Create Cluster Wide Controller Certificates

The Cluster Wide Controller (CWC) enables software licensing and billing capabilities for BIG-IP Next for Kubernetes. For more information, see BIG-IP Next for Kubernetes CWC

Create CWC REST API certificates

Prerequisites

Installation

To create the required SSL/TLS certificates to authenticate the CWC REST API, follow the below instructions:

  1. Perform a Helm Login to download the Helm charts from FAR:

    cat <service_account_key_base64 file> | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com
    

    In the below example, cne_pull-base64.json is the Service Account Key.

    cat cne_pull_64.json | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com
    
  2. Perform a Utility Pull to pull the f5-cert-gen package from FAR to generate SSL/TLS certificates and Secrets.

    helm pull oci://repo.f5.com/<path of Utilities> --version <version of Utility>  
    

    In this example, utils/f5-cert-gen is the path for pulling f5-cert-gen utility and its version is 0.9.1 as retrieved from the manifest.yaml file.

    helm pull oci://repo.f5.com/utils/f5-cert-gen --version 0.9.1
    

    Sample Output:

    f5-cert-gen-0.9.1.tgz
    
  3. Extract the f5-cert-gen utility:

    tar zxvf f5-cert-gen-0.9.1.tgz
    
  4. Generate the SSL/TLS certificates and Secret for the CWC REST API:

    sh cert-gen/gen_cert.sh -s=api-server -a=f5-spk-cwc.<namespace> -n=1
    

    In the below example, the CWC certificates are created for the f5-utils namespace.

    sh cert-gen/gen_cert.sh -s=api-server -a=f5-spk-cwc.f5-utils -n=1
    

    The command output indicates the Secret has been created:

    Generating /path/cwc-license-certs.yaml
    
  5. Install the CWC REST API Secret:

    In the below example, the CWC installs to the f5-utils namespace.

    kubectl apply -f cwc-license-certs.yaml -n f5-utils
    

    The command output indicates the Secret was created successfully:

    secret/cwc-license-certs created
    

Create CWC QKView ConfigMap

The Cluster Wide Controller (CWC) component requires a ConfigMap, which is used to store its configuration settings.

Follow the instructions below to create the ConfigMap:

  1. Create a file named cwc-qkview-cm.yaml with the below content:

    apiVersion: v1
    kind: ConfigMap
    metadata:
       name: cwc-qkview-cm
    
  2. Apply the ConfigMap:

    kubectl apply -f cwc-qkview-cm.yaml -n f5-utils
    

Create and Install CPCL JWKS Key

_images/spk_info.png Note: Run all the commands on the HOST unless specified.

  1. Download the JWKS cpcl-key-cm ConfigMap here.

  2. Run the following command to install the CPCL JWKS Key.

    kubectl apply -f cpcl-key.yaml -n f5-utils