Software Images


The Service Proxy for Kubernetes (SPK) software images, and installation Helm charts are provided in a single tape archive (TAR) file. An SPK public signing key, and two signature files are also provided to validate the TAR file’s integrity. Once available, the software images can be integrated into the cluster.

This document describes the SPK software images and guides you through validating, extracting and uploading the images to a local container registry.

Software images

The table below lists and describes the software images for this software release. For a full list of software images by release, refer to the Software Releases guide.

_images/spk_info.png Note: The software image name and deployed container name may differ.

Image Version Description
f5ingress v2.0.19 The helm_release-f5ingress container is a custom ingress controller that watches the K8S API for CR updates, and configures the Service Proxy TMM based on the update.
tmm-img v1.3.8 The f5-tmm container is a Traffic Management Microkernel (TMM) that proxies and load balances application traffic between the external and internal networks.
tmrouted-img v0.8.7 The f5-tmm-tmrouted container proxies and forwards information between the f5-tmm-routing and f5-tmm containers.
f5dr-img v0.3.7 The f5-tmm-routing container maintains the dynamic routing tables used by TMM.
f5-toda-tmstatsd v1.6.1 The f5-toda-stats container collects application traffic processing statistics from the f5-tmm container, and forwards the data to the f5-fluentbit container.
f5-fluentbit v0.1.25 The fluentbit container collects and forwards statistics to the f5-fluentd container.
f5-fluentd v1.3.3 The f5-fluentd container collects statistics and logging data from the Ingress, TMM and dSSM Pods. For more info, refer to Fluentd Logging.
f5-dssm-store v1.17.0 Contains two sets of software images; The f5-dssm-db containers that store shared, persisted session state data, and the f5-dssm-sentinel containers to monitor the f5-dssm-db containers. For more info, refer to dSSM database.
f5-debug-sidecar v1.7.16 The debug container provides diagnostic tools for viewing TMM's configuration, traffic processing statistica and gathering TMM diagnostic data. For more info, refer to Debug Sidecar.


Ensure you have:

  • Obtained the SPK software images.
  • A local container registry.
  • A workstation with Docker and OpenSSL.



Use the following steps to validate the SPK TAR file’s integrity.

  1. Create a new directory for the SPK files:

    mkdir <directory>

    In this example, the new directory is named spkinstall:

    mkdir spkinstall
  2. Move the SPK files into the directory:

    mv f5-spk-tarball* spk.<version>.pem spkinstall

    For example:

    mv f5-spk-tarball* spk-1.3.1.pem spkinstall
  3. Change into the local directory and list the files:

    cd <directory>
    ls -1

    In this example, the directory name is spkinstall:

    cd spkinstall
    ls -1

    The directory should contain the versioned PEM signing key, software TAR file, and SHA signature files:

  4. Use the PEM signing key and each of the SHA signature files to validate the TAR file:

    openssl dgst -verify <pem file>.pem -keyform PEM \
    -sha512 -signature <sig file>.sig <tar file>.tgz

    The command output should state Verified OK for each signature file:

    openssl dgst -verify spk-1.3.1.pem -keyform PEM -sha512 \
    -signature f5-spk-tarball.tgz-1.3.1.sha512.sig f5-spk-tarball.tgz-spk-1.3.1
    Verified OK
    openssl dgst -verify spk-1.3.1.pem -keyform PEM -sha512 \
    -signature f5-spk-tarball-sha512.txt-1.3.1.sha512.sig f5-spk-tarball.tgz-spk-1.3.1
    Verified OK


Use the following steps to extract the software images and Helm charts.

  1. Extract the software images and Helm charts from the TAR file:

    tar zxvf f5-spk-tarball.tgz-spk-<version>

    In this example, the images are extracted from the f5-spk-tarball.tgz-spk-1.3.1 file:

    tar zxvf f5-spk-tarball.tgz-spk-1.3.1 
  2. There should now be a tar directory containing four TAR files:

    ls -1 tar 

    In this example, the SPK software images are in the spk-docker-images.tgz file, and the Helm charts are in the f5-dssm, f5-toda-fluentd and f5ingress files:

  3. Install the SPK images to your workstation’s Docker image store:

    docker load -i tar/spk-docker-images.tgz
  4. List the SPK images to be tagged and pushed to the local container registry in the next step:

    docker images local.registry/*
    REPOSITORY                        TAG           IMAGE ID           SIZE
    local.registry/f5ingress          v2.0.19       1416cfceff1a       51.4MB
    local.registry/f5-debug-sidecar   v1.7.16       0ef08d36ce7d       335MB
    local.registry/f5-toda-tmstatsd   v1.6.1        cc7ee84650a3       29.3MB
    local.registry/f5-fluentbit       v0.1.25       9da7f02f47ba       80.3MB
    local.registry/tmm-img            v1.3.8        b3e08fe5d298       398MB
    local.registry/f5-dssm-store      v1.17.0       e305dd2d466c       94.4MB
    local.registry/tmrouted-img       v0.8.7        58cba8d28e45       554MB
    local.registry/f5dr-img           v0.3.7        cc86a686b5da       600MB
    local.registry/f5-fluentd         v1.3.3        58a1a86aaa50       456MB


Use the following steps to upload the images to the local container registry.

  1. Tag and push each image to the local container registry. For example:

    docker tag <local.registry/image name>:<version> <registry>/<image name>:<version>
    docker push <registry_name>/<image name>:<version>

    In this example, the f5ingress:v2.0.19 image is tagged and pushed to the remote registry

    docker tag local.registry/f5ingress:v2.0.19
    docker push
  2. Once all of the images have uploaded, verify the images exist in the local container registry:

    curl -X GET https://<registry>/v2/_catalog -u <user:pass>

    For example:

    curl -X GET -u spkadmin:spkadmin

Next step

Continue to the gRPC Secrets guide to secure communication between the Ingress Controller and Service Proxy TMM Pods.


Provide feedback to improve this document by emailing