Create Proxy.
const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/proxys';const options = { method: 'POST', headers: {Authorization: '<Authorization>', 'Content-Type': 'application/json'}, body: '{"metadata":{"annotations":{},"description":"example","disable":true,"labels":{},"name":"example","namespace":"example"},"spec":{"active_forward_proxy_policies":{"forward_proxy_policies":[{"name":"example","namespace":"example"}]},"connection_timeout":1,"do_not_advertise":{},"dynamic_proxy":{"disable_dns_masquerade":{},"domains":["example"],"enable_dns_masquerade":{},"http_proxy":{"more_option":{"buffer_policy":{"disabled":true,"max_request_bytes":1},"compression_params":{"content_length":1,"content_type":["example"],"disable_on_etag_header":true,"remove_accept_encoding_header":true},"custom_errors":{},"disable_default_error_pages":true,"disable_path_normalize":{},"enable_path_normalize":{},"idle_timeout":1,"max_request_header_size":1,"request_cookies_to_add":[{"name":"example","overwrite":true,"secret_value":{"blindfold_secret_info":{"decryption_provider":"example","location":"example","store_provider":"example"},"clear_secret_info":{"provider":"example","url":"https://example.com"}},"value":"example"}],"request_cookies_to_remove":["example"],"request_headers_to_add":[{"append":true,"name":"example","secret_value":{"blindfold_secret_info":{"decryption_provider":"example","location":"example","store_provider":"example"},"clear_secret_info":{"provider":"example","url":"https://example.com"}},"value":"example"}],"request_headers_to_remove":["example"],"response_cookies_to_add":[{"add_domain":"example","add_expiry":"example","add_httponly":{},"add_partitioned":{},"add_path":"example","add_secure":{},"ignore_domain":{},"ignore_expiry":{},"ignore_httponly":{},"ignore_max_age":{},"ignore_partitioned":{},"ignore_path":{},"ignore_samesite":{},"ignore_secure":{},"ignore_value":{},"max_age_value":1,"name":"example","overwrite":true,"samesite_lax":{},"samesite_none":{},"samesite_strict":{},"secret_value":{"blindfold_secret_info":{"decryption_provider":"example","location":"example","store_provider":"example"},"clear_secret_info":{"provider":"example","url":"https://example.com"}},"value":"example"}],"response_cookies_to_remove":["example"],"response_headers_to_add":[{"append":true,"name":"example","secret_value":{"blindfold_secret_info":{"decryption_provider":"example","location":"example","store_provider":"example"},"clear_secret_info":{"provider":"example","url":"https://example.com"}},"value":"example"}],"response_headers_to_remove":["example"],"max_requests_per_connection":1,"no_request_limit_per_connection":{}}},"https_proxy":{"more_option":{"buffer_policy":{"disabled":true,"max_request_bytes":1},"compression_params":{"content_length":1,"content_type":["example"],"disable_on_etag_header":true,"remove_accept_encoding_header":true},"custom_errors":{},"disable_default_error_pages":true,"disable_path_normalize":{},"enable_path_normalize":{},"idle_timeout":1,"max_request_header_size":1,"request_cookies_to_add":[{"name":"example","overwrite":true,"secret_value":{"blindfold_secret_info":{"decryption_provider":"example","location":"example","store_provider":"example"},"clear_secret_info":{"provider":"example","url":"https://example.com"}},"value":"example"}],"request_cookies_to_remove":["example"],"request_headers_to_add":[{"append":true,"name":"example","secret_value":{"blindfold_secret_info":{"decryption_provider":"example","location":"example","store_provider":"example"},"clear_secret_info":{"provider":"example","url":"https://example.com"}},"value":"example"}],"request_headers_to_remove":["example"],"response_cookies_to_add":[{"add_domain":"example","add_expiry":"example","add_httponly":{},"add_partitioned":{},"add_path":"example","add_secure":{},"ignore_domain":{},"ignore_expiry":{},"ignore_httponly":{},"ignore_max_age":{},"ignore_partitioned":{},"ignore_path":{},"ignore_samesite":{},"ignore_secure":{},"ignore_value":{},"max_age_value":1,"name":"example","overwrite":true,"samesite_lax":{},"samesite_none":{},"samesite_strict":{},"secret_value":{"blindfold_secret_info":{"decryption_provider":"example","location":"example","store_provider":"example"},"clear_secret_info":{"provider":"example","url":"https://example.com"}},"value":"example"}],"response_cookies_to_remove":["example"],"response_headers_to_add":[{"append":true,"name":"example","secret_value":{"blindfold_secret_info":{"decryption_provider":"example","location":"example","store_provider":"example"},"clear_secret_info":{"provider":"example","url":"https://example.com"}},"value":"example"}],"response_headers_to_remove":["example"],"max_requests_per_connection":1,"no_request_limit_per_connection":{}},"tls_params":{"no_mtls":{},"tls_certificates":[{"certificate_url":"example","custom_hash_algorithms":{"hash_algorithms":["INVALID_HASH_ALGORITHM"]},"description":"example","disable_ocsp_stapling":{},"private_key":{"blindfold_secret_info":{"decryption_provider":"example","location":"example","store_provider":"example"},"clear_secret_info":{"provider":"example","url":"https://example.com"}},"use_system_defaults":{}}],"tls_config":{"custom_security":{"cipher_suites":["example"],"max_version":"TLS_AUTO","min_version":"TLS_AUTO"},"default_security":{},"low_security":{},"medium_security":{}},"use_mtls":{"client_certificate_optional":true,"crl":{"name":"example","namespace":"example"},"no_crl":{},"trusted_ca":{"name":"example","namespace":"example"},"trusted_ca_url":"example","xfcc_disabled":{},"xfcc_options":{"xfcc_header_elements":["XFCC_NONE"]}}}},"sni_proxy":{"idle_timeout":1}},"http_proxy":{"enable_http":{},"more_option":{"buffer_policy":{"disabled":true,"max_request_bytes":1},"compression_params":{"content_length":1,"content_type":["example"],"disable_on_etag_header":true,"remove_accept_encoding_header":true},"custom_errors":{},"disable_default_error_pages":true,"disable_path_normalize":{},"enable_path_normalize":{},"idle_timeout":1,"max_request_header_size":1,"request_cookies_to_add":[{"name":"example","overwrite":true,"secret_value":{"blindfold_secret_info":{"decryption_provider":"example","location":"example","store_provider":"example"},"clear_secret_info":{"provider":"example","url":"https://example.com"}},"value":"example"}],"request_cookies_to_remove":["example"],"request_headers_to_add":[{"append":true,"name":"example","secret_value":{"blindfold_secret_info":{"decryption_provider":"example","location":"example","store_provider":"example"},"clear_secret_info":{"provider":"example","url":"https://example.com"}},"value":"example"}],"request_headers_to_remove":["example"],"response_cookies_to_add":[{"add_domain":"example","add_expiry":"example","add_httponly":{},"add_partitioned":{},"add_path":"example","add_secure":{},"ignore_domain":{},"ignore_expiry":{},"ignore_httponly":{},"ignore_max_age":{},"ignore_partitioned":{},"ignore_path":{},"ignore_samesite":{},"ignore_secure":{},"ignore_value":{},"max_age_value":1,"name":"example","overwrite":true,"samesite_lax":{},"samesite_none":{},"samesite_strict":{},"secret_value":{"blindfold_secret_info":{"decryption_provider":"example","location":"example","store_provider":"example"},"clear_secret_info":{"provider":"example","url":"https://example.com"}},"value":"example"}],"response_cookies_to_remove":["example"],"response_headers_to_add":[{"append":true,"name":"example","secret_value":{"blindfold_secret_info":{"decryption_provider":"example","location":"example","store_provider":"example"},"clear_secret_info":{"provider":"example","url":"https://example.com"}},"value":"example"}],"response_headers_to_remove":["example"],"max_requests_per_connection":1,"no_request_limit_per_connection":{}}},"no_forward_proxy_policy":{},"no_interception":{},"site_local_inside_network":{},"site_local_network":{},"site_virtual_sites":{"advertise_where":[{"port":1,"site":{"ip":"example","network":"SITE_NETWORK_INSIDE_AND_OUTSIDE","site":{"name":"example","namespace":"example"}},"use_default_port":{},"virtual_site":{"network":"SITE_NETWORK_INSIDE_AND_OUTSIDE","virtual_site":{"name":"example","namespace":"example"}}}]},"tls_intercept":{"custom_certificate":{"certificate_url":"example","custom_hash_algorithms":{"hash_algorithms":["INVALID_HASH_ALGORITHM"]},"description":"example","disable_ocsp_stapling":{},"private_key":{"blindfold_secret_info":{"decryption_provider":"example","location":"example","store_provider":"example"},"clear_secret_info":{"provider":"example","url":"https://example.com"}},"use_system_defaults":{}},"enable_for_all_domains":{},"policy":{"interception_rules":[{"disable_interception":{},"domain_match":{"exact_value":"example","regex_value":"example","suffix_value":"example"},"enable_interception":{}}]},"trusted_ca_url":"example","volterra_certificate":{},"volterra_trusted_ca":{}}}}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/proxys \ --header 'Authorization: <Authorization>' \ --header 'Content-Type: application/json' \ --data '{ "metadata": { "annotations": {}, "description": "example", "disable": true, "labels": {}, "name": "example", "namespace": "example" }, "spec": { "active_forward_proxy_policies": { "forward_proxy_policies": [ { "name": "example", "namespace": "example" } ] }, "connection_timeout": 1, "do_not_advertise": {}, "dynamic_proxy": { "disable_dns_masquerade": {}, "domains": [ "example" ], "enable_dns_masquerade": {}, "http_proxy": { "more_option": { "buffer_policy": { "disabled": true, "max_request_bytes": 1 }, "compression_params": { "content_length": 1, "content_type": [ "example" ], "disable_on_etag_header": true, "remove_accept_encoding_header": true }, "custom_errors": {}, "disable_default_error_pages": true, "disable_path_normalize": {}, "enable_path_normalize": {}, "idle_timeout": 1, "max_request_header_size": 1, "request_cookies_to_add": [ { "name": "example", "overwrite": true, "secret_value": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "value": "example" } ], "request_cookies_to_remove": [ "example" ], "request_headers_to_add": [ { "append": true, "name": "example", "secret_value": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "value": "example" } ], "request_headers_to_remove": [ "example" ], "response_cookies_to_add": [ { "add_domain": "example", "add_expiry": "example", "add_httponly": {}, "add_partitioned": {}, "add_path": "example", "add_secure": {}, "ignore_domain": {}, "ignore_expiry": {}, "ignore_httponly": {}, "ignore_max_age": {}, "ignore_partitioned": {}, "ignore_path": {}, "ignore_samesite": {}, "ignore_secure": {}, "ignore_value": {}, "max_age_value": 1, "name": "example", "overwrite": true, "samesite_lax": {}, "samesite_none": {}, "samesite_strict": {}, "secret_value": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "value": "example" } ], "response_cookies_to_remove": [ "example" ], "response_headers_to_add": [ { "append": true, "name": "example", "secret_value": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "value": "example" } ], "response_headers_to_remove": [ "example" ], "max_requests_per_connection": 1, "no_request_limit_per_connection": {} } }, "https_proxy": { "more_option": { "buffer_policy": { "disabled": true, "max_request_bytes": 1 }, "compression_params": { "content_length": 1, "content_type": [ "example" ], "disable_on_etag_header": true, "remove_accept_encoding_header": true }, "custom_errors": {}, "disable_default_error_pages": true, "disable_path_normalize": {}, "enable_path_normalize": {}, "idle_timeout": 1, "max_request_header_size": 1, "request_cookies_to_add": [ { "name": "example", "overwrite": true, "secret_value": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "value": "example" } ], "request_cookies_to_remove": [ "example" ], "request_headers_to_add": [ { "append": true, "name": "example", "secret_value": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "value": "example" } ], "request_headers_to_remove": [ "example" ], "response_cookies_to_add": [ { "add_domain": "example", "add_expiry": "example", "add_httponly": {}, "add_partitioned": {}, "add_path": "example", "add_secure": {}, "ignore_domain": {}, "ignore_expiry": {}, "ignore_httponly": {}, "ignore_max_age": {}, "ignore_partitioned": {}, "ignore_path": {}, "ignore_samesite": {}, "ignore_secure": {}, "ignore_value": {}, "max_age_value": 1, "name": "example", "overwrite": true, "samesite_lax": {}, "samesite_none": {}, "samesite_strict": {}, "secret_value": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "value": "example" } ], "response_cookies_to_remove": [ "example" ], "response_headers_to_add": [ { "append": true, "name": "example", "secret_value": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "value": "example" } ], "response_headers_to_remove": [ "example" ], "max_requests_per_connection": 1, "no_request_limit_per_connection": {} }, "tls_params": { "no_mtls": {}, "tls_certificates": [ { "certificate_url": "example", "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] }, "description": "example", "disable_ocsp_stapling": {}, "private_key": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "use_system_defaults": {} } ], "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "sni_proxy": { "idle_timeout": 1 } }, "http_proxy": { "enable_http": {}, "more_option": { "buffer_policy": { "disabled": true, "max_request_bytes": 1 }, "compression_params": { "content_length": 1, "content_type": [ "example" ], "disable_on_etag_header": true, "remove_accept_encoding_header": true }, "custom_errors": {}, "disable_default_error_pages": true, "disable_path_normalize": {}, "enable_path_normalize": {}, "idle_timeout": 1, "max_request_header_size": 1, "request_cookies_to_add": [ { "name": "example", "overwrite": true, "secret_value": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "value": "example" } ], "request_cookies_to_remove": [ "example" ], "request_headers_to_add": [ { "append": true, "name": "example", "secret_value": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "value": "example" } ], "request_headers_to_remove": [ "example" ], "response_cookies_to_add": [ { "add_domain": "example", "add_expiry": "example", "add_httponly": {}, "add_partitioned": {}, "add_path": "example", "add_secure": {}, "ignore_domain": {}, "ignore_expiry": {}, "ignore_httponly": {}, "ignore_max_age": {}, "ignore_partitioned": {}, "ignore_path": {}, "ignore_samesite": {}, "ignore_secure": {}, "ignore_value": {}, "max_age_value": 1, "name": "example", "overwrite": true, "samesite_lax": {}, "samesite_none": {}, "samesite_strict": {}, "secret_value": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "value": "example" } ], "response_cookies_to_remove": [ "example" ], "response_headers_to_add": [ { "append": true, "name": "example", "secret_value": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "value": "example" } ], "response_headers_to_remove": [ "example" ], "max_requests_per_connection": 1, "no_request_limit_per_connection": {} } }, "no_forward_proxy_policy": {}, "no_interception": {}, "site_local_inside_network": {}, "site_local_network": {}, "site_virtual_sites": { "advertise_where": [ { "port": 1, "site": { "ip": "example", "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE", "site": { "name": "example", "namespace": "example" } }, "use_default_port": {}, "virtual_site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE", "virtual_site": { "name": "example", "namespace": "example" } } } ] }, "tls_intercept": { "custom_certificate": { "certificate_url": "example", "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] }, "description": "example", "disable_ocsp_stapling": {}, "private_key": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "use_system_defaults": {} }, "enable_for_all_domains": {}, "policy": { "interception_rules": [ { "disable_interception": {}, "domain_match": { "exact_value": "example", "regex_value": "example", "suffix_value": "example" }, "enable_interception": {} } ] }, "trusted_ca_url": "example", "volterra_certificate": {}, "volterra_trusted_ca": {} } } }'Shape of the TCP loadbalancer create specification.
Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Namespace This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
Request Bodyrequired
Section titled “Request Bodyrequired”This is the input message of the ‘Create’ RPC.
object
object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
object
Human readable description for the object.
A value of true will administratively disable the object.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.
object
This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.
This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
object
object
Ordered List of Forward Proxy Policies active
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
The timeout for new network connections to upstream server. This is specified in milliseconds. The default value is 2000 (2 seconds)
object
object
object
A list of Domains to be proxied. Wildcard hosts are supported in the suffix or prefix form
Supported Domains and search order:
- Exact Domain names: www.example.com.
- Domains starting with a Wildcard: *.example.com.
Not supported Domains:
- Just a Wildcard: *
- A Wildcard and TLD with no root Domain: *.com.
- A Wildcard not matching a whole DNS label. E.g. *.example.com and *.bar.example.com are valid Wildcards however *bar.example.com, -bar.example.com, and bar.example.com are all invalid.
Additional notes: A Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest Wildcards match first. Only a single virtual host in the entire route configuration can match on *. Also a Domain must be unique across all virtual hosts within an advertise policy. Required: YES.
object
object
object
object
Disable buffering for a particular route. This is useful when virtual-host has buffering, but we need to disable it on a specific route. The value of this field is ignored for virtual-host.
The maximum request size that the filter will buffer before the connection manager will stop buffering and return a RequestEntityTooLarge (413) response.
object
Minimum response length, in bytes, which will trigger compression. The default value is 30.
Set of strings that allows specifying which mime-types yield compression When this field is not defined, compression will be applied to the following mime-types: “application/javascript” “application/JSON”, “application/xhtml+XML” “image/svg+XML” “text/CSS” “text/HTML” “text/plain” “text/XML”
If true, disables compression when the response contains an etag header. When it is false, weak etags will be preserved and the ones that require strong validation will be removed.
If true, removes accept-encoding from the request headers before dispatching it to the upstream so that responses do not GET compressed before reaching the filter.
Map of integer error codes as keys and string values that can be used to provide custom HTTP pages for each error code. Key of the map can be either response code class or HTTP Error code. Response code classes for key is configured as follows 3 — for 3xx response code class 4 — for 4xx response code class 5 — for 5xx response code class Value of the map is string which represents custom HTTP responses. Specific response code takes preference when both response code and response code class matches for a request.
object
Disable the use of default F5XC error pages.
object
object
The amount of time that a stream can exist without upstream or downstream activity, in milliseconds. The stream is terminated with a HTTP 504 (Gateway Timeout) error code if no upstream response header has been received, otherwise the stream is reset.
The maximum request header size for downstream connections, in KiB. A HTTP 431 (Request Header Fields Too Large) error code is sent for requests that exceed this size.
If multiple load balancers share the same advertise_policy, the highest value configured across all such load balancers is used for all the load balancers in question.
Cookies are key-value pairs to be added to HTTP request being routed towards upstream. Cookies specified at this level are applied after cookies from matched Route are applied.
Cookie name and value for cookie header.
object
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the Cookie header.
List of keys of Cookies to be removed from the HTTP request being sent towards upstream.
Headers are key-value pairs to be added to HTTP request being routed towards upstream. Headers specified at this level are applied after headers from matched Route are applied.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP request being sent towards upstream.
Cookies are name-value pairs along with optional attribute parameters to be added to HTTP response being sent towards downstream. Cookies specified at this level are applied after cookies from matched Route are applied.
Cookie name and its attribute values in set-cookie header.
object
Exclusive with [ignore_domain] Add domain attribute.
Exclusive with [ignore_expiry] Add expiry attribute.
object
object
Exclusive with [ignore_path] Add path attribute.
object
object
object
object
object
object
object
object
object
object
Exclusive with [ignore_max_age] Add max age attribute.
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [ignore_value secret_value] Value of the Cookie header.
List of name of Cookies to be removed from the HTTP response being sent towards downstream. Entire set-cookie header will be removed.
Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied after headers from matched Route are applied.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP response being sent towards downstream.
Exclusive with [no_request_limit_per_connection] Sets the maximum number of requests a downstream client can send over a single connection to Envoy. Enter a value >=1 to define the request limit per connection.
object
object
object
object
Disable buffering for a particular route. This is useful when virtual-host has buffering, but we need to disable it on a specific route. The value of this field is ignored for virtual-host.
The maximum request size that the filter will buffer before the connection manager will stop buffering and return a RequestEntityTooLarge (413) response.
object
Minimum response length, in bytes, which will trigger compression. The default value is 30.
Set of strings that allows specifying which mime-types yield compression When this field is not defined, compression will be applied to the following mime-types: “application/javascript” “application/JSON”, “application/xhtml+XML” “image/svg+XML” “text/CSS” “text/HTML” “text/plain” “text/XML”
If true, disables compression when the response contains an etag header. When it is false, weak etags will be preserved and the ones that require strong validation will be removed.
If true, removes accept-encoding from the request headers before dispatching it to the upstream so that responses do not GET compressed before reaching the filter.
Map of integer error codes as keys and string values that can be used to provide custom HTTP pages for each error code. Key of the map can be either response code class or HTTP Error code. Response code classes for key is configured as follows 3 — for 3xx response code class 4 — for 4xx response code class 5 — for 5xx response code class Value of the map is string which represents custom HTTP responses. Specific response code takes preference when both response code and response code class matches for a request.
object
Disable the use of default F5XC error pages.
object
object
The amount of time that a stream can exist without upstream or downstream activity, in milliseconds. The stream is terminated with a HTTP 504 (Gateway Timeout) error code if no upstream response header has been received, otherwise the stream is reset.
The maximum request header size for downstream connections, in KiB. A HTTP 431 (Request Header Fields Too Large) error code is sent for requests that exceed this size.
If multiple load balancers share the same advertise_policy, the highest value configured across all such load balancers is used for all the load balancers in question.
Cookies are key-value pairs to be added to HTTP request being routed towards upstream. Cookies specified at this level are applied after cookies from matched Route are applied.
Cookie name and value for cookie header.
object
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the Cookie header.
List of keys of Cookies to be removed from the HTTP request being sent towards upstream.
Headers are key-value pairs to be added to HTTP request being routed towards upstream. Headers specified at this level are applied after headers from matched Route are applied.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP request being sent towards upstream.
Cookies are name-value pairs along with optional attribute parameters to be added to HTTP response being sent towards downstream. Cookies specified at this level are applied after cookies from matched Route are applied.
Cookie name and its attribute values in set-cookie header.
object
Exclusive with [ignore_domain] Add domain attribute.
Exclusive with [ignore_expiry] Add expiry attribute.
object
object
Exclusive with [ignore_path] Add path attribute.
object
object
object
object
object
object
object
object
object
object
Exclusive with [ignore_max_age] Add max age attribute.
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [ignore_value secret_value] Value of the Cookie header.
List of name of Cookies to be removed from the HTTP response being sent towards downstream. Entire set-cookie header will be removed.
Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied after headers from matched Route are applied.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP response being sent towards downstream.
Exclusive with [no_request_limit_per_connection] Sets the maximum number of requests a downstream client can send over a single connection to Envoy. Enter a value >=1 to define the request limit per connection.
object
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
The amount of time that a stream can exist without upstream or downstream activity, in milliseconds.
object
object
object
object
Disable buffering for a particular route. This is useful when virtual-host has buffering, but we need to disable it on a specific route. The value of this field is ignored for virtual-host.
The maximum request size that the filter will buffer before the connection manager will stop buffering and return a RequestEntityTooLarge (413) response.
object
Minimum response length, in bytes, which will trigger compression. The default value is 30.
Set of strings that allows specifying which mime-types yield compression When this field is not defined, compression will be applied to the following mime-types: “application/javascript” “application/JSON”, “application/xhtml+XML” “image/svg+XML” “text/CSS” “text/HTML” “text/plain” “text/XML”
If true, disables compression when the response contains an etag header. When it is false, weak etags will be preserved and the ones that require strong validation will be removed.
If true, removes accept-encoding from the request headers before dispatching it to the upstream so that responses do not GET compressed before reaching the filter.
Map of integer error codes as keys and string values that can be used to provide custom HTTP pages for each error code. Key of the map can be either response code class or HTTP Error code. Response code classes for key is configured as follows 3 — for 3xx response code class 4 — for 4xx response code class 5 — for 5xx response code class Value of the map is string which represents custom HTTP responses. Specific response code takes preference when both response code and response code class matches for a request.
object
Disable the use of default F5XC error pages.
object
object
The amount of time that a stream can exist without upstream or downstream activity, in milliseconds. The stream is terminated with a HTTP 504 (Gateway Timeout) error code if no upstream response header has been received, otherwise the stream is reset.
The maximum request header size for downstream connections, in KiB. A HTTP 431 (Request Header Fields Too Large) error code is sent for requests that exceed this size.
If multiple load balancers share the same advertise_policy, the highest value configured across all such load balancers is used for all the load balancers in question.
Cookies are key-value pairs to be added to HTTP request being routed towards upstream. Cookies specified at this level are applied after cookies from matched Route are applied.
Cookie name and value for cookie header.
object
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the Cookie header.
List of keys of Cookies to be removed from the HTTP request being sent towards upstream.
Headers are key-value pairs to be added to HTTP request being routed towards upstream. Headers specified at this level are applied after headers from matched Route are applied.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP request being sent towards upstream.
Cookies are name-value pairs along with optional attribute parameters to be added to HTTP response being sent towards downstream. Cookies specified at this level are applied after cookies from matched Route are applied.
Cookie name and its attribute values in set-cookie header.
object
Exclusive with [ignore_domain] Add domain attribute.
Exclusive with [ignore_expiry] Add expiry attribute.
object
object
Exclusive with [ignore_path] Add path attribute.
object
object
object
object
object
object
object
object
object
object
Exclusive with [ignore_max_age] Add max age attribute.
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [ignore_value secret_value] Value of the Cookie header.
List of name of Cookies to be removed from the HTTP response being sent towards downstream. Entire set-cookie header will be removed.
Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied after headers from matched Route are applied.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP response being sent towards downstream.
Exclusive with [no_request_limit_per_connection] Sets the maximum number of requests a downstream client can send over a single connection to Envoy. Enter a value >=1 to define the request limit per connection.
object
object
object
object
object
object
Where should this load balancer be available
Required: YES.
This defines various OPTIONS where a Loadbalancer could be advertised.
object
Exclusive with [use_default_port] TCP port to Listen.
object
Use given IP address as VIP on the site.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
List of ordered rules to enable or disable for TLS interception
Required: YES.
Rule to enable or disable TLS interception based on domain match.
object
object
object
Exclusive with [regex_value suffix_value] Exact domain name.
Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.
Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”
object
Exclusive with [volterra_trusted_ca] Custom Root CA Certificate for validating upstream server certificate.
object
object
Responses
Section titled “Responses”A successful response.
object
object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
object
Human readable description for the object.
A value of true will administratively disable the object.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.
object
This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.
This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
object
object
Ordered List of Forward Proxy Policies active
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
The timeout for new network connections to upstream server. This is specified in milliseconds. The default value is 2000 (2 seconds)
object
object
object
A list of Domains to be proxied. Wildcard hosts are supported in the suffix or prefix form
Supported Domains and search order:
- Exact Domain names: www.example.com.
- Domains starting with a Wildcard: *.example.com.
Not supported Domains:
- Just a Wildcard: *
- A Wildcard and TLD with no root Domain: *.com.
- A Wildcard not matching a whole DNS label. E.g. *.example.com and *.bar.example.com are valid Wildcards however *bar.example.com, -bar.example.com, and bar.example.com are all invalid.
Additional notes: A Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest Wildcards match first. Only a single virtual host in the entire route configuration can match on *. Also a Domain must be unique across all virtual hosts within an advertise policy. Required: YES.
object
object
object
object
Disable buffering for a particular route. This is useful when virtual-host has buffering, but we need to disable it on a specific route. The value of this field is ignored for virtual-host.
The maximum request size that the filter will buffer before the connection manager will stop buffering and return a RequestEntityTooLarge (413) response.
object
Minimum response length, in bytes, which will trigger compression. The default value is 30.
Set of strings that allows specifying which mime-types yield compression When this field is not defined, compression will be applied to the following mime-types: “application/javascript” “application/JSON”, “application/xhtml+XML” “image/svg+XML” “text/CSS” “text/HTML” “text/plain” “text/XML”
If true, disables compression when the response contains an etag header. When it is false, weak etags will be preserved and the ones that require strong validation will be removed.
If true, removes accept-encoding from the request headers before dispatching it to the upstream so that responses do not GET compressed before reaching the filter.
Map of integer error codes as keys and string values that can be used to provide custom HTTP pages for each error code. Key of the map can be either response code class or HTTP Error code. Response code classes for key is configured as follows 3 — for 3xx response code class 4 — for 4xx response code class 5 — for 5xx response code class Value of the map is string which represents custom HTTP responses. Specific response code takes preference when both response code and response code class matches for a request.
object
Disable the use of default F5XC error pages.
object
object
The amount of time that a stream can exist without upstream or downstream activity, in milliseconds. The stream is terminated with a HTTP 504 (Gateway Timeout) error code if no upstream response header has been received, otherwise the stream is reset.
The maximum request header size for downstream connections, in KiB. A HTTP 431 (Request Header Fields Too Large) error code is sent for requests that exceed this size.
If multiple load balancers share the same advertise_policy, the highest value configured across all such load balancers is used for all the load balancers in question.
Cookies are key-value pairs to be added to HTTP request being routed towards upstream. Cookies specified at this level are applied after cookies from matched Route are applied.
Cookie name and value for cookie header.
object
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the Cookie header.
List of keys of Cookies to be removed from the HTTP request being sent towards upstream.
Headers are key-value pairs to be added to HTTP request being routed towards upstream. Headers specified at this level are applied after headers from matched Route are applied.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP request being sent towards upstream.
Cookies are name-value pairs along with optional attribute parameters to be added to HTTP response being sent towards downstream. Cookies specified at this level are applied after cookies from matched Route are applied.
Cookie name and its attribute values in set-cookie header.
object
Exclusive with [ignore_domain] Add domain attribute.
Exclusive with [ignore_expiry] Add expiry attribute.
object
object
Exclusive with [ignore_path] Add path attribute.
object
object
object
object
object
object
object
object
object
object
Exclusive with [ignore_max_age] Add max age attribute.
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [ignore_value secret_value] Value of the Cookie header.
List of name of Cookies to be removed from the HTTP response being sent towards downstream. Entire set-cookie header will be removed.
Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied after headers from matched Route are applied.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP response being sent towards downstream.
Exclusive with [no_request_limit_per_connection] Sets the maximum number of requests a downstream client can send over a single connection to Envoy. Enter a value >=1 to define the request limit per connection.
object
object
object
object
Disable buffering for a particular route. This is useful when virtual-host has buffering, but we need to disable it on a specific route. The value of this field is ignored for virtual-host.
The maximum request size that the filter will buffer before the connection manager will stop buffering and return a RequestEntityTooLarge (413) response.
object
Minimum response length, in bytes, which will trigger compression. The default value is 30.
Set of strings that allows specifying which mime-types yield compression When this field is not defined, compression will be applied to the following mime-types: “application/javascript” “application/JSON”, “application/xhtml+XML” “image/svg+XML” “text/CSS” “text/HTML” “text/plain” “text/XML”
If true, disables compression when the response contains an etag header. When it is false, weak etags will be preserved and the ones that require strong validation will be removed.
If true, removes accept-encoding from the request headers before dispatching it to the upstream so that responses do not GET compressed before reaching the filter.
Map of integer error codes as keys and string values that can be used to provide custom HTTP pages for each error code. Key of the map can be either response code class or HTTP Error code. Response code classes for key is configured as follows 3 — for 3xx response code class 4 — for 4xx response code class 5 — for 5xx response code class Value of the map is string which represents custom HTTP responses. Specific response code takes preference when both response code and response code class matches for a request.
object
Disable the use of default F5XC error pages.
object
object
The amount of time that a stream can exist without upstream or downstream activity, in milliseconds. The stream is terminated with a HTTP 504 (Gateway Timeout) error code if no upstream response header has been received, otherwise the stream is reset.
The maximum request header size for downstream connections, in KiB. A HTTP 431 (Request Header Fields Too Large) error code is sent for requests that exceed this size.
If multiple load balancers share the same advertise_policy, the highest value configured across all such load balancers is used for all the load balancers in question.
Cookies are key-value pairs to be added to HTTP request being routed towards upstream. Cookies specified at this level are applied after cookies from matched Route are applied.
Cookie name and value for cookie header.
object
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the Cookie header.
List of keys of Cookies to be removed from the HTTP request being sent towards upstream.
Headers are key-value pairs to be added to HTTP request being routed towards upstream. Headers specified at this level are applied after headers from matched Route are applied.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP request being sent towards upstream.
Cookies are name-value pairs along with optional attribute parameters to be added to HTTP response being sent towards downstream. Cookies specified at this level are applied after cookies from matched Route are applied.
Cookie name and its attribute values in set-cookie header.
object
Exclusive with [ignore_domain] Add domain attribute.
Exclusive with [ignore_expiry] Add expiry attribute.
object
object
Exclusive with [ignore_path] Add path attribute.
object
object
object
object
object
object
object
object
object
object
Exclusive with [ignore_max_age] Add max age attribute.
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [ignore_value secret_value] Value of the Cookie header.
List of name of Cookies to be removed from the HTTP response being sent towards downstream. Entire set-cookie header will be removed.
Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied after headers from matched Route are applied.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP response being sent towards downstream.
Exclusive with [no_request_limit_per_connection] Sets the maximum number of requests a downstream client can send over a single connection to Envoy. Enter a value >=1 to define the request limit per connection.
object
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
The amount of time that a stream can exist without upstream or downstream activity, in milliseconds.
object
object
object
object
Disable buffering for a particular route. This is useful when virtual-host has buffering, but we need to disable it on a specific route. The value of this field is ignored for virtual-host.
The maximum request size that the filter will buffer before the connection manager will stop buffering and return a RequestEntityTooLarge (413) response.
object
Minimum response length, in bytes, which will trigger compression. The default value is 30.
Set of strings that allows specifying which mime-types yield compression When this field is not defined, compression will be applied to the following mime-types: “application/javascript” “application/JSON”, “application/xhtml+XML” “image/svg+XML” “text/CSS” “text/HTML” “text/plain” “text/XML”
If true, disables compression when the response contains an etag header. When it is false, weak etags will be preserved and the ones that require strong validation will be removed.
If true, removes accept-encoding from the request headers before dispatching it to the upstream so that responses do not GET compressed before reaching the filter.
Map of integer error codes as keys and string values that can be used to provide custom HTTP pages for each error code. Key of the map can be either response code class or HTTP Error code. Response code classes for key is configured as follows 3 — for 3xx response code class 4 — for 4xx response code class 5 — for 5xx response code class Value of the map is string which represents custom HTTP responses. Specific response code takes preference when both response code and response code class matches for a request.
object
Disable the use of default F5XC error pages.
object
object
The amount of time that a stream can exist without upstream or downstream activity, in milliseconds. The stream is terminated with a HTTP 504 (Gateway Timeout) error code if no upstream response header has been received, otherwise the stream is reset.
The maximum request header size for downstream connections, in KiB. A HTTP 431 (Request Header Fields Too Large) error code is sent for requests that exceed this size.
If multiple load balancers share the same advertise_policy, the highest value configured across all such load balancers is used for all the load balancers in question.
Cookies are key-value pairs to be added to HTTP request being routed towards upstream. Cookies specified at this level are applied after cookies from matched Route are applied.
Cookie name and value for cookie header.
object
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the Cookie header.
List of keys of Cookies to be removed from the HTTP request being sent towards upstream.
Headers are key-value pairs to be added to HTTP request being routed towards upstream. Headers specified at this level are applied after headers from matched Route are applied.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP request being sent towards upstream.
Cookies are name-value pairs along with optional attribute parameters to be added to HTTP response being sent towards downstream. Cookies specified at this level are applied after cookies from matched Route are applied.
Cookie name and its attribute values in set-cookie header.
object
Exclusive with [ignore_domain] Add domain attribute.
Exclusive with [ignore_expiry] Add expiry attribute.
object
object
Exclusive with [ignore_path] Add path attribute.
object
object
object
object
object
object
object
object
object
object
Exclusive with [ignore_max_age] Add max age attribute.
Name of the cookie in Cookie header. Required: YES.
Should the value be overwritten? If true, the value is overwritten to existing values. Default value is do not overwrite.
object
object
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [ignore_value secret_value] Value of the Cookie header.
List of name of Cookies to be removed from the HTTP response being sent towards downstream. Entire set-cookie header will be removed.
Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied after headers from matched Route are applied.
HTTP header is a key-value pair. The name acts as key of HTTP header The value acts as the data/value of HTTP header Example HTTP header Host: user.F5 Distributed cloud.com In the above example, Host is the name or key of HTTP header In the above example, user.F5 Distributed cloud.com is the value of HTTP header.
object
Should the value be appended? If true, the value is appended to existing values. Default value is do not append.
Name of the HTTP header. Required: YES.
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
Exclusive with [secret_value] Value of the HTTP header.
List of keys of Headers to be removed from the HTTP response being sent towards downstream.
Exclusive with [no_request_limit_per_connection] Sets the maximum number of requests a downstream client can send over a single connection to Envoy. Enter a value >=1 to define the request limit per connection.
object
object
object
object
object
object
Where should this load balancer be available
Required: YES.
This defines various OPTIONS where a Loadbalancer could be advertised.
object
Exclusive with [use_default_port] TCP port to Listen.
object
Use given IP address as VIP on the site.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
List of ordered rules to enable or disable for TLS interception
Required: YES.
Rule to enable or disable TLS interception based on domain match.
object
object
object
Exclusive with [regex_value suffix_value] Exact domain name.
Exclusive with [exact_value suffix_value] Regular Expression value for the domain name.
Exclusive with [exact_value regex_value] Suffix of domain name e.g “xyz.com” will match “*.xyz.com” and “xyz.com”
object
Exclusive with [volterra_trusted_ca] Custom Root CA Certificate for validating upstream server certificate.
object
object
object
CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
A value identifying the class of the user or service which created this configuration object.
A value identifying the exact user or service that created this configuration object.
DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
Populated by the system when a graceful deletion is requested. Read-only.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.
object
Pending is a list of initializers that must execute in order before this object is initialized. When the last pending initializer is removed, and no failing result is set, the initializers struct will be set to nil and the object is considered as initialized and visible to all clients.
Initializer is information about an initializer that has not yet completed.
object
Name of the service that is responsible for initializing this object.
object
Suggested HTTP return code for this status, 0 if not set.
A human-readable description of why this operation is in the “Failure” status. If this value is empty there is no information available.
Status of the operation. One of: “Success” or “Failure”.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the operator or software. Values here can be interpreted by software(backend or frontend) to enable certain behavior e.g. Things marked as soft-deleted(restorable).
object
ModificationTimestamp is a timestamp representing the server time when this object was last modified.
Unique index for the object. Some objects need a unique integer index to be allocated for each object type. This field will be populated for all objects that need it and will be zero otherwise.
object
Kind of the view object.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
UID of the view object.
Tenant to which this configuration object belongs to. The value for this is found from presented credentials.
Uid is the unique in time and space value for this object. It is generated by the server on successful creation of an object and is not allowed to change on Replace API. The value of is taken from uid field of ObjectMetaType, if provided.
Example
{ "spec": { "dynamic_proxy": { "https_proxy": { "tls_params": { "tls_certificates": [ { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } ], "tls_config": { "custom_security": { "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" } }, "use_mtls": { "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } } }, "site_virtual_sites": { "advertise_where": [ { "site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE" }, "virtual_site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE" } } ] }, "tls_intercept": { "custom_certificate": { "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] } } } }}Returned when operation is not authorized.
Examplegenerated
exampleReturned when there is no permission to access resource.
Examplegenerated
exampleReturned when resource is not found.
Examplegenerated
exampleReturned when operation on resource is conflicting with current value.
Examplegenerated
exampleReturned when operation has been rejected as it is happening too frequently.
Examplegenerated
exampleReturned when server encountered an error in processing API.
Examplegenerated
exampleReturned when service is unavailable temporarily.
Examplegenerated
exampleReturned when server timed out processing request.
Examplegenerated
example