CNFs Artifacts Via F5 Artifact Registry¶

Overview¶

The Cloud-Native Network Functions (CNFs) helm charts, docker images, and other utilities are now available via F5 Artifact Registry (FAR) at repo.f5.com. FAR is accessible to all, but only users with a valid Service Account Key can download and install the artifacts.

This document details the procedures for downloading a Service Account Key and Manifest file, and using the Service Account Key to download and install CNFs Helm charts, docker images, and other utilities into the cluster from FAR (repo.f5.com).

Requirements¶

Ensure you have:

A workstation with Helm v3.8.0 or higher installed.

Procedures¶

1. Download Service Account Key and Manifest File¶

To download the Service Account Key and Manifest file, do the following:

_images/spk_info.png Note: You must have an MyF5 account to login.

Once you login, you get TGZ file.

For Example: cnf-far-x.x.x.tgz

The TGZ file contains:

a. Service Account Key: This is Service Account Key in base64 format, used for logging into FAR.

b. manifest.yaml file: Contains names and version numbers of all CNFs Helm charts and docker images.

Example of manifest.yaml file for version 1.3.0:

 f5_helm_repo: oci://repo.f5.com
 f5_docker_repo: repo.f5.com
 release:
    1.3.0:
      helm_charts:
        - name: charts/cwc
          version: 0.14.15-0.0.6
        - name: utils/cert-gen
          version: 0.9.2
        - name: charts/f5-cert-manager
          version: 0.22.22-0.0.2
        - name: charts/f5-crdconversion
          version: 0.9.4-0.0.3
        - name: charts/f5-dssm
          version: 0.67.7-0.0.1
        - name: charts/f5-cnf-crds-n6lan
          version: 0.161.0-0.1.2
        - name: charts/f5-toda-fluentd
          version: 1.23.36
        - name: charts/f5ingress
          version: v0.480.0-0.1.30
        - name: utils/f5nxtctl
          version: 0.1.19
        - name: charts/rabbitmq
          version: 0.2.8-0.0.2
      docker_images:
        - name: images/cert-manager-cainjector
          version: 2.2.3
        - name: images/cert-manager-controller
          version: 2.2.3
        - name: images/cert-manager-ctl
          version: 2.2.3
        - name: images/cert-manager-webhook
          version: 2.2.3
        - name: images/crd-conversion
          version: v1.53.3
        - name: images/crdupdater
          version: v0.4.12

2. Install Helm charts¶

Following are the two different procedures described to install the Helm charts. Perform the steps mentioned in either Procedure 1 or procedure 2 to complete the installation.

Note: Perform any one of the following procedures

Procedure 1: Download CNF Helm charts, Docker Images and other Utilities¶

Do the following steps to download CNFs Helm charts, Docker Images and other Utilities:

Do Helm Login to download Helm charts from FAR:

cat <service_account_key_base64 file> | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com

In this example, cne_pull-base64.json is the Service Account Key.

cat cne_pull_64.json | helm registry login -u _json_key_base64 --password-stdin https://repo.f5.com

Run Helm Pull command to pull the Helm charts from FAR:
```
helm pull oci://repo.f5.com/<path of Helm chart> --version <version of Helm chart>  
```
In this example, charts/f5ingress is the path for pulling f5ingress Helm chart and its version is vv0.480.0 as retrieved from the manifest.yaml file.
```
helm pull oci://repo.f5.com/charts/f5ingress --version v0.480.0 
```
Perform Utilities Pull to pull the other utilities from FAR:
```
helm pull oci://repo.f5.com/<path of Utilities> --version <version of Utility> 
```
In this example, utils/f5nxtctl is the path for pulling f5nxtctl utility and its version is v0.1.19 as retrieved from the manifest.yaml file.
```
helm pull oci://repo.f5.com/utils/f5nxtctl --version 0.1.19
```

Perform Docker Login to download docker images from FAR:

cat <service_account_key_base64 file> | docker login -u _json_key_base64 --password-stdin <URL of F5 Artifact Registry>

In this example, cne_pull_64.json is the same Service Account Key.

cat cne_pull_64.json | sudo docker login -u _json_key_base64 --password-stdin https://repo.f5.com

Perform Docker Pull to pull the docker images from FAR:
```
docker pull repo.f5.com/<path of Docker Image>:<version of Docker Image> 
```
In this example, images/rabbit is the path for pulling rabbit docker image and its version is v0.4.12 as retrieved from the manifest.yaml file.
```
docker pull repo.f5.com/images/rabbit:v0.4.12
```

Procedure 2: Install Helm charts using imagePullSecrets¶

The imagePullSecrets feature is used to securely install helm chart from a FAR directly into a cluster by using the Service Account Key from the TGZ file as authentication credentials.

Following are the steps to install helm chart directly from FAR into a cluster:

Do Helm Login, as shown in Step 1 of Procedure 1: Download CNFs Helm charts, Docker Images and other Utilities section.
Perform Docker Login to download docker images as shown in step 4 of Procedure 1: Download CNFs Helm charts, Docker Images and other Utilities section.

Copy and paste the below bash script into a .sh file and run it.

_images/spk_info.png Note: The bash script here is using cne_pull_64.json as a Service Account Key. This script is written for Linux. Remove -w 0 as arguments to base64 from the script when using on Mac.

#!/bin/bash

# Read the content of pipeline.json into the SERVICE_ACCOUNT_KEY variable
  SERVICE_ACCOUNT_KEY=$(cat cne_pull_64.json)

# Create the SERVICE_ACCOUNT_K8S_SECRET variable by appending "_json_key_base64:" to the base64 encoded SERVICE_ACCOUNT_KEY
  SERVICE_ACCOUNT_K8S_SECRET=$(echo "_json_key_base64:${SERVICE_ACCOUNT_KEY}" | base64 -w 0)

# Create the secret.yaml file with the provided content
  cat << EOF > far-secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
  name: far-secret
data:
  .dockerconfigjson: $(echo "{\"auths\": {\
\"repo.f5.com\":\
{\"auth\": \"$SERVICE_ACCOUNT_K8S_SECRET\"}}}" | base64 -w 0)
type: kubernetes.io/dockerconfigjson
EOF

The far-secret.yaml secret file will be generated according to the secret name provided in the bash script.

Apply far-secret.yaml secret file to the namespace where you want to install the helm chart:
```
kubectl create -f far-secret.yaml -n <namespace>  
```
In this example the far-secret.yaml secret is install to the demo-ns Project.
```
kubectl create -f far-secret.yaml -n demo-ns  
```
Create a Helm values file named fluentd_values.yaml, and set the imageCredentials and image.repository parameters to install the helm chart from FAR:
```
imageCredentials:
  name: far-secret    

image:
  repository: repo.f5.com/images
```

Install the helm chart:

helm install <release name> oci://repo.f5.com/<path of helm chart> --version <version number> -f <values>.yaml

In this example, charts/f5-toda-fluentd is the path for installing f5-toda-fluentd helm chart its version is 1.23.36, values file is fluentd_values.yaml (Created in Step 3).

helm install f5-fluentd oci://repo.f5.com/charts/f5-toda-fluentd --version 1.23.36 -f fluentd_values.yaml

Verify the status of the helm chart:

kubectl get pods -n demo-ns   

In this example, the f5-toda-fluentd is Running.

NAME                               READY   STATUS   RESTARTS   AGE  
f5-toda-fluentd-6fcdb48d8b-4dkcc   1/1     Running         0    9s

Feedback¶

Provide feedback to improve this document by emailing cnfdocs@f5.com.

Previous Next