Artifacts via F5 Artifact Registry (FAR)¶
The BIG-IP Next for Kubernetes manifest file, Helm charts, Docker images, and other utilities are accessible through the F5 Artifact Registry (FAR) at repo.f5.com. A valid Service Account Key is required to access FAR.
This document details the procedures for downloading a Service Account Key, and using the Service Account Key to download the Manifest file and install Helm charts, docker images, and other utilities into the cluster from FAR or Private Registry.
Download the Service Account Key¶
To download the Service Account Key, follow the below steps:
Login to the MyF5.
Navigate to Resources and click Downloads.
Click checkbox to accept the End User License Agreement and Program Terms, then click Next.
Choose BIG-IP_Next from the Select a Product Family Group drop-down.
Select BIG-IP Next for Kubernetes from the Product Line drop-down.
Choose a desired version from the Product Version drop-down menu.
Select the f5-far-auth-key.tar file from the download file list.
Choose a location from the Download location drop-down menu and click Download.
The TAR file contains a Service Account Key that is in base64 format and used for logging into FAR.
Helm Registry Login¶
Perform a Helm Login to download the Manifest file or Helm charts from FAR:
cat <service_account_key_base64 file> | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com
In the below example, cne_pull-base64.json is the Service Account Key.
cat cne_pull_64.json | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com
Docker Registry Login¶
Perform a Docker Login to download the docker images from FAR:
cat <service_account_key_base64 file> | docker login -u _json_key_base64 --password-stdin <URL of F5 Artifact Registry>
In the below example, cne_pull_64.json is the same Service Account Key.
cat cne_pull_64.json | docker login -u _json_key_base64 --password-stdin https://repo.f5.com
Download the Manifest File¶
Download the manifest.yaml file for the current release or the specific release you are looking for.
Perform a Helm Pull to pull the Manifest file from FAR:
helm pull oci://repo.f5.com/<path of Manifest file> --version <version of Manifest file>
In the below example, release/f5-bnk-manifest is the path for pulling bnk-manifest-2.0.0-1.7.8-0.3.37.yaml file and its version is 2.0.0-1.7.8-0.3.37.
helm pull oci://repo.f5.com/release/f5-bnk-manifest --version 2.0.0-1.7.8-0.3.37
The f5-bnk-manifest-2.0.0-1.7.8-0.3.37.tgz file is now pulled.
Run list command to see newly downloaded Manifest tgz file:
ls
The file list shows the Manifest file named f5-bnk-manifest-2.0.0-1.7.8-0.3.37.tgz.
Extract the Manifest file:
tar zxvf f5-bnk-manifest-2.0.0-1.7.8-0.3.37.tgz
Run list command on the f5-bnk-manifest-2.0.0-1.7.8-0.3.37 directory. It shall list bnk-manifest-2.0.0-1.7.8-0.3.37.yaml file:
ls f5-bnk-manifest-2.0.0-1.7.8-0.3.37
The file list shows a bnk-manifest-2.0.0-1.7.8-0.3.37.yaml file:
The bnk-manifest-2.0.0-1.7.8-0.3.37.yaml file: Contains names and version numbers of all BIG-IP Next for Kubernetes Helm charts and docker images.
Example of bnk-manifest-2.0.0-1.7.8-0.3.37.yaml file:
f5_helm_repo: oci://repo.f5.com
f5_docker_repo: repo.f5.com
releases:
- version: f5-bnk-manifest-2.0.0-1.7.8-0.3.37
helm_charts:
- name: charts/csrc
version: 0.7.4-0.0.5
- name: charts/cwc
version: 0.41.34-0.0.4
- name: utils/f5-cert-gen
version: 0.9.3
- name: charts/f5-crdconversion
version: 0.17.0-0.0.3
- name: charts/f5-dssm
version: 1.0.13-0.0.9
- name: charts/f5-spk-crds-common
version: 8.7.4
- name: charts/f5-spk-crds-deprecated
version: 8.7.4
- name: charts/f5-spk-crds-service-proxy
version: 8.7.4
- name: charts/f5-toda-fluentd
version: 1.31.10-0.0.6
- name: charts/f5ingress
version: v0.755.4-0.1.49
- name: charts/rabbitmq
version: 0.5.10-0.0.3
- name: utils/log-doc-f5ingress
version: 0.755.4+0.1.49
- name: charts/coremond
version: 0.7.27-0.0.6
- name: charts/f5-toda-observer
version: v4.56.1-0.0.8
- name: charts/f5-ipam-operator
version: v1.1.13-0.0.12
- name: charts/f5-ipam-controller
version: v1.1.13-0.0.12
- name: charts/node-labeler
version: 0.6.0-0.1.3
- name: charts/f5-lifecycle-operator
version: v1.7.8-0.3.37
docker_images:
- name: images/crd-conversion
version: v1.63.1-0.0.1
- name: images/f5-cert-client
version: v3.0.16-0.0.3
- name: images/f5-csm-qkview
version: v0.10.21-0.0.3
- name: images/f5-debug-sidecar
version: v8.53.2-0.0.3
- name: images/f5-dssm-store
version: v5.0.7-0.0.3
- name: images/f5-dssm-upgrader
version: v2.0.9-0.0.3
- name: images/f5-fluentbit
version: v1.0.3-0.0.2
- name: images/f5-fluentd
version: v2.0.6-0.0.1
- name: images/f5-l4p-engine
version: v1.120.3-0.0.3
- name: images/f5-license-helper
version: v0.12.5-1.0.4
- name: images/f5-toda-tmstatsd
version: v1.11.12-0.0.3
- name: images/f5dr-img
version: v3.2.2
- name: images/f5dr-img-init
version: v3.2.2
- name: images/f5ing-tmm-pod-manager
version: v1.0.8
- name: images/f5ingress
version: v0.755.4-0.1.49
- name: images/opentelemetry-collector-contrib
version: 0.121.0
- name: images/rabbit
version: v0.5.5-0.0.2
- name: images/spk-csrc
version: v0.5.4-0.0.8
- name: images/spk-cwc
version: v0.34.14-0.0.5
- name: images/tmm-img
version: v10.14.0-0.1.9
- name: images/tmrouted-img
version: v2.1.7
- name: images/f5-blobd
version: v1.10.0-10.0.2
- name: images/f5-coremond
version: v0.7.27-0.0.6
- name: images/f5-toda-observer
version: v4.56.1-0.0.8
- name: images/f5-ipam-controller
version: v1.1.13-0.0.12
- name: images/f5-ipam-operator
version: v1.1.13-0.0.12
- name: images/f5-node-labeler
version: v0.0.12-0.0.2
- name: images/f5-eowyn
version: v0.4.3-0.0.6
- name: images/f5-lifecycle-operator
version: v1.7.8-0.3.37
Setup Helm charts¶
Use any of the methods outlined below to set up the necessary helm charts, docker images, and tools for configuring the BIG-IP Next on Kubernetes, depending on your environment (offline/online).
Create FAR secret to install from FAR - For users with online enviroments with access to repo.f5.com.
Create FAR secret to install from FAR¶
The Service Account Key (far secret) is used to generate an imagePullSecret to securely install helm chart from FAR. Use the following instructions to install the helm chart directly from FAR into a cluster:
Prerequisites:
Copy and paste the below bash script into a .sh file and run it.
Note: The bash script here is using cne_pull_64.json as a Service Account Key. This script is written for Linux. Remove -w 0as arguments to base64 from the script when using on Mac.#!/bin/bash # Read the content of pipeline.json into the SERVICE_ACCOUNT_KEY variable SERVICE_ACCOUNT_KEY=$(cat cne_pull_64.json) # Create the SERVICE_ACCOUNT_K8S_SECRET variable by appending "_json_key_base64:" to the base64 encoded SERVICE_ACCOUNT_KEY SERVICE_ACCOUNT_K8S_SECRET=$(echo "_json_key_base64:${SERVICE_ACCOUNT_KEY}" | base64 -w 0) # Create the secret.yaml file with the provided content cat << EOF > far-secret.yaml --- apiVersion: v1 kind: Secret metadata: name: far-secret data: .dockerconfigjson: $(echo "{\"auths\": {\ \"repo.f5.com\":\ {\"auth\": \"$SERVICE_ACCOUNT_K8S_SECRET\"}}}" | base64 -w 0) type: kubernetes.io/dockerconfigjson EOF
The far-secret.yaml secret file will be generated according to the secret name provided in the bash script.