Kubernetes is meant to orchestrate containers and it does it well. For things like network firewall security, CGNAT, advanced DNS features and other carrier grade functionality, we need to look beyond its default capabilities. Fortunately, Kubernetes also comes with the ability to extend its API so that we can pretty much make it manage any F5 CNF function in a declarative way. Since it's using the same Kubernetes API, this means easy integration with CI/CD and automation toolsets that are a pillar of cloud-native.
Configuration using F5 Custom Resource Definitions
Let's look at an example of F5 CNF custom resources that can be deployed to setup a listener that does NAT64 and L4 security for traffic destined to the Internet.
While I have omitted some detail regarding configuration and call flow, this article aims to provide a general overview of how to deploy and configure a data plane pod that accepts client IPv6 traffic and applies a CGNAT policy and firewall security to the traffic before sending it out to the Internet over an IPv4 path. Since F5 implements fluentd based logging, integrating with a visibility stack like below using Kafka is very simple using readily available plugins.