Artifacts via F5 Artifact Registry (FAR)

The BIG-IP Next for Kubernetes manifest file, Helm charts, Docker images, and other utilities are accessible through the F5 Artifact Registry (FAR) at repo.f5.com. A valid Service Account Key is required to access FAR.

This document details the procedures for downloading a Service Account Key, and using the Service Account Key to download the Manifest file and install Helm charts, docker images, and other utilities into the cluster from FAR or Private Registry.

Requirements

Ensure that you have Helm v3.8.0 or higher installed.

Download the Service Account Key

To download the Service Account Key, follow the below steps:

1. Login to the MyF5.

2. Navigate to Resources and click Downloads.

3. Click checkbox to accept the End User License Agreement and Program Terms, then click Next.

4. Choose BIG-IP_Next from the Select a Product Family Group drop-down.

5. Select BIG-IP Next for Kubernetes from the Product Line drop-down.

6. Choose a desired version from the Product Version drop-down menu.

7. Select the f5-far-auth-key.tar file from the download file list.

8. Choose a location from the Download location drop-down menu and click Download.

   The TAR file contains a Service Account Key that is in base64 format and used for logging into FAR.

Helm Registry Login

Perform a Helm Login to download the Manifest file or Helm charts from FAR:

$ cat <service_account_key_base64 file> | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com

In the below example, cne_pull-base64.json is the Service Account Key.

$ cat cne_pull_64.json | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com

Download the Manifest File

Download the manifest.yaml file for the current release or the specific release you are looking for.

1. Perform a Helm Pull to pull the Manifest file from FAR:

helm pull oci://repo.f5.com/<path of Manifest file> --version <version of Manifest file>  

In the below example, release/f5-bigip-k8s-manifest is the path for pulling bigip-k8s-manifest-2.2.0-3.2226.0-0.0.385.yaml file and its version is 2.0-3.2226.0-0.0.385.

helm pull oci://repo.f5.com/release/f5-bigip-k8s-manifest --version 2.2.0-3.2226.0-0.0.385

The f5-bigip-k8s-manifest-2.2.0-3.2226.0-0.0.385.tgz file is now pulled.

2. Run list command to see newly downloaded Manifest tgz file:

 ls   

The file list shows the Manifest file named f5-bigip-k8s-manifest-2.2.0-3.2226.0-0.0.385.tgz.

3. Extract the Manifest file:

 tar zxvf f5-bigip-k8s-manifest-2.2.0-3.2226.0-0.0.385.tgz   

4. Run list command on the f5-bigip-k8s-manifest-2.2.0-3.2226.0-0.0.385 directory. It shall list bigip-k8s-manifest-2.2.0-3.2226.0-0.0.385.yaml file:

 ls f5-bigip-k8s-manifest-2.2.0-3.2226.0-0.0.385

The file list shows a bigip-k8s-manifest-2.2.0-3.2226.0-0.0.385.yaml file:

The bigip-k8s-manifest-2.2.0-3.2226.0-0.0.385.yaml file: Contains names and version numbers of all BIG-IP Next for Kubernetes Helm charts and docker images.

Example of bigip-k8s-manifest-2.2.0-3.2226.0-0.0.385.yaml file:

f5_helm_repo: oci://repo.f5.com
f5_docker_repo: repo.f5.com
releases:
- version: 2.2.0-3.2226.0-0.0.385
  helm_charts:
    - name: charts/cwc
      version: 0.49.7-0.0.16
    - name: utils/f5-cert-gen
      version: 0.9.3
    - name: charts/f5-cert-manager
      version: 0.23.48-0.1.5
    - name: charts/f5-crdconversion
      version: 0.61.4-0.0.44
    - name: charts/f5-dssm
      version: 1.46.0-0.24.0
    - name: charts/f5-cnf-crds-n6lan
      version: 14.19.4-0.1.11
    - name: charts/f5-spk-crds-common
      version: 14.19.4-0.1.11
    - name: charts/f5-spk-crds-deprecated
      version: 14.19.4-0.1.11
    - name: charts/f5-spk-crds-service-proxy
      version: 14.19.4-0.1.11
    - name: charts/f5-toda-fluentd
      version: 2.3.2-0.0.6
    - name: charts/f5ingress
      version: v15.82.0-0.2.50
    - name: charts/rabbitmq
      version: 0.8.9-0.0.6
    - name: charts/csrc
      version: 0.11.5-0.0.11
    - name: charts/coremond
      version: 0.10.0-0.2.3
    - name: charts/f5-toda-observer
      version: 5.22.10-0.2.4
    - name: utils/log-doc-f5ingress
      version: 14.19.4+0.1.11
    - name: utils/dnat-util
      version: v0.5.10+0.0.2
    - name: charts/f5-lifecycle-operator
      version: v2.9.27-0.2.10
    - name: charts/f5-ipam-controller
      version: v1.1.48-0.0.8
    - name: charts/node-labeler
      version: 0.6.9-0.0.3
    - name: charts/f5-license-proxy
      version: 1.29.0-0.10.22
    - name: utils/flp-setup
      version: 1.29.0-0.10.22
    - name: charts/f5-stats_collector
      version: 1.0.21-0.0.3
    - name: charts/f5-tmm
      version: 15.82.0-0.2.50
    - name: charts/coremond
      version: 0.10.0-0.2.3
  docker_images:
    - name: images/cert-manager-cainjector
      version: v2.5.2
    - name: images/cert-manager-controller
      version: v2.5.2
    - name: images/cert-manager-startupapicheck
      version: v2.5.2
    - name: images/cert-manager-webhook
      version: v2.5.2
    - name: images/crd-conversion
      version: v1.212.9-0.7.2
    - name: images/crdupdater
      version: v0.5.8-0.0.6
    - name: images/f5-blobd
      version: v1.23.14-0.0.8
    - name: images/f5-cert-client
      version: v3.5.9-0.0.2
    - name: images/f5-csm-qkview
      version: v0.13.20-0.0.3
    - name: images/f5-debug-sidecar
      version: v10.32.4-0.0.38
    - name: images/f5-downloader
      version: v0.31.3-0.0.15
    - name: images/f5-dssm-store
      version: v5.1.32-0.0.8
    - name: images/f5-dssm-upgrader
      version: v2.0.27-0.0.5
    - name: images/f5-fluentbit
      version: v1.3.9-0.0.4
    - name: images/f5-fluentd
      version: v2.3.2-0.0.6
    - name: images/f5-l4p-engine
      version: v1.128.7-0.0.5
    - name: images/f5-license-helper
      version: v0.12.20-0.0.9
    - name: images/f5-nsec-ips-daemon
      version: v3.5.18-0.0.4
    - name: images/f5-toda-tmstatsd
      version: v1.11.24-0.0.5
    - name: images/f5dr-img
      version: v3.16.0-0.0.13
    - name: images/f5dr-img-init
      version: v3.16.0-0.0.13
    - name: images/f5ing-tmm-pod-manager
      version: v1.2.8-0.0.3
    - name: images/f5ingress
      version: v14.19.4-0.1.11
    - name: images/init-certmgr
      version: v0.23.48-0.1.5
    - name: images/opentelemetry-collector-contrib
      version: 0.142.0
    - name: images/rabbit
      version: v0.5.15-0.0.3
    - name: images/spk-cwc
      version: v0.37.2-0.0.9
    - name: images/tmm-img
      version: v10.98.3-0.11.9
    - name: images/tmrouted-img
      version: v2.15.3-0.1.0
    - name: images/spk-csrc
      version: v0.7.11-0.0.7
    - name: images/f5-dwbld
      version: v1.175.3-0.0.11
    - name: images/f5-coremond
      version: v0.10.0-0.2.3
    - name: images/f5-toda-observer
      version: v5.22.10-0.2.4
    - name: images/f5-bdosd
      version: v0.145.0-0.0.4
    - name: images/dnsx-img
      version: v0.10.29-0.0.3
    - name: images/f5-lifecycle-operator
      version: v2.9.27-0.2.10
    - name: images/f5-ipam-controller
      version: v1.1.48-0.0.8
    - name: images/f5-node-labeler
      version: v0.0.20-0.0.3
    - name: images/f5-eowyn-install
      version: v0.5.4-10.0.3
    - name: images/crd-installer
      version: v14.19.4-0.1.11
    - name: images/postgresql
      version: 1.29.0-0.10.22
    - name: images/vault
      version: 1.21.1
    - name: images/vault-init
      version: 1.29.0-0.10.22
    - name: images/f5-license-proxy
      version: 1.29.0-0.10.22
    - name: images/f5-env-discovery
      version: v2.9.27-0.2.10
    - name: images/f5-fqdn-resolver
      version: v0.9.5-0.0.3
    - name: images/gslb-engine
      version: v0.118.4-0.0.5
    - name: images/gslb-probe-agent
      version: v0.31.16-0.0.3
    - name: images/f5-analyzer
      version: v0.0.10-0.0.9
    - name: images/f5-urlcat
      version: v0.1.3
    - name: images/ocnos-img
      version: v0.5.2-0.2.3 
    - name: images/ocnos-img-init
      version: v0.5.2-0.2.3

Download Helm charts

Use any of the methods outlined below to set up the necessary helm charts, docker images, and tools for configuring the BIG-IP Next on Kubernetes, depending on your environment (offline/online).

• Download Helm charts from FAR - For users with online enviroments with access to repo.f5.com.

• Download Helm charts from Private Registry - For users with Offilne, Air-gapped Enviroments having Private Registry.

Download Helm charts from FAR

The Service Account Key (FAR secret) is used to generate an imagePullSecret to securely install helm chart from FAR. Use the following instructions to install the helm chart directly from FAR into a cluster:

Prerequisites:

• Perform a Helm Login

1. Copy and paste the below bash script into a .sh file and run it.

Note:

• The bash script here is using cne_pull_64.json as a Service Account Key. This script is written for Linux. Remove -w 0 as arguments to base64 from the script when using on Mac.

• Make sure to add the chmod +x before .sh file name in the command. For more information, see Technology Tips: chmod overview.

#!/bin/bash

# Read the content of pipeline.json into the SERVICE_ACCOUNT_KEY variable
SERVICE_ACCOUNT_KEY=$(cat cne_pull_64.json)

# Create the SERVICE_ACCOUNT_K8S_SECRET variable by appending "_json_key_base64:" to the base64 encoded SERVICE_ACCOUNT_KEY
SERVICE_ACCOUNT_K8S_SECRET=$(echo "_json_key_base64:${SERVICE_ACCOUNT_KEY}" | base64 -w 0)

# Create the secret.yaml file with the provided content
cat << EOF > far-secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
  name: far-secret
data:
  .dockerconfigjson: $(echo "{\"auths\": {\
\"repo.f5.com\":\
{\"auth\": \"$SERVICE_ACCOUNT_K8S_SECRET\"}}}" | base64 -w 0)
type: kubernetes.io/dockerconfigjson
EOF

The far-secret.yaml secret file will be generated according to the secret name provided in the bash script.

Download Helm charts from Private Registry

Download all helm charts, docker images, and utilities as listed in the manifest file and upload to your private registry.

1. Perform a Helm Pull to pull the Helm charts from FAR.

helm pull oci://repo.f5.com/<path of Helm chart> --version <version of Helm chart>  

In the below example, charts/f5-lifecycle-operator is the path for pulling f5-lifecycle-operator Helm chart and its version is v2.9.27-0.2.10 as retrieved from the bigip-k8s-manifest-2.2.0-3.2226.0-0.0.385.yaml file.

helm pull oci://repo.f5.com/charts/f5-lifecycle-operator--version: v2.9.27-0.2.10

2. Perform a Utilities Pull to pull the other utilities from FAR:

helm pull oci://repo.f5.com/<path of Utilities> --version <version of Utility> 

In the below example, utils/f5-cert-gen is the path for pulling f5-cert-gen utility and its version is 0.9.3 as retrieved from the bigip-k8s-manifest-2.2.0-3.2226.0-0.0.385.yaml file.

helm pull oci://repo.f5.com/utils/f5-cert-gen --version 0.9.3

3. Perform a Docker Login to download the Docker Image from FAR:

cat <service_account_key_base64 file> | Docker login -u _json_key_base64 --password-stdin https://repo.f5.com

In the below example, cne_pull-base64.json is the Service Account Key.

 cat cne_pull_64.json | Docker login -u _json_key_base64 --password-stdin https://repo.f5.com

4. Perform a Docker Pull to pull the docker images from FAR:

docker pull repo.f5.com/<path of Docker Image>:<version of Docker Image> 

In this example, images/rabbit is the path for pulling rabbit docker image and its version is v0.5.15-0.0.3 as retrieved from the bigip-k8s-manifest-2.2.0-3.2226.0-0.0.385.yaml file.

docker pull repo.f5.com/images/rabbit:v0.5.15-0.0.3

5. Push all downloaded artifacts to your local registry.