F5BigPeProfile¶

A F5BigPeProfile Custom Resource (CR) is required to apply the list of policies that the user wants to enforce on the subscriber traffic. The F5BigContextSecure CR references the F5BigPeProfile CR to accept and process the application traffic using one or more F5BigPePolicy CRs.

This document guides you through understanding, and configuring the F5BigPeProfile CR.

F5BigPeProfile CR parameters¶

The following table lists and describes the F5BigPeProfile CR parameters.

spec¶

Parameter	Description
`globalPolicy.highPrecedence`	Specifies that a highPrecedence policy is applied first to the subscriber before any lowerPrecedence policies.
`globalPolicy.highPrecedence.items`	List of PE policies to be applied on the subscriber as high precedence. The `maxLength` value is 255.
`unknownSubscriberpolicy`	Specifies that an Unknown Subscriber Policy (a set of rules) is applied to the network traffic when the subscribers (users) identity cannot be definitively determined.
`unknownSubscriberpolicy.items`	List of PE policies to be applied on unknown subscriber.

CR shortName¶

CR shortNames provide an easy way to view installed CRs, and their configuration parameters. The CR shortName can also be used to delete the CR instance. The shortName for F5BigPeProfile CR is peprof.

View CR instance

Run the following command to view the CR instance:

kubectl get peprof -n <namespace>

View CR configuration

Run the following command to view the CR configuration:

kubectl get peprof -n <namespace> -o yaml

Example CR¶

F5BigPePolicy¶

Following is an example CR of F5BigPePolicy:

apiVersion: "k8s.f5net.com/v1"
kind: F5BigPePolicy
metadata:
  name: "pe-policy-dpi"
spec:
  description: "pe policy for dpi"
  rule:
   - name: "dpi-rule"
    precedence: 1
    filter:
      deepPacketInspection:
       - name: "class1"
        match: "match"
        category: "Search_Engines"
        application: "any"
      action:
        enableGate: true

F5BigPeProfile¶

Following is an example CR of F5BigPeProfile:

apiVersion: "k8s.f5net.com/v1"
kind: F5BigPeProfile
metadata:
  name: "pe-profile"
spec:
  description: "my pe profile"
  globalPolicy: {}
  unknownSubscriberpolicy:
   - "cnf-pe-policy"

Procedure¶

Install the F5BigPeProfile CR. Run the following command to install:

kubectl apply -f cnf-pe-profile-cr.yaml

In the following example, the BIG-IP Controller logs indicate the F5BigPeProfile CR was added/updated.

`I0202`` ``12``:00:00.12347``   ``1`` ``event.go:282`` ``Event``(``v1.ObjectReference``{``Kind:``"F5peProfile"``, peProfile`` ``default/``pe-profile`` ``was`` ``added/updated`

Feedback

To provide feedback and help improve this document, please email us at cnfdocs@f5.com.