Create Cluster Wide Controller Certificates¶
The Cluster Wide Controller (CWC) enables software licensing and billing capabilities for BIG-IP Next for Kubernetes. For more information, see BIG-IP Next for Kubernetes CWC
Create CWC REST API certificates¶
Prerequisites¶
Download the BIG-IP Next for Kubernetes Manifest File from the F5 Artifact Registry (FAR).
Installation¶
To create the required SSL/TLS certificates to authenticate the CWC REST API, follow the below instructions:
Perform a Helm Login to download the Helm charts from FAR:
cat <service_account_key_base64 file> | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com
In the below example, cne_pull-base64.json is the Service Account Key.
cat cne_pull_64.json | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com
Perform a Utility Pull to pull the f5-cert-gen package from FAR to generate SSL/TLS certificates and Secrets.
helm pull oci://repo.f5.com/<path of Utilities> --version <version of Utility>
In this example, utils/f5-cert-gen is the path for pulling f5-cert-gen utility and its version is 0.9.3 as retrieved from the manifest.yaml file.
helm pull oci://repo.f5.com/utils/f5-cert-gen --version 0.9.3
Sample Output:
f5-cert-gen-0.9.3.tgz
Extract the f5-cert-gen utility:
tar zxvf f5-cert-gen-0.9.3.tgz
Generate the SSL/TLS certificates and Secret for the CWC REST API:
sh cert-gen/gen_cert.sh -s=api-server -a=f5-spk-cwc.<namespace> -n=1
In the below example, the CWC certificates are created for the f5-utils namespace.
sh cert-gen/gen_cert.sh -s=api-server -a=f5-spk-cwc.f5-utils -n=1
The command output indicates the Secret has been created:
Generating /path/cwc-license-certs.yamlInstall the CWC REST API Secret:
In the below example, the CWC installs to the f5-utils namespace.
kubectl apply -f cwc-license-certs.yaml -n f5-utils
The command output indicates the Secret was created successfully:
secret/cwc-license-certs created