Create Workload.

POST

/api/config/namespaces/{metadata.namespace}/workloads

curl --request POST \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/workloads \
  --header 'Authorization: <Authorization>' \
  --header 'Content-Type: application/json' \
  --data '{ "metadata": { "annotations": {}, "description": "example", "disable": true, "labels": {}, "name": "example", "namespace": "example" }, "spec": { "job": { "configuration": { "parameters": [ { "env_var": { "name": "example", "value": "example" }, "file": { "data": "example", "mount": { "mode": "VOLUME_MOUNT_READ_ONLY", "mount_path": "example", "sub_path": "example" }, "name": "example", "volume_name": "example" } } ] }, "containers": [ { "args": [ "example" ], "command": [ "example" ], "custom_flavor": { "name": "example", "namespace": "example" }, "default_flavor": {}, "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "container_registry": { "name": "example", "namespace": "example" }, "name": "example", "public": {}, "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" }, "init_container": true, "liveness_check": { "exec_health_check": { "command": [ "example" ] }, "healthy_threshold": 1, "http_health_check": { "headers": {}, "host_header": "example", "path": "example", "port": { "name": "example", "num": 1 } }, "initial_delay": 1, "interval": 1, "tcp_health_check": { "port": { "name": "example", "num": 1 } }, "timeout": 1, "unhealthy_threshold": 1 }, "name": "example", "readiness_check": { "exec_health_check": { "command": [ "example" ] }, "healthy_threshold": 1, "http_health_check": { "headers": {}, "host_header": "example", "path": "example", "port": { "name": "example", "num": 1 } }, "initial_delay": 1, "interval": 1, "tcp_health_check": { "port": { "name": "example", "num": 1 } }, "timeout": 1, "unhealthy_threshold": 1 } } ], "deploy_options": { "all_res": {}, "default_virtual_sites": {}, "deploy_ce_sites": { "site": [ { "name": "example", "namespace": "example" } ] }, "deploy_ce_virtual_sites": { "virtual_site": [ { "name": "example", "namespace": "example" } ] }, "deploy_re_sites": { "site": [ { "name": "example", "namespace": "example" } ] }, "deploy_re_virtual_sites": { "virtual_site": [ { "name": "example", "namespace": "example" } ] } }, "num_replicas": 1, "volumes": [ { "empty_dir": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY", "mount_path": "example", "sub_path": "example" }, "size_limit": 1 }, "host_path": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY", "mount_path": "example", "sub_path": "example" }, "path": "example" }, "name": "example", "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY", "mount_path": "example", "sub_path": "example" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE", "class_name": "example", "default": {}, "storage_size": 1 } } } ] }, "service": { "advertise_options": { "advertise_custom": { "advertise_where": [ { "site": { "ip": "example", "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE", "site": { "name": "example", "namespace": "example" } }, "virtual_site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE", "virtual_site": { "name": "example", "namespace": "example" } }, "vk8s_service": { "site": { "name": "example", "namespace": "example" }, "virtual_site": { "name": "example", "namespace": "example" } } } ], "ports": [ { "http_loadbalancer": { "default_route": { "auto_host_rewrite": {}, "disable_host_rewrite": {}, "host_rewrite": "example" }, "domains": [ "example" ], "http": { "dns_volterra_managed": true, "port": 1, "port_ranges": "example" }, "https": { "add_hsts": true, "append_server_name": "example", "coalescing_options": { "default_coalescing": {}, "strict_coalescing": {} }, "connection_idle_timeout": 1, "default_header": {}, "default_loadbalancer": {}, "disable_path_normalize": {}, "enable_path_normalize": {}, "http_protocol_options": { "http_protocol_enable_v1_only": { "header_transformation": { "default_header_transformation": {}, "legacy_header_transformation": {}, "preserve_case_header_transformation": {}, "proper_case_header_transformation": {} } }, "http_protocol_enable_v1_v2": {}, "http_protocol_enable_v2_only": {} }, "http_redirect": true, "non_default_loadbalancer": {}, "pass_through": {}, "port": 1, "port_ranges": "example", "server_name": "example", "tls_cert_params": { "certificates": [ { "name": "example", "namespace": "example" } ], "no_mtls": {}, "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "no_mtls": {}, "tls_certificates": [ { "certificate_url": "example", "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] }, "description": "example", "disable_ocsp_stapling": {}, "private_key": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "use_system_defaults": {} } ], "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "add_hsts": true, "append_server_name": "example", "coalescing_options": { "default_coalescing": {}, "strict_coalescing": {} }, "connection_idle_timeout": 1, "default_header": {}, "default_loadbalancer": {}, "disable_path_normalize": {}, "enable_path_normalize": {}, "http_protocol_options": { "http_protocol_enable_v1_only": { "header_transformation": { "default_header_transformation": {}, "legacy_header_transformation": {}, "preserve_case_header_transformation": {}, "proper_case_header_transformation": {} } }, "http_protocol_enable_v1_v2": {}, "http_protocol_enable_v2_only": {} }, "http_redirect": true, "no_mtls": {}, "non_default_loadbalancer": {}, "pass_through": {}, "port": 1, "port_ranges": "example", "server_name": "example", "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "custom_route_object": { "route_ref": { "name": "example", "namespace": "example" }, "caching_disable": {}, "caching_inherit": {} }, "direct_response_route": { "headers": [ { "exact": "example", "invert_match": true, "name": "example", "presence": true, "regex": "example" } ], "http_method": "ANY", "incoming_port": { "no_port_match": {}, "port": 1, "port_ranges": "example" }, "path": { "path": "example", "prefix": "example", "regex": "example" }, "route_direct_response": { "response_body_encoded": "example", "response_code": 1 } }, "redirect_route": { "headers": [ { "exact": "example", "invert_match": true, "name": "example", "presence": true, "regex": "example" } ], "http_method": "ANY", "incoming_port": { "no_port_match": {}, "port": 1, "port_ranges": "example" }, "path": { "path": "example", "prefix": "example", "regex": "example" }, "route_redirect": { "host_redirect": "example", "path_redirect": "example", "prefix_rewrite": "example", "proto_redirect": "example", "remove_all_params": {}, "replace_params": "example", "response_code": 1, "retain_all_params": {} } }, "simple_route": { "auto_host_rewrite": {}, "disable_host_rewrite": {}, "host_rewrite": "example", "http_method": "ANY", "path": { "path": "example", "prefix": "example", "regex": "example" } } } ] } }, "port": { "info": { "port": 1, "protocol": "PROTOCOL_TCP", "same_as_port": {}, "target_port": 1 }, "name": "example" }, "tcp_loadbalancer": { "domains": [ "example" ], "with_sni": true } } ] }, "advertise_in_cluster": { "multi_ports": { "ports": [ { "info": { "port": 1, "protocol": "PROTOCOL_TCP", "same_as_port": {}, "target_port": 1 }, "name": "example" } ] }, "port": { "info": { "port": 1, "protocol": "PROTOCOL_TCP", "same_as_port": {}, "target_port": 1 } } }, "advertise_on_public": { "multi_ports": { "ports": [ { "http_loadbalancer": { "default_route": { "auto_host_rewrite": {}, "disable_host_rewrite": {}, "host_rewrite": "example" }, "domains": [ "example" ], "http": { "dns_volterra_managed": true, "port": 1, "port_ranges": "example" }, "https": { "add_hsts": true, "append_server_name": "example", "coalescing_options": { "default_coalescing": {}, "strict_coalescing": {} }, "connection_idle_timeout": 1, "default_header": {}, "default_loadbalancer": {}, "disable_path_normalize": {}, "enable_path_normalize": {}, "http_protocol_options": { "http_protocol_enable_v1_only": { "header_transformation": { "default_header_transformation": {}, "legacy_header_transformation": {}, "preserve_case_header_transformation": {}, "proper_case_header_transformation": {} } }, "http_protocol_enable_v1_v2": {}, "http_protocol_enable_v2_only": {} }, "http_redirect": true, "non_default_loadbalancer": {}, "pass_through": {}, "port": 1, "port_ranges": "example", "server_name": "example", "tls_cert_params": { "certificates": [ { "name": "example", "namespace": "example" } ], "no_mtls": {}, "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "no_mtls": {}, "tls_certificates": [ { "certificate_url": "example", "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] }, "description": "example", "disable_ocsp_stapling": {}, "private_key": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "use_system_defaults": {} } ], "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "add_hsts": true, "append_server_name": "example", "coalescing_options": { "default_coalescing": {}, "strict_coalescing": {} }, "connection_idle_timeout": 1, "default_header": {}, "default_loadbalancer": {}, "disable_path_normalize": {}, "enable_path_normalize": {}, "http_protocol_options": { "http_protocol_enable_v1_only": { "header_transformation": { "default_header_transformation": {}, "legacy_header_transformation": {}, "preserve_case_header_transformation": {}, "proper_case_header_transformation": {} } }, "http_protocol_enable_v1_v2": {}, "http_protocol_enable_v2_only": {} }, "http_redirect": true, "no_mtls": {}, "non_default_loadbalancer": {}, "pass_through": {}, "port": 1, "port_ranges": "example", "server_name": "example", "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "custom_route_object": { "route_ref": { "name": "example", "namespace": "example" }, "caching_disable": {}, "caching_inherit": {} }, "direct_response_route": { "headers": [ { "exact": "example", "invert_match": true, "name": "example", "presence": true, "regex": "example" } ], "http_method": "ANY", "incoming_port": { "no_port_match": {}, "port": 1, "port_ranges": "example" }, "path": { "path": "example", "prefix": "example", "regex": "example" }, "route_direct_response": { "response_body_encoded": "example", "response_code": 1 } }, "redirect_route": { "headers": [ { "exact": "example", "invert_match": true, "name": "example", "presence": true, "regex": "example" } ], "http_method": "ANY", "incoming_port": { "no_port_match": {}, "port": 1, "port_ranges": "example" }, "path": { "path": "example", "prefix": "example", "regex": "example" }, "route_redirect": { "host_redirect": "example", "path_redirect": "example", "prefix_rewrite": "example", "proto_redirect": "example", "remove_all_params": {}, "replace_params": "example", "response_code": 1, "retain_all_params": {} } }, "simple_route": { "auto_host_rewrite": {}, "disable_host_rewrite": {}, "host_rewrite": "example", "http_method": "ANY", "path": { "path": "example", "prefix": "example", "regex": "example" } } } ] } }, "port": { "info": { "port": 1, "protocol": "PROTOCOL_TCP", "same_as_port": {}, "target_port": 1 }, "name": "example" }, "tcp_loadbalancer": { "domains": [ "example" ], "with_sni": true } } ] }, "port": { "http_loadbalancer": { "default_route": { "auto_host_rewrite": {}, "disable_host_rewrite": {}, "host_rewrite": "example" }, "domains": [ "example" ], "http": { "dns_volterra_managed": true, "port": 1, "port_ranges": "example" }, "https": { "add_hsts": true, "append_server_name": "example", "coalescing_options": { "default_coalescing": {}, "strict_coalescing": {} }, "connection_idle_timeout": 1, "default_header": {}, "default_loadbalancer": {}, "disable_path_normalize": {}, "enable_path_normalize": {}, "http_protocol_options": { "http_protocol_enable_v1_only": { "header_transformation": { "default_header_transformation": {}, "legacy_header_transformation": {}, "preserve_case_header_transformation": {}, "proper_case_header_transformation": {} } }, "http_protocol_enable_v1_v2": {}, "http_protocol_enable_v2_only": {} }, "http_redirect": true, "non_default_loadbalancer": {}, "pass_through": {}, "port": 1, "port_ranges": "example", "server_name": "example", "tls_cert_params": { "certificates": [ { "name": "example", "namespace": "example" } ], "no_mtls": {}, "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "no_mtls": {}, "tls_certificates": [ { "certificate_url": "example", "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] }, "description": "example", "disable_ocsp_stapling": {}, "private_key": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "use_system_defaults": {} } ], "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "add_hsts": true, "append_server_name": "example", "coalescing_options": { "default_coalescing": {}, "strict_coalescing": {} }, "connection_idle_timeout": 1, "default_header": {}, "default_loadbalancer": {}, "disable_path_normalize": {}, "enable_path_normalize": {}, "http_protocol_options": { "http_protocol_enable_v1_only": { "header_transformation": { "default_header_transformation": {}, "legacy_header_transformation": {}, "preserve_case_header_transformation": {}, "proper_case_header_transformation": {} } }, "http_protocol_enable_v1_v2": {}, "http_protocol_enable_v2_only": {} }, "http_redirect": true, "no_mtls": {}, "non_default_loadbalancer": {}, "pass_through": {}, "port": 1, "port_ranges": "example", "server_name": "example", "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "custom_route_object": { "route_ref": { "name": "example", "namespace": "example" }, "caching_disable": {}, "caching_inherit": {} }, "direct_response_route": { "headers": [ { "exact": "example", "invert_match": true, "name": "example", "presence": true, "regex": "example" } ], "http_method": "ANY", "incoming_port": { "no_port_match": {}, "port": 1, "port_ranges": "example" }, "path": { "path": "example", "prefix": "example", "regex": "example" }, "route_direct_response": { "response_body_encoded": "example", "response_code": 1 } }, "redirect_route": { "headers": [ { "exact": "example", "invert_match": true, "name": "example", "presence": true, "regex": "example" } ], "http_method": "ANY", "incoming_port": { "no_port_match": {}, "port": 1, "port_ranges": "example" }, "path": { "path": "example", "prefix": "example", "regex": "example" }, "route_redirect": { "host_redirect": "example", "path_redirect": "example", "prefix_rewrite": "example", "proto_redirect": "example", "remove_all_params": {}, "replace_params": "example", "response_code": 1, "retain_all_params": {} } }, "simple_route": { "auto_host_rewrite": {}, "disable_host_rewrite": {}, "host_rewrite": "example", "http_method": "ANY", "path": { "path": "example", "prefix": "example", "regex": "example" } } } ] } }, "port": { "info": { "port": 1, "protocol": "PROTOCOL_TCP", "same_as_port": {}, "target_port": 1 } }, "tcp_loadbalancer": { "domains": [ "example" ], "with_sni": true } } }, "do_not_advertise": {} }, "configuration": { "parameters": [ { "env_var": { "name": "example", "value": "example" }, "file": { "data": "example", "mount": { "mode": "VOLUME_MOUNT_READ_ONLY", "mount_path": "example", "sub_path": "example" }, "name": "example", "volume_name": "example" } } ] }, "containers": [ { "args": [ "example" ], "command": [ "example" ], "custom_flavor": { "name": "example", "namespace": "example" }, "default_flavor": {}, "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "container_registry": { "name": "example", "namespace": "example" }, "name": "example", "public": {}, "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" }, "init_container": true, "liveness_check": { "exec_health_check": { "command": [ "example" ] }, "healthy_threshold": 1, "http_health_check": { "headers": {}, "host_header": "example", "path": "example", "port": { "name": "example", "num": 1 } }, "initial_delay": 1, "interval": 1, "tcp_health_check": { "port": { "name": "example", "num": 1 } }, "timeout": 1, "unhealthy_threshold": 1 }, "name": "example", "readiness_check": { "exec_health_check": { "command": [ "example" ] }, "healthy_threshold": 1, "http_health_check": { "headers": {}, "host_header": "example", "path": "example", "port": { "name": "example", "num": 1 } }, "initial_delay": 1, "interval": 1, "tcp_health_check": { "port": { "name": "example", "num": 1 } }, "timeout": 1, "unhealthy_threshold": 1 } } ], "deploy_options": { "all_res": {}, "default_virtual_sites": {}, "deploy_ce_sites": { "site": [ { "name": "example", "namespace": "example" } ] }, "deploy_ce_virtual_sites": { "virtual_site": [ { "name": "example", "namespace": "example" } ] }, "deploy_re_sites": { "site": [ { "name": "example", "namespace": "example" } ] }, "deploy_re_virtual_sites": { "virtual_site": [ { "name": "example", "namespace": "example" } ] } }, "num_replicas": 1, "scale_to_zero": {}, "volumes": [ { "empty_dir": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY", "mount_path": "example", "sub_path": "example" }, "size_limit": 1 }, "host_path": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY", "mount_path": "example", "sub_path": "example" }, "path": "example" }, "name": "example", "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY", "mount_path": "example", "sub_path": "example" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE", "class_name": "example", "default": {}, "storage_size": 1 } } } ] }, "simple_service": { "configuration": { "parameters": [ { "env_var": { "name": "example", "value": "example" }, "file": { "data": "example", "mount": { "mode": "VOLUME_MOUNT_READ_ONLY", "mount_path": "example", "sub_path": "example" }, "name": "example", "volume_name": "example" } } ] }, "container": { "args": [ "example" ], "command": [ "example" ], "custom_flavor": { "name": "example", "namespace": "example" }, "default_flavor": {}, "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "container_registry": { "name": "example", "namespace": "example" }, "name": "example", "public": {}, "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" }, "init_container": true, "liveness_check": { "exec_health_check": { "command": [ "example" ] }, "healthy_threshold": 1, "http_health_check": { "headers": {}, "host_header": "example", "path": "example", "port": { "name": "example", "num": 1 } }, "initial_delay": 1, "interval": 1, "tcp_health_check": { "port": { "name": "example", "num": 1 } }, "timeout": 1, "unhealthy_threshold": 1 }, "name": "example", "readiness_check": { "exec_health_check": { "command": [ "example" ] }, "healthy_threshold": 1, "http_health_check": { "headers": {}, "host_header": "example", "path": "example", "port": { "name": "example", "num": 1 } }, "initial_delay": 1, "interval": 1, "tcp_health_check": { "port": { "name": "example", "num": 1 } }, "timeout": 1, "unhealthy_threshold": 1 } }, "disabled": {}, "do_not_advertise": {}, "enabled": { "name": "example", "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY", "mount_path": "example", "sub_path": "example" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE", "class_name": "example", "default": {}, "storage_size": 1 } } }, "scale_to_zero": true, "simple_advertise": { "domains": [ "example" ], "service_port": 1 } }, "stateful_service": { "advertise_options": { "advertise_custom": { "advertise_where": [ { "site": { "ip": "example", "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE", "site": { "name": "example", "namespace": "example" } }, "virtual_site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE", "virtual_site": { "name": "example", "namespace": "example" } }, "vk8s_service": { "site": { "name": "example", "namespace": "example" }, "virtual_site": { "name": "example", "namespace": "example" } } } ], "ports": [ { "http_loadbalancer": { "default_route": { "auto_host_rewrite": {}, "disable_host_rewrite": {}, "host_rewrite": "example" }, "domains": [ "example" ], "http": { "dns_volterra_managed": true, "port": 1, "port_ranges": "example" }, "https": { "add_hsts": true, "append_server_name": "example", "coalescing_options": { "default_coalescing": {}, "strict_coalescing": {} }, "connection_idle_timeout": 1, "default_header": {}, "default_loadbalancer": {}, "disable_path_normalize": {}, "enable_path_normalize": {}, "http_protocol_options": { "http_protocol_enable_v1_only": { "header_transformation": { "default_header_transformation": {}, "legacy_header_transformation": {}, "preserve_case_header_transformation": {}, "proper_case_header_transformation": {} } }, "http_protocol_enable_v1_v2": {}, "http_protocol_enable_v2_only": {} }, "http_redirect": true, "non_default_loadbalancer": {}, "pass_through": {}, "port": 1, "port_ranges": "example", "server_name": "example", "tls_cert_params": { "certificates": [ { "name": "example", "namespace": "example" } ], "no_mtls": {}, "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "no_mtls": {}, "tls_certificates": [ { "certificate_url": "example", "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] }, "description": "example", "disable_ocsp_stapling": {}, "private_key": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "use_system_defaults": {} } ], "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "add_hsts": true, "append_server_name": "example", "coalescing_options": { "default_coalescing": {}, "strict_coalescing": {} }, "connection_idle_timeout": 1, "default_header": {}, "default_loadbalancer": {}, "disable_path_normalize": {}, "enable_path_normalize": {}, "http_protocol_options": { "http_protocol_enable_v1_only": { "header_transformation": { "default_header_transformation": {}, "legacy_header_transformation": {}, "preserve_case_header_transformation": {}, "proper_case_header_transformation": {} } }, "http_protocol_enable_v1_v2": {}, "http_protocol_enable_v2_only": {} }, "http_redirect": true, "no_mtls": {}, "non_default_loadbalancer": {}, "pass_through": {}, "port": 1, "port_ranges": "example", "server_name": "example", "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "custom_route_object": { "route_ref": { "name": "example", "namespace": "example" }, "caching_disable": {}, "caching_inherit": {} }, "direct_response_route": { "headers": [ { "exact": "example", "invert_match": true, "name": "example", "presence": true, "regex": "example" } ], "http_method": "ANY", "incoming_port": { "no_port_match": {}, "port": 1, "port_ranges": "example" }, "path": { "path": "example", "prefix": "example", "regex": "example" }, "route_direct_response": { "response_body_encoded": "example", "response_code": 1 } }, "redirect_route": { "headers": [ { "exact": "example", "invert_match": true, "name": "example", "presence": true, "regex": "example" } ], "http_method": "ANY", "incoming_port": { "no_port_match": {}, "port": 1, "port_ranges": "example" }, "path": { "path": "example", "prefix": "example", "regex": "example" }, "route_redirect": { "host_redirect": "example", "path_redirect": "example", "prefix_rewrite": "example", "proto_redirect": "example", "remove_all_params": {}, "replace_params": "example", "response_code": 1, "retain_all_params": {} } }, "simple_route": { "auto_host_rewrite": {}, "disable_host_rewrite": {}, "host_rewrite": "example", "http_method": "ANY", "path": { "path": "example", "prefix": "example", "regex": "example" } } } ] } }, "port": { "info": { "port": 1, "protocol": "PROTOCOL_TCP", "same_as_port": {}, "target_port": 1 }, "name": "example" }, "tcp_loadbalancer": { "domains": [ "example" ], "with_sni": true } } ] }, "advertise_in_cluster": { "multi_ports": { "ports": [ { "info": { "port": 1, "protocol": "PROTOCOL_TCP", "same_as_port": {}, "target_port": 1 }, "name": "example" } ] }, "port": { "info": { "port": 1, "protocol": "PROTOCOL_TCP", "same_as_port": {}, "target_port": 1 } } }, "advertise_on_public": { "multi_ports": { "ports": [ { "http_loadbalancer": { "default_route": { "auto_host_rewrite": {}, "disable_host_rewrite": {}, "host_rewrite": "example" }, "domains": [ "example" ], "http": { "dns_volterra_managed": true, "port": 1, "port_ranges": "example" }, "https": { "add_hsts": true, "append_server_name": "example", "coalescing_options": { "default_coalescing": {}, "strict_coalescing": {} }, "connection_idle_timeout": 1, "default_header": {}, "default_loadbalancer": {}, "disable_path_normalize": {}, "enable_path_normalize": {}, "http_protocol_options": { "http_protocol_enable_v1_only": { "header_transformation": { "default_header_transformation": {}, "legacy_header_transformation": {}, "preserve_case_header_transformation": {}, "proper_case_header_transformation": {} } }, "http_protocol_enable_v1_v2": {}, "http_protocol_enable_v2_only": {} }, "http_redirect": true, "non_default_loadbalancer": {}, "pass_through": {}, "port": 1, "port_ranges": "example", "server_name": "example", "tls_cert_params": { "certificates": [ { "name": "example", "namespace": "example" } ], "no_mtls": {}, "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "no_mtls": {}, "tls_certificates": [ { "certificate_url": "example", "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] }, "description": "example", "disable_ocsp_stapling": {}, "private_key": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "use_system_defaults": {} } ], "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "add_hsts": true, "append_server_name": "example", "coalescing_options": { "default_coalescing": {}, "strict_coalescing": {} }, "connection_idle_timeout": 1, "default_header": {}, "default_loadbalancer": {}, "disable_path_normalize": {}, "enable_path_normalize": {}, "http_protocol_options": { "http_protocol_enable_v1_only": { "header_transformation": { "default_header_transformation": {}, "legacy_header_transformation": {}, "preserve_case_header_transformation": {}, "proper_case_header_transformation": {} } }, "http_protocol_enable_v1_v2": {}, "http_protocol_enable_v2_only": {} }, "http_redirect": true, "no_mtls": {}, "non_default_loadbalancer": {}, "pass_through": {}, "port": 1, "port_ranges": "example", "server_name": "example", "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "custom_route_object": { "route_ref": { "name": "example", "namespace": "example" }, "caching_disable": {}, "caching_inherit": {} }, "direct_response_route": { "headers": [ { "exact": "example", "invert_match": true, "name": "example", "presence": true, "regex": "example" } ], "http_method": "ANY", "incoming_port": { "no_port_match": {}, "port": 1, "port_ranges": "example" }, "path": { "path": "example", "prefix": "example", "regex": "example" }, "route_direct_response": { "response_body_encoded": "example", "response_code": 1 } }, "redirect_route": { "headers": [ { "exact": "example", "invert_match": true, "name": "example", "presence": true, "regex": "example" } ], "http_method": "ANY", "incoming_port": { "no_port_match": {}, "port": 1, "port_ranges": "example" }, "path": { "path": "example", "prefix": "example", "regex": "example" }, "route_redirect": { "host_redirect": "example", "path_redirect": "example", "prefix_rewrite": "example", "proto_redirect": "example", "remove_all_params": {}, "replace_params": "example", "response_code": 1, "retain_all_params": {} } }, "simple_route": { "auto_host_rewrite": {}, "disable_host_rewrite": {}, "host_rewrite": "example", "http_method": "ANY", "path": { "path": "example", "prefix": "example", "regex": "example" } } } ] } }, "port": { "info": { "port": 1, "protocol": "PROTOCOL_TCP", "same_as_port": {}, "target_port": 1 }, "name": "example" }, "tcp_loadbalancer": { "domains": [ "example" ], "with_sni": true } } ] }, "port": { "http_loadbalancer": { "default_route": { "auto_host_rewrite": {}, "disable_host_rewrite": {}, "host_rewrite": "example" }, "domains": [ "example" ], "http": { "dns_volterra_managed": true, "port": 1, "port_ranges": "example" }, "https": { "add_hsts": true, "append_server_name": "example", "coalescing_options": { "default_coalescing": {}, "strict_coalescing": {} }, "connection_idle_timeout": 1, "default_header": {}, "default_loadbalancer": {}, "disable_path_normalize": {}, "enable_path_normalize": {}, "http_protocol_options": { "http_protocol_enable_v1_only": { "header_transformation": { "default_header_transformation": {}, "legacy_header_transformation": {}, "preserve_case_header_transformation": {}, "proper_case_header_transformation": {} } }, "http_protocol_enable_v1_v2": {}, "http_protocol_enable_v2_only": {} }, "http_redirect": true, "non_default_loadbalancer": {}, "pass_through": {}, "port": 1, "port_ranges": "example", "server_name": "example", "tls_cert_params": { "certificates": [ { "name": "example", "namespace": "example" } ], "no_mtls": {}, "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "no_mtls": {}, "tls_certificates": [ { "certificate_url": "example", "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] }, "description": "example", "disable_ocsp_stapling": {}, "private_key": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "use_system_defaults": {} } ], "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "add_hsts": true, "append_server_name": "example", "coalescing_options": { "default_coalescing": {}, "strict_coalescing": {} }, "connection_idle_timeout": 1, "default_header": {}, "default_loadbalancer": {}, "disable_path_normalize": {}, "enable_path_normalize": {}, "http_protocol_options": { "http_protocol_enable_v1_only": { "header_transformation": { "default_header_transformation": {}, "legacy_header_transformation": {}, "preserve_case_header_transformation": {}, "proper_case_header_transformation": {} } }, "http_protocol_enable_v1_v2": {}, "http_protocol_enable_v2_only": {} }, "http_redirect": true, "no_mtls": {}, "non_default_loadbalancer": {}, "pass_through": {}, "port": 1, "port_ranges": "example", "server_name": "example", "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "custom_route_object": { "route_ref": { "name": "example", "namespace": "example" }, "caching_disable": {}, "caching_inherit": {} }, "direct_response_route": { "headers": [ { "exact": "example", "invert_match": true, "name": "example", "presence": true, "regex": "example" } ], "http_method": "ANY", "incoming_port": { "no_port_match": {}, "port": 1, "port_ranges": "example" }, "path": { "path": "example", "prefix": "example", "regex": "example" }, "route_direct_response": { "response_body_encoded": "example", "response_code": 1 } }, "redirect_route": { "headers": [ { "exact": "example", "invert_match": true, "name": "example", "presence": true, "regex": "example" } ], "http_method": "ANY", "incoming_port": { "no_port_match": {}, "port": 1, "port_ranges": "example" }, "path": { "path": "example", "prefix": "example", "regex": "example" }, "route_redirect": { "host_redirect": "example", "path_redirect": "example", "prefix_rewrite": "example", "proto_redirect": "example", "remove_all_params": {}, "replace_params": "example", "response_code": 1, "retain_all_params": {} } }, "simple_route": { "auto_host_rewrite": {}, "disable_host_rewrite": {}, "host_rewrite": "example", "http_method": "ANY", "path": { "path": "example", "prefix": "example", "regex": "example" } } } ] } }, "port": { "info": { "port": 1, "protocol": "PROTOCOL_TCP", "same_as_port": {}, "target_port": 1 } }, "tcp_loadbalancer": { "domains": [ "example" ], "with_sni": true } } }, "do_not_advertise": {} }, "configuration": { "parameters": [ { "env_var": { "name": "example", "value": "example" }, "file": { "data": "example", "mount": { "mode": "VOLUME_MOUNT_READ_ONLY", "mount_path": "example", "sub_path": "example" }, "name": "example", "volume_name": "example" } } ] }, "containers": [ { "args": [ "example" ], "command": [ "example" ], "custom_flavor": { "name": "example", "namespace": "example" }, "default_flavor": {}, "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "container_registry": { "name": "example", "namespace": "example" }, "name": "example", "public": {}, "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" }, "init_container": true, "liveness_check": { "exec_health_check": { "command": [ "example" ] }, "healthy_threshold": 1, "http_health_check": { "headers": {}, "host_header": "example", "path": "example", "port": { "name": "example", "num": 1 } }, "initial_delay": 1, "interval": 1, "tcp_health_check": { "port": { "name": "example", "num": 1 } }, "timeout": 1, "unhealthy_threshold": 1 }, "name": "example", "readiness_check": { "exec_health_check": { "command": [ "example" ] }, "healthy_threshold": 1, "http_health_check": { "headers": {}, "host_header": "example", "path": "example", "port": { "name": "example", "num": 1 } }, "initial_delay": 1, "interval": 1, "tcp_health_check": { "port": { "name": "example", "num": 1 } }, "timeout": 1, "unhealthy_threshold": 1 } } ], "deploy_options": { "all_res": {}, "default_virtual_sites": {}, "deploy_ce_sites": { "site": [ { "name": "example", "namespace": "example" } ] }, "deploy_ce_virtual_sites": { "virtual_site": [ { "name": "example", "namespace": "example" } ] }, "deploy_re_sites": { "site": [ { "name": "example", "namespace": "example" } ] }, "deploy_re_virtual_sites": { "virtual_site": [ { "name": "example", "namespace": "example" } ] } }, "num_replicas": 1, "persistent_volumes": [ { "name": "example", "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY", "mount_path": "example", "sub_path": "example" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE", "class_name": "example", "default": {}, "storage_size": 1 } } } ], "scale_to_zero": {}, "volumes": [ { "empty_dir": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY", "mount_path": "example", "sub_path": "example" }, "size_limit": 1 }, "host_path": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY", "mount_path": "example", "sub_path": "example" }, "path": "example" }, "name": "example" } ] } } }'

• F5 Distributed Cloud Console

Shape of Workload.

Examples of this operation.

Authorizations

• ApiToken

Parameters

Path Parameters

metadata.namespace

required

string

Namespace This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""

Request Body^required

Media typeapplication/json

CreateRequest is used to create an instance of workload

This is the input message of the ‘Create’ RPC.

object

metadata

object

annotations

annotations

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.

object

description

description

Human readable description for the object.

string

>= 21 characters <= 1200 characters

disable

disable

A value of true will administratively disable the object.

boolean format: boolean

labels

labels

Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.

object

name

name

This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 6 characters <= 1024 characters

namespace

namespace

This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""

string

>= 6 characters <= 1024 characters

spec

object

job

object

configuration

object

parameters

Parameters

Parameters for the workload.

Array<object>

<= 32 items

ConfigurationParameterType

Configuration parameter for the workload.

object

env_var

object

name

Name

Name of Environment Variable.

string

>= 6 characters <= 256 characters

value

Value

Value of Environment Variable.

string

>= 3 characters <= 256 characters

file

object

data

Data

File data

string

<= 16384 characters

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

name

Name

Name of the file Required: YES.

string

>= 6 characters <= 256 characters

volume_name

VolumeName

Name of the Volume Required: YES.

string

<= 256 characters

containers

Containers

Containers to use for the job

Required: YES.

Array<object>

<= 16 items

ContainerType

ContainerType configures the container information.

object

args

Args

Arguments to the entrypoint. Overrides the docker image’s CMD.

Array<string>

<= 128 items

command

Command

Command to execute. Overrides the docker image’s ENTRYPOINT.

Array<string>

<= 128 items

custom_flavor

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

default_flavor

object

flavor

string

default: CONTAINER_FLAVOR_TYPE_TINY

Allowed values: CONTAINER_FLAVOR_TYPE_TINY CONTAINER_FLAVOR_TYPE_MEDIUM CONTAINER_FLAVOR_TYPE_LARGE

image

object

container_registry

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

name

Name

Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.

string

>= 6 characters <= 256 characters

public

object

pull_policy

string

default: IMAGE_PULL_POLICY_DEFAULT

Allowed values: IMAGE_PULL_POLICY_DEFAULT IMAGE_PULL_POLICY_IF_NOT_PRESENT IMAGE_PULL_POLICY_ALWAYS IMAGE_PULL_POLICY_NEVER

init_container

Init Container

Specialized container that runs before application container and runs to completion.

boolean format: boolean

liveness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

name

Name

Name of the container Required: YES.

string

>= 6 characters <= 256 characters

readiness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

deploy_options

object

all_res

object

default_virtual_sites

object

deploy_ce_sites

object

site

Site

Which customer sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_ce_virtual_sites

object

virtual_site

Virtual Site

Which customer virtual sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_re_sites

object

site

Site

Which regional edge sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_re_virtual_sites

object

virtual_site

Virtual Site

Which regional edge virtual sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

num_replicas

Number of Replicas

Number of replicas of the batch job to spawn per site.

integer format: int32

volumes

Volumes

Volumes for the job.

Array<object>

<= 16 items

StorageVolumeType

Storage volume configuration for the workload.

object

empty_dir

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

size_limit

Size

Required: YES.

number format: double

host_path

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

path

Path

Path of the directory on the host Required: YES.

string

<= 256 characters

name

Name

Name of the volume.

string

>= 6 characters <= 1024 characters

persistent_volume

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

storage

object

access_mode

string

default: ACCESS_MODE_READ_WRITE_ONCE

Allowed values: ACCESS_MODE_READ_WRITE_ONCE ACCESS_MODE_READ_WRITE_MANY ACCESS_MODE_READ_ONLY_MANY

class_name

Class Name

Exclusive with [default] Use the specified class name.

string

<= 256 characters

default

object

storage_size

Size (in GiB)

Size in GiB of the persistent storage Required: YES.

number format: double

service

object

advertise_options

object

advertise_custom

object

advertise_where

Advertise Where

Where should this load balancer be available

Required: YES.

Array<object>

>= 1 items <= 32 items

AdvertiseWhereType

This defines various OPTIONS where a load balancer could be advertised.

object

site

object

ip

IP address on the site

Use given IP address as VIP on the site.

string

<= 1024 characters

network

string

default: SITE_NETWORK_INSIDE_AND_OUTSIDE

Allowed values: SITE_NETWORK_INSIDE_AND_OUTSIDE SITE_NETWORK_INSIDE SITE_NETWORK_OUTSIDE SITE_NETWORK_SERVICE SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_IP_FABRIC

site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

virtual_site

object

network

string

default: SITE_NETWORK_INSIDE_AND_OUTSIDE

Allowed values: SITE_NETWORK_INSIDE_AND_OUTSIDE SITE_NETWORK_INSIDE SITE_NETWORK_OUTSIDE SITE_NETWORK_SERVICE SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_IP_FABRIC

virtual_site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

vk8s_service

object

site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

virtual_site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

ports

Ports

Ports to advertise

Required: YES.

Array<object>

<= 16 items

AdvertisePortType

Advertise port.

object

http_loadbalancer

object

default_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

domains

Domains

A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form

Domain search order:

1. Exact domain names: www.example.com.
2. Prefix domain wildcards: *.example.com or *.bar.example.com.
3. Special wildcard * matching any domain.

Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest wildcards match first. Wildcards must match a whole DNS label. E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid

Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.

Array<string>

>= 1 items <= 32 items

http

object

dns_volterra_managed

Manage DNS Domain

DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.

boolean format: boolean

port

HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

https

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_cert_params

object

certificates

certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>

<= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_mtls

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

tls_parameters

object

no_mtls

object

tls_certificates

tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>

>= 1 items <= 16 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri

<= 131072 characters

use_system_defaults

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

https_auto_cert

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

no_mtls

object

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

specific_routes

object

routes

Routes

Routes for this loadbalancer.

Array<object>

<= 32 items

RouteInfoType

This defines various OPTIONS to define a route.

object

custom_route_object

object

route_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

caching_disable

object

caching_inherit

object

direct_response_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_direct_response

object

response_body_encoded

response_body

Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”

Access Denied

”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.

string

<= 65536 characters

response_code

response_code

Response code to send.

integer format: int64

redirect_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_redirect

object

host_redirect

host_redirect

Swap host part of incoming URL in redirect URL.

string

<= 1024 characters

path_redirect

path_redirect

Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.

string

<= 256 characters

prefix_rewrite

prefix_rewrite

Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.

string

<= 256 characters

proto_redirect

proto_redirect

Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.

string

<= 1024 characters

remove_all_params

object

replace_params

Replace All Params

Exclusive with [remove_all_params retain_all_params]

string

>= 1 characters <= 256 characters

response_code

response_code

The HTTP status code to use in the redirect response.

integer format: int64

retain_all_params

object

simple_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

name

Name

Name of the Port Required: YES.

string

>= 6 characters <= 1024 characters

tcp_loadbalancer

object

domains

Domains

A list of additional domains (host/authority header) that will be matched to this loadbalancer.

Domains are also used for SNI matching if the with_sni is true Domains also indicate the list of names for which DNS resolution will be done by VER.

Array<string>

<= 32 items

with_sni

With SNI

Set to true to enable TCP loadbalancer with SNI.

boolean format: boolean

advertise_in_cluster

object

multi_ports

object

ports

Ports

Ports to advertise

Required: YES.

Array<object>

<= 16 items

PortType

Port of the workload.

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

name

Name

Name of the Port Required: YES.

string

>= 6 characters <= 1024 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

advertise_on_public

object

multi_ports

object

ports

Ports

Ports to advertise

Required: YES.

Array<object>

<= 16 items

AdvertisePortType

Advertise port.

object

http_loadbalancer

object

default_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

domains

Domains

A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form

Domain search order:

1. Exact domain names: www.example.com.
2. Prefix domain wildcards: *.example.com or *.bar.example.com.
3. Special wildcard * matching any domain.

Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest wildcards match first. Wildcards must match a whole DNS label. E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid

Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.

Array<string>

>= 1 items <= 32 items

http

object

dns_volterra_managed

Manage DNS Domain

DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.

boolean format: boolean

port

HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

https

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_cert_params

object

certificates

certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>

<= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_mtls

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

tls_parameters

object

no_mtls

object

tls_certificates

tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>

>= 1 items <= 16 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri

<= 131072 characters

use_system_defaults

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

https_auto_cert

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

no_mtls

object

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

specific_routes

object

routes

Routes

Routes for this loadbalancer.

Array<object>

<= 32 items

RouteInfoType

This defines various OPTIONS to define a route.

object

custom_route_object

object

route_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

caching_disable

object

caching_inherit

object

direct_response_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_direct_response

object

response_body_encoded

response_body

Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”

Access Denied

”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.

string

<= 65536 characters

response_code

response_code

Response code to send.

integer format: int64

redirect_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_redirect

object

host_redirect

host_redirect

Swap host part of incoming URL in redirect URL.

string

<= 1024 characters

path_redirect

path_redirect

Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.

string

<= 256 characters

prefix_rewrite

prefix_rewrite

Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.

string

<= 256 characters

proto_redirect

proto_redirect

Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.

string

<= 1024 characters

remove_all_params

object

replace_params

Replace All Params

Exclusive with [remove_all_params retain_all_params]

string

>= 1 characters <= 256 characters

response_code

response_code

The HTTP status code to use in the redirect response.

integer format: int64

retain_all_params

object

simple_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

name

Name

Name of the Port Required: YES.

string

>= 6 characters <= 1024 characters

tcp_loadbalancer

object

domains

Domains

A list of additional domains (host/authority header) that will be matched to this loadbalancer.

Domains are also used for SNI matching if the with_sni is true Domains also indicate the list of names for which DNS resolution will be done by VER.

Array<string>

<= 32 items

with_sni

With SNI

Set to true to enable TCP loadbalancer with SNI.

boolean format: boolean

port

object

http_loadbalancer

object

default_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

domains

Domains

A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form

Domain search order:

1. Exact domain names: www.example.com.
2. Prefix domain wildcards: *.example.com or *.bar.example.com.
3. Special wildcard * matching any domain.

Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest wildcards match first. Wildcards must match a whole DNS label. E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid

Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.

Array<string>

>= 1 items <= 32 items

http

object

dns_volterra_managed

Manage DNS Domain

DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.

boolean format: boolean

port

HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

https

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_cert_params

object

certificates

certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>

<= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_mtls

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

tls_parameters

object

no_mtls

object

tls_certificates

tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>

>= 1 items <= 16 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri

<= 131072 characters

use_system_defaults

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

https_auto_cert

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

no_mtls

object

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

specific_routes

object

routes

Routes

Routes for this loadbalancer.

Array<object>

<= 32 items

RouteInfoType

This defines various OPTIONS to define a route.

object

custom_route_object

object

route_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

caching_disable

object

caching_inherit

object

direct_response_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_direct_response

object

response_body_encoded

response_body

Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”

Access Denied

”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.

string

<= 65536 characters

response_code

response_code

Response code to send.

integer format: int64

redirect_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_redirect

object

host_redirect

host_redirect

Swap host part of incoming URL in redirect URL.

string

<= 1024 characters

path_redirect

path_redirect

Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.

string

<= 256 characters

prefix_rewrite

prefix_rewrite

Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.

string

<= 256 characters

proto_redirect

proto_redirect

Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.

string

<= 1024 characters

remove_all_params

object

replace_params

Replace All Params

Exclusive with [remove_all_params retain_all_params]

string

>= 1 characters <= 256 characters

response_code

response_code

The HTTP status code to use in the redirect response.

integer format: int64

retain_all_params

object

simple_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

tcp_loadbalancer

object

domains

Domains

A list of additional domains (host/authority header) that will be matched to this loadbalancer.

Domains are also used for SNI matching if the with_sni is true Domains also indicate the list of names for which DNS resolution will be done by VER.

Array<string>

<= 32 items

with_sni

With SNI

Set to true to enable TCP loadbalancer with SNI.

boolean format: boolean

do_not_advertise

object

configuration

object

parameters

Parameters

Parameters for the workload.

Array<object>

<= 32 items

ConfigurationParameterType

Configuration parameter for the workload.

object

env_var

object

name

Name

Name of Environment Variable.

string

>= 6 characters <= 256 characters

value

Value

Value of Environment Variable.

string

>= 3 characters <= 256 characters

file

object

data

Data

File data

string

<= 16384 characters

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

name

Name

Name of the file Required: YES.

string

>= 6 characters <= 256 characters

volume_name

VolumeName

Name of the Volume Required: YES.

string

<= 256 characters

containers

Containers

Containers to use for service

Required: YES.

Array<object>

<= 16 items

ContainerType

ContainerType configures the container information.

object

args

Args

Arguments to the entrypoint. Overrides the docker image’s CMD.

Array<string>

<= 128 items

command

Command

Command to execute. Overrides the docker image’s ENTRYPOINT.

Array<string>

<= 128 items

custom_flavor

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

default_flavor

object

flavor

string

default: CONTAINER_FLAVOR_TYPE_TINY

Allowed values: CONTAINER_FLAVOR_TYPE_TINY CONTAINER_FLAVOR_TYPE_MEDIUM CONTAINER_FLAVOR_TYPE_LARGE

image

object

container_registry

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

name

Name

Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.

string

>= 6 characters <= 256 characters

public

object

pull_policy

string

default: IMAGE_PULL_POLICY_DEFAULT

Allowed values: IMAGE_PULL_POLICY_DEFAULT IMAGE_PULL_POLICY_IF_NOT_PRESENT IMAGE_PULL_POLICY_ALWAYS IMAGE_PULL_POLICY_NEVER

init_container

Init Container

Specialized container that runs before application container and runs to completion.

boolean format: boolean

liveness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

name

Name

Name of the container Required: YES.

string

>= 6 characters <= 256 characters

readiness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

deploy_options

object

all_res

object

default_virtual_sites

object

deploy_ce_sites

object

site

Site

Which customer sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_ce_virtual_sites

object

virtual_site

Virtual Site

Which customer virtual sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_re_sites

object

site

Site

Which regional edge sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_re_virtual_sites

object

virtual_site

Virtual Site

Which regional edge virtual sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

num_replicas

Number of Replicas

Exclusive with [scale_to_zero] Number of replicas of service to spawn per site.

integer format: int32

scale_to_zero

object

volumes

Volumes

Volumes for the service.

Array<object>

<= 16 items

StorageVolumeType

Storage volume configuration for the workload.

object

empty_dir

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

size_limit

Size

Required: YES.

number format: double

host_path

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

path

Path

Path of the directory on the host Required: YES.

string

<= 256 characters

name

Name

Name of the volume.

string

>= 6 characters <= 1024 characters

persistent_volume

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

storage

object

access_mode

string

default: ACCESS_MODE_READ_WRITE_ONCE

Allowed values: ACCESS_MODE_READ_WRITE_ONCE ACCESS_MODE_READ_WRITE_MANY ACCESS_MODE_READ_ONLY_MANY

class_name

Class Name

Exclusive with [default] Use the specified class name.

string

<= 256 characters

default

object

storage_size

Size (in GiB)

Size in GiB of the persistent storage Required: YES.

number format: double

simple_service

object

configuration

object

parameters

Parameters

Parameters for the workload.

Array<object>

<= 32 items

ConfigurationParameterType

Configuration parameter for the workload.

object

env_var

object

name

Name

Name of Environment Variable.

string

>= 6 characters <= 256 characters

value

Value

Value of Environment Variable.

string

>= 3 characters <= 256 characters

file

object

data

Data

File data

string

<= 16384 characters

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

name

Name

Name of the file Required: YES.

string

>= 6 characters <= 256 characters

volume_name

VolumeName

Name of the Volume Required: YES.

string

<= 256 characters

container

object

args

Args

Arguments to the entrypoint. Overrides the docker image’s CMD.

Array<string>

<= 128 items

command

Command

Command to execute. Overrides the docker image’s ENTRYPOINT.

Array<string>

<= 128 items

custom_flavor

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

default_flavor

object

flavor

string

default: CONTAINER_FLAVOR_TYPE_TINY

Allowed values: CONTAINER_FLAVOR_TYPE_TINY CONTAINER_FLAVOR_TYPE_MEDIUM CONTAINER_FLAVOR_TYPE_LARGE

image

object

container_registry

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

name

Name

Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.

string

>= 6 characters <= 256 characters

public

object

pull_policy

string

default: IMAGE_PULL_POLICY_DEFAULT

Allowed values: IMAGE_PULL_POLICY_DEFAULT IMAGE_PULL_POLICY_IF_NOT_PRESENT IMAGE_PULL_POLICY_ALWAYS IMAGE_PULL_POLICY_NEVER

init_container

Init Container

Specialized container that runs before application container and runs to completion.

boolean format: boolean

liveness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

name

Name

Name of the container Required: YES.

string

>= 6 characters <= 256 characters

readiness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

disabled

object

do_not_advertise

object

enabled

object

name

Name

Name of the volume Required: YES.

string

>= 6 characters <= 1024 characters

persistent_volume

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

storage

object

access_mode

string

default: ACCESS_MODE_READ_WRITE_ONCE

Allowed values: ACCESS_MODE_READ_WRITE_ONCE ACCESS_MODE_READ_WRITE_MANY ACCESS_MODE_READ_ONLY_MANY

class_name

Class Name

Exclusive with [default] Use the specified class name.

string

<= 256 characters

default

object

storage_size

Size (in GiB)

Size in GiB of the persistent storage Required: YES.

number format: double

scale_to_zero

Scale down to zero

Scale down replicas of the service to zero.

boolean format: boolean

simple_advertise

object

domains

Domains

A list of Domains (host/authority header) that will be matched to Load Balancer. Wildcard hosts are supported in the suffix or prefix form

Supported Domains and search order:

1. Exact Domain names: www.example.com.
2. Domains starting with a Wildcard: *.example.com.

Not supported Domains:

• Just a Wildcard: *
• A Wildcard and TLD with no root Domain: *.com.
• A Wildcard not matching a whole DNS label. E.g. *.example.com and *.bar.example.com are valid Wildcards however *bar.example.com, -bar.example.com, and bar.example.com are all invalid.

Additional notes: A Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest Wildcards match first. Only a single virtual host in the entire route configuration can match on *. Also a Domain must be unique across all virtual hosts within an advertise policy.

Domains are also used for SNI matching if the Load Balancer type is HTTPS. Domains also indicate the list of names for which DNS resolution will be automatically resolved to IP addresses by the system. Required: YES.

Array<string>

>= 1 items <= 32 items

service_port

Service Port

Service port to advertise on Internet via HTTP loadbalancer using port 80 Required: YES.

integer format: int64

stateful_service

object

advertise_options

object

advertise_custom

object

advertise_where

Advertise Where

Where should this load balancer be available

Required: YES.

Array<object>

>= 1 items <= 32 items

AdvertiseWhereType

This defines various OPTIONS where a load balancer could be advertised.

object

site

object

ip

IP address on the site

Use given IP address as VIP on the site.

string

<= 1024 characters

network

string

default: SITE_NETWORK_INSIDE_AND_OUTSIDE

Allowed values: SITE_NETWORK_INSIDE_AND_OUTSIDE SITE_NETWORK_INSIDE SITE_NETWORK_OUTSIDE SITE_NETWORK_SERVICE SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_IP_FABRIC

site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

virtual_site

object

network

string

default: SITE_NETWORK_INSIDE_AND_OUTSIDE

Allowed values: SITE_NETWORK_INSIDE_AND_OUTSIDE SITE_NETWORK_INSIDE SITE_NETWORK_OUTSIDE SITE_NETWORK_SERVICE SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_IP_FABRIC

virtual_site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

vk8s_service

object

site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

virtual_site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

ports

Ports

Ports to advertise

Required: YES.

Array<object>

<= 16 items

AdvertisePortType

Advertise port.

object

http_loadbalancer

object

default_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

domains

Domains

A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form

Domain search order:

1. Exact domain names: www.example.com.
2. Prefix domain wildcards: *.example.com or *.bar.example.com.
3. Special wildcard * matching any domain.

Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest wildcards match first. Wildcards must match a whole DNS label. E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid

Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.

Array<string>

>= 1 items <= 32 items

http

object

dns_volterra_managed

Manage DNS Domain

DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.

boolean format: boolean

port

HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

https

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_cert_params

object

certificates

certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>

<= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_mtls

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

tls_parameters

object

no_mtls

object

tls_certificates

tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>

>= 1 items <= 16 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri

<= 131072 characters

use_system_defaults

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

https_auto_cert

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

no_mtls

object

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

specific_routes

object

routes

Routes

Routes for this loadbalancer.

Array<object>

<= 32 items

RouteInfoType

This defines various OPTIONS to define a route.

object

custom_route_object

object

route_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

caching_disable

object

caching_inherit

object

direct_response_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_direct_response

object

response_body_encoded

response_body

Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”

Access Denied

”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.

string

<= 65536 characters

response_code

response_code

Response code to send.

integer format: int64

redirect_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_redirect

object

host_redirect

host_redirect

Swap host part of incoming URL in redirect URL.

string

<= 1024 characters

path_redirect

path_redirect

Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.

string

<= 256 characters

prefix_rewrite

prefix_rewrite

Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.

string

<= 256 characters

proto_redirect

proto_redirect

Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.

string

<= 1024 characters

remove_all_params

object

replace_params

Replace All Params

Exclusive with [remove_all_params retain_all_params]

string

>= 1 characters <= 256 characters

response_code

response_code

The HTTP status code to use in the redirect response.

integer format: int64

retain_all_params

object

simple_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

name

Name

Name of the Port Required: YES.

string

>= 6 characters <= 1024 characters

tcp_loadbalancer

object

domains

Domains

A list of additional domains (host/authority header) that will be matched to this loadbalancer.

Domains are also used for SNI matching if the with_sni is true Domains also indicate the list of names for which DNS resolution will be done by VER.

Array<string>

<= 32 items

with_sni

With SNI

Set to true to enable TCP loadbalancer with SNI.

boolean format: boolean

advertise_in_cluster

object

multi_ports

object

ports

Ports

Ports to advertise

Required: YES.

Array<object>

<= 16 items

PortType

Port of the workload.

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

name

Name

Name of the Port Required: YES.

string

>= 6 characters <= 1024 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

advertise_on_public

object

multi_ports

object

ports

Ports

Ports to advertise

Required: YES.

Array<object>

<= 16 items

AdvertisePortType

Advertise port.

object

http_loadbalancer

object

default_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

domains

Domains

A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form

Domain search order:

1. Exact domain names: www.example.com.
2. Prefix domain wildcards: *.example.com or *.bar.example.com.
3. Special wildcard * matching any domain.

Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest wildcards match first. Wildcards must match a whole DNS label. E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid

Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.

Array<string>

>= 1 items <= 32 items

http

object

dns_volterra_managed

Manage DNS Domain

DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.

boolean format: boolean

port

HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

https

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_cert_params

object

certificates

certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>

<= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_mtls

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

tls_parameters

object

no_mtls

object

tls_certificates

tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>

>= 1 items <= 16 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri

<= 131072 characters

use_system_defaults

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

https_auto_cert

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

no_mtls

object

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

specific_routes

object

routes

Routes

Routes for this loadbalancer.

Array<object>

<= 32 items

RouteInfoType

This defines various OPTIONS to define a route.

object

custom_route_object

object

route_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

caching_disable

object

caching_inherit

object

direct_response_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_direct_response

object

response_body_encoded

response_body

Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”

Access Denied

”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.

string

<= 65536 characters

response_code

response_code

Response code to send.

integer format: int64

redirect_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_redirect

object

host_redirect

host_redirect

Swap host part of incoming URL in redirect URL.

string

<= 1024 characters

path_redirect

path_redirect

Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.

string

<= 256 characters

prefix_rewrite

prefix_rewrite

Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.

string

<= 256 characters

proto_redirect

proto_redirect

Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.

string

<= 1024 characters

remove_all_params

object

replace_params

Replace All Params

Exclusive with [remove_all_params retain_all_params]

string

>= 1 characters <= 256 characters

response_code

response_code

The HTTP status code to use in the redirect response.

integer format: int64

retain_all_params

object

simple_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

name

Name

Name of the Port Required: YES.

string

>= 6 characters <= 1024 characters

tcp_loadbalancer

object

domains

Domains

A list of additional domains (host/authority header) that will be matched to this loadbalancer.

Domains are also used for SNI matching if the with_sni is true Domains also indicate the list of names for which DNS resolution will be done by VER.

Array<string>

<= 32 items

with_sni

With SNI

Set to true to enable TCP loadbalancer with SNI.

boolean format: boolean

port

object

http_loadbalancer

object

default_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

domains

Domains

A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form

Domain search order:

1. Exact domain names: www.example.com.
2. Prefix domain wildcards: *.example.com or *.bar.example.com.
3. Special wildcard * matching any domain.

Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest wildcards match first. Wildcards must match a whole DNS label. E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid

Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.

Array<string>

>= 1 items <= 32 items

http

object

dns_volterra_managed

Manage DNS Domain

DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.

boolean format: boolean

port

HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

https

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_cert_params

object

certificates

certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>

<= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_mtls

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

tls_parameters

object

no_mtls

object

tls_certificates

tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>

>= 1 items <= 16 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri

<= 131072 characters

use_system_defaults

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

https_auto_cert

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

no_mtls

object

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

specific_routes

object

routes

Routes

Routes for this loadbalancer.

Array<object>

<= 32 items

RouteInfoType

This defines various OPTIONS to define a route.

object

custom_route_object

object

route_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

caching_disable

object

caching_inherit

object

direct_response_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_direct_response

object

response_body_encoded

response_body

Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”

Access Denied

”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.

string

<= 65536 characters

response_code

response_code

Response code to send.

integer format: int64

redirect_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_redirect

object

host_redirect

host_redirect

Swap host part of incoming URL in redirect URL.

string

<= 1024 characters

path_redirect

path_redirect

Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.

string

<= 256 characters

prefix_rewrite

prefix_rewrite

Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.

string

<= 256 characters

proto_redirect

proto_redirect

Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.

string

<= 1024 characters

remove_all_params

object

replace_params

Replace All Params

Exclusive with [remove_all_params retain_all_params]

string

>= 1 characters <= 256 characters

response_code

response_code

The HTTP status code to use in the redirect response.

integer format: int64

retain_all_params

object

simple_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

tcp_loadbalancer

object

domains

Domains

A list of additional domains (host/authority header) that will be matched to this loadbalancer.

Domains are also used for SNI matching if the with_sni is true Domains also indicate the list of names for which DNS resolution will be done by VER.

Array<string>

<= 32 items

with_sni

With SNI

Set to true to enable TCP loadbalancer with SNI.

boolean format: boolean

do_not_advertise

object

configuration

object

parameters

Parameters

Parameters for the workload.

Array<object>

<= 32 items

ConfigurationParameterType

Configuration parameter for the workload.

object

env_var

object

name

Name

Name of Environment Variable.

string

>= 6 characters <= 256 characters

value

Value

Value of Environment Variable.

string

>= 3 characters <= 256 characters

file

object

data

Data

File data

string

<= 16384 characters

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

name

Name

Name of the file Required: YES.

string

>= 6 characters <= 256 characters

volume_name

VolumeName

Name of the Volume Required: YES.

string

<= 256 characters

containers

Containers

Containers to use for service

Required: YES.

Array<object>

<= 16 items

ContainerType

ContainerType configures the container information.

object

args

Args

Arguments to the entrypoint. Overrides the docker image’s CMD.

Array<string>

<= 128 items

command

Command

Command to execute. Overrides the docker image’s ENTRYPOINT.

Array<string>

<= 128 items

custom_flavor

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

default_flavor

object

flavor

string

default: CONTAINER_FLAVOR_TYPE_TINY

Allowed values: CONTAINER_FLAVOR_TYPE_TINY CONTAINER_FLAVOR_TYPE_MEDIUM CONTAINER_FLAVOR_TYPE_LARGE

image

object

container_registry

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

name

Name

Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.

string

>= 6 characters <= 256 characters

public

object

pull_policy

string

default: IMAGE_PULL_POLICY_DEFAULT

Allowed values: IMAGE_PULL_POLICY_DEFAULT IMAGE_PULL_POLICY_IF_NOT_PRESENT IMAGE_PULL_POLICY_ALWAYS IMAGE_PULL_POLICY_NEVER

init_container

Init Container

Specialized container that runs before application container and runs to completion.

boolean format: boolean

liveness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

name

Name

Name of the container Required: YES.

string

>= 6 characters <= 256 characters

readiness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

deploy_options

object

all_res

object

default_virtual_sites

object

deploy_ce_sites

object

site

Site

Which customer sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_ce_virtual_sites

object

virtual_site

Virtual Site

Which customer virtual sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_re_sites

object

site

Site

Which regional edge sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_re_virtual_sites

object

virtual_site

Virtual Site

Which regional edge virtual sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

num_replicas

Number of Replicas

Exclusive with [scale_to_zero] Number of replicas of service to spawn per site.

integer format: int32

persistent_volumes

Persistence

Persistent storage configuration for the service

Required: YES.

Array<object>

<= 16 items

PersistentVolumeType

Persistent storage volume configuration for the workload.

object

name

Name

Name of the volume Required: YES.

string

>= 6 characters <= 1024 characters

persistent_volume

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

storage

object

access_mode

string

default: ACCESS_MODE_READ_WRITE_ONCE

Allowed values: ACCESS_MODE_READ_WRITE_ONCE ACCESS_MODE_READ_WRITE_MANY ACCESS_MODE_READ_ONLY_MANY

class_name

Class Name

Exclusive with [default] Use the specified class name.

string

<= 256 characters

default

object

storage_size

Size (in GiB)

Size in GiB of the persistent storage Required: YES.

number format: double

scale_to_zero

object

volumes

Ephemeral Storage Volumes

Ephemeral volumes for the service.

Array<object>

<= 16 items

EphemeralStorageVolumeType

Ephemeral storage volume configuration for the workload.

object

empty_dir

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

size_limit

Size

Required: YES.

number format: double

host_path

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

path

Path

Path of the directory on the host Required: YES.

string

<= 256 characters

name

Name

Name of the volume.

string

>= 6 characters <= 1024 characters

Responses

200

A successful response.

Media typeapplication/json

object

metadata

object

annotations

annotations

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.

object

description

description

Human readable description for the object.

string

>= 21 characters <= 1200 characters

disable

disable

A value of true will administratively disable the object.

boolean format: boolean

labels

labels

Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.

object

name

name

This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.

string

>= 6 characters <= 1024 characters

namespace

namespace

This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""

string

>= 6 characters <= 1024 characters

spec

object

job

object

configuration

object

parameters

Parameters

Parameters for the workload.

Array<object>

<= 32 items

ConfigurationParameterType

Configuration parameter for the workload.

object

env_var

object

name

Name

Name of Environment Variable.

string

>= 6 characters <= 256 characters

value

Value

Value of Environment Variable.

string

>= 3 characters <= 256 characters

file

object

data

Data

File data

string

<= 16384 characters

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

name

Name

Name of the file Required: YES.

string

>= 6 characters <= 256 characters

volume_name

VolumeName

Name of the Volume Required: YES.

string

<= 256 characters

containers

Containers

Containers to use for the job

Required: YES.

Array<object>

<= 16 items

ContainerType

ContainerType configures the container information.

object

args

Args

Arguments to the entrypoint. Overrides the docker image’s CMD.

Array<string>

<= 128 items

command

Command

Command to execute. Overrides the docker image’s ENTRYPOINT.

Array<string>

<= 128 items

custom_flavor

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

default_flavor

object

flavor

string

default: CONTAINER_FLAVOR_TYPE_TINY

Allowed values: CONTAINER_FLAVOR_TYPE_TINY CONTAINER_FLAVOR_TYPE_MEDIUM CONTAINER_FLAVOR_TYPE_LARGE

image

object

container_registry

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

name

Name

Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.

string

>= 6 characters <= 256 characters

public

object

pull_policy

string

default: IMAGE_PULL_POLICY_DEFAULT

Allowed values: IMAGE_PULL_POLICY_DEFAULT IMAGE_PULL_POLICY_IF_NOT_PRESENT IMAGE_PULL_POLICY_ALWAYS IMAGE_PULL_POLICY_NEVER

init_container

Init Container

Specialized container that runs before application container and runs to completion.

boolean format: boolean

liveness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

name

Name

Name of the container Required: YES.

string

>= 6 characters <= 256 characters

readiness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

deploy_options

object

all_res

object

default_virtual_sites

object

deploy_ce_sites

object

site

Site

Which customer sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_ce_virtual_sites

object

virtual_site

Virtual Site

Which customer virtual sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_re_sites

object

site

Site

Which regional edge sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_re_virtual_sites

object

virtual_site

Virtual Site

Which regional edge virtual sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

num_replicas

Number of Replicas

Number of replicas of the batch job to spawn per site.

integer format: int32

volumes

Volumes

Volumes for the job.

Array<object>

<= 16 items

StorageVolumeType

Storage volume configuration for the workload.

object

empty_dir

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

size_limit

Size

Required: YES.

number format: double

host_path

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

path

Path

Path of the directory on the host Required: YES.

string

<= 256 characters

name

Name

Name of the volume.

string

>= 6 characters <= 1024 characters

persistent_volume

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

storage

object

access_mode

string

default: ACCESS_MODE_READ_WRITE_ONCE

Allowed values: ACCESS_MODE_READ_WRITE_ONCE ACCESS_MODE_READ_WRITE_MANY ACCESS_MODE_READ_ONLY_MANY

class_name

Class Name

Exclusive with [default] Use the specified class name.

string

<= 256 characters

default

object

storage_size

Size (in GiB)

Size in GiB of the persistent storage Required: YES.

number format: double

service

object

advertise_options

object

advertise_custom

object

advertise_where

Advertise Where

Where should this load balancer be available

Required: YES.

Array<object>

>= 1 items <= 32 items

AdvertiseWhereType

This defines various OPTIONS where a load balancer could be advertised.

object

site

object

ip

IP address on the site

Use given IP address as VIP on the site.

string

<= 1024 characters

network

string

default: SITE_NETWORK_INSIDE_AND_OUTSIDE

Allowed values: SITE_NETWORK_INSIDE_AND_OUTSIDE SITE_NETWORK_INSIDE SITE_NETWORK_OUTSIDE SITE_NETWORK_SERVICE SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_IP_FABRIC

site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

virtual_site

object

network

string

default: SITE_NETWORK_INSIDE_AND_OUTSIDE

Allowed values: SITE_NETWORK_INSIDE_AND_OUTSIDE SITE_NETWORK_INSIDE SITE_NETWORK_OUTSIDE SITE_NETWORK_SERVICE SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_IP_FABRIC

virtual_site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

vk8s_service

object

site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

virtual_site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

ports

Ports

Ports to advertise

Required: YES.

Array<object>

<= 16 items

AdvertisePortType

Advertise port.

object

http_loadbalancer

object

default_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

domains

Domains

A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form

Domain search order:

1. Exact domain names: www.example.com.
2. Prefix domain wildcards: *.example.com or *.bar.example.com.
3. Special wildcard * matching any domain.

Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest wildcards match first. Wildcards must match a whole DNS label. E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid

Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.

Array<string>

>= 1 items <= 32 items

http

object

dns_volterra_managed

Manage DNS Domain

DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.

boolean format: boolean

port

HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

https

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_cert_params

object

certificates

certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>

<= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_mtls

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

tls_parameters

object

no_mtls

object

tls_certificates

tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>

>= 1 items <= 16 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri

<= 131072 characters

use_system_defaults

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

https_auto_cert

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

no_mtls

object

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

specific_routes

object

routes

Routes

Routes for this loadbalancer.

Array<object>

<= 32 items

RouteInfoType

This defines various OPTIONS to define a route.

object

custom_route_object

object

route_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

caching_disable

object

caching_inherit

object

direct_response_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_direct_response

object

response_body_encoded

response_body

Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”

Access Denied

”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.

string

<= 65536 characters

response_code

response_code

Response code to send.

integer format: int64

redirect_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_redirect

object

host_redirect

host_redirect

Swap host part of incoming URL in redirect URL.

string

<= 1024 characters

path_redirect

path_redirect

Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.

string

<= 256 characters

prefix_rewrite

prefix_rewrite

Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.

string

<= 256 characters

proto_redirect

proto_redirect

Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.

string

<= 1024 characters

remove_all_params

object

replace_params

Replace All Params

Exclusive with [remove_all_params retain_all_params]

string

>= 1 characters <= 256 characters

response_code

response_code

The HTTP status code to use in the redirect response.

integer format: int64

retain_all_params

object

simple_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

name

Name

Name of the Port Required: YES.

string

>= 6 characters <= 1024 characters

tcp_loadbalancer

object

domains

Domains

A list of additional domains (host/authority header) that will be matched to this loadbalancer.

Domains are also used for SNI matching if the with_sni is true Domains also indicate the list of names for which DNS resolution will be done by VER.

Array<string>

<= 32 items

with_sni

With SNI

Set to true to enable TCP loadbalancer with SNI.

boolean format: boolean

advertise_in_cluster

object

multi_ports

object

ports

Ports

Ports to advertise

Required: YES.

Array<object>

<= 16 items

PortType

Port of the workload.

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

name

Name

Name of the Port Required: YES.

string

>= 6 characters <= 1024 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

advertise_on_public

object

multi_ports

object

ports

Ports

Ports to advertise

Required: YES.

Array<object>

<= 16 items

AdvertisePortType

Advertise port.

object

http_loadbalancer

object

default_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

domains

Domains

A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form

Domain search order:

1. Exact domain names: www.example.com.
2. Prefix domain wildcards: *.example.com or *.bar.example.com.
3. Special wildcard * matching any domain.

Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest wildcards match first. Wildcards must match a whole DNS label. E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid

Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.

Array<string>

>= 1 items <= 32 items

http

object

dns_volterra_managed

Manage DNS Domain

DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.

boolean format: boolean

port

HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

https

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_cert_params

object

certificates

certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>

<= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_mtls

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

tls_parameters

object

no_mtls

object

tls_certificates

tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>

>= 1 items <= 16 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri

<= 131072 characters

use_system_defaults

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

https_auto_cert

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

no_mtls

object

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

specific_routes

object

routes

Routes

Routes for this loadbalancer.

Array<object>

<= 32 items

RouteInfoType

This defines various OPTIONS to define a route.

object

custom_route_object

object

route_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

caching_disable

object

caching_inherit

object

direct_response_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_direct_response

object

response_body_encoded

response_body

Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”

Access Denied

”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.

string

<= 65536 characters

response_code

response_code

Response code to send.

integer format: int64

redirect_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_redirect

object

host_redirect

host_redirect

Swap host part of incoming URL in redirect URL.

string

<= 1024 characters

path_redirect

path_redirect

Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.

string

<= 256 characters

prefix_rewrite

prefix_rewrite

Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.

string

<= 256 characters

proto_redirect

proto_redirect

Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.

string

<= 1024 characters

remove_all_params

object

replace_params

Replace All Params

Exclusive with [remove_all_params retain_all_params]

string

>= 1 characters <= 256 characters

response_code

response_code

The HTTP status code to use in the redirect response.

integer format: int64

retain_all_params

object

simple_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

name

Name

Name of the Port Required: YES.

string

>= 6 characters <= 1024 characters

tcp_loadbalancer

object

domains

Domains

A list of additional domains (host/authority header) that will be matched to this loadbalancer.

Domains are also used for SNI matching if the with_sni is true Domains also indicate the list of names for which DNS resolution will be done by VER.

Array<string>

<= 32 items

with_sni

With SNI

Set to true to enable TCP loadbalancer with SNI.

boolean format: boolean

port

object

http_loadbalancer

object

default_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

domains

Domains

A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form

Domain search order:

1. Exact domain names: www.example.com.
2. Prefix domain wildcards: *.example.com or *.bar.example.com.
3. Special wildcard * matching any domain.

Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest wildcards match first. Wildcards must match a whole DNS label. E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid

Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.

Array<string>

>= 1 items <= 32 items

http

object

dns_volterra_managed

Manage DNS Domain

DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.

boolean format: boolean

port

HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

https

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_cert_params

object

certificates

certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>

<= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_mtls

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

tls_parameters

object

no_mtls

object

tls_certificates

tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>

>= 1 items <= 16 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri

<= 131072 characters

use_system_defaults

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

https_auto_cert

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

no_mtls

object

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

specific_routes

object

routes

Routes

Routes for this loadbalancer.

Array<object>

<= 32 items

RouteInfoType

This defines various OPTIONS to define a route.

object

custom_route_object

object

route_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

caching_disable

object

caching_inherit

object

direct_response_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_direct_response

object

response_body_encoded

response_body

Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”

Access Denied

”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.

string

<= 65536 characters

response_code

response_code

Response code to send.

integer format: int64

redirect_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_redirect

object

host_redirect

host_redirect

Swap host part of incoming URL in redirect URL.

string

<= 1024 characters

path_redirect

path_redirect

Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.

string

<= 256 characters

prefix_rewrite

prefix_rewrite

Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.

string

<= 256 characters

proto_redirect

proto_redirect

Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.

string

<= 1024 characters

remove_all_params

object

replace_params

Replace All Params

Exclusive with [remove_all_params retain_all_params]

string

>= 1 characters <= 256 characters

response_code

response_code

The HTTP status code to use in the redirect response.

integer format: int64

retain_all_params

object

simple_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

tcp_loadbalancer

object

domains

Domains

A list of additional domains (host/authority header) that will be matched to this loadbalancer.

Domains are also used for SNI matching if the with_sni is true Domains also indicate the list of names for which DNS resolution will be done by VER.

Array<string>

<= 32 items

with_sni

With SNI

Set to true to enable TCP loadbalancer with SNI.

boolean format: boolean

do_not_advertise

object

configuration

object

parameters

Parameters

Parameters for the workload.

Array<object>

<= 32 items

ConfigurationParameterType

Configuration parameter for the workload.

object

env_var

object

name

Name

Name of Environment Variable.

string

>= 6 characters <= 256 characters

value

Value

Value of Environment Variable.

string

>= 3 characters <= 256 characters

file

object

data

Data

File data

string

<= 16384 characters

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

name

Name

Name of the file Required: YES.

string

>= 6 characters <= 256 characters

volume_name

VolumeName

Name of the Volume Required: YES.

string

<= 256 characters

containers

Containers

Containers to use for service

Required: YES.

Array<object>

<= 16 items

ContainerType

ContainerType configures the container information.

object

args

Args

Arguments to the entrypoint. Overrides the docker image’s CMD.

Array<string>

<= 128 items

command

Command

Command to execute. Overrides the docker image’s ENTRYPOINT.

Array<string>

<= 128 items

custom_flavor

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

default_flavor

object

flavor

string

default: CONTAINER_FLAVOR_TYPE_TINY

Allowed values: CONTAINER_FLAVOR_TYPE_TINY CONTAINER_FLAVOR_TYPE_MEDIUM CONTAINER_FLAVOR_TYPE_LARGE

image

object

container_registry

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

name

Name

Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.

string

>= 6 characters <= 256 characters

public

object

pull_policy

string

default: IMAGE_PULL_POLICY_DEFAULT

Allowed values: IMAGE_PULL_POLICY_DEFAULT IMAGE_PULL_POLICY_IF_NOT_PRESENT IMAGE_PULL_POLICY_ALWAYS IMAGE_PULL_POLICY_NEVER

init_container

Init Container

Specialized container that runs before application container and runs to completion.

boolean format: boolean

liveness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

name

Name

Name of the container Required: YES.

string

>= 6 characters <= 256 characters

readiness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

deploy_options

object

all_res

object

default_virtual_sites

object

deploy_ce_sites

object

site

Site

Which customer sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_ce_virtual_sites

object

virtual_site

Virtual Site

Which customer virtual sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_re_sites

object

site

Site

Which regional edge sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_re_virtual_sites

object

virtual_site

Virtual Site

Which regional edge virtual sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

num_replicas

Number of Replicas

Exclusive with [scale_to_zero] Number of replicas of service to spawn per site.

integer format: int32

scale_to_zero

object

volumes

Volumes

Volumes for the service.

Array<object>

<= 16 items

StorageVolumeType

Storage volume configuration for the workload.

object

empty_dir

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

size_limit

Size

Required: YES.

number format: double

host_path

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

path

Path

Path of the directory on the host Required: YES.

string

<= 256 characters

name

Name

Name of the volume.

string

>= 6 characters <= 1024 characters

persistent_volume

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

storage

object

access_mode

string

default: ACCESS_MODE_READ_WRITE_ONCE

Allowed values: ACCESS_MODE_READ_WRITE_ONCE ACCESS_MODE_READ_WRITE_MANY ACCESS_MODE_READ_ONLY_MANY

class_name

Class Name

Exclusive with [default] Use the specified class name.

string

<= 256 characters

default

object

storage_size

Size (in GiB)

Size in GiB of the persistent storage Required: YES.

number format: double

simple_service

object

configuration

object

parameters

Parameters

Parameters for the workload.

Array<object>

<= 32 items

ConfigurationParameterType

Configuration parameter for the workload.

object

env_var

object

name

Name

Name of Environment Variable.

string

>= 6 characters <= 256 characters

value

Value

Value of Environment Variable.

string

>= 3 characters <= 256 characters

file

object

data

Data

File data

string

<= 16384 characters

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

name

Name

Name of the file Required: YES.

string

>= 6 characters <= 256 characters

volume_name

VolumeName

Name of the Volume Required: YES.

string

<= 256 characters

container

object

args

Args

Arguments to the entrypoint. Overrides the docker image’s CMD.

Array<string>

<= 128 items

command

Command

Command to execute. Overrides the docker image’s ENTRYPOINT.

Array<string>

<= 128 items

custom_flavor

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

default_flavor

object

flavor

string

default: CONTAINER_FLAVOR_TYPE_TINY

Allowed values: CONTAINER_FLAVOR_TYPE_TINY CONTAINER_FLAVOR_TYPE_MEDIUM CONTAINER_FLAVOR_TYPE_LARGE

image

object

container_registry

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

name

Name

Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.

string

>= 6 characters <= 256 characters

public

object

pull_policy

string

default: IMAGE_PULL_POLICY_DEFAULT

Allowed values: IMAGE_PULL_POLICY_DEFAULT IMAGE_PULL_POLICY_IF_NOT_PRESENT IMAGE_PULL_POLICY_ALWAYS IMAGE_PULL_POLICY_NEVER

init_container

Init Container

Specialized container that runs before application container and runs to completion.

boolean format: boolean

liveness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

name

Name

Name of the container Required: YES.

string

>= 6 characters <= 256 characters

readiness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

disabled

object

do_not_advertise

object

enabled

object

name

Name

Name of the volume Required: YES.

string

>= 6 characters <= 1024 characters

persistent_volume

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

storage

object

access_mode

string

default: ACCESS_MODE_READ_WRITE_ONCE

Allowed values: ACCESS_MODE_READ_WRITE_ONCE ACCESS_MODE_READ_WRITE_MANY ACCESS_MODE_READ_ONLY_MANY

class_name

Class Name

Exclusive with [default] Use the specified class name.

string

<= 256 characters

default

object

storage_size

Size (in GiB)

Size in GiB of the persistent storage Required: YES.

number format: double

scale_to_zero

Scale down to zero

Scale down replicas of the service to zero.

boolean format: boolean

simple_advertise

object

domains

Domains

A list of Domains (host/authority header) that will be matched to Load Balancer. Wildcard hosts are supported in the suffix or prefix form

Supported Domains and search order:

1. Exact Domain names: www.example.com.
2. Domains starting with a Wildcard: *.example.com.

Not supported Domains:

• Just a Wildcard: *
• A Wildcard and TLD with no root Domain: *.com.
• A Wildcard not matching a whole DNS label. E.g. *.example.com and *.bar.example.com are valid Wildcards however *bar.example.com, -bar.example.com, and bar.example.com are all invalid.

Additional notes: A Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest Wildcards match first. Only a single virtual host in the entire route configuration can match on *. Also a Domain must be unique across all virtual hosts within an advertise policy.

Domains are also used for SNI matching if the Load Balancer type is HTTPS. Domains also indicate the list of names for which DNS resolution will be automatically resolved to IP addresses by the system. Required: YES.

Array<string>

>= 1 items <= 32 items

service_port

Service Port

Service port to advertise on Internet via HTTP loadbalancer using port 80 Required: YES.

integer format: int64

stateful_service

object

advertise_options

object

advertise_custom

object

advertise_where

Advertise Where

Where should this load balancer be available

Required: YES.

Array<object>

>= 1 items <= 32 items

AdvertiseWhereType

This defines various OPTIONS where a load balancer could be advertised.

object

site

object

ip

IP address on the site

Use given IP address as VIP on the site.

string

<= 1024 characters

network

string

default: SITE_NETWORK_INSIDE_AND_OUTSIDE

Allowed values: SITE_NETWORK_INSIDE_AND_OUTSIDE SITE_NETWORK_INSIDE SITE_NETWORK_OUTSIDE SITE_NETWORK_SERVICE SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_IP_FABRIC

site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

virtual_site

object

network

string

default: SITE_NETWORK_INSIDE_AND_OUTSIDE

Allowed values: SITE_NETWORK_INSIDE_AND_OUTSIDE SITE_NETWORK_INSIDE SITE_NETWORK_OUTSIDE SITE_NETWORK_SERVICE SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP SITE_NETWORK_IP_FABRIC

virtual_site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

vk8s_service

object

site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

virtual_site

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

ports

Ports

Ports to advertise

Required: YES.

Array<object>

<= 16 items

AdvertisePortType

Advertise port.

object

http_loadbalancer

object

default_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

domains

Domains

A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form

Domain search order:

1. Exact domain names: www.example.com.
2. Prefix domain wildcards: *.example.com or *.bar.example.com.
3. Special wildcard * matching any domain.

Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest wildcards match first. Wildcards must match a whole DNS label. E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid

Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.

Array<string>

>= 1 items <= 32 items

http

object

dns_volterra_managed

Manage DNS Domain

DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.

boolean format: boolean

port

HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

https

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_cert_params

object

certificates

certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>

<= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_mtls

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

tls_parameters

object

no_mtls

object

tls_certificates

tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>

>= 1 items <= 16 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri

<= 131072 characters

use_system_defaults

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

https_auto_cert

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

no_mtls

object

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

specific_routes

object

routes

Routes

Routes for this loadbalancer.

Array<object>

<= 32 items

RouteInfoType

This defines various OPTIONS to define a route.

object

custom_route_object

object

route_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

caching_disable

object

caching_inherit

object

direct_response_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_direct_response

object

response_body_encoded

response_body

Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”

Access Denied

”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.

string

<= 65536 characters

response_code

response_code

Response code to send.

integer format: int64

redirect_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_redirect

object

host_redirect

host_redirect

Swap host part of incoming URL in redirect URL.

string

<= 1024 characters

path_redirect

path_redirect

Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.

string

<= 256 characters

prefix_rewrite

prefix_rewrite

Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.

string

<= 256 characters

proto_redirect

proto_redirect

Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.

string

<= 1024 characters

remove_all_params

object

replace_params

Replace All Params

Exclusive with [remove_all_params retain_all_params]

string

>= 1 characters <= 256 characters

response_code

response_code

The HTTP status code to use in the redirect response.

integer format: int64

retain_all_params

object

simple_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

name

Name

Name of the Port Required: YES.

string

>= 6 characters <= 1024 characters

tcp_loadbalancer

object

domains

Domains

A list of additional domains (host/authority header) that will be matched to this loadbalancer.

Domains are also used for SNI matching if the with_sni is true Domains also indicate the list of names for which DNS resolution will be done by VER.

Array<string>

<= 32 items

with_sni

With SNI

Set to true to enable TCP loadbalancer with SNI.

boolean format: boolean

advertise_in_cluster

object

multi_ports

object

ports

Ports

Ports to advertise

Required: YES.

Array<object>

<= 16 items

PortType

Port of the workload.

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

name

Name

Name of the Port Required: YES.

string

>= 6 characters <= 1024 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

advertise_on_public

object

multi_ports

object

ports

Ports

Ports to advertise

Required: YES.

Array<object>

<= 16 items

AdvertisePortType

Advertise port.

object

http_loadbalancer

object

default_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

domains

Domains

A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form

Domain search order:

1. Exact domain names: www.example.com.
2. Prefix domain wildcards: *.example.com or *.bar.example.com.
3. Special wildcard * matching any domain.

Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest wildcards match first. Wildcards must match a whole DNS label. E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid

Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.

Array<string>

>= 1 items <= 32 items

http

object

dns_volterra_managed

Manage DNS Domain

DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.

boolean format: boolean

port

HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

https

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_cert_params

object

certificates

certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>

<= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_mtls

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

tls_parameters

object

no_mtls

object

tls_certificates

tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>

>= 1 items <= 16 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri

<= 131072 characters

use_system_defaults

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

https_auto_cert

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

no_mtls

object

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

specific_routes

object

routes

Routes

Routes for this loadbalancer.

Array<object>

<= 32 items

RouteInfoType

This defines various OPTIONS to define a route.

object

custom_route_object

object

route_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

caching_disable

object

caching_inherit

object

direct_response_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_direct_response

object

response_body_encoded

response_body

Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”

Access Denied

”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.

string

<= 65536 characters

response_code

response_code

Response code to send.

integer format: int64

redirect_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_redirect

object

host_redirect

host_redirect

Swap host part of incoming URL in redirect URL.

string

<= 1024 characters

path_redirect

path_redirect

Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.

string

<= 256 characters

prefix_rewrite

prefix_rewrite

Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.

string

<= 256 characters

proto_redirect

proto_redirect

Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.

string

<= 1024 characters

remove_all_params

object

replace_params

Replace All Params

Exclusive with [remove_all_params retain_all_params]

string

>= 1 characters <= 256 characters

response_code

response_code

The HTTP status code to use in the redirect response.

integer format: int64

retain_all_params

object

simple_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

name

Name

Name of the Port Required: YES.

string

>= 6 characters <= 1024 characters

tcp_loadbalancer

object

domains

Domains

A list of additional domains (host/authority header) that will be matched to this loadbalancer.

Domains are also used for SNI matching if the with_sni is true Domains also indicate the list of names for which DNS resolution will be done by VER.

Array<string>

<= 32 items

with_sni

With SNI

Set to true to enable TCP loadbalancer with SNI.

boolean format: boolean

port

object

http_loadbalancer

object

default_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

domains

Domains

A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form

Domain search order:

1. Exact domain names: www.example.com.
2. Prefix domain wildcards: *.example.com or *.bar.example.com.
3. Special wildcard * matching any domain.

Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest wildcards match first. Wildcards must match a whole DNS label. E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid

Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.

Array<string>

>= 1 items <= 32 items

http

object

dns_volterra_managed

Manage DNS Domain

DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.

boolean format: boolean

port

HTTP port to listen

Exclusive with [port_ranges] HTTP port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

https

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_cert_params

object

certificates

certificates

Select one or more certificates with any domain names.

Required: YES.

Array<object>

<= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_mtls

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

tls_parameters

object

no_mtls

object

tls_certificates

tls_certificates

Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms

Required: YES.

Array<object>

>= 1 items <= 16 items

TlsCertificateType

Handle to fetch certificate and key.

object

certificate_url

certificate_url

TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.

string

>= 1 characters <= 131072 characters

custom_hash_algorithms

object

hash_algorithms

Hash Algorithms

Ordered list of hash algorithms to be used.

Required: YES.

Array<string>

>= 1 items <= 4 items

Allowed values: INVALID_HASH_ALGORITHM SHA256 SHA1

description

description

Description for the certificate.

string

>= 21 characters <= 1024 characters

disable_ocsp_stapling

object

private_key

object

blindfold_secret_info

object

decryption_provider

Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string

<= 1024 characters

location

Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string

>= 4 characters <= 1024 characters

store_provider

Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

<= 1024 characters

clear_secret_info

object

provider

Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string

>= 3 characters <= 1024 characters

url

URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri

<= 131072 characters

use_system_defaults

object

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

https_auto_cert

object

add_hsts

Add HSTS

Add HTTP Strict-Transport-Security response header.

boolean format: boolean

append_server_name

append_server_name

Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.

string

<= 8096 characters

coalescing_options

object

default_coalescing

object

strict_coalescing

object

connection_idle_timeout

Connection Idle Timeout

The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.

integer format: int64

default_header

object

default_loadbalancer

object

disable_path_normalize

object

enable_path_normalize

object

http_protocol_options

object

http_protocol_enable_v1_only

object

header_transformation

object

default_header_transformation

object

legacy_header_transformation

object

preserve_case_header_transformation

object

proper_case_header_transformation

object

http_protocol_enable_v1_v2

object

http_protocol_enable_v2_only

object

http_redirect

HTTP Redirect

Redirect HTTP traffic to HTTPS.

boolean format: boolean

no_mtls

object

non_default_loadbalancer

object

pass_through

object

port

HTTPS port to listen

Exclusive with [port_ranges] HTTPS port to Listen.

integer format: int64

>= 1 <= 65535

port_ranges

Port_ranges

Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.

string

>= 1 characters <= 512 characters

server_name

server_name

Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.

string

<= 8096 characters

tls_config

object

custom_security

object

cipher_suites

cipher_suites

The TLS listener will only support the specified cipher list. Required: YES.

Array<string>

max_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

min_version

string

default: TLS_AUTO

Allowed values: TLS_AUTO TLSv1_0 TLSv1_1 TLSv1_2 TLSv1_3

default_security

object

low_security

object

medium_security

object

use_mtls

object

client_certificate_optional

client_certificate_optional

Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.

boolean format: boolean

crl

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

no_crl

object

trusted_ca

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

trusted_ca_url

trusted_ca_url

Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.

string

>= 1 characters <= 131072 characters

xfcc_disabled

object

xfcc_options

object

xfcc_header_elements

XFCC Header

X-Forwarded-Client-Cert header elements to be added to requests

Required: YES.

Array<string>

Allowed values: XFCC_NONE XFCC_CERT XFCC_CHAIN XFCC_SUBJECT XFCC_URI XFCC_DNS

specific_routes

object

routes

Routes

Routes for this loadbalancer.

Array<object>

<= 32 items

RouteInfoType

This defines various OPTIONS to define a route.

object

custom_route_object

object

route_ref

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

caching_disable

object

caching_inherit

object

direct_response_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_direct_response

object

response_body_encoded

response_body

Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”

Access Denied

”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.

string

<= 65536 characters

response_code

response_code

Response code to send.

integer format: int64

redirect_route

object

headers

headers

List of (key, value) headers.

Array<object>

<= 16 items

HeaderMatcherType

Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header

Header Match can also be inverse of above, which be used to check missing header or non-matching value.

object

exact

exact

Exclusive with [presence regex] Header value to match exactly.

string

<= 256 characters

invert_match

invert_match

Invert the result of the match to detect missing header or non-matching value.

boolean format: boolean

name

name

Name of the header Required: YES.

string

>= 1 characters <= 256 characters

presence

presence

Exclusive with [exact regex] If true, check for presence of header.

boolean format: boolean

regex

regex

Exclusive with [exact presence] Regex match of the header value in re2 format.

string

<= 256 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

incoming_port

object

no_port_match

object

port

port

Exclusive with [no_port_match port_ranges] Exact Port to match.

integer format: int64

>= 1 <= 65535

port_ranges

port_range

Exclusive with [no_port_match port] Port range to match.

string

>= 1 characters <= 32 characters

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

route_redirect

object

host_redirect

host_redirect

Swap host part of incoming URL in redirect URL.

string

<= 1024 characters

path_redirect

path_redirect

Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.

string

<= 256 characters

prefix_rewrite

prefix_rewrite

Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.

string

<= 256 characters

proto_redirect

proto_redirect

Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.

string

<= 1024 characters

remove_all_params

object

replace_params

Replace All Params

Exclusive with [remove_all_params retain_all_params]

string

>= 1 characters <= 256 characters

response_code

response_code

The HTTP status code to use in the redirect response.

integer format: int64

retain_all_params

object

simple_route

object

auto_host_rewrite

object

disable_host_rewrite

object

host_rewrite

HostRewrite

Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.

string

<= 1024 characters

http_method

string

default: ANY

Allowed values: ANY GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH COPY

path

object

path

exact

Exclusive with [prefix regex] Exact path value to match.

string

<= 256 characters

prefix

prefix

Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)

string

<= 256 characters

regex

regex

Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)

string

>= 1 characters <= 256 characters

port

object

info

object

port

Port

Port the workload can be reached on Required: YES.

integer format: int64

>= 1 <= 65535

protocol

string

default: PROTOCOL_TCP

Allowed values: PROTOCOL_TCP PROTOCOL_HTTP PROTOCOL_HTTP2 PROTOCOL_TLS_WITH_SNI PROTOCOL_UDP

same_as_port

object

target_port

Port

Exclusive with [same_as_port] Port the workload is listening on.

integer format: int64

tcp_loadbalancer

object

domains

Domains

A list of additional domains (host/authority header) that will be matched to this loadbalancer.

Domains are also used for SNI matching if the with_sni is true Domains also indicate the list of names for which DNS resolution will be done by VER.

Array<string>

<= 32 items

with_sni

With SNI

Set to true to enable TCP loadbalancer with SNI.

boolean format: boolean

do_not_advertise

object

configuration

object

parameters

Parameters

Parameters for the workload.

Array<object>

<= 32 items

ConfigurationParameterType

Configuration parameter for the workload.

object

env_var

object

name

Name

Name of Environment Variable.

string

>= 6 characters <= 256 characters

value

Value

Value of Environment Variable.

string

>= 3 characters <= 256 characters

file

object

data

Data

File data

string

<= 16384 characters

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

name

Name

Name of the file Required: YES.

string

>= 6 characters <= 256 characters

volume_name

VolumeName

Name of the Volume Required: YES.

string

<= 256 characters

containers

Containers

Containers to use for service

Required: YES.

Array<object>

<= 16 items

ContainerType

ContainerType configures the container information.

object

args

Args

Arguments to the entrypoint. Overrides the docker image’s CMD.

Array<string>

<= 128 items

command

Command

Command to execute. Overrides the docker image’s ENTRYPOINT.

Array<string>

<= 128 items

custom_flavor

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

default_flavor

object

flavor

string

default: CONTAINER_FLAVOR_TYPE_TINY

Allowed values: CONTAINER_FLAVOR_TYPE_TINY CONTAINER_FLAVOR_TYPE_MEDIUM CONTAINER_FLAVOR_TYPE_LARGE

image

object

container_registry

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

name

Name

Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.

string

>= 6 characters <= 256 characters

public

object

pull_policy

string

default: IMAGE_PULL_POLICY_DEFAULT

Allowed values: IMAGE_PULL_POLICY_DEFAULT IMAGE_PULL_POLICY_IF_NOT_PRESENT IMAGE_PULL_POLICY_ALWAYS IMAGE_PULL_POLICY_NEVER

init_container

Init Container

Specialized container that runs before application container and runs to completion.

boolean format: boolean

liveness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

name

Name

Name of the container Required: YES.

string

>= 6 characters <= 256 characters

readiness_check

object

exec_health_check

object

command

Command

Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.

Array<string>

<= 16 items

healthy_threshold

HealthyThreshold

Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.

integer format: int64

http_health_check

object

headers

Headers to add in health check request

Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.

object

host_header

Host Header

The value of the host header in the HTTP health check request.

string

<= 262 characters

path

Path

Path to access on the HTTP server. Required: YES.

string

<= 2048 characters

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

initial_delay

InitialDelay

Number of seconds after the container has started before health checks are initiated.

integer format: int64

interval

Interval

Time interval in seconds between two health check requests. Required: YES.

integer format: int64

tcp_health_check

object

port

object

name

Name

Exclusive with [num] Port Name.

string

>= 6 characters <= 1024 characters

num

Number

Exclusive with [name] Port number.

integer format: int64

timeout

Timeout

Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.

integer format: int64

unhealthy_threshold

UnhealthyThreshold

Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.

integer format: int64

deploy_options

object

all_res

object

default_virtual_sites

object

deploy_ce_sites

object

site

Site

Which customer sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_ce_virtual_sites

object

virtual_site

Virtual Site

Which customer virtual sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_re_sites

object

site

Site

Which regional edge sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

deploy_re_virtual_sites

object

virtual_site

Virtual Site

Which regional edge virtual sites should this workload be deployed

Required: YES.

Array<object>

>= 1 items <= 32 items

ObjectRefType

This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.

object

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string

>= 1 characters <= 128 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 64 characters

tenant

tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string

>= 6 characters <= 64 characters

num_replicas

Number of Replicas

Exclusive with [scale_to_zero] Number of replicas of service to spawn per site.

integer format: int32

persistent_volumes

Persistence

Persistent storage configuration for the service

Required: YES.

Array<object>

<= 16 items

PersistentVolumeType

Persistent storage volume configuration for the workload.

object

name

Name

Name of the volume Required: YES.

string

>= 6 characters <= 1024 characters

persistent_volume

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

storage

object

access_mode

string

default: ACCESS_MODE_READ_WRITE_ONCE

Allowed values: ACCESS_MODE_READ_WRITE_ONCE ACCESS_MODE_READ_WRITE_MANY ACCESS_MODE_READ_ONLY_MANY

class_name

Class Name

Exclusive with [default] Use the specified class name.

string

<= 256 characters

default

object

storage_size

Size (in GiB)

Size in GiB of the persistent storage Required: YES.

number format: double

scale_to_zero

object

volumes

Ephemeral Storage Volumes

Ephemeral volumes for the service.

Array<object>

<= 16 items

EphemeralStorageVolumeType

Ephemeral storage volume configuration for the workload.

object

empty_dir

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

size_limit

Size

Required: YES.

number format: double

host_path

object

mount

object

mode

string

default: VOLUME_MOUNT_READ_ONLY

Allowed values: VOLUME_MOUNT_READ_ONLY VOLUME_MOUNT_READ_WRITE

mount_path

MountPath

Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.

string

<= 256 characters

sub_path

SubPath

Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).

string

<= 256 characters

path

Path

Path of the directory on the host Required: YES.

string

<= 256 characters

name

Name

Name of the volume.

string

>= 6 characters <= 1024 characters

system_metadata

object

creation_timestamp

creation_timestamp

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

string format: date-time

<= 1024 characters

creator_class

creator_class

A value identifying the class of the user or service which created this configuration object.

string

<= 1024 characters

creator_id

creator_id

A value identifying the exact user or service that created this configuration object.

string

<= 1024 characters

deletion_timestamp

deletion_timestamp

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only.

string format: date-time

<= 1024 characters

finalizers

finalizers

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

Array<string>

initializers

object

pending

pending

Pending is a list of initializers that must execute in order before this object is initialized. When the last pending initializer is removed, and no failing result is set, the initializers struct will be set to nil and the object is considered as initialized and visible to all clients.

Array<object>

InitializerType

Initializer is information about an initializer that has not yet completed.

object

name

name

Name of the service that is responsible for initializing this object.

string

>= 6 characters <= 1024 characters

result

object

code

code

Suggested HTTP return code for this status, 0 if not set.

integer format: int32

reason

reason

A human-readable description of why this operation is in the “Failure” status. If this value is empty there is no information available.

string

>= 27 characters <= 1024 characters

status

status

Status of the operation. One of: “Success” or “Failure”.

string

>= 17 characters <= 1024 characters

labels

labels

Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the operator or software. Values here can be interpreted by software(backend or frontend) to enable certain behavior e.g. Things marked as soft-deleted(restorable).

object

modification_timestamp

modification_timestamp

ModificationTimestamp is a timestamp representing the server time when this object was last modified.

string format: date-time

<= 1024 characters

object_index

object_index

Unique index for the object. Some objects need a unique integer index to be allocated for each object type. This field will be populated for all objects that need it and will be zero otherwise.

integer format: int64

owner_view

object

kind

kind

Kind of the view object.

string

>= 12 characters <= 1024 characters

name

name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string

>= 6 characters <= 1024 characters

namespace

namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string

>= 6 characters <= 1024 characters

uid

uid

UID of the view object.

string format: uuid

>= 36 characters <= 1024 characters

tenant

tenant

Tenant to which this configuration object belongs to. The value for this is found from presented credentials.

string

>= 6 characters <= 1024 characters

uid

uid

Uid is the unique in time and space value for this object. It is generated by the server on successful creation of an object and is not allowed to change on Replace API. The value of is taken from uid field of ObjectMetaType, if provided.

string format: uuid

>= 36 characters <= 1024 characters

Example

{
  "spec": {
    "job": {
      "configuration": {
        "parameters": [
          {
            "file": {
              "mount": {
                "mode": "VOLUME_MOUNT_READ_ONLY"
              }
            }
          }
        ]
      },
      "containers": [
        {
          "flavor": "CONTAINER_FLAVOR_TYPE_TINY",
          "image": {
            "pull_policy": "IMAGE_PULL_POLICY_DEFAULT"
          }
        }
      ],
      "volumes": [
        {
          "empty_dir": {
            "mount": {
              "mode": "VOLUME_MOUNT_READ_ONLY"
            }
          },
          "host_path": {
            "mount": {
              "mode": "VOLUME_MOUNT_READ_ONLY"
            }
          },
          "persistent_volume": {
            "mount": {
              "mode": "VOLUME_MOUNT_READ_ONLY"
            },
            "storage": {
              "access_mode": "ACCESS_MODE_READ_WRITE_ONCE"
            }
          }
        }
      ]
    },
    "service": {
      "advertise_options": {
        "advertise_custom": {
          "advertise_where": [
            {
              "site": {
                "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE"
              },
              "virtual_site": {
                "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE"
              }
            }
          ],
          "ports": [
            {
              "http_loadbalancer": {
                "https": {
                  "tls_cert_params": {
                    "tls_config": {
                      "custom_security": {
                        "max_version": "TLS_AUTO",
                        "min_version": "TLS_AUTO"
                      }
                    },
                    "use_mtls": {
                      "xfcc_options": {
                        "xfcc_header_elements": [
                          "XFCC_NONE"
                        ]
                      }
                    }
                  },
                  "tls_parameters": {
                    "tls_certificates": [
                      {
                        "custom_hash_algorithms": {
                          "hash_algorithms": [
                            "INVALID_HASH_ALGORITHM"
                          ]
                        }
                      }
                    ],
                    "tls_config": {
                      "custom_security": {
                        "max_version": "TLS_AUTO",
                        "min_version": "TLS_AUTO"
                      }
                    },
                    "use_mtls": {
                      "xfcc_options": {
                        "xfcc_header_elements": [
                          "XFCC_NONE"
                        ]
                      }
                    }
                  }
                },
                "https_auto_cert": {
                  "tls_config": {
                    "custom_security": {
                      "max_version": "TLS_AUTO",
                      "min_version": "TLS_AUTO"
                    }
                  },
                  "use_mtls": {
                    "xfcc_options": {
                      "xfcc_header_elements": [
                        "XFCC_NONE"
                      ]
                    }
                  }
                },
                "specific_routes": {
                  "routes": [
                    {
                      "direct_response_route": {
                        "http_method": "ANY"
                      },
                      "redirect_route": {
                        "http_method": "ANY"
                      },
                      "simple_route": {
                        "http_method": "ANY"
                      }
                    }
                  ]
                }
              },
              "port": {
                "info": {
                  "protocol": "PROTOCOL_TCP"
                }
              }
            }
          ]
        },
        "advertise_in_cluster": {
          "multi_ports": {
            "ports": [
              {
                "info": {
                  "protocol": "PROTOCOL_TCP"
                }
              }
            ]
          },
          "port": {
            "info": {
              "protocol": "PROTOCOL_TCP"
            }
          }
        },
        "advertise_on_public": {
          "multi_ports": {
            "ports": [
              {
                "http_loadbalancer": {
                  "https": {
                    "tls_cert_params": {
                      "tls_config": {
                        "custom_security": {
                          "max_version": "TLS_AUTO",
                          "min_version": "TLS_AUTO"
                        }
                      },
                      "use_mtls": {
                        "xfcc_options": {
                          "xfcc_header_elements": [
                            "XFCC_NONE"
                          ]
                        }
                      }
                    },
                    "tls_parameters": {
                      "tls_certificates": [
                        {
                          "custom_hash_algorithms": {
                            "hash_algorithms": [
                              "INVALID_HASH_ALGORITHM"
                            ]
                          }
                        }
                      ],
                      "tls_config": {
                        "custom_security": {
                          "max_version": "TLS_AUTO",
                          "min_version": "TLS_AUTO"
                        }
                      },
                      "use_mtls": {
                        "xfcc_options": {
                          "xfcc_header_elements": [
                            "XFCC_NONE"
                          ]
                        }
                      }
                    }
                  },
                  "https_auto_cert": {
                    "tls_config": {
                      "custom_security": {
                        "max_version": "TLS_AUTO",
                        "min_version": "TLS_AUTO"
                      }
                    },
                    "use_mtls": {
                      "xfcc_options": {
                        "xfcc_header_elements": [
                          "XFCC_NONE"
                        ]
                      }
                    }
                  },
                  "specific_routes": {
                    "routes": [
                      {
                        "direct_response_route": {
                          "http_method": "ANY"
                        },
                        "redirect_route": {
                          "http_method": "ANY"
                        },
                        "simple_route": {
                          "http_method": "ANY"
                        }
                      }
                    ]
                  }
                },
                "port": {
                  "info": {
                    "protocol": "PROTOCOL_TCP"
                  }
                }
              }
            ]
          },
          "port": {
            "http_loadbalancer": {
              "https": {
                "tls_cert_params": {
                  "tls_config": {
                    "custom_security": {
                      "max_version": "TLS_AUTO",
                      "min_version": "TLS_AUTO"
                    }
                  },
                  "use_mtls": {
                    "xfcc_options": {
                      "xfcc_header_elements": [
                        "XFCC_NONE"
                      ]
                    }
                  }
                },
                "tls_parameters": {
                  "tls_certificates": [
                    {
                      "custom_hash_algorithms": {
                        "hash_algorithms": [
                          "INVALID_HASH_ALGORITHM"
                        ]
                      }
                    }
                  ],
                  "tls_config": {
                    "custom_security": {
                      "max_version": "TLS_AUTO",
                      "min_version": "TLS_AUTO"
                    }
                  },
                  "use_mtls": {
                    "xfcc_options": {
                      "xfcc_header_elements": [
                        "XFCC_NONE"
                      ]
                    }
                  }
                }
              },
              "https_auto_cert": {
                "tls_config": {
                  "custom_security": {
                    "max_version": "TLS_AUTO",
                    "min_version": "TLS_AUTO"
                  }
                },
                "use_mtls": {
                  "xfcc_options": {
                    "xfcc_header_elements": [
                      "XFCC_NONE"
                    ]
                  }
                }
              },
              "specific_routes": {
                "routes": [
                  {
                    "direct_response_route": {
                      "http_method": "ANY"
                    },
                    "redirect_route": {
                      "http_method": "ANY"
                    },
                    "simple_route": {
                      "http_method": "ANY"
                    }
                  }
                ]
              }
            },
            "port": {
              "info": {
                "protocol": "PROTOCOL_TCP"
              }
            }
          }
        }
      },
      "configuration": {
        "parameters": [
          {
            "file": {
              "mount": {
                "mode": "VOLUME_MOUNT_READ_ONLY"
              }
            }
          }
        ]
      },
      "containers": [
        {
          "flavor": "CONTAINER_FLAVOR_TYPE_TINY",
          "image": {
            "pull_policy": "IMAGE_PULL_POLICY_DEFAULT"
          }
        }
      ],
      "volumes": [
        {
          "empty_dir": {
            "mount": {
              "mode": "VOLUME_MOUNT_READ_ONLY"
            }
          },
          "host_path": {
            "mount": {
              "mode": "VOLUME_MOUNT_READ_ONLY"
            }
          },
          "persistent_volume": {
            "mount": {
              "mode": "VOLUME_MOUNT_READ_ONLY"
            },
            "storage": {
              "access_mode": "ACCESS_MODE_READ_WRITE_ONCE"
            }
          }
        }
      ]
    },
    "simple_service": {
      "configuration": {
        "parameters": [
          {
            "file": {
              "mount": {
                "mode": "VOLUME_MOUNT_READ_ONLY"
              }
            }
          }
        ]
      },
      "container": {
        "flavor": "CONTAINER_FLAVOR_TYPE_TINY",
        "image": {
          "pull_policy": "IMAGE_PULL_POLICY_DEFAULT"
        }
      },
      "enabled": {
        "persistent_volume": {
          "mount": {
            "mode": "VOLUME_MOUNT_READ_ONLY"
          },
          "storage": {
            "access_mode": "ACCESS_MODE_READ_WRITE_ONCE"
          }
        }
      }
    },
    "stateful_service": {
      "advertise_options": {
        "advertise_custom": {
          "advertise_where": [
            {
              "site": {
                "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE"
              },
              "virtual_site": {
                "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE"
              }
            }
          ],
          "ports": [
            {
              "http_loadbalancer": {
                "https": {
                  "tls_cert_params": {
                    "tls_config": {
                      "custom_security": {
                        "max_version": "TLS_AUTO",
                        "min_version": "TLS_AUTO"
                      }
                    },
                    "use_mtls": {
                      "xfcc_options": {
                        "xfcc_header_elements": [
                          "XFCC_NONE"
                        ]
                      }
                    }
                  },
                  "tls_parameters": {
                    "tls_certificates": [
                      {
                        "custom_hash_algorithms": {
                          "hash_algorithms": [
                            "INVALID_HASH_ALGORITHM"
                          ]
                        }
                      }
                    ],
                    "tls_config": {
                      "custom_security": {
                        "max_version": "TLS_AUTO",
                        "min_version": "TLS_AUTO"
                      }
                    },
                    "use_mtls": {
                      "xfcc_options": {
                        "xfcc_header_elements": [
                          "XFCC_NONE"
                        ]
                      }
                    }
                  }
                },
                "https_auto_cert": {
                  "tls_config": {
                    "custom_security": {
                      "max_version": "TLS_AUTO",
                      "min_version": "TLS_AUTO"
                    }
                  },
                  "use_mtls": {
                    "xfcc_options": {
                      "xfcc_header_elements": [
                        "XFCC_NONE"
                      ]
                    }
                  }
                },
                "specific_routes": {
                  "routes": [
                    {
                      "direct_response_route": {
                        "http_method": "ANY"
                      },
                      "redirect_route": {
                        "http_method": "ANY"
                      },
                      "simple_route": {
                        "http_method": "ANY"
                      }
                    }
                  ]
                }
              },
              "port": {
                "info": {
                  "protocol": "PROTOCOL_TCP"
                }
              }
            }
          ]
        },
        "advertise_in_cluster": {
          "multi_ports": {
            "ports": [
              {
                "info": {
                  "protocol": "PROTOCOL_TCP"
                }
              }
            ]
          },
          "port": {
            "info": {
              "protocol": "PROTOCOL_TCP"
            }
          }
        },
        "advertise_on_public": {
          "multi_ports": {
            "ports": [
              {
                "http_loadbalancer": {
                  "https": {
                    "tls_cert_params": {
                      "tls_config": {
                        "custom_security": {
                          "max_version": "TLS_AUTO",
                          "min_version": "TLS_AUTO"
                        }
                      },
                      "use_mtls": {
                        "xfcc_options": {
                          "xfcc_header_elements": [
                            "XFCC_NONE"
                          ]
                        }
                      }
                    },
                    "tls_parameters": {
                      "tls_certificates": [
                        {
                          "custom_hash_algorithms": {
                            "hash_algorithms": [
                              "INVALID_HASH_ALGORITHM"
                            ]
                          }
                        }
                      ],
                      "tls_config": {
                        "custom_security": {
                          "max_version": "TLS_AUTO",
                          "min_version": "TLS_AUTO"
                        }
                      },
                      "use_mtls": {
                        "xfcc_options": {
                          "xfcc_header_elements": [
                            "XFCC_NONE"
                          ]
                        }
                      }
                    }
                  },
                  "https_auto_cert": {
                    "tls_config": {
                      "custom_security": {
                        "max_version": "TLS_AUTO",
                        "min_version": "TLS_AUTO"
                      }
                    },
                    "use_mtls": {
                      "xfcc_options": {
                        "xfcc_header_elements": [
                          "XFCC_NONE"
                        ]
                      }
                    }
                  },
                  "specific_routes": {
                    "routes": [
                      {
                        "direct_response_route": {
                          "http_method": "ANY"
                        },
                        "redirect_route": {
                          "http_method": "ANY"
                        },
                        "simple_route": {
                          "http_method": "ANY"
                        }
                      }
                    ]
                  }
                },
                "port": {
                  "info": {
                    "protocol": "PROTOCOL_TCP"
                  }
                }
              }
            ]
          },
          "port": {
            "http_loadbalancer": {
              "https": {
                "tls_cert_params": {
                  "tls_config": {
                    "custom_security": {
                      "max_version": "TLS_AUTO",
                      "min_version": "TLS_AUTO"
                    }
                  },
                  "use_mtls": {
                    "xfcc_options": {
                      "xfcc_header_elements": [
                        "XFCC_NONE"
                      ]
                    }
                  }
                },
                "tls_parameters": {
                  "tls_certificates": [
                    {
                      "custom_hash_algorithms": {
                        "hash_algorithms": [
                          "INVALID_HASH_ALGORITHM"
                        ]
                      }
                    }
                  ],
                  "tls_config": {
                    "custom_security": {
                      "max_version": "TLS_AUTO",
                      "min_version": "TLS_AUTO"
                    }
                  },
                  "use_mtls": {
                    "xfcc_options": {
                      "xfcc_header_elements": [
                        "XFCC_NONE"
                      ]
                    }
                  }
                }
              },
              "https_auto_cert": {
                "tls_config": {
                  "custom_security": {
                    "max_version": "TLS_AUTO",
                    "min_version": "TLS_AUTO"
                  }
                },
                "use_mtls": {
                  "xfcc_options": {
                    "xfcc_header_elements": [
                      "XFCC_NONE"
                    ]
                  }
                }
              },
              "specific_routes": {
                "routes": [
                  {
                    "direct_response_route": {
                      "http_method": "ANY"
                    },
                    "redirect_route": {
                      "http_method": "ANY"
                    },
                    "simple_route": {
                      "http_method": "ANY"
                    }
                  }
                ]
              }
            },
            "port": {
              "info": {
                "protocol": "PROTOCOL_TCP"
              }
            }
          }
        }
      },
      "configuration": {
        "parameters": [
          {
            "file": {
              "mount": {
                "mode": "VOLUME_MOUNT_READ_ONLY"
              }
            }
          }
        ]
      },
      "containers": [
        {
          "flavor": "CONTAINER_FLAVOR_TYPE_TINY",
          "image": {
            "pull_policy": "IMAGE_PULL_POLICY_DEFAULT"
          }
        }
      ],
      "persistent_volumes": [
        {
          "persistent_volume": {
            "mount": {
              "mode": "VOLUME_MOUNT_READ_ONLY"
            },
            "storage": {
              "access_mode": "ACCESS_MODE_READ_WRITE_ONCE"
            }
          }
        }
      ],
      "volumes": [
        {
          "empty_dir": {
            "mount": {
              "mode": "VOLUME_MOUNT_READ_ONLY"
            }
          },
          "host_path": {
            "mount": {
              "mode": "VOLUME_MOUNT_READ_ONLY"
            }
          }
        }
      ]
    }
  }
}

401

Returned when operation is not authorized.

Media typeapplication/json

string format: string

Example^generated

example

403

Returned when there is no permission to access resource.

Media typeapplication/json

string format: string

Example^generated

example

404

Returned when resource is not found.

Media typeapplication/json

string format: string

Example^generated

example

409

Returned when operation on resource is conflicting with current value.

Media typeapplication/json

string format: string

Example^generated

example

429

Returned when operation has been rejected as it is happening too frequently.

Media typeapplication/json

string format: string

Example^generated

example

500

Returned when server encountered an error in processing API.

Media typeapplication/json

string format: string

Example^generated

example

503

Returned when service is unavailable temporarily.

Media typeapplication/json

string format: string

Example^generated

example

504

Returned when server timed out processing request.

Media typeapplication/json

string format: string

Example^generated

example