Release Notes¶
What’s New in SPK 2.1.0¶
RBAC - Minimum to No cluster-wide access permissions¶
Implemented minimum or no cluster-wide access permissions (RBAC policies) to the CNF components with the principle of least privilege. This approach reduces the risk of unauthorized access and minimizes the impact of internal or external threats. With this initiative, clusters gain improved security and resilience without sacrificing necessary functionality or operational efficiency.
However, there are a few SPK components that require cluster-wide access, or privileges under certain circumstances. For more information, see Cluster-wide RBACs for SPK and SPK Controller
Support for Netkvest Utility in CWC Debug REST APIs¶
SPK now supports the netkvest utility in CWC Debug REST APIs, enabling connectivity checks to remote hosts. This feature allows you to perform diagnostic tasks, such as ping and traceroute, from a specified source SNAT pool within the TMM, enhancing network troubleshooting capabilities.
For more information, see Debug API and Debug Sidecar.
Support for HTTP/2 Egress with F5SPKEgressHTTP2 CR¶
SPK now supports HTTP/2 egress traffic, enabling CNF pods to securely and efficiently forward 5G Service-Based Interface (SBI) messages to external destinations. With support for noTLS, TLS, and mTLS termination on both client and server sides, this enhancement ensures secure and efficient traffic flow for service-based applications.
For more information, see F5SPKEgressHTTP2 CR.
Ability to run in Hyperthreading Environments¶
CNFs now supports deployments in hyperthreading-enabled environments, enhancing scalability and resource utilization. This feature allows TMM to effectively manage logical CPUs, ensuring high performance in hyperthreaded setups. Administrators can configure the system to utilize available physical cores or logical threads as necessary, optimizing workloads efficiently. This feature ensures efficient CPU resource allocation and enhanced scalability for distributed deployments.
For more information, see Simultaneous Multithreading and TMM Values sections.
Distributed TODA stats aggregation for SPK¶
The Stats Aggregator introduces a centralized framework for collecting, aggregating, and exporting statistics from Service Proxy Kubernetes (SPK). This enhancement improves telemetry and performance monitoring by providing unified metrics across distributed environments. The aggregated stats are exported to tools like Prometheus, Grafana, or OpenTelemetry Collector, facilitating real-time monitoring and reporting.
For more information, see Distributed Toda for Stats Aggregation and OTEL Statistics page.
Enhancements¶
Support for Per-VLAN MTU Configuration¶
SPK has been enhanced to support configuring Maximum Transmission Unit (MTU) values on a per-VLAN basis, enabling administrators to optimize network performance for specific workloads and traffic requirements. This improvement provides greater flexibility and better performance across different network environments.
For more information, see SPK Controller and F5SPKVlan CR.
Fixes and Known Issues¶
Refer to Fixes and Known Issues section to known about fixes and known issues for this SPK release.
Software upgrades¶
Next step¶
Continue to the Cluster Requirements guide to ensure the OpenShift cluster has the required software components.