Artifacts via F5 Artifact Registry (FAR)

The BIG-IP Next for Kubernetes manifest file, Helm charts, Docker images, and other utilities are accessible through the F5 Artifact Registry (FAR) at repo.f5.com. A valid Service Account Key is required to access FAR.

This document details the procedures for downloading a Service Account Key, and using the Service Account Key to download the Manifest file and install Helm charts, docker images, and other utilities into the cluster from FAR or Private Registry.

Requirements

Ensure that you have Helm v3.8.0 or higher installed.

Download the Service Account Key

To download the Service Account Key, follow the below steps:

  1. Login to the MyF5.

  2. Navigate to Resources and click Downloads.

  3. Click checkbox to accept the End User License Agreement and Program Terms, then click Next.

  4. Choose BIG-IP_Next from the Select a Product Family Group drop-down.

  5. Select BIG-IP Next for Kubernetes from the Product Line drop-down.

  6. Choose a desired version from the Product Version drop-down menu.

  7. Select the f5-far-auth-key.tar file from the download file list.

  8. Choose a location from the Download location drop-down menu and click Download.

    The TAR file contains a Service Account Key that is in base64 format and used for logging into FAR.

Helm Registry Login

Perform a Helm Login to download the Manifest file or Helm charts from FAR:

cat <service_account_key_base64 file> | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com

In the below example, cne_pull-base64.json is the Service Account Key.

 cat cne_pull_64.json | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com

Docker Registry Login

Perform a Docker Login to download the docker images from FAR:

cat <service_account_key_base64 file> | docker login -u _json_key_base64 --password-stdin <URL of F5 Artifact Registry>

In the below example, cne_pull_64.json is the same Service Account Key.

cat cne_pull_64.json | docker login -u _json_key_base64 --password-stdin https://repo.f5.com

Download the Manifest File

Download the manifest.yaml file for the current release or the specific release you are looking for.

  1. Perform a Helm Pull to pull the Manifest file from FAR:
helm pull oci://repo.f5.com/<path of Manifest file> --version <version of Manifest file>  

In the below example, release/f5-bink-manifest is the path for pulling bink-manifest-2.0.0-LA.1.yaml file and its version is 2.0.0-LA.1.

helm pull oci://repo.f5.com/release/f5-bink-manifest --version 2.0.0-LA.1-2.475.0-0.0.126

The f5-bink-manifest-2.0.0-LA.1-2.475.0-0.0.126.tgz file is now pulled.

  1. Run list command to see newly downloaded Manifest tgz file:
 ls   

The file list shows the Manifest file named f5-bink-manifest-2.0.0-LA.1-2.475.0-0.0.126.tgz.

  1. Extract the Manifest file:
 tar zxvf f5-bink-manifest-2.0.0-LA.1-2.475.0-0.0.126.tgz   
  1. Run list command on the f5-bink-manifest-2.0.0-LA.1 directory. It shall list bink-manifest-2.0.0-LA.1.yaml file:
 ls f5-bink-manifest-2.0.0-LA.1 

The file list shows a bink-manifest-2.0.0-LA.1.yaml file:

The bink-manifest-2.0.0-LA.1.yaml file: Contains names and version numbers of all BIG-IP Next for Kubernetes Helm charts and docker images.

_Example of bink-manifest-2.0.0-LA.1.yaml file:_
f5_helm_repo: oci://repo.f5.com
f5_docker_repo: repo.f5.com
releases:
  - version: 2.0.0-LA.1-2.475.0-0.0.126
    helm_charts:
      - name: charts/csrc
        version: 0.5.11-0.0.20
      - name: charts/cwc
        version: 0.17.1-0.0.21
      - name: utils/f5-cert-gen
        version: 0.9.1
      - name: charts/f5-crdconversion
        version: 0.10.13-0.0.17
      - name: charts/f5-dssm
        version: 0.68.27-0.0.16
      - name: charts/f5-spk-crds-common
        version: 0.169.1-0.5.10
      - name: charts/f5-spk-crds-deprecated
        version: 0.169.1-0.5.10
      - name: charts/f5-spk-crds-service-proxy
        version: 0.169.1-0.5.10
      - name: charts/f5-toda-fluentd
        version: 1.24.0-0.0.17
      - name: charts/f5ingress
        version: v0.500.3-0.13.59
      - name: charts/rabbitmq
        version: 0.2.12-0.1.12
      - name: utils/log-doc-f5ingress
        version: 0.500.3+0.13.59
      - name: charts/orchestrator
        version: v0.0.25-0.0.96
    docker_images:
      - name: images/crd-conversion
        version: v1.53.8-0.0.11
      - name: images/f5-cert-client
        version: v2.3.9-0.1.9
      - name: images/f5-csm-qkview
        version: v27.6.12-0.0.3
      - name: images/f5-debug-sidecar
        version: v7.340.2-0.0.23
      - name: images/f5-dssm-store
        version: v1.26.10-0.0.6
      - name: images/f5-dssm-upgrader
        version: v1.2.14-0.0.4
      - name: images/f5-fluentbit
        version: v0.8.11-0.0.12
      - name: images/f5-fluentd
        version: v1.5.12-0.0.7
      - name: images/f5-l4p-engine
        version: v1.110.0-0.0.14
      - name: images/f5-license-helper
        version: v0.11.10-0.0.10
      - name: images/f5-toda-tmstatsd
        version: v1.9.28-0.0.12
      - name: images/f5dr-img
        version: v0.14.7-0.1.3
      - name: images/f5dr-img-init
        version: v0.14.7-0.1.3
      - name: images/f5ing-tmm-pod-manager
        version: v0.17.20-0.1.2
      - name: images/f5ingress
        version: v0.500.3-0.13.59
      - name: images/opentelemetry-collector-contrib
        version: 0.75.0
      - name: images/rabbit
        version: v0.4.13-0.1.3
      - name: images/spk-csrc
        version: v0.3.16-0.0.16
      - name: images/spk-cwc
        version: v0.32.9-0.0.6
      - name: images/tmm-img
        version: v0.1043.3-0.4.7
      - name: images/tmrouted-img
        version: v0.13.16-0.1.2
      - name: images/orchestrator
        version: v0.0.25-0.0.96
      - name: images/f5-k8s-event-subscriber
        version: v0.10.2-0.1.7
      - name: images/f5-l4-controller
        version: v0.4.2-0.2.11
      - name: images/f5-l7-controller
        version: v0.2.0-0.2.13
      - name: images/f5-version-validator
        version: v0.1.2-0.0.4
      - name: images/f5-blobd
        version: v0.12.26-0.1.4

Setup Helm Charts

Use any of the methods outlined below to set up the necessary helm charts, docker images, and tools for configuring the BIG-IP Next on Kubernetes, depending on your environment (offline/online).

Installation from Private Registry - For users with Offilne, Air-gapped Enviroments having Private Registry. Installation from FAR - For users with online enviroments with access to repo.f5.com.

Installation from Private Registry

Download all helm charts, docker images, and utilities as listed in the manifest file and upload to your private registry.

  1. Perform a Helm Pull to pull the Helm charts from FAR.
helm pull oci://repo.f5.com/<path of Helm chart> --version <version of Helm chart>  

In the below example, charts/f5ingress is the path for pulling f5ingress Helm chart and its version is v0.500.3-0.13.54 as retrieved from the bink-manifest-2.0.0-LA.1.yaml file.

helm pull oci://repo.f5.com/charts/f5ingress --version v0.500.3-0.13.54
  1. Perform a Utilities Pull to pull the other utilities from FAR:
helm pull oci://repo.f5.com/<path of Utilities> --version <version of Utility> 

In the below example, utils/f5-cert-gen is the path for pulling f5-cert-gen utility and its version is 0.9.1 as retrieved from the bink-manifest-2.0.0-LA.1.yaml file.

helm pull oci://repo.f5.com/utils/f5-cert-gen --version 0.9.1
  1. Perform a Docker Pull to pull the docker images from FAR:
docker pull repo.f5.com/<path of Docker Image>:<version of Docker Image> 

In this example, images/rabbit is the path for pulling rabbit docker image and its version is v0.4.13-0.1.3 as retrieved from the bink-manifest-2.0.0-LA.1.yaml file.

docker pull repo.f5.com/images/rabbit:v0.4.13-0.1.3
  1. Push all downloaded artifacts to your local registry.
Note: Make sure that you update the repository parameter in orchestrator-values.yaml (see F5 Orchestrator) and the imageRepository parameter in spkinstance-resource.yaml (see Apply SPKInstance CR) with your registry path.

Installation from FAR

The Service Account Key is used to generate an imagePullSecret to securely install helm chart from FAR.

Use the following steps to install the helm chart directly from FAR into a cluster:

Prerequisites:

  1. Copy and paste the below bash script into a .sh file and run it.

    _images/spk_info.png Note: The bash script here is using cne_pull_64.json as a Service Account Key. This script is written for Linux. Remove -w 0 as arguments to base64 from the script when using on Mac.

      #!/bin/bash
    
      # Read the content of pipeline.json into the SERVICE_ACCOUNT_KEY variable
      SERVICE_ACCOUNT_KEY=$(cat cne_pull_64.json)
    
      # Create the SERVICE_ACCOUNT_K8S_SECRET variable by appending "_json_key_base64:" to the base64 encoded SERVICE_ACCOUNT_KEY
      SERVICE_ACCOUNT_K8S_SECRET=$(echo "_json_key_base64:${SERVICE_ACCOUNT_KEY}" | base64 -w 0)
    
      # Create the secret.yaml file with the provided content
      cat << EOF > far-secret.yaml
      ---
      apiVersion: v1
      kind: Secret
      metadata:
        name: far-secret
      data:
        .dockerconfigjson: $(echo "{\"auths\": {\
      \"repo.f5.com\":\
      {\"auth\": \"$SERVICE_ACCOUNT_K8S_SECRET\"}}}" | base64 -w 0)
      type: kubernetes.io/dockerconfigjson
      EOF
    

    The far-secret.yaml secret file will be generated according to the secret name provided in the bash script.

  2. Apply the far-secret.yaml secret file on the namespaces default and f5-utils where Orchestrator and BIG-IP Next for Kubernetes needs to be installed.

    kubectl create -f far-secret.yaml -n default
    

    and

    kubectl create -f far-secret.yaml -n f5-utils