Artifacts via F5 Artifact Registry (FAR)¶
The BIG-IP Next for Kubernetes manifest file, Helm charts, Docker images, and other utilities are accessible through the F5 Artifact Registry (FAR) at repo.f5.com. A valid Service Account Key is required to access FAR.
This document details the procedures for downloading a Service Account Key, and using the Service Account Key to download the Manifest file and install Helm charts, docker images, and other utilities into the cluster from FAR or Private Registry.
Download the Service Account Key¶
To download the Service Account Key, follow the below steps:
Login to the MyF5.
Navigate to Resources and click Downloads.
Click checkbox to accept the End User License Agreement and Program Terms, then click Next.
Choose BIG-IP_Next from the Select a Product Family Group drop-down.
Select BIG-IP Next for Kubernetes from the Product Line drop-down.
Choose a desired version from the Product Version drop-down menu.
Select the f5-far-auth-key.tar file from the download file list.
Choose a location from the Download location drop-down menu and click Download.
The TAR file contains a Service Account Key that is in base64 format and used for logging into FAR.
Helm Registry Login¶
Perform a Helm Login to download the Manifest file or Helm charts from FAR:
cat <service_account_key_base64 file> | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com
In the below example, cne_pull-base64.json is the Service Account Key.
cat cne_pull_64.json | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com
Docker Registry Login¶
Perform a Docker Login to download the docker images from FAR:
cat <service_account_key_base64 file> | docker login -u _json_key_base64 --password-stdin <URL of F5 Artifact Registry>
In the below example, cne_pull_64.json is the same Service Account Key.
cat cne_pull_64.json | docker login -u _json_key_base64 --password-stdin https://repo.f5.com
Download the Manifest File¶
Download the manifest.yaml file for the current release or the specific release you are looking for.
- Perform a Helm Pull to pull the Manifest file from FAR:
helm pull oci://repo.f5.com/<path of Manifest file> --version <version of Manifest file>
In the below example, release/f5-bink-manifest is the path for pulling bink-manifest-2.0.0-LA.1.yaml file and its version is 2.0.0-LA.1.
helm pull oci://repo.f5.com/release/f5-bink-manifest --version 2.0.0-LA.1-2.475.0-0.0.126
The f5-bink-manifest-2.0.0-LA.1-2.475.0-0.0.126.tgz file is now pulled.
- Run list command to see newly downloaded Manifest tgz file:
ls
The file list shows the Manifest file named f5-bink-manifest-2.0.0-LA.1-2.475.0-0.0.126.tgz.
- Extract the Manifest file:
tar zxvf f5-bink-manifest-2.0.0-LA.1-2.475.0-0.0.126.tgz
- Run list command on the f5-bink-manifest-2.0.0-LA.1 directory. It shall list bink-manifest-2.0.0-LA.1.yaml file:
ls f5-bink-manifest-2.0.0-LA.1
The file list shows a bink-manifest-2.0.0-LA.1.yaml file:
The bink-manifest-2.0.0-LA.1.yaml file: Contains names and version numbers of all BIG-IP Next for Kubernetes Helm charts and docker images.
_Example of bink-manifest-2.0.0-LA.1.yaml file:_
f5_helm_repo: oci://repo.f5.com
f5_docker_repo: repo.f5.com
releases:
- version: 2.0.0-LA.1-2.475.0-0.0.126
helm_charts:
- name: charts/csrc
version: 0.5.11-0.0.20
- name: charts/cwc
version: 0.17.1-0.0.21
- name: utils/f5-cert-gen
version: 0.9.1
- name: charts/f5-crdconversion
version: 0.10.13-0.0.17
- name: charts/f5-dssm
version: 0.68.27-0.0.16
- name: charts/f5-spk-crds-common
version: 0.169.1-0.5.10
- name: charts/f5-spk-crds-deprecated
version: 0.169.1-0.5.10
- name: charts/f5-spk-crds-service-proxy
version: 0.169.1-0.5.10
- name: charts/f5-toda-fluentd
version: 1.24.0-0.0.17
- name: charts/f5ingress
version: v0.500.3-0.13.59
- name: charts/rabbitmq
version: 0.2.12-0.1.12
- name: utils/log-doc-f5ingress
version: 0.500.3+0.13.59
- name: charts/orchestrator
version: v0.0.25-0.0.96
docker_images:
- name: images/crd-conversion
version: v1.53.8-0.0.11
- name: images/f5-cert-client
version: v2.3.9-0.1.9
- name: images/f5-csm-qkview
version: v27.6.12-0.0.3
- name: images/f5-debug-sidecar
version: v7.340.2-0.0.23
- name: images/f5-dssm-store
version: v1.26.10-0.0.6
- name: images/f5-dssm-upgrader
version: v1.2.14-0.0.4
- name: images/f5-fluentbit
version: v0.8.11-0.0.12
- name: images/f5-fluentd
version: v1.5.12-0.0.7
- name: images/f5-l4p-engine
version: v1.110.0-0.0.14
- name: images/f5-license-helper
version: v0.11.10-0.0.10
- name: images/f5-toda-tmstatsd
version: v1.9.28-0.0.12
- name: images/f5dr-img
version: v0.14.7-0.1.3
- name: images/f5dr-img-init
version: v0.14.7-0.1.3
- name: images/f5ing-tmm-pod-manager
version: v0.17.20-0.1.2
- name: images/f5ingress
version: v0.500.3-0.13.59
- name: images/opentelemetry-collector-contrib
version: 0.75.0
- name: images/rabbit
version: v0.4.13-0.1.3
- name: images/spk-csrc
version: v0.3.16-0.0.16
- name: images/spk-cwc
version: v0.32.9-0.0.6
- name: images/tmm-img
version: v0.1043.3-0.4.7
- name: images/tmrouted-img
version: v0.13.16-0.1.2
- name: images/orchestrator
version: v0.0.25-0.0.96
- name: images/f5-k8s-event-subscriber
version: v0.10.2-0.1.7
- name: images/f5-l4-controller
version: v0.4.2-0.2.11
- name: images/f5-l7-controller
version: v0.2.0-0.2.13
- name: images/f5-version-validator
version: v0.1.2-0.0.4
- name: images/f5-blobd
version: v0.12.26-0.1.4
Setup Helm Charts¶
Use any of the methods outlined below to set up the necessary helm charts, docker images, and tools for configuring the BIG-IP Next on Kubernetes, depending on your environment (offline/online).
Installation from Private Registry - For users with Offilne, Air-gapped Enviroments having Private Registry. Installation from FAR - For users with online enviroments with access to repo.f5.com.
Installation from Private Registry¶
Download all helm charts, docker images, and utilities as listed in the manifest file and upload to your private registry.
- Perform a Helm Pull to pull the Helm charts from FAR.
helm pull oci://repo.f5.com/<path of Helm chart> --version <version of Helm chart>
In the below example, charts/f5ingress is the path for pulling f5ingress Helm chart and its version is v0.500.3-0.13.54 as retrieved from the bink-manifest-2.0.0-LA.1.yaml file.
helm pull oci://repo.f5.com/charts/f5ingress --version v0.500.3-0.13.54
- Perform a Utilities Pull to pull the other utilities from FAR:
helm pull oci://repo.f5.com/<path of Utilities> --version <version of Utility>
In the below example, utils/f5-cert-gen is the path for pulling f5-cert-gen utility and its version is 0.9.1 as retrieved from the bink-manifest-2.0.0-LA.1.yaml file.
helm pull oci://repo.f5.com/utils/f5-cert-gen --version 0.9.1
- Perform a Docker Pull to pull the docker images from FAR:
docker pull repo.f5.com/<path of Docker Image>:<version of Docker Image>
In this example, images/rabbit is the path for pulling rabbit docker image and its version is v0.4.13-0.1.3 as retrieved from the bink-manifest-2.0.0-LA.1.yaml file.
docker pull repo.f5.com/images/rabbit:v0.4.13-0.1.3
- Push all downloaded artifacts to your local registry.
Note: Make sure that you update therepository
parameter inorchestrator-values.yaml
(see F5 Orchestrator) and theimageRepository
parameter inspkinstance-resource.yaml
(see Apply SPKInstance CR) with your registry path.
Installation from FAR¶
The Service Account Key is used to generate an imagePullSecret to securely install helm chart from FAR.
Use the following steps to install the helm chart directly from FAR into a cluster:
Prerequisites:
Copy and paste the below bash script into a .sh file and run it.
Note: The bash script here is using cne_pull_64.json as a Service Account Key. This script is written for Linux. Remove
-w 0
as arguments to base64 from the script when using on Mac.#!/bin/bash # Read the content of pipeline.json into the SERVICE_ACCOUNT_KEY variable SERVICE_ACCOUNT_KEY=$(cat cne_pull_64.json) # Create the SERVICE_ACCOUNT_K8S_SECRET variable by appending "_json_key_base64:" to the base64 encoded SERVICE_ACCOUNT_KEY SERVICE_ACCOUNT_K8S_SECRET=$(echo "_json_key_base64:${SERVICE_ACCOUNT_KEY}" | base64 -w 0) # Create the secret.yaml file with the provided content cat << EOF > far-secret.yaml --- apiVersion: v1 kind: Secret metadata: name: far-secret data: .dockerconfigjson: $(echo "{\"auths\": {\ \"repo.f5.com\":\ {\"auth\": \"$SERVICE_ACCOUNT_K8S_SECRET\"}}}" | base64 -w 0) type: kubernetes.io/dockerconfigjson EOF
The far-secret.yaml secret file will be generated according to the secret name provided in the bash script.
Apply the far-secret.yaml secret file on the namespaces
default
andf5-utils
where Orchestrator and BIG-IP Next for Kubernetes needs to be installed.kubectl create -f far-secret.yaml -n default
and
kubectl create -f far-secret.yaml -n f5-utils