F5BigCneZone¶
Overview¶
Destination Zones can be used in a firewall rule only if its firewall policy is attached to a forwarding Secure Context. Matching destination Zones will not work correctly in the context of a load-balancing Secure Context.
Note: In the case if some Zones are specified in a firewall rule, and all of them don’t specify any VLAN (all of Zones are empty or specifying only non-existent VLANs), the firewall rule becomes effectively disabled and will not match any traffic.
This document guides you through understanding, configuring and installing a simple F5BigCneZone CR.
CR parameters¶
The tables below describe the F5BigCneZone CR parameters.
metadata¶
| Parameter | Description |
|---|---|
name |
Specifies the VLAN zone name. |
namespace |
The Kubernetes Namespace the VLAN zone will install to. |
spec¶
| Parameter | Description |
|---|---|
vlan_list |
Specifies the list of VLANs for zone. |
CR Example¶
apiVersion: "k8s.f5net.com/v1"
kind: F5BigCneZone
metadata:
name: "zone1"
namespace: "cnf-gateway"
spec:
vlan_list:
- "vlan1"
- "vlan2"
CR shortName¶
CR shortNames provide an easy way to view installed CRs, and their configuration parameters. The CR shortName can also be used to delete the CR instance. The F5BigCneZone CR shortName is zone.
View CR instance:
kubectl get zone -n <namespace>
View CR configuration:
kubectl get zone -n <namespace> -o yaml
Requirements¶
Ensure you have:
- Uploaded the CNFs Software.
- Installed the BIG-IP Controller.
- A Linux based workstation.
Installation¶
Use these steps to install the example F5BigCneZone CR.
Tip: Open a second shell to view the CNFs Event Logs while installing.
The example F5BigCneZone CR allows two VLANs zone. Copy and paste the example into a YAML file:
apiVersion: "k8s.f5net.com/v1" kind: F5BigCneZone metadata: name: "zone1" namespace: "cnf-gateway" spec: vlan_list: - vlan1 - vlan2
Install the F5BigCneZone CR:
kubectl apply -f cnf-vlanzone-cr.yaml
In this example, the BIG-IP Controller logs indicate the F5BigCneZone CR was added/updated:
I0202 12:00:00.12346 1 event.go:282 Event(v1.ObjectReference{Kind:"F5Zone", F5Zone cnf-gateway/cnf-vlanzone was added/updated
Feedback¶
Provide feedback to improve this document by emailing cnfdocs@f5.com.