CNFs Software¶
Overview¶
The Cloud-Native Network Functions (CNFs) custom resource definitions (CRDs), software images and installation Helm charts are provided in a single TAR file. A CNFs public signing key, and two signature files are also provided to validate the TAR file’s integrity. Once validated and extracted, the software images can be uploaded to a local container registry, and integrated into the cluster using the CNFs Helm charts. Finally, the CNFs CRDs will be installed into the cluster.
This document describes the CNFs software, and guides you through validating, extracting and installing the CNF software components.
Software images¶
The table below lists and describes the software images for this software release. For a full list of software images by release, refer to the Software Releases guide.
Note: The software image name and deployed container name may differ.
| Image | Version | Description |
|---|---|---|
| f5ingress | v0.761.1-0.0.238 | The helm_release-f5ingress container is a custom CNF controller that watches the K8S API for CR updates, and configures either AFM or TMM based on the update. |
| f5ing-tmm-pod-manager | v1.0.8-0.1.7 | The tmm-pod-manager container is a part of f5ingress pod, which is mainly responsible for watching TMM pod events and propagating the TMM pod information to f5ingress main container and other control plane pods. These pods push configurations to TMM pods. |
| f5-coremond | v0.7.27-10.0.14 | Coremond runs as daemon set in every node and is responsible for processing core files generated by the operating system or third party. |
| tmm-img | v10.14.2-0.2.1 | The f5-tmm container is a Traffic Management Microkernel (TMM) instance that proxies and load balances application traffic between the external and internal networks. |
| f5-l4p-engine | v1.120.3-10.0.3 | The f5-afm-pccd container is an Application Firewall Manager (AFM) instance that converts firewall rules and NAT policies into the binary large objects (BLOBs) used by TMM. |
| f5-nsec-ips-daemon | v3.4.8-0.0.8 | The f5-ipsd container is the intrusion detection and prevention instance, providing deep packet inspection and prevention of malignant network packets. |
| tmrouted-img | v2.1.7-0.1.2 | The f5-tmm-tmrouted container proxies and forwards information between the f5-tmm-routing and f5-tmm containers. |
| f5dr-img | v3.2.1-0.0.8 | The f5-tmm-routing container maintains the dynamic routing tables used by TMM. |
| f5-toda-tmstatsd | v1.11.12-10.0.2 | The f5-toda-stats container collects application traffic processing statistics from the f5-tmm container, and forwards the data to the Otel Collectors. |
| f5-dssm-store | v5.0.7-10.0.3 | Contains two sets of software images; The f5-dssm-db containers that store shared, persisted session state data, and the f5-dssm-sentinel containers to monitor the f5-dssm-db containers. For more info, refer to dSSM database. |
| cnf-cwc | v0.34.14-10.0.9 | The cnf-cwc container enables software licensing, and reports telemetry statistics regarding monthly software usage. Refer to CNFs CWC. |
| f5-license-helper | v0.12.5-0.0.6 | The f5-lic-helper communicates with the spk-cwc to determine the current license status of the cluster. |
| rabbit | v0.5.9-0.0.2 | The rabbitmq-server container as a general message bus, integrating CNFs CWC with the BIG-IP Controller Pod(s) for licensing purposes. |
| cert-manager-controller | v2.3.0 | The cert-manager-controller manages the generation and rotation of the SSL/TLS certificate that are stored as Secrets, to secure communication between the various CNFs Pods. |
| cert-manager-cainjector | v2.3.0 | The cert-manager-cainjector assists the cert-manager-controller to configure the CA certificates used by the cert-manager-webhook and K8S API. |
| cert-manager-webhook | v2.3.0 | The cert-manager-webhook ensures that SSL/TLS certificate resources created or updated by the cert-manager-contoller conform to the API specifications. |
| f5-debug-sidecar | v8.57.0-0.2.31 | The debug container provides diagnostic tools for viewing TMM's configuration, traffic processing statistics and gathering TMM diagnostic data. For more info, refer to Debug Sidecar. |
| f5-fluentbit | v1.0.5-0.0.4 | The fluentbit container collects and forwards statistics to the f5-fluentd container. Multiple versions are included to support the different CNFs containers. |
| f5-fluentd | v2.0.6-10.0.3 | The f5-fluentd container collects statistics and logging data from the Controller, TMM and dSSM Pods. For more info, refer to Fluentd Logging. |
| opentelemetry-collector-contrib | 0.123.0 | The otel-collector container gathers metrics and statistics from the TMM Pods. Refer to OTEL Collector. |
| f5-dssm-upgrader | v2.0.9-10.0.5 | The dssm-upgrade-hook enables dSSM DBs upgrades without service interruption or data loss. Refer to Upgrading dSSM. |
| f5-csm-qkview | v0.10.23-0.0.3 | The f5-csm-qkview includes the qkview-orchestrator service, which manages requests from CWC to create or download qkview tar files. It communicates with qkview-collect, initiating the process of generating and downloading qkview tar files from containers within a designated namespace. |
| f5-cert-client | v3.0.17-0.0.6 | The f5-cert-client container provides an interface for CNF components to request certificates from f5-cert-manager. Additionally, f5-cert-client can provide certificate rotation functionality for those CNF components. |
| crd-conversion | v1.62.8-0.0.3 | The f5-crd-conversion container handles the automatic conversion of multiple CRD versions based on the specified namespace and version in the cluser, without affecting existing CRs. |
| f5-downloader | v0.8.1-0.0.11 | The f5-downloader pod is used for upgrading IM package for IPS feature. Enums of IPS CRD will be upgraded using this pod. |
| f5-blobd | v1.10.0-10.0.6 | The f5-blobd container allows loading binary large objects (BLOBs) into the TMM memory. It is required for AFM use-cases, like firewall and NAT. |
| f5-version-validator | v1.0.5-10.0.8 | The f5-version-validator performs version compatibility checks to verify whether the cluster has the supported product versions. |
Requirements¶
Ensure you have:
- Obtained the CNF software tarball.
- A local container registry.
- A workstation with Podman.
- (Optional) A compatible version of Open Source Cert Manager
Procedures¶
Validate and extract¶
Use the following steps to validate the CNFs tarball, extract the software images, installation Helm charts, and CRDs.
Create a new directory for the CNFs files:
mkdir <directory>In this example, the new directory is named cnfinstall:
mkdir cnfinstallMove the CNFs files into the directory:
mv f5-cne* f5-cne-2.0.1-3.233.0+0.3.128.pem cnfinstall
Change into the directory and list the files:
cd cnfinstall; ls -1
The files appear as:
f5-cne-2.0.1-3.233.0+0.3.128.pem f5-cne-2.0.1-3.233.0+0.3.128.tgz f5-cne-sha512.txt-2.0.1-3.233.0+0.3.128.sha512.sig f5-cne.tgz-2.0.1-3.233.0+0.3.128.sha512.sig
Use the PEM signing key and each SHA signature file to validate the CNFs TAR file:
openssl dgst -verify <pem file>.pem -keyform PEM \ -sha512 -signature <sig file>.sig <tar file>.tgz
The command output states Verified OK for each signature file:
openssl dgst -verify f5-cne-2.0.1-3.233.0+0.3.128.pem -keyform PEM -sha512 \ -signature f5-cne.tgz-2.0.1-3.233.0+0.3.128.sha512.sig \ f5-cne-2.0.1-3.233.0+0.3.128.tgz
Verified OKExtract the CNFs images, Helm charts, and CRDs from the TAR file:
tar xvf f5-cne-2.0.1-3.233.0+0.3.128.tgz
List the newly extracted files:
ls -1The file list shows the CRD bundless and the CNF image TAR file named f5-cne-images-v2.0.1-3.233.0+0.3.128.tgz:
f5-cne-2.0.1-3.233.0+0.3.128.pem f5-cnf-crds-n6lan-8.5.2-0.1.12.tgz f5-cne-images-2.0.1-3.233.0+0.3.128.tgz f5-cne-2.0.1-3.233.0+0.3.128.tgz f5-cne-sha512.txt-2.0.1-3.233.0+0.3.128.sha512.sig f5-cne.tgz-2.0.1-3.233.0+0.3.128.sha512.sig
Extract the CNF Helm charts and software images:
tar xvf f5-cne-images-2.0.1-3.233.0+0.3.128.tgz
List the extracted Helm charts and software images:
ls -1RThe file list shows a new tar directory with the following files:
f5-cne-2.0.1-3.233.0+0.3.128.pem f5-cnf-crds-n6lan-8.5.2-0.1.12.tgz f5-cne-images-2.0.1-3.233.0+0.3.128.tgz f5-cne-2.0.1-3.233.0+0.3.128.tgz f5-cne-sha512.txt-2.0.1-3.233.0+0.3.128.sha512.sig f5-cne.tgz-2.0.1-3.233.0+0.3.128.sha512.sig tar ./tar: csrc-0.7.3-0.0.6.tgz cwc-0.41.34-10.0.22.tgz coremond-0.7.27-10.0.14.tgz dnat-util-v0.5.4.tgz f5-cert-gen-0.9.3.tgz f5-cert-manager-0.23.28-0.0.12.tgz f5-crdconversion-0.16.15-0.0.15.tgz f5-dssm-1.0.15-0.1.8.tgz f5-toda-fluentd-1.31.12-10.0.13.tgz f5ingress-v0.761.1-0.0.238.tgz log-doc-f5ingress-0.761.1+0.0.238.tgz rabbitmq-0.5.10-10.0.17.tgz f5-toda-observer-v4.56.4-0.0.15.tgz cne-docker-images.tgz
Install CRDs¶
Use the following steps to extract and install the new CNF CRDs.
List the CNF CRD bundle:
ls -1 | grep crd
The file list shows CRD bundle:
f5-cnf-crds-n6lan-8.5.2-0.1.12.tgz
Install the CRDs:
a. Install CRDs using Helm install:
helm install f5crds f5-cnf-crds-n6lan-8.5.2-0.1.12.tgz -f crd-values.yaml
Example:
crd-values.yamlfile (We only need to use this namespace parameter when CRD Conversion is deployed in a non-default namespace. The value of the namespace parameter should match the namespace in which CRD Conversion is deployed.)conversion: namespace: cnf-crdconversion
Note: In the command output, newly installed CRDs will be indicated by created, and updated CRDs will be indicated by configured
customresourcedefinition.apiextensions.k8s.io/f5-big-alg-ftps.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-alg-pptps.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-alg-rtsps.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-alg-tftps.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-cne-addresslists.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-cne-datagroups.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-cne-portlists.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-cne-snatpools.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-context-globals.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-context-secures.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-ddos-policies.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-dns-apps.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-dns-caches.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-fastl4-settings.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-fw-policies.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-ips-policies.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-log-hslpubs.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-log-profiles.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-nat-policies.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-net-staticroutes.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-net-vlans.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-tcp-settings.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-udp-settings.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-zerorating-policies.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-certificaterequests.cm.f5co.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-certificates.cm.f5co.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-challenges.acme.cm.f5co.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-clusterissuers.cm.f5co.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-issuers.cm.f5co.k8s.f5net.com unchanged customresourcedefinition.apiextensions.k8s.io/f5-big-orders.acme.cm.f5co.k8s.f5net.com unchanged
b. (Optional) If the customer wants to use the OSS cert-manager, add the following in the
values.yamlfile:global: certmgr: external: true versionValidator: name: f5-version-validator image: repository: "repo.f5.com/images
customresourcedefinition.apiextensions.k8s.io/f5-big-alg-ftps.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-alg-pptps.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-alg-rtsps.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-alg-tftps.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-cne-addresslists.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-cne-datagroups.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-cne-portlists.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-cne-snatpools.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-context-globals.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-context-secures.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-ddos-policies.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-dns-apps.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-dns-caches.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-fastl4-settings.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-fw-policies.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-ips-policies.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-log-hslpubs.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-log-profiles.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-nat-policies.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-net-staticroutes.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-net-vlans.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-tcp-settings.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-udp-settings.k8s.f5net.com configured customresourcedefinition.apiextensions.k8s.io/f5-big-zerorating-policies.k8s.f5net.com configured
Note: If open source Cert-Manager is used,
f5-cert-managerCRDs will not be installed. For more information, see Open Source Cert Manager section.List the installed CNFs CRDs:
oc get crds | grep f5
The CRD listing will contain the full list of CRDs:
certificaterequests.cm.f5co.k8s.f5net.com 2024-01-24T19:03:03Z certificates.cm.f5co.k8s.f5net.com 2024-01-24T19:03:03Z challenges.acme.cm.f5co.k8s.f5net.com 2024-01-24T19:03:03Z clusterissuers.cm.f5co.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-alg-ftps.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-alg-pptps.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-alg-rtsps.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-alg-tftps.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-cne-addresslists.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-cne-datagroups.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-cne-downloaders.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-cne-portlists.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-cne-snatpools.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-context-globals.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-context-secures.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-ddos-globals.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-ddos-profiles.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-dns-apps.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-dns-caches.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-fastl4-settings.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-fw-policies.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-fw-rulelists.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-ips-policies.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-log-hslpubs.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-log-profiles.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-nat-policies.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-net-staticroutes.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-net-vlans.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-tcp-settings.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-udp-settings.k8s.f5net.com 2024-01-24T19:03:03Z f5-big-zerorating-policies.k8s.f5net.com 2024-01-24T19:03:03Z issuers.cm.f5co.k8s.f5net.com 2024-01-24T19:03:03Z orders.acme.cm.f5co.k8s.f5net.com 2024-01-24T19:03:03Z
Install Cert Manager¶
Install the cert manager. For more information on how to install and configure Cert Manager, see Cert Manager guide.
Install CRD Conversion pod¶
Add the
f5-crdconversionserviceAccount to the privileged security context constraints (SCC) of the project:oc adm policy add-scc-to-user privileged -n <project> -z <serviceaccount>
In this example, the
f5-crdconversionis added to the cnf-cert-manager project’s privileged SCC.oc adm policy add-scc-to-user privileged -n cnf-crdconversion -z defaultInstall the CRD Conversion pod with latest version using Helm install:
helm install f5-crd-conversion --version 0.16.15-0.0.15 -n cnf-crdconversion f5ingress-dev/f5-crdconversion -f crd-conversion-values.yaml
Verify the STATUS of the CRD Conversion pod:
In this example, CRD Conversion Pod is installed in the cnf-crdconversion Project.
oc get pod -n cnf-crdconversion
As we can see CRD Conversion pod is created.
NAME READY STATUS RESTARTS AGE f5-crd-conversion-8478b9y96-asfd1 1/1 Running 0 30s
Upload the images¶
Use the following steps to upload the CNFs software images to a local container registry.
Install the CNFs images to your workstation’s Podman image store:
podman load -i tar/cne-docker-images.tgz
List the CNF images to be tagged and pushed to the local container registry in the next step:
podman images --format "table {{.Repository}} {{.Tag}} {{.ID}}"
REPOSITORY TAG IMAGE ID REPOSITORY TAG IMAGE ID local.registry/f5ingress v0.761.1-0.0.238 a3dc4278abce local.registry/f5-license-helper v0.12.5-0.0.6 42979e24079c local.registry/spk-cwc v0.34.14-10.0.9 bd80b484e2d5 local.registry/rabbit v0.5.9-0.0.2 b06ae70d6a1d local.registry/tmm-img v10.14.2-0.2.1 b23a94f5109c local.registry/spk-csrc v0.5.11-0.0.2 fb4f24554f2e local.registry/f5-debug-sidecar v8.57.0-0.2.31 b5a96e2c75a9 local.registry/f5dr-img-init v3.2.1-0.0.8 8b56629da585 local.registry/f5-cert-client v3.0.17-0.0.6 8ddc1507bfcb local.registry/f5dr-img v3.2.1-0.0.8 3a971da6715e local.registry/tmrouted-img v2.1.7-0.1.2 95555637a4b5 local.registry/f5-toda-observer v4.56.4-0.0.15 b7db90a0fcad local.registry/f5-fluentd v2.0.6-10.0.3 a35c89f5a64e local.registry/crd-conversion v1.62.8-0.0.3 44b0ee331e01 local.registry/cert-manager-ctl 2.2.3 48f768b562b4 local.registry/cert-manager-webhook 2.2.3 edec31deeece local.registry/cert-manager-cainjector 2.2.3 100c82bbf515 local.registry/cert-manager-controller 2.2.3 86b90770dd0b local.registry/init-certmgr v0.23.28-0.0.12 586476b2bac5 local.registry/f5-toda-tmstatsd v1.11.12-10.0.2 210167caae21 local.registry/f5-dssm-upgrader v2.0.9-10.0.5 87d725f21fc7 local.registry/f5-dssm-store v5.0.7-10.0.3 62df542691c0 local.registry/f5-l4p-engine v1.120.3-10.0.3 b4ca6a965d9f local.registry/opentelemetry-collector-contrib 0.123.0 f0eaa24275f0 local.registry/f5-fluentbit v1.0.5-0.0.4 4e0abc53da5d local.registry/f5-blobd v1.10.0-10.0.6 bfbfa4b45a8f local.registry/f5-csm-qkview v0.10.23-0.0.3 2064634bcf2d local.registry/f5-bdosd v0.35.0-0.0.7 7b1b2407a0d2 local.registry/f5-version-validator v1.0.5-10.0.8 e747d5b73150 local.registry/f5-dwbld v1.33.0-0.0.21 7dc83dc960e9 local.registry/f5ing-tmm-pod-manager v1.0.8-0.1.7 9cf9f69add65 local.registry/f5-coremond v0.7.27-10.0.14 2eebd6afdaea local.registry/dnsx-img v0.10.11-0.0.6 46b65bda8d54 local.registry/f5-nsec-ips-daemon v3.4.8-0.0.8 e1627086d7a7 local.registry/cert-manager-startupapicheck v2.3.0 b3bed6de8ba9 local.registry/crdupdater v0.4.26-0.0.4 b10a44d4b2b1 local.registry/f5-downloader v0.8.1-0.0.11 fc3863d29d47
Tag and push each image to the local container registry. For example:
podman tag <local.registry/image name>:<version> <registry>/<image name>:<version>
podman push <registry_name>/<image name>:<version>
In this example, the f5ingress:v0.761.1-0.0.238 image is tagged and pushed to the remote registry registry.com:
podman tag local.registry/f5ingress:v0.761.1-0.0.238 registry.com/f5ingress:v0.761.1-0.0.238
podman push registry.com/f5ingress:v0.761.1-0.0.238
Note: If you encounter the “insufficient UIDs or GIDs available in user namespace” error while pushing the Docker image, kindly use the following command:A. If you are pushing an image, use this command:
podman --storage-opt overlay.ignore_chown_errors=true push <registry>/<image name>:<version>
Example:
podman --storage-opt overlay.ignore_chown_errors=true push artifactory.f5net.com/f5-mbip-docker/f5-nsec-ips-daemon:v3.4.8-0.0.8
B. If you still encounter the error while pushing the image, increase the subuids and subgids range to larger values. Make sure the subuids and subgids fit within the required range.
Example:
sudo usermod --add-subuids 200000-2010000000 <USERNAME>
sudo usermod --add-subgids 200000-2010000000 <USERNAME>
Once all of the images have uploaded, verify the images exist in the local container registry:
curl -X GET https://<registry>/v2/_catalog -u <user:pass>
For example:
curl -X GET https://registry.com/v2/_catalog -u cnfadmin:cnfadmin
"repositories":["f5-debug-sidecar","f5-dssm-store","f5-fluentbit","f5-fluentd","f5-toda-tmstatsd","f5dr-img","f5ingress","tmm-img","tmrouted-img"]}
Next step¶
Continue to the CNFs Cert Manager guide to secure CNFs communications.
Feedback¶
Provide feedback to improve this document by emailing cnfdocs@f5.com.