GET Route
const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/routes/example?response_format=GET_RSP_FORMAT_DEFAULT';const options = {method: 'GET', headers: {Authorization: '<Authorization>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/routes/example?response_format=GET_RSP_FORMAT_DEFAULT' \ --header 'Authorization: <Authorization>'GET route object in a given namespace. Route object is list of route rules. Each rule has match condition to match incoming requests and actions to take on matching requests. Virtual host object has reference to route object.
Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Namespace The namespace in which the configuration object is present.
Name The name of the configuration object to be fetched.
Query Parameters
Section titled “Query Parameters”The format in which the configuration object is to be fetched. This could be for example
- in GetSpec form for the contents of object
- in CreateRequest form to create a new similar object
- to ReplaceRequest form to replace changeable values
Default format of returned resource Response should be in CreateRequest format Response should be in ReplaceRequest format Response should be in StatusObject(s) format Response should be in format of GetSpecType Response should have other objects referring to this object Response should have deleted and disabled objects referrred by this object.
Responses
Section titled “Responses”A successful response.
This is the output message of the ‘GET’ RPC.
object
object
object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
object
Human readable description for the object.
A value of true will administratively disable the object.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.
object
This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.
This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
object
List of routes to match for incoming request
Required: YES.
Each RouteType is a rule which has match condition and action. When the condition is matched for incoming request, the specified action is taken.
object
object
Select Add item to configure your javascript tag. If adding both Bot Adv and Fraud, the Bot Javascript should be added first.
Required: YES.
JavaScript URL and attributes.
object
Please enter the full URL (include domain and path), or relative path. Required: YES.
Add the tag attributes you want to include in your Javascript tag.
Attribute for JavaScript tag.
object
Add the tag attribute value.
Disables append of x-F5 Distributed Cloud-location =
object
object
Route match condition.
Route Match can be specified to match five things
- In case of HTTP “path” specifies URI part URL (path excluding hostname) in request.
- List of headers to match in incoming request.
- Query parameters (key, value) in the request. (Not the Query expression)
- HTTP method
- The port on which the request is received.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
List of (key, value) query parameters.
Query parameter match can be either regex match on value or exact match of value for given key An example for HTTP request with query parameter https://gitlab.com/dashboard/issues?assignee_username=xxyyxx.
object
Exclusive with [regex] Exact match value for the query parameter key.
Query parameter key In the above example, assignee_username is the key Required: YES.
Exclusive with [exact] Regex match value for the query parameter key.
Cookies are key-value pairs to be added to HTTP request being routed towards upstream.
Cookie name and value for cookie header.
object
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the Cookie header.
List of keys of Cookies to be removed from the HTTP request being sent towards upstream.
Headers are key-value pairs to be added to HTTP requests being sent towards upstream. Headers specified at this level are applied before headers from the enclosing VirtualHost object level.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP request being sent towards upstream.
Cookies are name-value pairs along with optional attribute parameters to be added to HTTP response being sent towards downstream.
Cookie name and its attribute values in set-cookie header.
object
Exclusive with [ignore_domain] Add domain attribute.
Exclusive with [ignore_expiry] Add expiry attribute.
object
object
Exclusive with [ignore_path] Add path attribute.
object
object
object
object
object
object
object
object
object
object
Exclusive with [ignore_max_age] Add max age attribute.
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [ignore_value secret_value] Value of the Cookie header.
List of name of Cookies to be removed from the HTTP response being sent towards downstream. Entire set-cookie header will be removed.
Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied before headers from the enclosing VirtualHost object level.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP response being sent towards downstream.
object
Exclusive with [host_rewrite] Indicates that during forwarding, the host header will be swapped with the hostname of the upstream host chosen by the cluster.
object
Disable buffering for a particular route. This is useful when virtual-host has buffering, but we need to disable it on a specific route. The value of this field is ignored for virtual-host.
The maximum request size that the filter will buffer before the connection manager will stop buffering and return a RequestEntityTooLarge (413) response.
object
Specifies whether the resource allows credentials.
Specifies the content for the access-control-allow-headers header.
Specifies the content for the access-control-allow-methods header.
Specifies the origins that will be allowed to do CORS requests. An origin is allowed if either allow_origin or allow_origin_regex match.
Specifies regex patterns that match allowed origins. An origin is allowed if either allow_origin or allow_origin_regex match.
Disable the CorsPolicy for a particular route. This is useful when virtual-host has CorsPolicy, but we need to disable it on a specific route. The value of this field is ignored for virtual-host.
Specifies the content for the access-control-expose-headers header.
Specifies the content for the access-control-max-age header in seconds. This indicates the maximum number of seconds the results can be cached A value of -1 will disable caching. Maximum permitted value is 86400 seconds (24 hours)
object
object
object
A list of domain names that will be matched to loadbalancer. These domains are not used for SNI match. Wildcard names are supported in the suffix or prefix form. Required: YES.
object
When requests have to distributed among multiple upstream clusters, multiple destinations are configured, each having its own cluster and weight. Traffic is distributed among clusters based on the weight configured.
Example: destinations:
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-1 weight: 20
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-2 weight: 30
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-3 weight: 50
This indicates that out of every 100 requests, 50 goes to cluster-3, 30 to cluster-2 and 20 to cluster-1
When single destination is configured, weight is ignored. All the requests are sent to the cluster specified in the destination
Required: YES.
Each destination is a reference to cluster, it’s priority, weight and subset criteria.
object
Indicates the upstream cluster to which the request should be sent. If the cluster does not exist ServiceUnavailable response will be sent
Required: YES.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
Upstream cluster may be configured to divide its endpoints into subsets based on metadata attached to the endpoints. Routes may then specify the metadata that a endpoint must match in order to be selected by the load balancer
Labels field of endpoint object’s metadata is used for subset matching. For endpoints which are discovered in K8s or Consul cluster, the label of the service is merged with endpoint’s labels. In case of Consul, the label is derived from the “Tag” field. For labels that are common between configured endpoint and discovered service, labels from discovered service takes precedence.
List of key-value pairs that will be used as matching metadata. Only those endpoints of upstream cluster which match this metadata will be selected for load balancing.
object
Priority of this cluster, valid only with multiple destinations are configured. Value of 0 will make the cluster as lowest priority upstream cluster Priority of 1 means highest priority and is considered active. When active cluster is not available, lower priority clusters are made active as per the increasing priority.
When requests have to distributed among multiple upstream clusters, multiple destinations are configured, each having its own cluster and weight. Traffic is distributed among clusters based on the weight configured.
Example: destinations:
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-1 weight: 20
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-2 weight: 30
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-3 weight: 10
This indicates that out of every 60 requests, 10 goes to cluster-3, 30 to cluster-2 and 20 to cluster-1
When single destination is configured, weight is ignored. All the requests are sent to the cluster specified in the destination.
object
Upstream cluster may be configured to divide its endpoints into subsets based on metadata attached to the endpoints. Routes may then specify the metadata that a endpoint must match in order to be selected by the load balancer
Labels field of endpoint object’s metadata is used for subset matching. For endpoint’s which are discovered in K8s or Consul cluster, the label of the service is merged with endpoint’s labels. In case of Consul, the label is derived from the “Tag” field. For labels that are common between configured endpoint and discovered service, labels from discovered service takes precedence.
List of key-value pairs that will be used as matching metadata. Only those endpoints of upstream cluster which match this metadata will be selected for load balancing.
object
Specifies a list of hash policies to use for ring hash load balancing. Each hash policy is evaluated individually and the combined result is used to route the request.
HashPolicyType specifies the field of the incoming request that will be used for generating hash key. When multiple hash policies are configured, this can also specify if the current hash policy is terminal policy or not.
object
object
object
object
object
object
object
The name of the cookie that will be used to obtain the hash key. If the cookie is not present and TTL below is not set, no hash will be produced Required: YES.
The name of the path for the cookie. If no path is specified here, no path will be set for the cookie.
object
object
object
If specified, a cookie with the TTL will be generated if the cookie is not present. If the TTL is present and zero, the generated cookie will be a session cookie. TTL value is in milliseconds.
Exclusive with [cookie source_ip] The name or key of the request header that will be used to obtain the hash key.
Exclusive with [cookie header_name] Hash based on source IP address.
Specify if its a terminal policy.
Exclusive with [auto_host_rewrite] Indicates that during forwarding, the host header will be swapped with this value.
object
Specifies the cluster to which the requests will be mirrored. The cluster object referred here must be present.
Required: YES.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
object
Sampled parts per denominator. If denominator was 10000, then value of 5 will be 5 in 10000 Required: YES.
Exclusive with [regex_rewrite] prefix_rewrite indicates that during forwarding, the matched prefix (or path) should be swapped with its value. When using regex path matching, the entire path (not including the query string) will be swapped with this value. This option allows application URLs to be rooted at a different path from those exposed at the reverse proxy layer.
Example : gcSpec: routes:
- match:
- headers: [] path: prefix : /register/ query_params: []
- headers: [] path: prefix: /register query_params: [] routeDestination: prefixRewrite: ”/” destinations:
- cluster:
- kind: cluster.object uid: cluster-1
Having above entries in the config, requests to /register will be stripped to /, while requests to /register/public will be stripped to /public.
object
object
Exclusive with [remove_all_params retain_all_params]
object
object
The regular expression used to find portions of a string that should be replaced.
The string that should be substituted into matching portions of the subject string during a substitution operation to produce a new string.
object
object
object
Specifies the base interval between retries in milliseconds.
Specifies the maximum interval between retries in milliseconds. This parameter is optional, but must be greater than or equal to the base_interval if set. The default is 10 times the base_interval.
Specifies the allowed number of retries. Defaults to 1. Retries can be done any number of times. An exponential back-off algorithm is used between each retry.
Specifies a non-zero timeout per retry attempt. In milliseconds.
HTTP status codes that should trigger a retry in addition to those specified by retry_on.
Specifies the conditions under which retry takes place. Retries can be on different types of condition depending on application requirements. For example, network failure, all 5xx response codes, idempotent 4xx response codes, etc
The possible values are
“5xx” : Retry will be done if the upstream server responds with any 5xx response code, or does not respond at all (disconnect/reset/read timeout).
“gateway-error” : Retry will be done only if the upstream server responds with 502, 503 or 504 responses (Included in 5xx)
“connect-failure” : Retry will be done if the request fails because of a connection failure to the upstream server (connect timeout, etc.). (Included in 5xx)
“refused-stream” : Retry is done if the upstream server resets the stream with a REFUSED_STREAM error code (Included in 5xx)
“retriable-4xx” : Retry is done if the upstream server responds with a retriable 4xx response code. The only response code in this category is HTTP CONFLICT (409)
“retriable-status-codes” : Retry is done if the upstream server responds with any response code matching one defined in retriable_status_codes field
“reset” : Retry is done if the upstream server does not respond at all (disconnect/reset/read timeout.) Required: YES.
object
Specifies that the HTTP client connection to this route is allowed to upgrade to a SPDY connection.
Specifies the timeout for the route in milliseconds. This timeout includes all retries. For server side streaming, configure this field with higher value or leave it un-configured for infinite timeout.
object
Specifies that the HTTP client connection to this route is allowed to upgrade to a WebSocket connection.
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
Exclusive with [] disable service policy at route level, if it is configured at virtual-host level.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
References to an Application Firewall configuration object
Required: YES.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
object
object
The set of deleted objects that are referred by this object.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
The set of deleted objects that are referred by this object.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
object
Human readable description for the object.
A value of true will administratively disable the object.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.
object
This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.
This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
The set of objects that are referring to this object in their spec.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
object
object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
object
Human readable description for the object.
A value of true will administratively disable the object.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.
object
This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.
This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
object
List of routes to match for incoming request
Required: YES.
Each RouteType is a rule which has match condition and action. When the condition is matched for incoming request, the specified action is taken.
object
object
Select Add item to configure your javascript tag. If adding both Bot Adv and Fraud, the Bot Javascript should be added first.
Required: YES.
JavaScript URL and attributes.
object
Please enter the full URL (include domain and path), or relative path. Required: YES.
Add the tag attributes you want to include in your Javascript tag.
Attribute for JavaScript tag.
object
Add the tag attribute value.
Disables append of x-F5 Distributed Cloud-location =
object
object
Route match condition.
Route Match can be specified to match five things
- In case of HTTP “path” specifies URI part URL (path excluding hostname) in request.
- List of headers to match in incoming request.
- Query parameters (key, value) in the request. (Not the Query expression)
- HTTP method
- The port on which the request is received.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
List of (key, value) query parameters.
Query parameter match can be either regex match on value or exact match of value for given key An example for HTTP request with query parameter https://gitlab.com/dashboard/issues?assignee_username=xxyyxx.
object
Exclusive with [regex] Exact match value for the query parameter key.
Query parameter key In the above example, assignee_username is the key Required: YES.
Exclusive with [exact] Regex match value for the query parameter key.
Cookies are key-value pairs to be added to HTTP request being routed towards upstream.
Cookie name and value for cookie header.
object
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the Cookie header.
List of keys of Cookies to be removed from the HTTP request being sent towards upstream.
Headers are key-value pairs to be added to HTTP requests being sent towards upstream. Headers specified at this level are applied before headers from the enclosing VirtualHost object level.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP request being sent towards upstream.
Cookies are name-value pairs along with optional attribute parameters to be added to HTTP response being sent towards downstream.
Cookie name and its attribute values in set-cookie header.
object
Exclusive with [ignore_domain] Add domain attribute.
Exclusive with [ignore_expiry] Add expiry attribute.
object
object
Exclusive with [ignore_path] Add path attribute.
object
object
object
object
object
object
object
object
object
object
Exclusive with [ignore_max_age] Add max age attribute.
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [ignore_value secret_value] Value of the Cookie header.
List of name of Cookies to be removed from the HTTP response being sent towards downstream. Entire set-cookie header will be removed.
Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied before headers from the enclosing VirtualHost object level.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP response being sent towards downstream.
object
Exclusive with [host_rewrite] Indicates that during forwarding, the host header will be swapped with the hostname of the upstream host chosen by the cluster.
object
Disable buffering for a particular route. This is useful when virtual-host has buffering, but we need to disable it on a specific route. The value of this field is ignored for virtual-host.
The maximum request size that the filter will buffer before the connection manager will stop buffering and return a RequestEntityTooLarge (413) response.
object
Specifies whether the resource allows credentials.
Specifies the content for the access-control-allow-headers header.
Specifies the content for the access-control-allow-methods header.
Specifies the origins that will be allowed to do CORS requests. An origin is allowed if either allow_origin or allow_origin_regex match.
Specifies regex patterns that match allowed origins. An origin is allowed if either allow_origin or allow_origin_regex match.
Disable the CorsPolicy for a particular route. This is useful when virtual-host has CorsPolicy, but we need to disable it on a specific route. The value of this field is ignored for virtual-host.
Specifies the content for the access-control-expose-headers header.
Specifies the content for the access-control-max-age header in seconds. This indicates the maximum number of seconds the results can be cached A value of -1 will disable caching. Maximum permitted value is 86400 seconds (24 hours)
object
object
object
A list of domain names that will be matched to loadbalancer. These domains are not used for SNI match. Wildcard names are supported in the suffix or prefix form. Required: YES.
object
When requests have to distributed among multiple upstream clusters, multiple destinations are configured, each having its own cluster and weight. Traffic is distributed among clusters based on the weight configured.
Example: destinations:
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-1 weight: 20
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-2 weight: 30
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-3 weight: 50
This indicates that out of every 100 requests, 50 goes to cluster-3, 30 to cluster-2 and 20 to cluster-1
When single destination is configured, weight is ignored. All the requests are sent to the cluster specified in the destination
Required: YES.
Each destination is a reference to cluster, it’s priority, weight and subset criteria.
object
Indicates the upstream cluster to which the request should be sent. If the cluster does not exist ServiceUnavailable response will be sent
Required: YES.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
Upstream cluster may be configured to divide its endpoints into subsets based on metadata attached to the endpoints. Routes may then specify the metadata that a endpoint must match in order to be selected by the load balancer
Labels field of endpoint object’s metadata is used for subset matching. For endpoints which are discovered in K8s or Consul cluster, the label of the service is merged with endpoint’s labels. In case of Consul, the label is derived from the “Tag” field. For labels that are common between configured endpoint and discovered service, labels from discovered service takes precedence.
List of key-value pairs that will be used as matching metadata. Only those endpoints of upstream cluster which match this metadata will be selected for load balancing.
object
Priority of this cluster, valid only with multiple destinations are configured. Value of 0 will make the cluster as lowest priority upstream cluster Priority of 1 means highest priority and is considered active. When active cluster is not available, lower priority clusters are made active as per the increasing priority.
When requests have to distributed among multiple upstream clusters, multiple destinations are configured, each having its own cluster and weight. Traffic is distributed among clusters based on the weight configured.
Example: destinations:
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-1 weight: 20
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-2 weight: 30
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-3 weight: 10
This indicates that out of every 60 requests, 10 goes to cluster-3, 30 to cluster-2 and 20 to cluster-1
When single destination is configured, weight is ignored. All the requests are sent to the cluster specified in the destination.
object
Upstream cluster may be configured to divide its endpoints into subsets based on metadata attached to the endpoints. Routes may then specify the metadata that a endpoint must match in order to be selected by the load balancer
Labels field of endpoint object’s metadata is used for subset matching. For endpoint’s which are discovered in K8s or Consul cluster, the label of the service is merged with endpoint’s labels. In case of Consul, the label is derived from the “Tag” field. For labels that are common between configured endpoint and discovered service, labels from discovered service takes precedence.
List of key-value pairs that will be used as matching metadata. Only those endpoints of upstream cluster which match this metadata will be selected for load balancing.
object
Specifies a list of hash policies to use for ring hash load balancing. Each hash policy is evaluated individually and the combined result is used to route the request.
HashPolicyType specifies the field of the incoming request that will be used for generating hash key. When multiple hash policies are configured, this can also specify if the current hash policy is terminal policy or not.
object
object
object
object
object
object
object
The name of the cookie that will be used to obtain the hash key. If the cookie is not present and TTL below is not set, no hash will be produced Required: YES.
The name of the path for the cookie. If no path is specified here, no path will be set for the cookie.
object
object
object
If specified, a cookie with the TTL will be generated if the cookie is not present. If the TTL is present and zero, the generated cookie will be a session cookie. TTL value is in milliseconds.
Exclusive with [cookie source_ip] The name or key of the request header that will be used to obtain the hash key.
Exclusive with [cookie header_name] Hash based on source IP address.
Specify if its a terminal policy.
Exclusive with [auto_host_rewrite] Indicates that during forwarding, the host header will be swapped with this value.
object
Specifies the cluster to which the requests will be mirrored. The cluster object referred here must be present.
Required: YES.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
object
Sampled parts per denominator. If denominator was 10000, then value of 5 will be 5 in 10000 Required: YES.
Exclusive with [regex_rewrite] prefix_rewrite indicates that during forwarding, the matched prefix (or path) should be swapped with its value. When using regex path matching, the entire path (not including the query string) will be swapped with this value. This option allows application URLs to be rooted at a different path from those exposed at the reverse proxy layer.
Example : gcSpec: routes:
- match:
- headers: [] path: prefix : /register/ query_params: []
- headers: [] path: prefix: /register query_params: [] routeDestination: prefixRewrite: ”/” destinations:
- cluster:
- kind: cluster.object uid: cluster-1
Having above entries in the config, requests to /register will be stripped to /, while requests to /register/public will be stripped to /public.
object
object
Exclusive with [remove_all_params retain_all_params]
object
object
The regular expression used to find portions of a string that should be replaced.
The string that should be substituted into matching portions of the subject string during a substitution operation to produce a new string.
object
object
object
Specifies the base interval between retries in milliseconds.
Specifies the maximum interval between retries in milliseconds. This parameter is optional, but must be greater than or equal to the base_interval if set. The default is 10 times the base_interval.
Specifies the allowed number of retries. Defaults to 1. Retries can be done any number of times. An exponential back-off algorithm is used between each retry.
Specifies a non-zero timeout per retry attempt. In milliseconds.
HTTP status codes that should trigger a retry in addition to those specified by retry_on.
Specifies the conditions under which retry takes place. Retries can be on different types of condition depending on application requirements. For example, network failure, all 5xx response codes, idempotent 4xx response codes, etc
The possible values are
“5xx” : Retry will be done if the upstream server responds with any 5xx response code, or does not respond at all (disconnect/reset/read timeout).
“gateway-error” : Retry will be done only if the upstream server responds with 502, 503 or 504 responses (Included in 5xx)
“connect-failure” : Retry will be done if the request fails because of a connection failure to the upstream server (connect timeout, etc.). (Included in 5xx)
“refused-stream” : Retry is done if the upstream server resets the stream with a REFUSED_STREAM error code (Included in 5xx)
“retriable-4xx” : Retry is done if the upstream server responds with a retriable 4xx response code. The only response code in this category is HTTP CONFLICT (409)
“retriable-status-codes” : Retry is done if the upstream server responds with any response code matching one defined in retriable_status_codes field
“reset” : Retry is done if the upstream server does not respond at all (disconnect/reset/read timeout.) Required: YES.
object
Specifies that the HTTP client connection to this route is allowed to upgrade to a SPDY connection.
Specifies the timeout for the route in milliseconds. This timeout includes all retries. For server side streaming, configure this field with higher value or leave it un-configured for infinite timeout.
object
Specifies that the HTTP client connection to this route is allowed to upgrade to a WebSocket connection.
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
Exclusive with [] disable service policy at route level, if it is configured at virtual-host level.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
References to an Application Firewall configuration object
Required: YES.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
object
object
object
List of routes to match for incoming request
Required: YES.
Each RouteType is a rule which has match condition and action. When the condition is matched for incoming request, the specified action is taken.
object
object
Select Add item to configure your javascript tag. If adding both Bot Adv and Fraud, the Bot Javascript should be added first.
Required: YES.
JavaScript URL and attributes.
object
Please enter the full URL (include domain and path), or relative path. Required: YES.
Add the tag attributes you want to include in your Javascript tag.
Attribute for JavaScript tag.
object
Add the tag attribute value.
Disables append of x-F5 Distributed Cloud-location =
object
object
Route match condition.
Route Match can be specified to match five things
- In case of HTTP “path” specifies URI part URL (path excluding hostname) in request.
- List of headers to match in incoming request.
- Query parameters (key, value) in the request. (Not the Query expression)
- HTTP method
- The port on which the request is received.
object
List of (key, value) headers.
Header match is done using the name of the header and its value. The value match is done using one of the following regex match on value exact match of value presence of header
Header Match can also be inverse of above, which be used to check missing header or non-matching value.
object
Exclusive with [presence regex] Header value to match exactly.
Invert the result of the match to detect missing header or non-matching value.
Name of the header Required: YES.
Exclusive with [exact regex] If true, check for presence of header.
Exclusive with [exact presence] Regex match of the header value in re2 format.
object
object
Exclusive with [no_port_match port_ranges] Exact Port to match.
Exclusive with [no_port_match port] Port range to match.
object
Exclusive with [prefix regex] Exact path value to match.
Exclusive with [path regex] Path prefix to match (e.g. The value / will match on all paths)
Exclusive with [path prefix] Regular expression of path match (e.g. The value .* will match on all paths)
List of (key, value) query parameters.
Query parameter match can be either regex match on value or exact match of value for given key An example for HTTP request with query parameter https://gitlab.com/dashboard/issues?assignee_username=xxyyxx.
object
Exclusive with [regex] Exact match value for the query parameter key.
Query parameter key In the above example, assignee_username is the key Required: YES.
Exclusive with [exact] Regex match value for the query parameter key.
Cookies are key-value pairs to be added to HTTP request being routed towards upstream.
Cookie name and value for cookie header.
object
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the Cookie header.
List of keys of Cookies to be removed from the HTTP request being sent towards upstream.
Headers are key-value pairs to be added to HTTP requests being sent towards upstream. Headers specified at this level are applied before headers from the enclosing VirtualHost object level.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP request being sent towards upstream.
Cookies are name-value pairs along with optional attribute parameters to be added to HTTP response being sent towards downstream.
Cookie name and its attribute values in set-cookie header.
object
Exclusive with [ignore_domain] Add domain attribute.
Exclusive with [ignore_expiry] Add expiry attribute.
object
object
Exclusive with [ignore_path] Add path attribute.
object
object
object
object
object
object
object
object
object
object
Exclusive with [ignore_max_age] Add max age attribute.
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [ignore_value secret_value] Value of the Cookie header.
List of name of Cookies to be removed from the HTTP response being sent towards downstream. Entire set-cookie header will be removed.
Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied before headers from the enclosing VirtualHost object level.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP response being sent towards downstream.
object
Exclusive with [host_rewrite] Indicates that during forwarding, the host header will be swapped with the hostname of the upstream host chosen by the cluster.
object
Disable buffering for a particular route. This is useful when virtual-host has buffering, but we need to disable it on a specific route. The value of this field is ignored for virtual-host.
The maximum request size that the filter will buffer before the connection manager will stop buffering and return a RequestEntityTooLarge (413) response.
object
Specifies whether the resource allows credentials.
Specifies the content for the access-control-allow-headers header.
Specifies the content for the access-control-allow-methods header.
Specifies the origins that will be allowed to do CORS requests. An origin is allowed if either allow_origin or allow_origin_regex match.
Specifies regex patterns that match allowed origins. An origin is allowed if either allow_origin or allow_origin_regex match.
Disable the CorsPolicy for a particular route. This is useful when virtual-host has CorsPolicy, but we need to disable it on a specific route. The value of this field is ignored for virtual-host.
Specifies the content for the access-control-expose-headers header.
Specifies the content for the access-control-max-age header in seconds. This indicates the maximum number of seconds the results can be cached A value of -1 will disable caching. Maximum permitted value is 86400 seconds (24 hours)
object
object
object
A list of domain names that will be matched to loadbalancer. These domains are not used for SNI match. Wildcard names are supported in the suffix or prefix form. Required: YES.
object
When requests have to distributed among multiple upstream clusters, multiple destinations are configured, each having its own cluster and weight. Traffic is distributed among clusters based on the weight configured.
Example: destinations:
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-1 weight: 20
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-2 weight: 30
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-3 weight: 50
This indicates that out of every 100 requests, 50 goes to cluster-3, 30 to cluster-2 and 20 to cluster-1
When single destination is configured, weight is ignored. All the requests are sent to the cluster specified in the destination
Required: YES.
Each destination is a reference to cluster, it’s priority, weight and subset criteria.
object
Indicates the upstream cluster to which the request should be sent. If the cluster does not exist ServiceUnavailable response will be sent
Required: YES.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
Upstream cluster may be configured to divide its endpoints into subsets based on metadata attached to the endpoints. Routes may then specify the metadata that a endpoint must match in order to be selected by the load balancer
Labels field of endpoint object’s metadata is used for subset matching. For endpoints which are discovered in K8s or Consul cluster, the label of the service is merged with endpoint’s labels. In case of Consul, the label is derived from the “Tag” field. For labels that are common between configured endpoint and discovered service, labels from discovered service takes precedence.
List of key-value pairs that will be used as matching metadata. Only those endpoints of upstream cluster which match this metadata will be selected for load balancing.
object
Priority of this cluster, valid only with multiple destinations are configured. Value of 0 will make the cluster as lowest priority upstream cluster Priority of 1 means highest priority and is considered active. When active cluster is not available, lower priority clusters are made active as per the increasing priority.
When requests have to distributed among multiple upstream clusters, multiple destinations are configured, each having its own cluster and weight. Traffic is distributed among clusters based on the weight configured.
Example: destinations:
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-1 weight: 20
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-2 weight: 30
- cluster:
- kind: F5 xc.vega.cfg.adc.cluster.object uid: cluster-3 weight: 10
This indicates that out of every 60 requests, 10 goes to cluster-3, 30 to cluster-2 and 20 to cluster-1
When single destination is configured, weight is ignored. All the requests are sent to the cluster specified in the destination.
object
Upstream cluster may be configured to divide its endpoints into subsets based on metadata attached to the endpoints. Routes may then specify the metadata that a endpoint must match in order to be selected by the load balancer
Labels field of endpoint object’s metadata is used for subset matching. For endpoint’s which are discovered in K8s or Consul cluster, the label of the service is merged with endpoint’s labels. In case of Consul, the label is derived from the “Tag” field. For labels that are common between configured endpoint and discovered service, labels from discovered service takes precedence.
List of key-value pairs that will be used as matching metadata. Only those endpoints of upstream cluster which match this metadata will be selected for load balancing.
object
Specifies a list of hash policies to use for ring hash load balancing. Each hash policy is evaluated individually and the combined result is used to route the request.
HashPolicyType specifies the field of the incoming request that will be used for generating hash key. When multiple hash policies are configured, this can also specify if the current hash policy is terminal policy or not.
object
object
object
object
object
object
object
The name of the cookie that will be used to obtain the hash key. If the cookie is not present and TTL below is not set, no hash will be produced Required: YES.
The name of the path for the cookie. If no path is specified here, no path will be set for the cookie.
object
object
object
If specified, a cookie with the TTL will be generated if the cookie is not present. If the TTL is present and zero, the generated cookie will be a session cookie. TTL value is in milliseconds.
Exclusive with [cookie source_ip] The name or key of the request header that will be used to obtain the hash key.
Exclusive with [cookie header_name] Hash based on source IP address.
Specify if its a terminal policy.
Exclusive with [auto_host_rewrite] Indicates that during forwarding, the host header will be swapped with this value.
object
Specifies the cluster to which the requests will be mirrored. The cluster object referred here must be present.
Required: YES.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
object
Sampled parts per denominator. If denominator was 10000, then value of 5 will be 5 in 10000 Required: YES.
Exclusive with [regex_rewrite] prefix_rewrite indicates that during forwarding, the matched prefix (or path) should be swapped with its value. When using regex path matching, the entire path (not including the query string) will be swapped with this value. This option allows application URLs to be rooted at a different path from those exposed at the reverse proxy layer.
Example : gcSpec: routes:
- match:
- headers: [] path: prefix : /register/ query_params: []
- headers: [] path: prefix: /register query_params: [] routeDestination: prefixRewrite: ”/” destinations:
- cluster:
- kind: cluster.object uid: cluster-1
Having above entries in the config, requests to /register will be stripped to /, while requests to /register/public will be stripped to /public.
object
object
Exclusive with [remove_all_params retain_all_params]
object
object
The regular expression used to find portions of a string that should be replaced.
The string that should be substituted into matching portions of the subject string during a substitution operation to produce a new string.
object
object
object
Specifies the base interval between retries in milliseconds.
Specifies the maximum interval between retries in milliseconds. This parameter is optional, but must be greater than or equal to the base_interval if set. The default is 10 times the base_interval.
Specifies the allowed number of retries. Defaults to 1. Retries can be done any number of times. An exponential back-off algorithm is used between each retry.
Specifies a non-zero timeout per retry attempt. In milliseconds.
HTTP status codes that should trigger a retry in addition to those specified by retry_on.
Specifies the conditions under which retry takes place. Retries can be on different types of condition depending on application requirements. For example, network failure, all 5xx response codes, idempotent 4xx response codes, etc
The possible values are
“5xx” : Retry will be done if the upstream server responds with any 5xx response code, or does not respond at all (disconnect/reset/read timeout).
“gateway-error” : Retry will be done only if the upstream server responds with 502, 503 or 504 responses (Included in 5xx)
“connect-failure” : Retry will be done if the request fails because of a connection failure to the upstream server (connect timeout, etc.). (Included in 5xx)
“refused-stream” : Retry is done if the upstream server resets the stream with a REFUSED_STREAM error code (Included in 5xx)
“retriable-4xx” : Retry is done if the upstream server responds with a retriable 4xx response code. The only response code in this category is HTTP CONFLICT (409)
“retriable-status-codes” : Retry is done if the upstream server responds with any response code matching one defined in retriable_status_codes field
“reset” : Retry is done if the upstream server does not respond at all (disconnect/reset/read timeout.) Required: YES.
object
Specifies that the HTTP client connection to this route is allowed to upgrade to a SPDY connection.
Specifies the timeout for the route in milliseconds. This timeout includes all retries. For server side streaming, configure this field with higher value or leave it un-configured for infinite timeout.
object
Specifies that the HTTP client connection to this route is allowed to upgrade to a WebSocket connection.
object
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in Base64 format. The message can be either plain text or HTML. E.g. ”
Access Denied
”. Base64 encoded string URL for this is string:///PHA+IEFjY2VzcyBEZW5pZWQgPC9wPg==.Response code to send.
object
Swap host part of incoming URL in redirect URL.
Exclusive with [prefix_rewrite] swap path part of incoming URL in redirect URL.
Exclusive with [path_redirect] In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request.
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done.
object
Exclusive with [remove_all_params retain_all_params]
The HTTP status code to use in the redirect response.
object
object
Exclusive with [] disable service policy at route level, if it is configured at virtual-host level.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
References to an Application Firewall configuration object
Required: YES.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
object
object
The status reported by different services for this configuration object.
Most recently observed status of object.
object
Conditions.
Conditions are used in the object status to describe the current state of the object, e.g. Ready, Succeeded, etc.
object
Hostname of the instance of the site that sent the status.
Last time the condition was updated.
A human readable string explaining the reason for reaching this condition.
Name of the service that sent the status.
Status of the condition “Success” Validation has succeeded. Requested operation was successful. “Failed” Validation has failed. “Incomplete” Validation of configuration has failed due to missing configuration. “Installed” Validation has passed and configuration has been installed in data path or K8s “Down” Configuration is operationally down. E.g. Down interface “Disabled” Configuration is administratively disabled i.e. objectmetatype.disable = true. “NotApplicable” Configuration is not applicable e.g. Tenant service_policy_set(s) in system namespace are not applicable on REs.
Type of the condition “Validation” represents validation user given configuration object “Operational” represents operational status of a given configuration object.
object
Creation_timestamp is when the status object was created. It is used to find/tie-break for latest status object from same origin.
Class of creator which created this StatusObject. This will be service’s DNS FQDN. This will be set by the system based on client certificate information.
ID of creator which created this StatusObject. This will be a concrete identifier for service (e.g. Identifying the environment also). This will be set by the system based on client certificate information.
Status_id is a field used by the generator to distinguish (if necessary) between two status objects for the same config object from the same site and same service and potentially same daemon(creator-ID)
Uid is the unique in time and space value for a StatusObject.
Origin of this status exchanged by VTRP.
Indicate whether mars deems this object to be stale via graceful restart timer information.
Object reference.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
Ver status for this route. List of statuses, one for each route entry within this route.
Status information sent for each route entry within route.
object
A human readable string explaining the reason for reaching this condition.
Status of the condition “Incomplete” Validation of configuration has failed due to missing configuration. “Installed” Validation has passed and configuration has been installed in data path or K8s.
object
CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
A value identifying the class of the user or service which created this configuration object.
A value identifying the exact user or service that created this configuration object.
DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.
object
Pending is a list of initializers that must execute in order before this object is initialized. When the last pending initializer is removed, and no failing result is set, the initializers struct will be set to nil and the object is considered as initialized and visible to all clients.
Initializer is information about an initializer that has not yet completed.
object
Name of the service that is responsible for initializing this object.
object
Suggested HTTP return code for this status, 0 if not set.
A human-readable description of why this operation is in the “Failure” status. If this value is empty there is no information available.
Status of the operation. One of: “Success” or “Failure”.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the operator or software. Values here can be interpreted by software(backend or frontend) to enable certain behavior e.g. Things marked as soft-deleted(restorable).
object
ModificationTimestamp is a timestamp representing the server time when this object was last modified.
Unique index for the object. Some objects need a unique integer index to be allocated for each object type. This field will be populated for all objects that need it and will be zero otherwise.
object
Kind of the view object.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
UID of the view object.
Tenant to which this configuration object belongs to. The value for this is found from presented credentials.
Uid is the unique in time and space value for this object. It is generated by the server on successful creation of an object and is not allowed to change on Replace API. The value of is taken from uid field of ObjectMetaType, if provided.
Example
{ "create_form": { "spec": { "routes": [ { "bot_defense_javascript_injection": { "javascript_location": "AFTER_HEAD", "javascript_tags": [ { "tag_attributes": [ { "javascript_tag": "JS_ATTR_ID" } ] } ] }, "match": [ { "http_method": "ANY" } ], "route_destination": { "mirror_policy": { "percent": { "denominator": "HUNDRED" } }, "priority": "DEFAULT" } } ] } }, "replace_form": { "spec": { "routes": [ { "bot_defense_javascript_injection": { "javascript_location": "AFTER_HEAD", "javascript_tags": [ { "tag_attributes": [ { "javascript_tag": "JS_ATTR_ID" } ] } ] }, "match": [ { "http_method": "ANY" } ], "route_destination": { "mirror_policy": { "percent": { "denominator": "HUNDRED" } }, "priority": "DEFAULT" } } ] } }, "spec": { "routes": [ { "bot_defense_javascript_injection": { "javascript_location": "AFTER_HEAD", "javascript_tags": [ { "tag_attributes": [ { "javascript_tag": "JS_ATTR_ID" } ] } ] }, "match": [ { "http_method": "ANY" } ], "route_destination": { "mirror_policy": { "percent": { "denominator": "HUNDRED" } }, "priority": "DEFAULT" } } ] }, "status": [ { "metadata": { "publish": "STATUS_DO_NOT_PUBLISH" } } ]}Returned when operation is not authorized.
Examplegenerated
exampleReturned when there is no permission to access resource.
Examplegenerated
exampleReturned when resource is not found.
Examplegenerated
exampleReturned when operation on resource is conflicting with current value.
Examplegenerated
exampleReturned when operation has been rejected as it is happening too frequently.
Examplegenerated
exampleReturned when server encountered an error in processing API.
Examplegenerated
exampleReturned when service is unavailable temporarily.
Examplegenerated
exampleReturned when server timed out processing request.
Examplegenerated
example