Upgrade SPK from v1.7.14 to v2.0.0¶
If your deployment is on a specific version and you want to upgrade, check the Release Notes to learn about the new features and fixes before upgrading. To successfully upgrade SPK from v1.7.14 to v2.0.0, follow the instructions provided in the following sections in the specified sequence.
Imporant: F5 recommends rolling back to a previous version if a newly deployed SPK pod causes issues like application downtime or an incomplete deployment, see Rollback SPK v2.0.0 to v1.7.14.
Prereqisites:
Download SPK manifest file, helm charts, docker images, and other utilities, SPK Artifacts Via F5 Artifact Registry.
Obtained JWT from MyF5.
Install CRD Conversion pod and apply CRDs template¶
Add privileges to the
crd-conv-f5-crdconversionservice account.In this example,
crd-conv-f5-crdconversionis composed of<helm name>-<helm chart>, where crd-conv represents the Helm name, and f5-crdconversion represents the Helm chart name. Update these values as per your deployment configuration.oc adm policy add-scc-to-user privileged -n spk-utilities -z crd-conv-f5-crdconversion
Verify the
crd-conv-values.yamlcontents.cat crd-conv-values.yaml
Sample Output:
crdconversion: image: repository: repo.f5.com/images rabbitmqNamespace: spk-utilities fluentbit_sidecar: image: repository: repo.f5.com/images fluentd: host: f5-toda-fluentd.spk-utilities.svc.cluster.local.
Install the CRD Conversion pod.
Note: Ensure that you add privileges to the
<helm name>before installing the CRD Conversion pod. In the below example,crd-convis the helm name.In this example, the new version of f5-crdconversion helm chart is 0.16.15-0.0.12.
helm install crd-conv tar/f5-crdconversion-0.16.15-0.0.12.tgz -f crd-conv-values.yaml -n spk-utilities
Sample Output:
NAME: f5-crd-conversion LAST DEPLOYED: Tue Apr 29 06:33:15 2025 NAMESPACE: spk-utilities STATUS: deployed REVISION: 1 TEST SUITE: None
Run the
cat crd.yamlto verify thecrd.yamlcontents.conversion: namespace: spk-utilities
Create a template for common CRDs from the CRD bundle.
helm template f5-spk-crds-common-8.5.2-0.1.12.tgz -f crd.yaml > crd_commons-spk-utilities.yaml
Run the
oc applycommand to apply the common CRDs.oc apply -f crd_commons-spk-utilities.yaml
Sample Output:
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cm.f5co.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/certificates.cm.f5co.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/challenges.acme.cm.f5co.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/clusterissuers.cm.f5co.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/issuers.cm.f5co.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/orders.acme.cm.f5co.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-spk-addresslists.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-dnscaches.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-global-optionses.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/f5-spk-portlists.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-snatpools.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-staticroutes.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-vlans.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-vxlans.k8s.f5net.com created
Create a template for SPK CRDs from the CRD bundle.
helm template f5-spk-crds-service-proxy-8.5.2-0.1.12.tgz -f crd.yaml > crd-values-serviceproxy.yaml
Run the
oc applycommand to apply the SPK CRDs.oc apply -f crd-values-serviceproxy.yaml
Sample Output:
customresourcedefinition.apiextensions.k8s.io/f5-big-cne-addresslists.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/f5-big-cne-portlists.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/f5-big-context-globals.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/f5-big-context-secures.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/f5-big-ddos-globals.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/f5-big-fw-policies.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/f5-big-fw-rulelists.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/f5-big-log-hslpubs.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/f5-big-log-profiles.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/f5-bnkgateways.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/l4routes.gateway.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/f5-spk-egresses.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-egressdiameters.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/f5-spk-egresshttp2s.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/f5-spk-ingressdiameters.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-ingressegressudps.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-ingressgtps.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-ingresshttp2s.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-ingressngaps.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-ingresssips.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-ingresstcps.ingresstcp.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-ingressudps.ingressudp.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-pools.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/f5-spk-servicetypelbippools.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-spk-statefulsets.k8s.f5net.com created customresourcedefinition.apiextensions.k8s.io/f5-spk-traffic-distributions.k8s.f5net.com created
Upgrade the Cert Manager¶
See the installed releases in
spk-utilitiesnamespace.helm list -n spk-utilities
Sample Output:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION cwc spk-utilities 1 2025-04-28 17:05:31.364950774 +0000 UTC deployed cwc-2.0.21 2.0.21 f5-certificate-manager spk-utilities 1 2025-04-28 16:24:21.738160099 +0000 UTC deployed f5-cert-manager-0.5.12-0.0.5 v1.3.2 f5-crd-conversion spk-utilities 1 2025-04-29 06:37:13.325526111 +0000 UTC deployed f5-crdconversion-0.16.15-0.0.12 v1.62.8-0.0.2 f5-dssm spk-utilities 1 2025-04-28 17:32:18.481762809 +0000 UTC deployed f5-dssm-3.0.41 v3.0.41 f5-toda-fluentd spk-utilities 1 2025-04-28 17:37:35.332703538 +0000 UTC deployed f5-toda-fluentd-3.0.28 3.0.28 rabbitmq spk-utilities 1 2025-04-28 16:24:55.474549366 +0000 UTC deployed rabbitmq-2.0.8 2.0.8
Verify the
cert-manager.yamlcontents.cat cert-manager.yaml
Sample Output:
image: repository: repo.f5.com/images webhook: image: repository: repo.f5.com/images cainjector: image: repository: repo.f5.com/images startupapicheck: image: repository: repo.f5.com/images init_container: image: name: init-certmgr repository: repo.f5.com/images logging_sidecar: # Enable/Disable logging sidecar enabled: false name: logging-sidecar image: name: f5-fluentbit repository: repo.f5.com/images fluentbit: input: pipes: bufSize: 8096 tls: enabled: true fluentd: host: f5-toda-fluentd.spk-utilities.svc.cluster.local.
Upgrade the Cert Manager.
helm upgrade f5-certificate-manager tar/f5-cert-manager-0.23.28-0.0.11.tgz -n spk-utilities -f cert-manager.yaml
Sample Output:
Release "f5-certificate-manager" has been upgraded. Happy Helming! NAME: f5-certificate-manager LAST DEPLOYED: Tue Apr 29 07:01:49 2025 NAMESPACE: spk-utilities STATUS: deployed REVISION: 2 TEST SUITE: None NOTES: # Modified from and/or generated from (possibly modified), cert-manager source # f5-cert-manager
See the installed releases in
spk-utilitiesnamespace to check for newly installed Cert Manager.helm list -n spk-utilities
Sample Output:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION cwc spk-utilities 1 2025-04-28 17:05:31.364950774 +0000 UTC deployed cwc-2.0.21 2.0.21 f5-certificate-manager spk-utilities 2 2025-04-29 07:01:49.532248346 +0000 UTC deployed f5-cert-manager-0.23.28-0.0.11 v2.3.0 f5-crd-conversion spk-utilities 1 2025-04-29 06:37:13.325526111 +0000 UTC deployed f5-crdconversion-0.16.15-0.0.12 v1.62.8-0.0.2 f5-dssm spk-utilities 1 2025-04-28 17:32:18.481762809 +0000 UTC deployed f5-dssm-3.0.41 v3.0.41 f5-toda-fluentd spk-utilities 1 2025-04-28 17:37:35.332703538 +0000 UTC deployed f5-toda-fluentd-3.0.28 3.0.28 rabbitmq spk-utilities 1 2025-04-28 16:24:55.474549366 +0000 UTC deployed rabbitmq-2.0.8 2.0.8
View the list of pods associated with
spk-utilitiesnamespace/project.oc get pods -n spk-utilities
Sample Output:
NAME READY STATUS RESTARTS AGE f5-cert-manager-75bc5c8569-mlf57 1/1 Running 0 14s f5-cert-manager-cainjector-598958944d-tv8rc 1/1 Running 0 14s f5-cert-manager-webhook-598f8bfb87-vhxnf 1/1 Running 0 14s f5-crdconversion-78465895c6-zlfh2 2/2 Running 0 9m27s f5-rabbit-58bf5cb4b6-b64tm 2/2 Running 0 3d15h f5-spk-cwc-7fbf8c747d-kmb2p 2/2 Running 0 114m
Upgrade the RabbitMQ¶
See the installed RabbitMQ release version in
spk-utilitiesnamespace.helm list -n spk-utilities
Sample Output:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION cwc spk-utilities 1 2025-04-02 00:55:18.03355373 +0530 +0530 deployed cwc-0.41.34-10.0.18 0.41.34-10.0.18 f5-certificate-manager spk-utilities 2 2025-04-05 10:28:37.125314886 +0000 UTC deployed f5-cert-manager-0.23.28-0.0.11 v2.3.0 f5-crd-conversion spk-utilities 1 2025-04-05 10:19:26.157484421 +0000 UTC deployed f5-crdconversion-0.16.15-0.0.12 v1.62.8-0.0.2 rabbitmq spk-utilities 1 2025-04-02 00:55:06.98740683 +0530 +0530 deployed rabbitmq-0.5.10-10.0.14 0.5.10-10.0.14
Verify the
rmq_overrides.yamlcontents.cat rmq_overrides.yaml
Sample Output:
image: repository: repo.f5.com/images fluentbit_sidecar: image: repository: repo.f5.com/images
Add privileges to the
rabbitmqservice account.oc adm policy add-scc-to-user privileged -n spk-utilities -z rabbitmq
Upgrade the RabbitMQ.
helm upgrade rabbitmq tar/rabbitmq-0.5.10-10.0.14.tgz -n spk-utilities -f rmq-values.yaml
Sample Output:
Release "rabbitmq" has been upgraded. Happy Helming! NAME: rabbitmq LAST DEPLOYED: Tue Apr 29 07:15:41 2025 NAMESPACE: spk-utilities STATUS: deployed REVISION: 2 TEST SUITE: None NOTES: The RabbitMQ has been installed.
View the list of pods associated with
spk-utilitiesnamespace/project.oc get pods -n spk-utilities
Sample Output:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION cwc spk-utilities 1 2025-04-28 17:05:31.364950774 +0000 UTC deployed cwc-2.0.21 2.0.21 f5-certificate-manager spk-utilities 2 2025-04-29 07:01:49.532248346 +0000 UTC deployed f5-cert-manager-0.23.28-0.0.11 v2.3.0 f5-crd-conversion spk-utilities 1 2025-04-29 06:37:13.325526111 +0000 UTC deployed f5-crdconversion-0.16.15-0.0.12 v1.62.8-0.0.2 f5-dssm spk-utilities 1 2025-04-28 17:32:18.481762809 +0000 UTC deployed f5-dssm-3.0.41 v3.0.41 f5-toda-fluentd spk-utilities 1 2025-04-28 17:37:35.332703538 +0000 UTC deployed f5-toda-fluentd-3.0.28 3.0.28 rabbitmq spk-utilities 2 2025-04-29 07:15:41.498973036 +0000 UTC deployed rabbitmq-0.5.10-10.0.14 0.5.10-10.0.14
Upgrade the CWC¶
Verify the
cwc_overrides.yamlcontents.cat cwc_overrides.yaml
Sample Output:
cwc: image: repository: repo.f5.com/images orch: image: repository: repo.f5.com/images fluentbit_sidecar: enabled: true image: repository: repo.f5.com/images
Add privileges to the
cwcservice account.oc adm policy add-scc-to-user privileged -n spk-utilities -z cwc
Upgrade the CWC.
**Note: Make sure to replace
cpclConfig.jwtvalue in the command with a valid JWT token.helm upgrade cwc tar/cwc-0.41.34-10.0.18.tgz -n spk-utilities -f cwc_overrides.yaml --set rabbitmqNamespace=spk-utilities --set cpclConfig.jwt="<JWT Token>"
Sample Output:
Release "cwc" has been upgraded. Happy Helming! NAME: cwc LAST DEPLOYED: Tue Apr 29 09:37:43 2025 NAMESPACE: spk-utilities STATUS: deployed REVISION: 2 TEST SUITE: None NOTES: The Cluster Wide Controller has been installed. ==================================================== Admin Token Feature: DISABLED No authentication token is required for REST API calls. ====================================================
View the list of pods associated with
spk-utilitiesnamespace/project.oc get pods -n spk-utilities
Sample Output:
You will see that CWC pod is installed and has started running.
NAME READY STATUS RESTARTS AGE f5-cert-manager-69bfff664d-pcg6b 1/1 Running 0 157m f5-cert-manager-cainjector-67f8d64694-nccl8 1/1 Running 0 157m f5-cert-manager-webhook-845c6bc784-f2l2c 1/1 Running 0 157m f5-crdconversion-6df5b56f49-x6ggc 2/2 Running 0 3h2m f5-dssm-db-0 3/3 Running 0 16h f5-dssm-db-1 3/3 Running 0 16h f5-dssm-db-2 3/3 Running 0 16h f5-dssm-sentinel-0 3/3 Running 0 16h f5-dssm-sentinel-1 3/3 Running 0 16h f5-dssm-sentinel-2 3/3 Running 0 16h f5-rabbit-64c8f87d68-cc9zv 2/2 Running 0 15m f5-spk-cwc-57584d85bd-hxs2r 3/3 Running 0 108s f5-toda-fluentd-f68f5d9cd-gjc52 1/1 Running 0 16h
Check the license status after the CWC upgrade, see License status. If the license has expired, renew it before proceeding with the F5Ingress upgrade.
Upgrade the Toda-fluentd¶
See the installed releases in
spk-utilitiesnamespace.helm list -n spk-utilities
Sample Output:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION cwc spk-utilities 2 2025-04-29 09:37:43.385547618 +0000 UTC deployed cwc-0.41.34-10.0.18 0.41.34-10.0.18 f5-certificate-manager spk-utilities 2 2025-04-29 07:01:49.532248346 +0000 UTC deployed f5-cert-manager-0.23.28-0.0.11 v2.3.0 f5-crd-conversion spk-utilities 1 2025-04-29 06:37:13.325526111 +0000 UTC deployed f5-crdconversion-0.16.15-0.0.12 v1.62.8-0.0.2 f5-dssm spk-utilities 1 2025-04-28 17:32:18.481762809 +0000 UTC deployed f5-dssm-3.0.41 v3.0.41 f5-toda-fluentd spk-utilities 1 2025-04-28 17:37:35.332703538 +0000 UTC deployed f5-toda-fluentd-3.0.28 3.0.28 rabbitmq spk-utilities 2 2025-04-29 09:23:51.655538566 +0000 UTC deployed rabbitmq-0.5.10-10.0.14 0.5.10-10.0.14
Verify the
toda.yamlcontents.cat toda.yaml
Sample Output:
image: repository: repo.f5.com/images pullPolicy: Always dssm_logs: enabled: true stdout: true f5ingress_logs: enabled: true stdout: true dssm_sentinel_logs: enabled: true stdout: true persistence: enabled: true tls: enabled: true
Upgrade the Toda-fluentd.
helm upgrade f5-toda-fluentd tar/f5-toda-fluentd-1.31.12-10.0.12.tgz -f toda.yaml -n spk-utilities
Sample Output:
Release "f5-toda-fluentd" has been upgraded. Happy Helming! NAME: f5-toda-fluentd LAST DEPLOYED: Tue Apr 29 10:53:09 2025 NAMESPACE: spk-utilities STATUS: deployed REVISION: 2 TEST SUITE: None NOTES: Log aggregator - FluentD is deployed, which get logs from fluentbit sidecars. FluentD outputs: 'stdout' is "true" 'persistent volume' is "true" Persistent volume claim created with: accessModes: "ReadWriteOnce" storage: "3Gi" FluentD hostname: f5-toda-fluentd.spk-utilities.svc.cluster.local. FluentD port: "54321" Use this info to connect to it: --set f5-toda-logging.fluentd.host="f5-toda-fluentd.spk-utilities.svc.cluster.local." --set f5-toda-logging.fluentd.port=54321 FluentD service IP family: serviceIpFamily: .Values.serviceIpFamilySee the installed releases in
spk-utilitiesnamespace to check for newly installed Cert Manager.helm list -n spk-utilities
Sample Output:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION cwc spk-utilities 2 2025-04-29 09:37:43.385547618 +0000 UTC deployed cwc-0.41.34-10.0.18 0.41.34-10.0.18 f5-certificate-manager spk-utilities 2 2025-04-29 07:01:49.532248346 +0000 UTC deployed f5-cert-manager-0.23.28-0.0.11 v2.3.0 f5-crd-conversion spk-utilities 1 2025-04-29 06:37:13.325526111 +0000 UTC deployed f5-crdconversion-0.16.15-0.0.12 v1.62.8-0.0.2 f5-dssm spk-utilities 2 2025-04-29 09:48:06.813953835 +0000 UTC deployed f5-dssm-1.0.15-0.1.5 v1.0.15-0.1.5 f5-toda-fluentd spk-utilities 2 2025-04-29 10:53:09.229391513 +0000 UTC deployed f5-toda-fluentd-1.31.12-10.0.12 1.31.12-10.0.12 rabbitmq spk-utilities 2 2025-04-29 09:23:51.655538566 +0000 UTC deployed rabbitmq-0.5.10-10.0.14 0.5.10-10.0.14
View the list of pods associated with
spk-utilitiesnamespace/project.oc get pods -n spk-utilities
Sample Output:
NAME READY STATUS RESTARTS AGE f5-cert-manager-69bfff664d-pcg6b 1/1 Running 0 3h51m f5-cert-manager-cainjector-67f8d64694-nccl8 1/1 Running 0 3h51m f5-cert-manager-webhook-845c6bc784-f2l2c 1/1 Running 0 3h51m f5-crdconversion-6df5b56f49-x6ggc 2/2 Running 0 4h16m f5-dssm-db-0 3/3 Running 0 59m f5-dssm-db-1 3/3 Running 0 60m f5-dssm-db-2 3/3 Running 0 60m f5-dssm-sentinel-0 3/3 Running 0 58m f5-dssm-sentinel-1 3/3 Running 0 58m f5-dssm-sentinel-2 3/3 Running 0 57m f5-rabbit-64c8f87d68-cc9zv 2/2 Running 0 89m f5-spk-cwc-57584d85bd-hxs2r 3/3 Running 0 75m f5-toda-fluentd-7457d4f94b-99pgf 1/1 Running 0 9s
Upgrade the dSSM¶
To successfully upgrade dSSM, follow the instructions in Upgrading dSSM.
Upgrade the F5Ingress¶
With the implementation of readinessGates (config and routing gates), we have ensured TMM is available to process the network traffic with minimal traffic loss. For more information, see TMM Rolling Update.
Important: Based on the
maxUnavailable,maxSurge, and TMM replicas configuration, ensure that you have:
Enough resources available.
Additional SelfIPs and translationIPs (SNAT and CGNAT).
Verify the
overrides_2.0_values.yamlcontents.Note: The following parameters are configured to ensure that, after an upgrade, the TMM pod is immediately available to receive network traffic without any traffic loss:
tmm.bfdToOVN.enabled is set to True
tmm.dynamicRouting.bfd is configured.
cat overrides_2.0_values.yaml
Sample Output:
# This file contains overrides for ocp f5ingress chart in cnab f5-toda-logging: enabled: true fluentd: host: f5-toda-fluentd.spk-utilities.svc.cluster.local. port: 54321 fluentbit: logLevel: debug tls: enabled: true sidecar: image: repository: repo.f5.com/images tmstats: enabled: true config: image: repository: repo.f5.com/images tmm: image: repository: repo.f5.com/images tlsStore: enabled: true logLevel: INFO k8sprobes: enabled: true grpc: enabled: true replicaCount: 2 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 nodeSelector: tmmnode: enabled bfdToOVN: enabled: true sessiondb: useExternalStorage: "true" dynamicRouting: enabled: true tmmRouting: config: bgp: asn: 64522 bgpSecret: bgp-secret gracefulRestartTime: 120 neighbors: - ip : 10.21.1.252 asn: 64521 acceptsIPv4: true fallover: true - ip : fc21:1::253 asn: 64521 acceptsIPv6: true fallover: true bfd: interface: external interval: 100 minrx: 100 multiplier: 3 image: repository: repo.f5.com/images tmrouted: image: repository: repo.f5.com/images cniNetworks: "spk-ingress/spk-ingress-internal-sriov,spk-ingress/spk-ingress-external1-sriov" customEnvVars: - name: SESSIONDB_EXTERNAL_SERVICE value: "f5-dssm-sentinel.spk-utilities" - name: SESSIONDB_DISCOVERY_SENTINEL value: "true" - name: OPENSHIFT_VFIO_RESOURCE_1 value: "sriovEns21f0Mlx6NetdevPolicy" - name: OPENSHIFT_VFIO_RESOURCE_2 value: "sriovEns21f1Mlx6NetdevPolicy" - name: SSL_SERVERSIDE_STORE value: "/tls/tmm/mds/clt" - name: SSL_TRUSTED_CA_STORE value: "/tls/tmm/mds/clt" - name: TMM_DEFAULT_MTU value: "9000" - name: CONFIG_VIEWER_ENABLE value: "TRUE" # vxlan vxlan: enabled: false icni2: enabled: true network: vfio: enabled: false attachment: definitionName: spk-ingress/internal-sriov f5-stats_collector: enabled: true image: repository: repo.f5.com/images stats_collector: image: repository: repo.f5.com/images controller: annotationDelay: 120 cwcNamespace: spk-utilities watchNamespace: "dav21-appns-1,dav21-appns-2" enableCustomResources: false image: repository: repo.f5.com/images vlan_grpc: enabled: true fluentbit_sidecar: enabled: true fluentd: host: f5-toda-fluentd.spk-utilities.svc.cluster.local fluentbit: tls: enabled: true image: repository: repo.f5.com/images f5_lic_helper: enabled: true name: f5-lic-helper rabbitmqNamespace: spk-utilities image: repository: repo.f5.com/images tmm_pod_manager: enabled: true image: repository: repo.f5.com/images debug: image: repository: repo.f5.com/images rabbitmqNamespace: spk-utilities afm: name: f5-afm enabled: false
(Optional) If you want to use the Multiple External Gateway (MEG) with SPK v2.0.0, apply the
AdminPolicyBasedExternalRoute CR. For more information, see AdminPolicyBasedExternalRoute.(Optional) If you have f5-afm pod enabled in
values.yaml, add privileges to the f5-afm service account.oc adm policy add-scc-to-user privileged -n spk-ingress -z f5-afm
Upgrade the F5Ingress using the new f5ingress helm chart version mentioned in the SPK v2.0.0 tarball.
Note: Before upgrading F5Ingress, ensure that
readinessGates.enabledis set totruein values.yaml.helm upgrade f5ingress tar/f5ingress-<version>.tgz -f <values>.yaml -n namespace
In this example, the Pods will be upgraded using the f5ingress-v0.761.1-0.0.216 Helm chart.
helm upgrade f5ingress tar/f5ingress-v0.761.1-0.0.216.tgz -f overrides_2.0_values.yaml -n spk-ingress
Sample Output:
Release "f5ingress" has been upgraded. Happy Helming! NAME: f5ingress LAST DEPLOYED: Tue Apr 29 11:37:50 2025 NAMESPACE: spk-ingress STATUS: deployed REVISION: 2 TEST SUITE: None NOTES: The F5Ingress Controller has been installed. TMM debug sidecar is deployed. To access: kubectl exec -it deployment/f5-tmm -c debug -n spk-ingress -- bash Note: Need to use extra vlan IP and extra snat IP for the traffic to work seamlessly after upgrade. with maxSurge 1 and maxUnavailable 0.
View the list of pods associated with
spk-ingressnamespace/project.oc get pods -n spk-ingress -o wide
Sample Output:
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES f5-afm-68d5fc75db-zrf4d 2/2 Running 0 13m 10.130.1.153 master-1.ocp21.pd.f5net.com <none> <none> f5-tmm-7f988c98df-kbsg8 7/7 Running 10m 10.130.1.150 master-1.ocp21.pd.f5net.com <none> 2/2 f5-tmm-7f988c98df-pfbkt 7/7 Running 8m 10.129.0.221 master-2.ocp21.pd.f5net.com <none> 2/2 f5ingress-f5ingress-7d8b6cf86-qsn7b 5/5 Running 0 13m 10.128.1.140 master-3.ocp21.pd.f5net.com <none> <none> otel-collector-74c76d445c-7hnbn 1/1 Running 0 13m 10.128.1.139 master-3.ocp21.pd.f5net.com <none> <none>
See the installed releases in
spk-ingressnamespace.In this example, the below command shows the installed releases in
spk-ingressProject.helm list -n spk-ingress
Sample Output:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION f5ingress spk-ingress 2 2025-04-29 11:37:50.196657277 +0000 UTC deployed f5ingress-v0.761.1-0.0.216 v0.761.1-0.0.216
During F5Ingress update process, run the below command to check the status of readinessGates (ConfigurationDone and RoutingDone gates).
In this example, the
f5-tmm-7fb766f798-6bgbkis TMM pod.oc describe pod f5-tmm-7fb766f798-6bgbk
Sample Output:
Readiness Gates: Type Status ConfigurationDone True RoutingDone True