the Upgrading DNS46 entries section of the F5SPKEgress CR guide to upgrade any entries created in versions 1.4.9 and earlier.
  6. Uninstall the previous version SPK CWC, and for 1.7.0 and later installations RabbitMQ, and follow the Install RabbitMQ and Install CWC procedures in the SPK CWC guide to upgrade the Pods. Upgrades have not yet been tested using Helm Upgrade.
  7. The dSSM Databases can be upgraded at anytime using the Upgrading dSSM guide.
  8. The Fluentd Logging collector can be upgraded anytime using Helm Upgrade. Review Extract the Images in the SPK Software guide for the new Fluentd Helm chart location.
  9. The SPK can be upgraded from v1.7.x to v1.8.2 using the Upgrading SPK guide.

Next step

Continue to the Cluster Requirements guide to ensure the OpenShift cluster has the required software components.