CNFs Artifacts Via F5 Artifact Registry

Overview

The Cloud-Native Network Functions (CNFs) helm charts, docker images, and other utilities are now available via F5 Artifact Registry (FAR) at repo.f5.com. FAR is accessible to all, but only users with a valid Service Account Key can download and install the artifacts.

This document details the procedures for downloading a Service Account Key and Manifest file, and using the Service Account Key to download and install CNFs Helm charts, docker images, and other utilities into the cluster from FAR (repo.f5.com).

Requirements

Ensure you have:

  • A workstation with Helm v3.8.0 or higher installed.

Procedures

1. Download Service Account Key

To download Service Account Key, do the following:

  • Login to the MyF5.

    _images/spk_info.png Note: You must have a MyF5 account to login.

  • Go to Downloads.

  • Choose BIG-IP_Next from Select a Product Family drop down.

  • Choose Cloud-Native Network Functions from the Product line drop down.

  • Choose the latest/desired version from the Product Version drop down.

  • Download the far tgz file from the Select a Download File list.

    For example: f5-far-auth-key.tgz

    The TGZ file contains a Service Account Key in base64 format. The Service key is used to log in to the FAR.

2. Download Manifest File

Download manifest.yaml file for the latest release or the specific release you are looking for.

To download Manifest file, do the following:

  1. Perform Helm Login to download Manifest file from FAR:

       cat <service_account_key_base64 file> | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com
    

    In this example, cne_pull-base64.json is the Service Account Key.

    cat cne_pull_64.json | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com
    
  2. Perform Helm Pull to pull the Manifest file from FAR:

    helm pull oci://repo.f5.com/<path of Manifest file> --version <version of Manifest file>  
    

    In this example, release/f5-cnf-manifest is the path for pulling manifest.yaml file and its version is 1.3.1.

    helm pull oci://repo.f5.com/release/f5-cnf-manifest --version 1.3.1
    

    The f5-cnf-manifest-1.3.1.tgz file is now pulled.

  3. Run list command to see newly downloaded Manifest tar file:

    ls   
    

    The file list shows the service_account_key_base64 file and Manifest file named f5-cnf-manifest-1.3.1.tgz:

  4. Extract the Maifest file:

    tar xvf f5-cnf-manifest-1.3.1.tgz   
    
  5. Run list command on the f5-cnf-manifest-1.3.1 directory. It shall list cnf-manifest-1.3.1.yaml file:

    ls f5-cnf-manifest-1.3.1 
    

    The file list shows a cnf-manifest-1.3.1.yaml file:

    The cnf-manifest-1.3.1.yaml file: Contains names and version numbers of all cnf Helm charts and docker images.

    Example of cnf-manifest-1.3.1.yaml file:

    f5_helm_repo: oci://repo.f5.com
    f5_docker_repo: repo.f5.com
    releases:
      - version: 1.3.1
        helm_charts:
          - name: charts/csrc
            version: 0.5.2-0.0.2
          - name: charts/cwc
            version: 0.14.15-0.0.8
          - name: utils/f5-cert-gen
            version: 0.9.2
          - name: charts/f5-cert-manager
            version: 0.22.22-0.0.4
          - name: charts/f5-crdconversion
            version: 0.9.4-0.0.3
          - name: charts/f5-dssm
            version: 0.67.7-0.0.4
          - name: charts/f5-cnf-crds-common
            version: 7.0.3
          - name: charts/f5-cnf-crds-deprecated
            version: 7.0.3
          - name: charts/f5-cnf-crds-service-proxy
            version: 7.0.3
          - name: charts/f5-toda-fluentd
            version: 1.23.36-0.0.1
          - name: charts/f5ingress
            version: v0.480.0-0.1.52
          - name: charts/rabbitmq
            version: 0.2.8-0.0.3
        docker_images:
          - name: images/cert-manager-cainjector
            version: 2.2.3
          - name: images/cert-manager-controller
            version: 2.2.3
          - name: images/cert-manager-ctl
            version: 2.2.3
          - name: images/cert-manager-webhook
            version: 2.2.3
          - name: images/crd-conversion
            version: v1.53.3 
          - name: images/f5-cert-client
            version: v2.3.8
          - name: images/f5-csm-qkview
            version: v27.2.10-0.1.0
          - name: images/f5-debug-sidecar
            version: v7.298.1-0.0.4
          - name: images/f5-dssm-store
            version: v1.26.6
          - name: images/f5-dssm-upgrader
            version: v1.2.10
          - name: images/f5-fluentbit
            version: v0.8.8
          - name: images/f5-fluentd
            version: v1.5.11
          - name: images/f5-l4p-engine
            version: v1.100.30-0.0.4
          - name: images/f5-license-helper
            version: v0.11.0-0.0.2
          - name: images/f5-toda-tmstatsd
            version: v1.9.28
          - name: images/f5dr-img
            version: v0.12.4-0.0.3
          - name: images/f5dr-img-init
            version: v0.12.4-0.0.3
          - name: images/f5ingress
            version: v0.480.0-0.1.52
          - name: images/init-certmgr
            version: v0.22.22-0.0.4
          - name: images/opentelemetry-collector-contrib
            version: 0.75.0
          - name: images/rabbit
            version: v0.4.12
          - name: images/cnf-csrc
            version: v0.3.6
          - name: images/cnf-cwc
            version: v0.32.6-0.0.2
          - name: images/tmm-img
            version: v0.950.0-0.1.1
          - name: images/tmrouted-img
            version: v0.12.4
          - name: images/f5-blobd
            version: v0.12.10
    

3. Install Helm charts

Following are the two different procedures described to install the Helm charts. Perform the steps mentioned in either Procedure 1 or procedure 2 to complete the installation.

_images/spk_info.png Note: Perform any one of the following procedures.

Procedure 1: Download cnf Helm charts, Docker Images and other Utilities

Do the following steps to download cnf Helm charts, Docker Images and other Utilities:

  1. Perform Helm Login to download Helm charts from FAR:

    cat <service_account_key_base64 file> | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com
    

    In this example, cne_pull-base64.json is the Service Account Key.

    cat cne_pull_64.json | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com
    
  2. Perform Helm Pull to pull the Helm charts from FAR:

    helm pull oci://repo.f5.com/<path of Helm chart> --version <version of Helm chart>  
    

    In this example, charts/f5ingress is the path for pulling f5ingress Helm chart and its version is v0.480.0-0.1.52 as retrieved from the manifest.yaml file.

    helm pull oci://repo.f5.com/charts/f5ingress --version v0.480.0-0.1.52
    
  3. Perform Utilities Pull to pull the other utilities from FAR:

    helm pull oci://repo.f5.com/<path of Utilities> --version <version of Utility> 
    

    In this example, utils/f5nxtctl is the path for pulling f5nxtctl utility and its version is v0.1.19 as retrieved from the manifest.yaml file.

    helm pull oci://repo.f5.com/utils/log-doc-f5ingress --version 0.1.19
    
  4. Perform Docker Login to download docker images from FAR:

    cat <service_account_key_base64 file> | docker login -u _json_key_base64 --password-stdin <URL of F5 Artifact Registry>
    

    In this example, cne_pull_64.json is the same Service Account Key.

    cat cne_pull_64.json | docker login -u _json_key_base64 --password-stdin https://repo.f5.com
    
  5. Perform Docker Pull to pull the docker images from FAR:

    docker pull repo.f5.com/<path of Docker Image>:<version of Docker Image> 
    

    In this example, images/rabbit is the path for pulling rabbit docker image and its version is v0.4.12 as retrieved from the manifest.yaml file.

    docker pull repo.f5.com/images/rabbit:v0.4.12
    

Procedure 2: Installing helm chart via imagePullSecrets

The imagePullSecrets feature is used to securely install helm chart from a FAR directly into a cluster by using the Service Account Key from the TGZ file as authentication credentials.

Use the following steps to install helm chart directly from FAR into a cluster:

  1. Perform Helm Login, as shown in Step 1 of Procedure 1: Download cnf Helm charts, Docker Images and other Utilities section.

  2. Perform Docker Login to download docker images as shown in step 4 of Procedure 1: Download cnf Helm charts, Docker Images and other Utilities section.

  3. Copy and paste the below bash script into a .sh file and run.

    _images/spk_info.png Note: The bash script here is using cne_pull_64.json as a Service Account Key. This script is written for Linux. Remove -w 0 as arguments to base64 from the script when using on Mac.

      #!/bin/bash
    
      # Read the content of pipeline.json into the SERVICE_ACCOUNT_KEY variable
      SERVICE_ACCOUNT_KEY=$(cat cne_pull_64.json)
    
      # Create the SERVICE_ACCOUNT_K8S_SECRET variable by appending "_json_key_base64:" to the base64 encoded SERVICE_ACCOUNT_KEY
      SERVICE_ACCOUNT_K8S_SECRET=$(echo "_json_key_base64:${SERVICE_ACCOUNT_KEY}" | base64 -w 0)
    
      # Create the secret.yaml file with the provided content
      cat << EOF > far-secret.yaml
      ---
      apiVersion: v1
      kind: Secret
      metadata:
        name: far-secret
      data:
        .dockerconfigjson: $(echo "{\"auths\": {\
      \"repo.f5.com\":\
      {\"auth\": \"$SERVICE_ACCOUNT_K8S_SECRET\"}}}" | base64 -w 0)
      type: kubernetes.io/dockerconfigjson
      EOF
    

    The far-secret.yaml secret file will be generated according to the secret name provided in the bash script.

  4. Apply far-secret.yaml secret file to the namespace where you want to install the helm chart:

    oc create -f far-secret.yaml -n <namespace>  
    

    In this example the far-secret.yaml secret is install to the demo-ns Project.

    oc create -f far-secret.yaml -n demo-ns  
    
  5. In this Fluentd example, configure the fluentd_values.yaml file with imageCredentials and image.repository parameters to install the helm chart from FAR:

    imageCredentials:
      name: far-secret    
    
    image:
      repository: repo.f5.com/images
    

    Note: Attribute imageCredentials name varies for different helm charts. To know the exact name defined for this field, please refer the document of that particular helm chart.

  6. Install the helm chart:

    helm install <release name> oci://repo.f5.com/<path of helm chart> --version <version number> -f <values>.yaml
    

    In this example, charts/f5-toda-fluentd is the path for installing f5-toda-fluentd helm chart its version is 1.23.36-0.0.1, values file is fluentd_values.yaml (Created in Step 3).

    helm install f5-fluentd oci://repo.f5.com/charts/f5-toda-fluentd --version 1.23.36-0.0.1 -f fluentd_values.yaml
    
  7. Verify the status of the helm chart:

    oc get pods -n demo-ns   
    

    In this example, the f5-toda-fluentd is Running.

    NAME                               READY   STATUS   RESTARTS   AGE  
    f5-toda-fluentd-6fcdb48d8b-4dkcc   1/1     Running         0    9s
    

Feedback

Provide feedback to improve this document by emailing cnfdocs@f5.com.