Replace TCP Load Balancer.
const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/tcp_loadbalancers/example';const options = { method: 'PUT', headers: {Authorization: '<Authorization>', 'Content-Type': 'application/json'}, body: '{"metadata":{"annotations":{},"description":"example","disable":true,"labels":{},"name":"example","namespace":"example"},"spec":{"active_service_policies":{"policies":[{"name":"example","namespace":"example"}]},"advertise_custom":{"advertise_where":[{"advertise_on_public":{"public_ip":{"name":"example","namespace":"example"}},"port":1,"port_ranges":"example","site":{"ip":"example","network":"SITE_NETWORK_INSIDE_AND_OUTSIDE","site":{"name":"example","namespace":"example"}},"use_default_port":{},"virtual_network":{"default_v6_vip":{},"default_vip":{},"specific_v6_vip":"example","specific_vip":"example","virtual_network":{"name":"example","namespace":"example"}},"virtual_site":{"network":"SITE_NETWORK_INSIDE_AND_OUTSIDE","virtual_site":{"name":"example","namespace":"example"}},"virtual_site_with_vip":{"ip":"example","network":"SITE_NETWORK_SPECIFIED_VIP_OUTSIDE","virtual_site":{"name":"example","namespace":"example"}},"vk8s_service":{"site":{"name":"example","namespace":"example"},"virtual_site":{"name":"example","namespace":"example"}}}]},"advertise_on_public":{"public_ip":{"name":"example","namespace":"example"}},"advertise_on_public_default_vip":{},"default_lb_with_sni":{},"dns_volterra_managed":false,"do_not_advertise":{},"do_not_retract_cluster":{},"domains":["example"],"hash_policy_choice_least_active":{},"hash_policy_choice_random":{},"hash_policy_choice_round_robin":{},"hash_policy_choice_source_ip_stickiness":{},"idle_timeout":0,"listen_port":1,"no_service_policies":{},"no_sni":{},"origin_pools_weights":[{"cluster":{"name":"example","namespace":"example"},"endpoint_subsets":{},"pool":{"name":"example","namespace":"example"},"priority":1,"weight":1}],"port_ranges":"example","retract_cluster":{},"service_policies_from_namespace":{},"sni":{},"tcp":{},"tls_tcp":{"tls_cert_params":{"certificates":[{"name":"example","namespace":"example"}],"no_mtls":{},"tls_config":{"custom_security":{"cipher_suites":["example"],"max_version":"TLS_AUTO","min_version":"TLS_AUTO"},"default_security":{},"low_security":{},"medium_security":{}},"use_mtls":{"client_certificate_optional":true,"crl":{"name":"example","namespace":"example"},"no_crl":{},"trusted_ca":{"name":"example","namespace":"example"},"trusted_ca_url":"example","xfcc_disabled":{},"xfcc_options":{"xfcc_header_elements":["XFCC_NONE"]}}},"tls_parameters":{"no_mtls":{},"tls_certificates":[{"certificate_url":"example","custom_hash_algorithms":{"hash_algorithms":["INVALID_HASH_ALGORITHM"]},"description":"example","disable_ocsp_stapling":{},"private_key":{"blindfold_secret_info":{"decryption_provider":"example","location":"example","store_provider":"example"},"clear_secret_info":{"provider":"example","url":"https://example.com"}},"use_system_defaults":{}}],"tls_config":{"custom_security":{"cipher_suites":["example"],"max_version":"TLS_AUTO","min_version":"TLS_AUTO"},"default_security":{},"low_security":{},"medium_security":{}},"use_mtls":{"client_certificate_optional":true,"crl":{"name":"example","namespace":"example"},"no_crl":{},"trusted_ca":{"name":"example","namespace":"example"},"trusted_ca_url":"example","xfcc_disabled":{},"xfcc_options":{"xfcc_header_elements":["XFCC_NONE"]}}}},"tls_tcp_auto_cert":{"no_mtls":{},"tls_config":{"custom_security":{"cipher_suites":["example"],"max_version":"TLS_AUTO","min_version":"TLS_AUTO"},"default_security":{},"low_security":{},"medium_security":{}},"use_mtls":{"client_certificate_optional":true,"crl":{"name":"example","namespace":"example"},"no_crl":{},"trusted_ca":{"name":"example","namespace":"example"},"trusted_ca_url":"example","xfcc_disabled":{},"xfcc_options":{"xfcc_header_elements":["XFCC_NONE"]}}}}}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request PUT \ --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/tcp_loadbalancers/example \ --header 'Authorization: <Authorization>' \ --header 'Content-Type: application/json' \ --data '{ "metadata": { "annotations": {}, "description": "example", "disable": true, "labels": {}, "name": "example", "namespace": "example" }, "spec": { "active_service_policies": { "policies": [ { "name": "example", "namespace": "example" } ] }, "advertise_custom": { "advertise_where": [ { "advertise_on_public": { "public_ip": { "name": "example", "namespace": "example" } }, "port": 1, "port_ranges": "example", "site": { "ip": "example", "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE", "site": { "name": "example", "namespace": "example" } }, "use_default_port": {}, "virtual_network": { "default_v6_vip": {}, "default_vip": {}, "specific_v6_vip": "example", "specific_vip": "example", "virtual_network": { "name": "example", "namespace": "example" } }, "virtual_site": { "network": "SITE_NETWORK_INSIDE_AND_OUTSIDE", "virtual_site": { "name": "example", "namespace": "example" } }, "virtual_site_with_vip": { "ip": "example", "network": "SITE_NETWORK_SPECIFIED_VIP_OUTSIDE", "virtual_site": { "name": "example", "namespace": "example" } }, "vk8s_service": { "site": { "name": "example", "namespace": "example" }, "virtual_site": { "name": "example", "namespace": "example" } } } ] }, "advertise_on_public": { "public_ip": { "name": "example", "namespace": "example" } }, "advertise_on_public_default_vip": {}, "default_lb_with_sni": {}, "dns_volterra_managed": false, "do_not_advertise": {}, "do_not_retract_cluster": {}, "domains": [ "example" ], "hash_policy_choice_least_active": {}, "hash_policy_choice_random": {}, "hash_policy_choice_round_robin": {}, "hash_policy_choice_source_ip_stickiness": {}, "idle_timeout": 0, "listen_port": 1, "no_service_policies": {}, "no_sni": {}, "origin_pools_weights": [ { "cluster": { "name": "example", "namespace": "example" }, "endpoint_subsets": {}, "pool": { "name": "example", "namespace": "example" }, "priority": 1, "weight": 1 } ], "port_ranges": "example", "retract_cluster": {}, "service_policies_from_namespace": {}, "sni": {}, "tcp": {}, "tls_tcp": { "tls_cert_params": { "certificates": [ { "name": "example", "namespace": "example" } ], "no_mtls": {}, "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } }, "tls_parameters": { "no_mtls": {}, "tls_certificates": [ { "certificate_url": "example", "custom_hash_algorithms": { "hash_algorithms": [ "INVALID_HASH_ALGORITHM" ] }, "description": "example", "disable_ocsp_stapling": {}, "private_key": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "use_system_defaults": {} } ], "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } }, "tls_tcp_auto_cert": { "no_mtls": {}, "tls_config": { "custom_security": { "cipher_suites": [ "example" ], "max_version": "TLS_AUTO", "min_version": "TLS_AUTO" }, "default_security": {}, "low_security": {}, "medium_security": {} }, "use_mtls": { "client_certificate_optional": true, "crl": { "name": "example", "namespace": "example" }, "no_crl": {}, "trusted_ca": { "name": "example", "namespace": "example" }, "trusted_ca_url": "example", "xfcc_disabled": {}, "xfcc_options": { "xfcc_header_elements": [ "XFCC_NONE" ] } } } } }'Shape of the TCP load balancer replace specification.
Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Namespace This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
Name The configuration object to be replaced will be looked up by name.
Request Bodyrequired
Section titled “Request Bodyrequired”This is the input message of the ‘Replace’ RPC.
object
object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
object
Human readable description for the object.
A value of true will administratively disable the object.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.
object
This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.
This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
object
object
Service Policies is a sequential engine where policies (and rules within the policy) are evaluated one after the other. It’s important to define the correct order (policies evaluated from top to bottom in the list) for service policies, to GET the intended result. For each request, its characteristics are evaluated based on the match criteria in each service policy starting at the top. If there is a match in the current policy, then the policy takes effect, and no more policies are evaluated. Otherwise, the next policy is evaluated. If all policies are evaluated and none match, then the request will be denied by default.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Where should this load balancer be available
Required: YES.
This defines various OPTIONS where a Loadbalancer could be advertised.
object
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [port_ranges use_default_port] Port to Listen.
Exclusive with [port use_default_port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
Use given IP address as VIP on the site.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
object
Exclusive with [default_v6_vip] Use given IPv6 address as VIP on virtual Network.
Exclusive with [default_vip] Use given IPv4 address as VIP on virtual Network.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
Use given IP address as VIP on the site.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
DNS records for domains will be managed automatically by F5 Distributed Cloud. This requires the domain to be delegated to F5XC using the Delegated Domain feature.
object
object
A list of Domains (host/authority header) that will be matched to this Load Balancer.
Supported Domains and search order:
- Exact Domain names: www.example.com.
- Domains starting with a Wildcard: *.example.com.
Not supported Domains:
- Just a Wildcard: *
- A Wildcard and TLD with no root Domain: *.com.
- A Wildcard not matching a whole DNS label. E.g. *.example.com and *.bar.example.com are valid Wildcards however *bar.example.com, -bar.example.com, and bar.example.com are all invalid.
Additional notes: A Wildcard will not match empty string. E.g. *.example.com will match bar.example.com and baz-bar.example.com but not .example.com. The longest Wildcards match first. Only a single virtual host in the entire route configuration can match on *. Also a Domain must be unique across all virtual hosts within an advertise policy.
Domains are also used for SNI matching if SNI is activated on the given TCP Load Balancer. Domains also indicate the list of names for which DNS resolution will be automatically resolved to IP addresses by the system.
object
object
object
object
The amount of time that a stream can exist without upstream or downstream activity, in milliseconds.
Exclusive with [port_ranges] Listen Port for this load balancer.
object
object
Origin pools and weights used for this load balancer.
This defines a combination of origin pool with weight and priority.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Upstream origin pool may be configured to divide its origin servers into subsets based on metadata attached to the origin servers. Routes may then specify the metadata that a endpoint must match in order to be selected by the load balancer
For origin servers which are discovered in K8s or Consul cluster, the label of the service is merged with endpoint’s labels. In case of Consul, the label is derived from the “Tag” field. For labels that are common between configured endpoint and discovered service, labels from discovered service takes precedence.
List of key-value pairs that will be used as matching metadata. Only those origin servers of upstream origin pool which match this metadata will be selected for load balancing.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Priority of this origin pool, valid only with multiple origin pools. Value of 0 will make the pool as lowest priority origin pool Priority of 1 means highest priority and is considered active. When active origin pool is not available, lower priority origin pools are made active as per the increasing priority.
Weight of this origin pool, valid only with multiple origin pool. Value of 0 will disable the pool.
Exclusive with [listen_port] A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ”-”.
object
object
object
object
object
object
Select one or more certificates with any domain names.
Required: YES.
This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
Required: YES.
Handle to fetch certificate and key.
object
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers. Required: YES.
object
Ordered list of hash algorithms to be used.
Required: YES.
Description for the certificate.
object
object
object
Name of the Secret Management Access object that contains information about the backend Secret Management service.
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
object
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
object
object
object
object
The TLS listener will only support the specified cipher list. Required: YES.
object
object
object
object
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted.
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
object
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
Exclusive with [trusted_ca] Upload a Root CA Certificate specifically for this Load Balancer.
object
object
X-Forwarded-Client-Cert header elements to be added to requests
Required: YES.
Responses
Section titled “Responses”A successful response.
object
Examplegenerated
{}Returned when operation is not authorized.
Examplegenerated
exampleReturned when there is no permission to access resource.
Examplegenerated
exampleReturned when resource is not found.
Examplegenerated
exampleReturned when operation on resource is conflicting with current value.
Examplegenerated
exampleReturned when operation has been rejected as it is happening too frequently.
Examplegenerated
exampleReturned when server encountered an error in processing API.
Examplegenerated
exampleReturned when service is unavailable temporarily.
Examplegenerated
exampleReturned when server timed out processing request.
Examplegenerated
example