Artifacts via F5 Artifact Registry¶
Note
Perform the following tasks in order.
Download the service-account key¶
Login to the MyF5.
Navigate to Support Resources and click Downloads.
Check the box for the End User License Agreement and Program Terms, then click Next.
Choose BIG-IP_Next from the “Select a Product Family Group” drop-down.
Select “Service Proxy for Kubernetes (SPK)” from the “Product Line” drop-down.
Choose the desired version from the “Product Version” drop-down.
Select the
f5-far-auth-key.tgzfile from the download file list.Choose a download location from the drop-down menu and click Download.
Extract the archive file:
tar zxvf f5-far-auth-key.tgz
Download the release-manifest file¶
Log in to F5 Artifact Registry with Helm:
cat cne_pull_64.json | helm registry login \ --username _json_key_base64 \ --password-stdin repo.f5.com
Set the
CNE_RELEASE_MANIFEST_VERSIONenvironment variable to the version of the release manifest.Use this table to determine the version of the release manifest associated with a given version of F5 BIG-IP Cloud-Native Edition:
|
Release-manifest version |
|---|---|
2.2.1 |
2.2.1-3.2226.0-0.0.511 |
2.2.0 |
2.2.0-3.2226.0-0.0.385 |
*Example*
```shell
export CNE_RELEASE_MANIFEST_VERSION=2.2.1-3.2226.0-0.0.511
```
Download the archive file for the release-manifest chart:
helm pull oci://repo.f5.com/release/f5-bigip-k8s-manifest --version $CNE_RELEASE_MANIFEST_VERSION
Extract the archive file for the release-manifest chart:
tar xvf f5-bigip-k8s-manifest-${CNE_RELEASE_MANIFEST_VERSION}.tgz
The release manifest shows the names and versions of the Helm charts and Docker container images that are included in the release. Here’s a shortened example of a release manifest:
f5_helm_repo: oci://repo.f5.com f5_docker_repo: repo.f5.com releases: - version: 2.2.0-3.2226.0-0.0.385 helm_charts: - name: charts/cwc version: 0.49.7-0.0.16 - name: utils/f5-cert-gen version: 0.9.3 - name: charts/f5-cert-manager version: 0.23.48-0.1.5 ... docker_images: - name: images/cert-manager-cainjector version: v2.5.2 - name: images/cert-manager-controller version: v2.5.2 - name: images/cert-manager-startupapicheck version: v2.5.2 ...
(Private artifact registry only) Download the Helm charts and Docker container images¶
Log in to F5 Artifact Registry with Helm:
cat cne_pull_64.json | helm registry login \ --username _json_key_base64 \ --password-stdin repo.f5.com
Repeat this step to pull each Helm chart in the
chartsdirectory from F5 Artifact Registry, using the versions shown in the release manifest:helm pull oci://repo.f5.com/charts/<helmChartFilename> \ --version <helmChartVersion>
Example
helm pull oci://repo.f5.com/charts/f5ingress \ --version 15.82.0-0.2.50
Repeat this step to pull each Helm pseudo-chart in the
utilsdirectory from F5 Artifact Registry, using the versions shown in the release manifest:helm pull oci://repo.f5.com/utils/<helmPseudoChartFilename> \ --version <helmPseudoChartVersion>
Example
helm pull oci://repo.f5.com/utils/log-doc-f5ingress \ --version 15.82.0-0.2.50
Log in to F5 Artifact Registry with Docker:
cat cne_pull_64.json | docker login \ --username _json_key_base64 \ --password-stdin repo.f5.com
Repeat this step to pull each Docker container image from F5 Artifact Registry, using the versions shown in the release manifest:
docker pull repo.f5.com/images/<containerImageFilename>:<containerImageVersion>
Example
docker pull repo.f5.com/images/rabbit:v0.5.15-0.0.3
(F5 Artifact Registry only) Install Helm charts from F5 Artifact Registry¶
Log in to F5 Artifact Registry with Helm:
cat cne_pull_64.json | helm registry login \ --username _json_key_base64 \ --password-stdin repo.f5.com
Create a file to use as a script that creates a manifest for the F5 Artifact Registry pull secret:
touch create-far-pull-secret-manifest.shOpen the file in a text editor.
Copy the following code and paste it into the file:
#!/bin/bash # Read the content of pipeline.json into the SERVICE_ACCOUNT_KEY variable SERVICE_ACCOUNT_KEY=$(cat cne_pull_64.json) # Create the SERVICE_ACCOUNT_K8S_SECRET variable by appending "_json_key_base64:" to the base64 encoded SERVICE_ACCOUNT_KEY SERVICE_ACCOUNT_K8S_SECRET=$(echo "_json_key_base64:${SERVICE_ACCOUNT_KEY}" | base64 -w 0) # Create the secret.yaml file with the provided content cat << EOF > far-pull-secret.yaml --- apiVersion: v1 kind: Secret metadata: name: far-pull-secret data: .dockerconfigjson: $(echo "{\"auths\": {\ \"repo.f5.com\":\ {\"auth\": \"$SERVICE_ACCOUNT_K8S_SECRET\"}}}" | base64 -w 0) type: kubernetes.io/dockerconfigjson EOF
Save and close the file.
Make the file executable:
chmod +x create-far-pull-secret-manifest.sh
Run the script:
./create-far-pull-secret-manifest.sh
The script creates a file named
far-pull-secret.yaml.In the namespace in which you want to install a Helm chart, create an image pull secret to allow Kubernetes to pull container images from F5 Artifact Registry:
kubectl apply -f far-pull-secret.yaml \ --namespace <namespaceName>
In an override values file that you create for a Helm chart, make sure that it includes the value
repo.f5.com/imagesanywhere it specifies the image repository (for example,image.repository) and the valuefar-pull-secretanywhere it specifies the image pull secret (for example,imagePullSecrets.[0].name) or image credentials (for example,imageCredentials.name).Example
In the override values file for the
f5-toda-fluentdchart, specify the image repository and image credentials as follows:image: repository: repo.f5.com/images imageCredentials: name: far-pull-secret
Install the Helm chart:
helm install <releaseName> oci://repo.f5.com/charts/<helmChartFilename> \ --version <helmChartVersion> \ --namespace <namespaceName> \ --values <overrideValuesFilename>
Example
helm install f5-toda-fluentd \ oci://repo.f5.com/charts/f5-toda-fluentd \ --version 2.3.2-0.0.6 \ --namespace cne-core \ --values f5-toda-fluentd-override-values.yaml \ --wait