F5BigCneZone¶
Overview¶
Destination Zones can be used in a firewall rule only if its firewall policy is attached to a forwarding Secure Context. Matching destination Zones will not work correctly in the context of a load-balancing Secure Context.
Note: In the case if some Zones are specified in a firewall rule, and all of them don’t specify any VLAN (all of Zones are empty or specifying only non-existent VLANs), the firewall rule becomes effectively disabled and will not match any traffic.
This document guides you through understanding, configuring and installing a simple F5BigCneZone CR.
CR parameters¶
The tables below describe the F5BigCneZone CR parameters.
metadata¶
| Parameter | Description |
|---|---|
name |
Specifies the VLAN zone name. |
namespace |
The namespace of Kubernetes in which the VLAN zone is installed. |
spec¶
| Parameter | Description |
|---|---|
vlan_list |
Specifies the list of VLANs for zone. |
CR Example¶
apiVersion: "k8s.f5net.com/v1"
kind: F5BigCneZone
metadata:
name: "zone1"
namespace: "my-gateway"
spec:
vlan_list:
- "vlan1"
- "vlan2"
Installation¶
Copy the sample CR into a YAML <bnk
-vlanzone-cr.yaml>``file.Install the F5BigCneZone CR using:
kubectl`` ``apply`` ``-f`` ``bnk``-vlanzone-cr.yaml
Note: The log message indicates that the F5BigCnZone CR was added or updated:
I0202 12:00:00.12346 1 event.go:282 Event(v1.ObjectReference{Kind:"F5Zone",
F5Zone bnk-gateway/bnk-vlanzone was added/updated