AI Security
Search K

Appearance

Install F5 AI Security on Google Kubernetes Engine

Overview

F5 AI Security protects generative AI traffic. F5 AI Security Guardrails moderates prompts and responses in real time. F5 AI Security Red Team runs adversarial test campaigns against AI endpoints. Both run on the same Kubernetes operator and can share a single GKE cluster.

This guide covers a manual install on Google Kubernetes Engine. You'll provision a GKE cluster with three node pools, set up Cloud SQL for PostgreSQL, pull container images from Artifact Registry, and install the Helm chart with values that match your environment.

Before you begin

Before you begin, verify that you have:

  • A Google Cloud project with billing enabled and the Compute Engine, Kubernetes Engine, Artifact Registry, and Cloud SQL Admin APIs turned on.
  • gcloud, kubectl, and helm installed on the workstation where you'll run the install.
  • An F5 AI Security license key issued by your F5 account team.
  • Credentials for harbor.calypsoai.app to pull operand images at runtime.
  • GPU quota in your region. Guardrails uses NVIDIA L4 (g2-standard-12 or larger). Red Team uses NVIDIA A100 (a2-highgpu-1g or a2-ultragpu-1g). If needed, request a quota adjustment.
  • A reachable PostgreSQL server with the pg_trgm extension allowed. We recommend Cloud SQL for PostgreSQL. Red Team requires pg_trgm. Guardrails works without it.

The chart and image paths in this guide assume you've cloned this repository and have it open on your workstation.

Set up the Google Cloud project

  1. Set the environment variables you'll use throughout the install. The variables shown are examples. Your versions may differ.

    shell
    export PROJECT_ID="my-project"
export REGION="us-central1"
export ZONE="us-central1-a"
export CLUSTER_NAME="f5-ai-security"
export VERSION="1.0.2"

  2. Authenticate and select the project.

    shell
    gcloud auth login
gcloud config set project "${PROJECT_ID}"

  3. Enable the required APIs.

    shell
    gcloud services enable \
  container.googleapis.com \
  compute.googleapis.com \
  artifactregistry.googleapis.com \
  sqladmin.googleapis.com \
  servicenetworking.googleapis.com

  4. Configure Docker to pull from the F5 public Artifact Registry.

    shell
    gcloud auth configure-docker gcr.io

Create the GKE cluster and node pools

F5 AI Security needs three node pools: one for the moderator, one for the KubeAI controller, and one for GPU-backed inference. The pool labels in this section match the defaults the Helm chart looks for. For more information on GKE compute types, see Google Cloud Compute Engine documentation.

  1. Create the cluster with a small default pool. The default pool hosts the operator and the Prefect workflow server.

  2. Add the moderator node pool. The moderator service needs 16 vCPUs.

  3. Add the KubeAI controller pool. KubeAI manages the inference model lifecycle.

  4. Add the GPU pool. Use g2-standard-12 with NVIDIA L4 for Guardrails. Use a2-highgpu-1g with NVIDIA A100 and a larger boot disk for Red Team.

  5. Get cluster credentials.

    shell
    gcloud container clusters get-credentials "${CLUSTER_NAME}" --location "${REGION}"

  6. Confirm the GPU drivers are available.

    shell
    kubectl get nodes --selector node_group=gpu -o wide
kubectl describe node -l node_group=gpu | grep nvidia.com/gpu

    Each GPU node should report at least one nvidia.com/gpu resource. If the count is zero, wait a few minutes for the driver installer to finish, then check again.

Provision Cloud SQL for PostgreSQL

  1. Create a Cloud SQL for PostgreSQL instance.

    shell
    gcloud sql instances create f5-ai-security-db \
  --database-version POSTGRES_15 \
  --tier db-custom-4-16384 \
  --region "${REGION}" \
  --storage-size 100 \
  --storage-type SSD \
  --storage-auto-increase

  2. Set the admin password.

    shell
    gcloud sql users set-password postgres \
  --instance f5-ai-security-db \
  --password "<choose-a-strong-password>"

  3. Enable the pg_trgm extension. This step is required for Red Team. It's optional for Guardrails-only installs.

    shell
    gcloud sql instances patch f5-ai-security-db \
  --database-flags cloudsql.enable_pg_trgm=on

  4. Authorize the GKE cluster's outbound IP range, or attach the instance to the cluster's VPC.

    The simplest path for a test environment is to use the Cloud SQL Auth Proxy as a sidecar. For a production install, configure private services access and connect the instance to the same VPC as your cluster.

Install F5 AI Security Guardrails

  1. Create the install namespace.

    shell
    kubectl create namespace f5-ai-sec

  2. Create the Harbor image pull secret. The chart uses this secret to pull operand images.

    shell
    kubectl create secret docker-registry harbor-pull-secret \
  --namespace f5-ai-sec \
  --docker-server "harbor.calypsoai.app" \
  --docker-username "<harbor-user>" \
  --docker-password "<harbor-password>"

  3. Create a values override file at my-values.yaml. Replace the placeholders with your environment.

    yaml
    global:
  platform: gcp
  gcp:
    flavor: guardrails
    installMode: new
    config:
      license: "<your-f5-license-key>"
      moderatorBaseUrl: "https://moderator.example.com"
      postgresHost: "<cloud-sql-private-ip>"
      postgresAdminPassword: "<postgres-admin-password>"
      harborUsername: "<harbor-user>"
      harborPassword: "<harbor-password>"
    nodeGroups:
      moderator: "moderator"
      kubeai: "kubeai"
      gpu: "gpu"
    ingress:
      class: "nginx"
      hostname: "moderator.example.com"
    cache:
      enabled: false

  4. Install the chart.

    shell
    helm install f5-ai-security ./charts/f5-ai-security-operator \
  --namespace f5-ai-sec \
  --values ./charts/f5-ai-security-operator/values-gcp.yaml \
  --values ./my-values.yaml

  5. Wait for the operator to reconcile.

    shell
    kubectl wait --namespace f5-ai-sec \
  --for=condition=Ready pod \
  --selector app.kubernetes.io/name=f5-ai-security-operator \
  --timeout=5m

Add F5 AI Security Red Team

If you already have F5 AI Security Guardrails running, you can extend the install with Red Team. The operator detects the existing SecurityOperator custom resource and patches it instead of creating a new one.

  1. Update the Cloud SQL instance to allow pg_trgm if you haven't already, and confirm the GPU pool has at least one NVIDIA A100. You can swap the pool by following the GPU pool step in the cluster section above.

  2. Add a Red Team values file at redteam-values.yaml.

    yaml
    global:
  gcp:
    flavor: redteam
    installMode: addon
    config:
      license: "<your-f5-license-key>"

  3. Apply the add-on values to the existing release.

    shell
    helm upgrade f5-ai-security ./charts/f5-ai-security-operator \
  --namespace f5-ai-sec \
  --reuse-values \
  --values ./redteam-values.yaml

  4. Wait for Red Team pods to come up.

    shell
    kubectl get pods -n f5-ai-sec -l app.kubernetes.io/component=redteam

Verify the install

  1. List the pods in the install namespace and confirm they're all running.

    shell
    kubectl get pods -n f5-ai-sec

  2. Confirm the moderator endpoint responds.

    shell
    curl -k "https://${MODERATOR_HOSTNAME}/healthz"

  3. Open the F5 AI Security console in a browser at the hostname you configured in ingress.hostname, then sign in with the admin credentials from your license email.

Troubleshooting

Pods stuck in ImagePullBackOff

Symptom: One or more pods stay in ImagePullBackOff with a 401 error in kubectl describe pod.

Cause: The Harbor pull secret is missing, has the wrong credentials, or isn't in the install namespace.

Fix: Re-create the secret with the correct credentials and re-roll the pod:

shell
kubectl delete secret harbor-pull-secret -n f5-ai-sec
kubectl create secret docker-registry harbor-pull-secret \
  --namespace f5-ai-sec \
  --docker-server "harbor.calypsoai.app" \
  --docker-username "<harbor-user>" \
  --docker-password "<harbor-password>"
kubectl rollout restart deployment -n f5-ai-sec

GPU pod reports 0/1 nodes are available: insufficient nvidia.com/gpu

Symptom: The inference pod stays in Pending with an unschedulable event referring to nvidia.com/gpu.

Cause: The NVIDIA driver installer hasn't finished on the GPU node, or the pool was created without the accelerator flag.

Fix: Confirm the GPU pool was created with the --accelerator flag and the nvidia.com/gpu=present:NoSchedule taint. Wait up to 10 minutes after creating the pool for the driver installer DaemonSet to complete. If the issue persists, re-create the pool with the flags shown in the cluster section.

Prefect server fails to start with a pg_trgm error

Symptom: The Prefect server pod crashes with a log line that references pg_trgm.

Cause: The PostgreSQL server doesn't have the pg_trgm extension enabled. Red Team requires this extension. A Guardrails-only install doesn't.

Fix: Enable the extension on the Cloud SQL instance:

shell
gcloud sql instances patch f5-ai-security-db --database-flags cloudsql.enable_pg_trgm=on

After the instance restarts, delete the failing Prefect pod so it picks up the new database setup.

Updated at:

© 2026 F5, Inc. All Rights Reserved