The Service Proxy for Kubernetes (SPK) software images, and installation Helm charts are provided in a single tape archive (TAR) file. An SPK public signing key, and two signature files are also provided to validate the TAR file’s integrity. Once available, the software images can be integrated into the cluster.
This document describes the SPK software images and guides you through validating, extracting and uploading the images to a local container registry.
The table below lists and describes the software images for this software release. For a full list of software images by release, refer to the Software Releases guide.
Note: The software image name and deployed container name may differ.
|f5ingress||v2.0.19||The helm_release-f5ingress container is a custom ingress controller that watches the K8S API for CR updates, and configures the Service Proxy TMM based on the update.|
|tmm-img||v1.3.8||The f5-tmm container is a Traffic Management Microkernel (TMM) that proxies and load balances application traffic between the external and internal networks.|
|tmrouted-img||v0.8.7||The f5-tmm-tmrouted container proxies and forwards information between the f5-tmm-routing and f5-tmm containers.|
|f5dr-img||v0.3.7||The f5-tmm-routing container maintains the dynamic routing tables used by TMM.|
|f5-toda-tmstatsd||v1.6.1||The f5-toda-stats container collects application traffic processing statistics from the f5-tmm container, and forwards the data to the f5-fluentbit container.|
|f5-fluentbit||v0.1.25||The fluentbit container collects and forwards statistics to the f5-fluentd container.|
|f5-fluentd||v1.3.3||The f5-fluentd container collects statistics and logging data from the Ingress, TMM and dSSM Pods. For more info, refer to Fluentd Logging.|
|f5-dssm-store||v1.17.0||Contains two sets of software images; The f5-dssm-db containers that store shared, persisted session state data, and the f5-dssm-sentinel containers to monitor the f5-dssm-db containers. For more info, refer to dSSM database.|
|f5-debug-sidecar||v1.7.16||The debug container provides diagnostic tools for viewing TMM's configuration, traffic processing statistica and gathering TMM diagnostic data. For more info, refer to Debug Sidecar.|
Ensure you have:
Use the following steps to validate the SPK TAR file’s integrity.
Create a new directory for the SPK files:
In this example, the new directory is named spkinstall:
Move the SPK files into the directory:
mv f5-spk-tarball* spk.<version>.pem spkinstall
mv f5-spk-tarball* spk-1.3.1.pem spkinstall
Change into the local directory and list the files:
In this example, the directory name is spkinstall:
The directory should contain the versioned PEM signing key, software TAR file, and SHA signature files:
f5-spk-tarball-sha512.txt-1.3.1.sha512.sig f5-spk-tarball.tgz-1.3.1.sha512.sig f5-spk-tarball.tgz-spk-1.3.1 spk-1.3.1.pem
Use the PEM signing key and each of the SHA signature files to validate the TAR file:
openssl dgst -verify <pem file>.pem -keyform PEM \ -sha512 -signature <sig file>.sig <tar file>.tgz
The command output should state Verified OK for each signature file:
openssl dgst -verify spk-1.3.1.pem -keyform PEM -sha512 \ -signature f5-spk-tarball.tgz-1.3.1.sha512.sig f5-spk-tarball.tgz-spk-1.3.1
openssl dgst -verify spk-1.3.1.pem -keyform PEM -sha512 \ -signature f5-spk-tarball-sha512.txt-1.3.1.sha512.sig f5-spk-tarball.tgz-spk-1.3.1
Use the following steps to extract the software images and Helm charts.
Extract the software images and Helm charts from the TAR file:
tar zxvf f5-spk-tarball.tgz-spk-<version>
In this example, the images are extracted from the f5-spk-tarball.tgz-spk-1.3.1 file:
tar zxvf f5-spk-tarball.tgz-spk-1.3.1
There should now be a tar directory containing four TAR files:
ls -1 tar
In this example, the SPK software images are in the spk-docker-images.tgz file, and the Helm charts are in the f5-dssm, f5-toda-fluentd and f5ingress files:
f5-dssm-0.16.3.tgz f5-toda-fluentd-1.7.7.tgz f5ingress-2.0.19.tgz spk-docker-images.tgz
Install the SPK images to your workstation’s Docker image store:
docker load -i tar/spk-docker-images.tgz
List the SPK images to be tagged and pushed to the local container registry in the next step:
docker images local.registry/*
REPOSITORY TAG IMAGE ID SIZE local.registry/f5ingress v2.0.19 1416cfceff1a 51.4MB local.registry/f5-debug-sidecar v1.7.16 0ef08d36ce7d 335MB local.registry/f5-toda-tmstatsd v1.6.1 cc7ee84650a3 29.3MB local.registry/f5-fluentbit v0.1.25 9da7f02f47ba 80.3MB local.registry/tmm-img v1.3.8 b3e08fe5d298 398MB local.registry/f5-dssm-store v1.17.0 e305dd2d466c 94.4MB local.registry/tmrouted-img v0.8.7 58cba8d28e45 554MB local.registry/f5dr-img v0.3.7 cc86a686b5da 600MB local.registry/f5-fluentd v1.3.3 58a1a86aaa50 456MB
Use the following steps to upload the images to the local container registry.
Tag and push each image to the local container registry. For example:
docker tag <local.registry/image name>:<version> <registry>/<image name>:<version>
docker push <registry_name>/<image name>:<version>
In this example, the f5ingress:v2.0.19 image is tagged and pushed to the remote registry registry.com:
docker tag local.registry/f5ingress:v2.0.19 registry.com/f5ingress:v2.0.19
docker push registry.com/f5ingress:v2.0.19
Once all of the images have uploaded, verify the images exist in the local container registry:
curl -X GET https://<registry>/v2/_catalog -u <user:pass>
curl -X GET https://registry.com/v2/_catalog -u spkadmin:spkadmin
Continue to the gRPC Secrets guide to secure communication between the Ingress Controller and Service Proxy TMM Pods.