GET Workload.
const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/workloads/example?response_format=GET_RSP_FORMAT_DEFAULT';const options = {method: 'GET', headers: {Authorization: '<Authorization>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/workloads/example?response_format=GET_RSP_FORMAT_DEFAULT' \ --header 'Authorization: <Authorization>'Shape of Workload.
Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Namespace The namespace in which the configuration object is present.
Name The name of the configuration object to be fetched.
Query Parameters
Section titled “Query Parameters”The format in which the configuration object is to be fetched. This could be for example
- in GetSpec form for the contents of object
- in CreateRequest form to create a new similar object
- to ReplaceRequest form to replace changeable values
Default format of returned resource Response should be in CreateRequest format Response should be in ReplaceRequest format Response should be in StatusObject(s) format Response should be in format of GetSpecType Response should have other objects referring to this object Response should have deleted and disabled objects referrred by this object.
Responses
Section titled “Responses”A successful response.
This is the output message of the ‘GET’ RPC.
object
object
object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
object
Human readable description for the object.
A value of true will administratively disable the object.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.
object
This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.
This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
object
object
object
Parameters for the workload.
Configuration parameter for the workload.
object
object
Name of Environment Variable.
Value of Environment Variable.
object
File data
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Name of the file Required: YES.
Name of the Volume Required: YES.
Containers to use for the job
Required: YES.
ContainerType configures the container information.
object
Arguments to the entrypoint. Overrides the docker image’s CMD.
Command to execute. Overrides the docker image’s ENTRYPOINT.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.
object
Specialized container that runs before application container and runs to completion.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
Name of the container Required: YES.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
object
object
object
object
Which customer sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which customer virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Number of replicas of the batch job to spawn per site.
Volumes for the job.
Storage volume configuration for the workload.
object
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Required: YES.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Path of the directory on the host Required: YES.
Name of the volume.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
object
Exclusive with [default] Use the specified class name.
object
Size in GiB of the persistent storage Required: YES.
object
object
object
Where should this load balancer be available
Required: YES.
This defines various OPTIONS where a load balancer could be advertised.
object
object
Use given IP address as VIP on the site.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Ports to advertise
Required: YES.
Advertise port.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
Ports to advertise
Required: YES.
Port of the workload.
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
object
object
Ports to advertise
Required: YES.
Advertise port.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
Parameters for the workload.
Configuration parameter for the workload.
object
object
Name of Environment Variable.
Value of Environment Variable.
object
File data
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Name of the file Required: YES.
Name of the Volume Required: YES.
Containers to use for service
Required: YES.
ContainerType configures the container information.
object
Arguments to the entrypoint. Overrides the docker image’s CMD.
Command to execute. Overrides the docker image’s ENTRYPOINT.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.
object
Specialized container that runs before application container and runs to completion.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
Name of the container Required: YES.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
object
object
object
object
Which customer sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which customer virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [scale_to_zero] Number of replicas of service to spawn per site.
object
Volumes for the service.
Storage volume configuration for the workload.
object
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Required: YES.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Path of the directory on the host Required: YES.
Name of the volume.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
object
Exclusive with [default] Use the specified class name.
object
Size in GiB of the persistent storage Required: YES.
object
object
Parameters for the workload.
Configuration parameter for the workload.
object
object
Name of Environment Variable.
Value of Environment Variable.
object
File data
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Name of the file Required: YES.
Name of the Volume Required: YES.
object
Arguments to the entrypoint. Overrides the docker image’s CMD.
Command to execute. Overrides the docker image’s ENTRYPOINT.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.
object
Specialized container that runs before application container and runs to completion.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
Name of the container Required: YES.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
object
object
object
Name of the volume Required: YES.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
object
Exclusive with [default] Use the specified class name.
object
Size in GiB of the persistent storage Required: YES.
Scale down replicas of the service to zero.
object
A list of Domains (host/authority header) that will be matched to Load Balancer. Wildcard hosts are supported in the suffix or prefix form
Supported Domains and search order:
- Exact Domain names: www.example.com.
- Domains starting with a Wildcard: *.example.com.
Not supported Domains:
- Just a Wildcard: *
- A Wildcard and TLD with no root Domain: *.com.
- A Wildcard not matching a whole DNS label. E.g. *.example.com and *.bar.example.com are valid Wildcards however *bar.example.com, -bar.example.com, and bar.example.com are all invalid.
Additional notes: A Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest Wildcards match first. Only a single virtual host in the entire route configuration can match on *. Also a Domain must be unique across all virtual hosts within an advertise policy.
Domains are also used for SNI matching if the Load Balancer type is HTTPS. Domains also indicate the list of names for which DNS resolution will be automatically resolved to IP addresses by the system. Required: YES.
Service port to advertise on Internet via HTTP loadbalancer using port 80 Required: YES.
object
object
object
Where should this load balancer be available
Required: YES.
This defines various OPTIONS where a load balancer could be advertised.
object
object
Use given IP address as VIP on the site.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Ports to advertise
Required: YES.
Advertise port.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
Ports to advertise
Required: YES.
Port of the workload.
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
object
object
Ports to advertise
Required: YES.
Advertise port.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
Parameters for the workload.
Configuration parameter for the workload.
object
object
Name of Environment Variable.
Value of Environment Variable.
object
File data
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Name of the file Required: YES.
Name of the Volume Required: YES.
Containers to use for service
Required: YES.
ContainerType configures the container information.
object
Arguments to the entrypoint. Overrides the docker image’s CMD.
Command to execute. Overrides the docker image’s ENTRYPOINT.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.
object
Specialized container that runs before application container and runs to completion.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
Name of the container Required: YES.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
object
object
object
object
Which customer sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which customer virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [scale_to_zero] Number of replicas of service to spawn per site.
Persistent storage configuration for the service
Required: YES.
Persistent storage volume configuration for the workload.
object
Name of the volume Required: YES.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
object
Exclusive with [default] Use the specified class name.
object
Size in GiB of the persistent storage Required: YES.
object
Ephemeral volumes for the service.
Ephemeral storage volume configuration for the workload.
object
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Required: YES.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Path of the directory on the host Required: YES.
Name of the volume.
The set of deleted objects that are referred by this object.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
The set of deleted objects that are referred by this object.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
object
Human readable description for the object.
A value of true will administratively disable the object.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.
object
This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.
This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
The set of objects that are referring to this object in their spec.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
object
object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
object
Human readable description for the object.
A value of true will administratively disable the object.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.
object
This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.
This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
object
object
object
Parameters for the workload.
Configuration parameter for the workload.
object
object
Name of Environment Variable.
Value of Environment Variable.
object
File data
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Name of the file Required: YES.
Name of the Volume Required: YES.
Containers to use for the job
Required: YES.
ContainerType configures the container information.
object
Arguments to the entrypoint. Overrides the docker image’s CMD.
Command to execute. Overrides the docker image’s ENTRYPOINT.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.
object
Specialized container that runs before application container and runs to completion.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
Name of the container Required: YES.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
object
object
object
object
Which customer sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which customer virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Number of replicas of the batch job to spawn per site.
Volumes for the job.
Storage volume configuration for the workload.
object
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Required: YES.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Path of the directory on the host Required: YES.
Name of the volume.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
object
Exclusive with [default] Use the specified class name.
object
Size in GiB of the persistent storage Required: YES.
object
object
object
Where should this load balancer be available
Required: YES.
This defines various OPTIONS where a load balancer could be advertised.
object
object
Use given IP address as VIP on the site.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Ports to advertise
Required: YES.
Advertise port.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
Ports to advertise
Required: YES.
Port of the workload.
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
object
object
Ports to advertise
Required: YES.
Advertise port.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
Parameters for the workload.
Configuration parameter for the workload.
object
object
Name of Environment Variable.
Value of Environment Variable.
object
File data
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Name of the file Required: YES.
Name of the Volume Required: YES.
Containers to use for service
Required: YES.
ContainerType configures the container information.
object
Arguments to the entrypoint. Overrides the docker image’s CMD.
Command to execute. Overrides the docker image’s ENTRYPOINT.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.
object
Specialized container that runs before application container and runs to completion.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
Name of the container Required: YES.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
object
object
object
object
Which customer sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which customer virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [scale_to_zero] Number of replicas of service to spawn per site.
object
Volumes for the service.
Storage volume configuration for the workload.
object
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Required: YES.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Path of the directory on the host Required: YES.
Name of the volume.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
object
Exclusive with [default] Use the specified class name.
object
Size in GiB of the persistent storage Required: YES.
object
object
Parameters for the workload.
Configuration parameter for the workload.
object
object
Name of Environment Variable.
Value of Environment Variable.
object
File data
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Name of the file Required: YES.
Name of the Volume Required: YES.
object
Arguments to the entrypoint. Overrides the docker image’s CMD.
Command to execute. Overrides the docker image’s ENTRYPOINT.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.
object
Specialized container that runs before application container and runs to completion.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
Name of the container Required: YES.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
object
object
object
Name of the volume Required: YES.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
object
Exclusive with [default] Use the specified class name.
object
Size in GiB of the persistent storage Required: YES.
Scale down replicas of the service to zero.
object
A list of Domains (host/authority header) that will be matched to Load Balancer. Wildcard hosts are supported in the suffix or prefix form
Supported Domains and search order:
- Exact Domain names: www.example.com.
- Domains starting with a Wildcard: *.example.com.
Not supported Domains:
- Just a Wildcard: *
- A Wildcard and TLD with no root Domain: *.com.
- A Wildcard not matching a whole DNS label. E.g. *.example.com and *.bar.example.com are valid Wildcards however *bar.example.com, -bar.example.com, and bar.example.com are all invalid.
Additional notes: A Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest Wildcards match first. Only a single virtual host in the entire route configuration can match on *. Also a Domain must be unique across all virtual hosts within an advertise policy.
Domains are also used for SNI matching if the Load Balancer type is HTTPS. Domains also indicate the list of names for which DNS resolution will be automatically resolved to IP addresses by the system. Required: YES.
Service port to advertise on Internet via HTTP loadbalancer using port 80 Required: YES.
object
object
object
Where should this load balancer be available
Required: YES.
This defines various OPTIONS where a load balancer could be advertised.
object
object
Use given IP address as VIP on the site.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Ports to advertise
Required: YES.
Advertise port.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
Ports to advertise
Required: YES.
Port of the workload.
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
object
object
Ports to advertise
Required: YES.
Advertise port.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
Parameters for the workload.
Configuration parameter for the workload.
object
object
Name of Environment Variable.
Value of Environment Variable.
object
File data
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Name of the file Required: YES.
Name of the Volume Required: YES.
Containers to use for service
Required: YES.
ContainerType configures the container information.
object
Arguments to the entrypoint. Overrides the docker image’s CMD.
Command to execute. Overrides the docker image’s ENTRYPOINT.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.
object
Specialized container that runs before application container and runs to completion.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
Name of the container Required: YES.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
object
object
object
object
Which customer sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which customer virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [scale_to_zero] Number of replicas of service to spawn per site.
Persistent storage configuration for the service
Required: YES.
Persistent storage volume configuration for the workload.
object
Name of the volume Required: YES.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
object
Exclusive with [default] Use the specified class name.
object
Size in GiB of the persistent storage Required: YES.
object
Ephemeral volumes for the service.
Ephemeral storage volume configuration for the workload.
object
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Required: YES.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Path of the directory on the host Required: YES.
Name of the volume.
object
object
object
Parameters for the workload.
Configuration parameter for the workload.
object
object
Name of Environment Variable.
Value of Environment Variable.
object
File data
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Name of the file Required: YES.
Name of the Volume Required: YES.
Containers to use for the job
Required: YES.
ContainerType configures the container information.
object
Arguments to the entrypoint. Overrides the docker image’s CMD.
Command to execute. Overrides the docker image’s ENTRYPOINT.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.
object
Specialized container that runs before application container and runs to completion.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
Name of the container Required: YES.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
object
object
object
object
Which customer sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which customer virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Number of replicas of the batch job to spawn per site.
Volumes for the job.
Storage volume configuration for the workload.
object
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Required: YES.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Path of the directory on the host Required: YES.
Name of the volume.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
object
Exclusive with [default] Use the specified class name.
object
Size in GiB of the persistent storage Required: YES.
object
object
object
Where should this load balancer be available
Required: YES.
This defines various OPTIONS where a load balancer could be advertised.
object
object
Use given IP address as VIP on the site.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Ports to advertise
Required: YES.
Advertise port.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
Ports to advertise
Required: YES.
Port of the workload.
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
object
object
Ports to advertise
Required: YES.
Advertise port.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
Parameters for the workload.
Configuration parameter for the workload.
object
object
Name of Environment Variable.
Value of Environment Variable.
object
File data
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Name of the file Required: YES.
Name of the Volume Required: YES.
Containers to use for service
Required: YES.
ContainerType configures the container information.
object
Arguments to the entrypoint. Overrides the docker image’s CMD.
Command to execute. Overrides the docker image’s ENTRYPOINT.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.
object
Specialized container that runs before application container and runs to completion.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
Name of the container Required: YES.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
object
object
object
object
Which customer sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which customer virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [scale_to_zero] Number of replicas of service to spawn per site.
object
Volumes for the service.
Storage volume configuration for the workload.
object
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Required: YES.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Path of the directory on the host Required: YES.
Name of the volume.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
object
Exclusive with [default] Use the specified class name.
object
Size in GiB of the persistent storage Required: YES.
object
object
Parameters for the workload.
Configuration parameter for the workload.
object
object
Name of Environment Variable.
Value of Environment Variable.
object
File data
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Name of the file Required: YES.
Name of the Volume Required: YES.
object
Arguments to the entrypoint. Overrides the docker image’s CMD.
Command to execute. Overrides the docker image’s ENTRYPOINT.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.
object
Specialized container that runs before application container and runs to completion.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
Name of the container Required: YES.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
object
object
object
Name of the volume Required: YES.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
object
Exclusive with [default] Use the specified class name.
object
Size in GiB of the persistent storage Required: YES.
Scale down replicas of the service to zero.
object
A list of Domains (host/authority header) that will be matched to Load Balancer. Wildcard hosts are supported in the suffix or prefix form
Supported Domains and search order:
- Exact Domain names: www.example.com.
- Domains starting with a Wildcard: *.example.com.
Not supported Domains:
- Just a Wildcard: *
- A Wildcard and TLD with no root Domain: *.com.
- A Wildcard not matching a whole DNS label. E.g. *.example.com and *.bar.example.com are valid Wildcards however *bar.example.com, -bar.example.com, and bar.example.com are all invalid.
Additional notes: A Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest Wildcards match first. Only a single virtual host in the entire route configuration can match on *. Also a Domain must be unique across all virtual hosts within an advertise policy.
Domains are also used for SNI matching if the Load Balancer type is HTTPS. Domains also indicate the list of names for which DNS resolution will be automatically resolved to IP addresses by the system. Required: YES.
Service port to advertise on Internet via HTTP loadbalancer using port 80 Required: YES.
object
object
object
Where should this load balancer be available
Required: YES.
This defines various OPTIONS where a load balancer could be advertised.
object
object
Use given IP address as VIP on the site.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Ports to advertise
Required: YES.
Advertise port.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
Ports to advertise
Required: YES.
Port of the workload.
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
object
object
Ports to advertise
Required: YES.
Advertise port.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
Name of the Port Required: YES.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
A list of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form
Domain search order:
- Exact domain names:
www.example.com. - Prefix domain wildcards:
*.example.comor*.bar.example.com. - Special wildcard
*matching any domain.
Wildcard will not match empty string.
E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com.
The longest wildcards match first.
Wildcards must match a whole DNS label.
E.g. *.example.com and *.bar.example.com are valid, however *bar.example.com or *-bar.example.com is invalid
Domains are also used for SNI matching if the loadbalancer type is HTTPS Domains also indicate the list of names for which DNS resolution will be done by VER Required: YES.
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal.
Exclusive with [port_ranges] HTTP port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Add HTTP Strict-Transport-Security response header.
Exclusive with [default_header pass_through server_name] Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is.
object
object
object
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. This is specified in milliseconds. The default value is 2 minutes.
object
object
object
object
object
object
object
object
object
object
object
object
object
Redirect HTTP traffic to HTTPS.
object
object
object
Exclusive with [port_ranges] HTTPS port to Listen.
Exclusive with [port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
Exclusive with [append_server_name default_header pass_through] Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header.
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
Routes for this loadbalancer.
This defines various OPTIONS to define a route.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
object
object
Exclusive with [auto_host_rewrite disable_host_rewrite] Host header will be swapped with this value.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
object
object
Port the workload can be reached on Required: YES.
object
Exclusive with [same_as_port] Port the workload is listening on.
object
A list of additional domains (host/authority header) that will be matched to this loadbalancer.
Domains are also used for SNI matching if the with_sni is true
Domains also indicate the list of names for which DNS resolution will be done by VER.
Set to true to enable TCP loadbalancer with SNI.
object
object
Parameters for the workload.
Configuration parameter for the workload.
object
object
Name of Environment Variable.
Value of Environment Variable.
object
File data
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Name of the file Required: YES.
Name of the Volume Required: YES.
Containers to use for service
Required: YES.
ContainerType configures the container information.
object
Arguments to the entrypoint. Overrides the docker image’s CMD.
Command to execute. Overrides the docker image’s ENTRYPOINT.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Name is a container image which are usually given a name such as alpine, ubuntu, or quay.I/O/etcd:0.13. The format is registry/image:tag or registry/image@image-digest. If registry is not specified, the Docker public registry is assumed. If tag is not specified, latest is assumed. Required: YES.
object
Specialized container that runs before application container and runs to completion.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
Name of the container Required: YES.
object
object
Command is the command line to execute inside the container, the working directory for the command is root (’/’) in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions (’|’, etc) won’t work. To use a shell, you need to explicitly call out to that shell. Required: YES.
Number of consecutive successful responses after having failed before declaring healthy. In other words, this is the number of healthy health checks required before marking healthy. Note that during startup and liveliness, only a single successful health check is required to mark a container healthy. Required: YES.
object
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked container. This is a list of key-value pairs.
object
The value of the host header in the HTTP health check request.
Path to access on the HTTP server. Required: YES.
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Number of seconds after the container has started before health checks are initiated.
Time interval in seconds between two health check requests. Required: YES.
object
object
Exclusive with [num] Port Name.
Exclusive with [name] Port number.
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Required: YES.
Number of consecutive failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a container is marked unhealthy. Required: YES.
object
object
object
object
Which customer sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which customer virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Which regional edge virtual sites should this workload be deployed
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [scale_to_zero] Number of replicas of service to spawn per site.
Persistent storage configuration for the service
Required: YES.
Persistent storage volume configuration for the workload.
object
Name of the volume Required: YES.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
object
Exclusive with [default] Use the specified class name.
object
Size in GiB of the persistent storage Required: YES.
object
Ephemeral volumes for the service.
Ephemeral storage volume configuration for the workload.
object
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Required: YES.
object
object
Path within the workload container at which the volume should be mounted. Must not contain ’:’. Required: YES.
Path within the volume from which the workload’s volume should be mounted. Defaults to "" (volume’s root).
Path of the directory on the host Required: YES.
Name of the volume.
The status reported by different services for this configuration object.
Most recently observed status of the workload.
object
Reference to Child Kubernetes Objects.
KubeRefType represents a reference to a Kubernetes (K8s) object.
object
Kind of the Kubernetes object.
Name of the Kubernetes object.
Namespace of the Kubernetes object.
Conditions.
Conditions are used in the object status to describe the current state of the object, e.g. Ready, Succeeded, etc.
object
Hostname of the instance of the site that sent the status.
Last time the condition was updated.
X-reason: “Insufficient memory in data plane” A human readable string explaining the reason for reaching this condition.
Name of the service that sent the status.
Status of the condition “Success” Validtion has succeded. Requested operation was successful. “Failed” Validation has failed. “Incomplete” Validation of configuration has failed due to missing configuration. “Installed” Validation has passed and configuration has been installed in data path or K8s “Down” Configuration is operationally down. E.g. Down interface “Disabled” Configuration is administratively disabled i.e. objectmetatype.disable = true. “NotApplicable” Configuration is not applicable e.g. Tenant service_policy_set(s) in system namespace are not applicable on REs.
Type of the condition “Validation” represents validation user given configuration object “Operational” represents operational status of a given configuration object.
object
Creation_timestamp is when the status object was created. It is used to find/tie-break for latest status object from same origin.
Class of creator which created this StatusObject. This will be service’s DNS FQDN. This will be set by the system based on client certificate information.
ID of creator which created this StatusObject. This will be a concrete identifier for service (e.g. Identifying the environment also). This will be set by the system based on client certificate information.
Status_id is a field used by the generator to distinguish (if necessary) between two status objects for the same config object from the same site and same service and potentially same daemon(creator-ID)
Uid is the unique in time and space value for a StatusObject.
Origin of this status exchanged by VTRP.
Indicate whether mars deems this object to be stale via graceful restart timer information.
Object reference.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
object
CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
A value identifying the class of the user or service which created this configuration object.
A value identifying the exact user or service that created this configuration object.
DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.
object
Pending is a list of initializers that must execute in order before this object is initialized. When the last pending initializer is removed, and no failing result is set, the initializers struct will be set to nil and the object is considered as initialized and visible to all clients.
Initializer is information about an initializer that has not yet completed.
object
Name of the service that is responsible for initializing this object.
object
Suggested HTTP return code for this status, 0 if not set.
A human-readable description of why this operation is in the “Failure” status. If this value is empty there is no information available.
Status of the operation. One of: “Success” or “Failure”.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the operator or software. Values here can be interpreted by software(backend or frontend) to enable certain behavior e.g. Things marked as soft-deleted(restorable).
object
ModificationTimestamp is a timestamp representing the server time when this object was last modified.
Unique index for the object. Some objects need a unique integer index to be allocated for each object type. This field will be populated for all objects that need it and will be zero otherwise.
object
Kind of the view object.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
UID of the view object.
Tenant to which this configuration object belongs to. The value for this is found from presented credentials.
Uid is the unique in time and space value for this object. It is generated by the server on successful creation of an object and is not allowed to change on Replace API. The value of is taken from uid field of ObjectMetaType, if provided.
Example
{ "create_form": { "spec": { "job": { "configuration": { "parameters": [ { "file": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } } } ] }, "containers": [ { "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" } } ], "volumes": [ { "empty_dir": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } }, "host_path": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } }, "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE" } } } ] }, "service": { "advertise_options": { "advertise_custom": { "advertise_where": [ { "site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE" }, "virtual_site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE" } } ], "ports": [ { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } ] }, "advertise_in_cluster": { "multi_ports": { "ports": [ { "info": { "protocol": "PROTOCOL_TCP" } } ] }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } }, "advertise_on_public": { "multi_ports": { "ports": [ { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } ] }, "port": { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } } }, "configuration": { "parameters": [ { "file": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } } } ] }, "containers": [ { "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" } } ], "volumes": [ { "empty_dir": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } }, "host_path": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } }, "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE" } } } ] }, "simple_service": { "configuration": { "parameters": [ { "file": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } } } ] }, "container": { "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" } }, "enabled": { "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE" } } } }, "stateful_service": { "advertise_options": { "advertise_custom": { "advertise_where": [ { "site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE" }, "virtual_site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE" } } ], "ports": [ { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } ] }, "advertise_in_cluster": { "multi_ports": { "ports": [ { "info": { "protocol": "PROTOCOL_TCP" } } ] }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } }, "advertise_on_public": { "multi_ports": { "ports": [ { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } ] }, "port": { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } } }, "configuration": { "parameters": [ { "file": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } } } ] }, "containers": [ { "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" } } ], "persistent_volumes": [ { "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE" } } } ], "volumes": [ { "empty_dir": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } }, "host_path": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } } } ] } } }, "replace_form": { "spec": { "job": { "configuration": { "parameters": [ { "file": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } } } ] }, "containers": [ { "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" } } ], "volumes": [ { "empty_dir": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } }, "host_path": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } }, "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE" } } } ] }, "service": { "advertise_options": { "advertise_custom": { "advertise_where": [ { "site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE" }, "virtual_site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE" } } ], "ports": [ { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } ] }, "advertise_in_cluster": { "multi_ports": { "ports": [ { "info": { "protocol": "PROTOCOL_TCP" } } ] }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } }, "advertise_on_public": { "multi_ports": { "ports": [ { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } ] }, "port": { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } } }, "configuration": { "parameters": [ { "file": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } } } ] }, "containers": [ { "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" } } ], "volumes": [ { "empty_dir": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } }, "host_path": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } }, "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE" } } } ] }, "simple_service": { "configuration": { "parameters": [ { "file": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } } } ] }, "container": { "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" } }, "enabled": { "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE" } } } }, "stateful_service": { "advertise_options": { "advertise_custom": { "advertise_where": [ { "site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE" }, "virtual_site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE" } } ], "ports": [ { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } ] }, "advertise_in_cluster": { "multi_ports": { "ports": [ { "info": { "protocol": "PROTOCOL_TCP" } } ] }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } }, "advertise_on_public": { "multi_ports": { "ports": [ { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } ] }, "port": { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } } }, "configuration": { "parameters": [ { "file": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } } } ] }, "containers": [ { "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" } } ], "persistent_volumes": [ { "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE" } } } ], "volumes": [ { "empty_dir": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } }, "host_path": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } } } ] } } }, "spec": { "job": { "configuration": { "parameters": [ { "file": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } } } ] }, "containers": [ { "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" } } ], "volumes": [ { "empty_dir": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } }, "host_path": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } }, "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE" } } } ] }, "service": { "advertise_options": { "advertise_custom": { "advertise_where": [ { "site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE" }, "virtual_site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE" } } ], "ports": [ { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } ] }, "advertise_in_cluster": { "multi_ports": { "ports": [ { "info": { "protocol": "PROTOCOL_TCP" } } ] }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } }, "advertise_on_public": { "multi_ports": { "ports": [ { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } ] }, "port": { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } } }, "configuration": { "parameters": [ { "file": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } } } ] }, "containers": [ { "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" } } ], "volumes": [ { "empty_dir": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } }, "host_path": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } }, "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE" } } } ] }, "simple_service": { "configuration": { "parameters": [ { "file": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } } } ] }, "container": { "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" } }, "enabled": { "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE" } } } }, "stateful_service": { "advertise_options": { "advertise_custom": { "advertise_where": [ { "site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE" }, "virtual_site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE" } } ], "ports": [ { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } ] }, "advertise_in_cluster": { "multi_ports": { "ports": [ { "info": { "protocol": "PROTOCOL_TCP" } } ] }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } }, "advertise_on_public": { "multi_ports": { "ports": [ { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } ] }, "port": { "http_loadbalancer": { "https": { "tls_cert_params": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "https_auto_cert": { "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "specific_routes": { "routes": [ { "direct_response_route": { "http_method": "ANY" }, "redirect_route": { "http_method": "ANY" }, "simple_route": { "http_method": "ANY" } } ] } }, "port": { "info": { "protocol": "PROTOCOL_TCP" } } } } }, "configuration": { "parameters": [ { "file": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } } } ] }, "containers": [ { "flavor": "CONTAINER_FLAVOR_TYPE_TINY", "image": { "pull_policy": "IMAGE_PULL_POLICY_DEFAULT" } } ], "persistent_volumes": [ { "persistent_volume": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" }, "storage": { "access_mode": "ACCESS_MODE_READ_WRITE_ONCE" } } } ], "volumes": [ { "empty_dir": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } }, "host_path": { "mount": { "mode": "VOLUME_MOUNT_READ_ONLY" } } } ] } }, "status": [ { "metadata": { "publish": "STATUS_DO_NOT_PUBLISH" } } ]}Returned when operation is not authorized.
Examplegenerated
exampleReturned when there is no permission to access resource.
Examplegenerated
exampleReturned when resource is not found.
Examplegenerated
exampleReturned when operation on resource is conflicting with current value.
Examplegenerated
exampleReturned when operation has been rejected as it is happening too frequently.
Examplegenerated
exampleReturned when server encountered an error in processing API.
Examplegenerated
exampleReturned when service is unavailable temporarily.
Examplegenerated
exampleReturned when server timed out processing request.
Examplegenerated
example