Getting started

The Integration documentation section is organized linearly; each document representing the next step in the Cloud-Native Network Functions (CNFs) integration process. The CNFs integration process relies heavily on the Helm package manager to install each of the CNFs software components.

This document provides a brief description of each integration step, and the command line interface (CLI) tools required to perform the integration tasks. A careful review of this document ensures a positive experience.

Note: You can click Next at the bottom of each page, or scroll through the CNFs PDF to follow the integration process.

Integration tools

Install the CLI tools listed below on your Linux based workstation:

• Helm CLI - Manages the CNFs Pod installations.
• OpenSSL toolkit - Creates SSL certificates to secure Pod communication.
• Podman - Tags and pushes images to a local registry.

Deployment

Within AON, Azure Operator Services Manager (AOSM) is the preferred approach for deployment. AOSM provisioning requires the helm-charts and container images to be accessible for upload into the Artifact Store. F5 provides access to the helm-charts and container images through two methods:

1. CNFs Software - TAR archive download containing all the required artifacts.
2. CNFs Artifacts Via F5 Artifact Registry (FAR - repo.f5.com) container registry, from where all the artifacts can be downloaded.

If the TAR archive option is chosen, the docker or podman utility is required to import the container images in a local registry. The images can then be pushed into the AOSM artifact store.

If the FAR container registry is chosen, the helm and ORAS utilities are required to download both the helm-charts and the container images. This option allows the helm-charts to be downloaded directly to the AOSM directory structure in preparation for provisioning into the NFDV and artifact store. This operation can be automated within the pipeline you develop to support AOSM operations. The container images can be pulled from repo.f5.com and pushed to the artifactStore within the same pipeline.

In both cases the container images must be located in a container registry that is accessible by the pipeline/script, which is provisioning your AOSM resources. The artifacts must be pushed to the artifactStore before the Network Function Definition Version (NFDV) can be created within AOSM. This means that selecting the TAR option will require that the images are then loaded into a container registry. They cannot be pushed directly into the artifact store from the TAR image files.

Note: AOSM only supports the deployment of helm charts and the direct use of kubectl commands is not compatible. The dSSM helm charts and CWC certificate deployments represents such problem. To solve this, you must build a helm chart to deploy the mTLS certificate and, ideally, the K8s Role and RoleBinding must exist when attempting to upgrade dSSM. Since there is no official helm chart provisioning these elements, for dSSM database and CWC certificate deployments, use custom helm charts.

Integration stages

Integrating the CNFs software images involves six required steps, and three optional steps:

If you wish to use Open Source Cert Manager, install oss cert-manager and ensure that it is available in the cluster. Please refer to Open Source Cert Manager for related configuration. You can skip step 2 in the following while using the open source cert manager configuration.

1. Open-source Cert Manager - Optional: Obtains certificates from a variety of Issuers and ensure the certificates are valid and up-to-date.

   Note: If you wish to use Open Source Cert Manager, install oss cert-manager and ensure that it is available in the cluster. You can skip step 3 (F5 Cert Manager) in the following while using the open source cert manager configuration.

2. CNFs Software - Extract and upload the CRDs and software images to a local container registry.

   • CNFs Software - CRDs and software images are extracted from a .tgz file to helm install.
   • CNFs Artifacts Via F5 Artifact Registry - The F5 Artifact Registry (FAR) at repo.f5.com is used to download the helm charts, docker images, and other utilities.

   Note: Either CNFs Software or CNFs Artifacts Via F5 Artifact Registry can be used to download the artifacts.

3. CNFs Cert Manager (f5-cert-manager) - Secures communication between the CNFs Pods, and regularly rotates secure secrets. Use any one of the following cert managers:

   Note: The user can install f5-cert-manager or oss cert-manager. This step can be ignored if Open-source cert manager is configured and available in the cluster.

4. CNFs RBAC - Optional: Secure access to the Kubernetes API when installing CNFs.

5. Fluentd Logging - Centralize logging data sent from each of the CNF Pods.

6. Coremond - Processes core files generated by the operating system or third party.

7. OTEL Collectors - Optional: Collect and view statistics from the CNFs Pods.

8. dSSM Database - Optional: Store session-state data for the AFM and TMM Pods.

9. CNFs CWC - Install the Cluster Wide Controller to enable gathering CNFs software telemetry.

10. CNFs Licensing - License the cluster to enable flexible consumption software use.

11. BIG-IP Controller - Process CNFs Custom Resources to configure the CNFs Pods.

12. CNFs CRs - Configure a Custom Resource (CR) to begin processing application traffic.

Next step

Continue to the CNFs Software guide to extract and install the CNFs software images and CRDs.

Feedback

Provide feedback to improve this document by emailing cnfdocs@f5.com.

Supplemental

• CNF Config File Reference
• Kubernetes Custom Resources
• Kubernetes Ingress