F5VirtualServer¶

F5VirtualServer is a namespaced Custom Resource in the k8s.f5net.com API group. It models a virtual server that listens on a required destination address/port, and allows attaching protocol and feature profiles (HTTP, HTTP/2, HTTP/3/QUIC, SSL, and FastL4).

CR Parameters¶

metadata¶

Parameter	Type	Description
`name`	string	Unique name of the custom resource.
`namespace`	string	Namespace where the resource is created (because the CRD is namespaced).

spec¶

Parameter	Type	Description	Default
`tenant`	string	Name of the Tenant that owns the virtual server. Max length `255`. The value must match the pattern `^$^[a-z0-9]([-a-z0-9][a-z0-9])?(\\.[a-z0-9]([-a-z0-9][a-z0-9])?)*$`, meaning it can be an empty string or a domain-like structure containing lowercase letters (a-z), digits (0-9), optional hyphens (-), and subdomains separated by periods (.).	`""`
`namespace`	string	Tenant Namespace in which the virtual server was created. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]*$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-).	`""`
`site`	string	XC site on which the virtual server is advertised. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]*$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-).	`""`
`protocol`	string	Transport protocol. Enum: `tcp`, `udp`.	`tcp`
`protocolProfile`	object	Protocol profile names for clientside/serverside. See below.
`protocolProfile.clientside`	string	Clientside protocol profile name. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]*$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-).	`""`
`protocolProfile.serverside`	string	Serverside protocol profile name. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]*$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-).	`""`
`quic`	object	QUIC profile names for clientside/serverside. Serverside is not allowed (validation).
`quic.clientside`	string	Clientside QUIC profile name. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]*$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-).	`""`
`quic.serverside`	string	Serverside QUIC profile name. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-). Must be empty* (validation: serverside not supported).	`""`
`fastL4`	string	FastL4 profile name. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]*$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-). Cannot be set together with `protocolProfile` (validation).	`""`
`access`	string	Access profile name. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]*$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-).	`""`
`http`	object	HTTP profile names for clientside/serverside.
`http.clientside`	string	Clientside profile name. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]*$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-).	`""`
`http.serverside`	string	Serverside profile name. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]*$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-).	`""`
`http2`	object	HTTP/2 profile names for clientside/serverside. Requires `protocol=tcp` and `httpRouter=true` when configured (validations).
`http2.clientside`	string	Clientside profile name. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]*$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-).	`""`
`http2.serverside`	string	Serverside profile name. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]*$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-).	`""`
`http3`	object	HTTP/3 profile names for clientside/serverside. Serverside is not allowed (validation). Requires UDP + QUIC + ClientSSL + HTTP when configured (validations).
`http3.clientside`	string	Clientside profile name. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]*$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-).	`""`
`http3.serverside`	string	Serverside profile name. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-). For `http3.serverside`, must be empty* (validation).	`""`
`httpCompression`	boolean	Toggle attachment of an HTTP Compression profile. The default is disabled.	`false`
`httpRouter`	boolean	Toggle attachment of an HTTP Router profile. Required for HTTP/2 Full Proxy and HTTP/3. The default is disabled.	`false`
`json`	boolean	Toggle attachment of a JSON profile. The default is disabled.	`false`
`sse`	boolean	Toggle attachment of an HTTP Server-Sent Event (SSE) transport profile. The default is disabled.	`false`
`clientssl`	string	ClientSSL profile name. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]*$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-). Required for HTTP/3 (validation).	`""`
`serverssl`	string	ServerSSL profile name. Max length `255`. The value must match the pattern `^[0-9a-zA-Z._-]*$`, meaning it can only contain alphanumeric characters (0-9, a-z, A-Z), periods (.), underscores (_), and hyphens (-).	`""`
`genericMessage`	string	Generic message profile reference. Max length `255`. The value must match the pattern `^$^[a-z0-9]([-a-z0-9][a-z0-9])?(\\.[a-z0-9]([-a-z0-9][a-z0-9])?)*$`, meaning it can be an empty string or a domain-like structure containing lowercase letters (a-z), digits (0-9), optional hyphens (-), and subdomains separated by periods (.).	`""`
`pool`	string	Name of an existing Pool CR in the same namespace. Optional (not needed for gateway use cases). Max length `255`. Pattern: `^$^[a-z][a-z0-9-]*$`
`destinationAddress`	string	IPv4 or IPv6 address the virtual server listens on. Must match one of the IPv4/IPv6 regexes.	(required)
`destinationPort`	integer	TCP/UDP port that SPK listens on for requests. Max `65535`.	(required)
`vrf`	string	The name of the VRF (tenant) this virtual server listens on. It is a soft-reference to a VRF CR. If not specified, the virtual server will listen in the default route domain. Maximum length `255`.	`""`
`vlans`	object	VLAN selection settings. See below.
`vlans.vlanList`	array(string)	List of VLAN names/identifiers.	`[]`
`vlans.disableListedVlans`	boolean	If `true`, the VLANs in `vlanList` are disabled/blocked.	`false`
`ipfamilies`	string	IP family mode. Enum: `IPv4`, `IPv6`, `IPv4andIPv6`.	`"IPv4"`
`loadBalancingMethod`	string	How to choose a pool member. Enum: `ROUND_ROBIN`, `RATIO_LEAST_CONN_MEMBER`, `RATIO_MEMBER`, `RATIO_SESSION`.	`"ROUND_ROBIN"`
`iRules`	array(string)	List of iRules to attach.	`[]`
`snat`	object	Source NAT configuration. See below + validations.	`{}`
`snat.type`	string	Source address translation type. Enum: `none`, `snat`, `automap`.	`"none"`
`snat.pool`	string	SNAT pool name. Can only be used with `type=snat`.	`""`

SNAT validations¶

If snat.type == "none" then snat.pool must be empty.
If snat.type == "automap" then snat.pool must be empty.
If snat.type == "snat" then snat.pool must be non-empty.

CR Example¶

Example: TCP virtual server with HTTP + pool¶

apiVersion: k8s.f5net.com/v1
kind: F5VirtualServer
metadata:
  name: example-vs-http
  namespace: cnf-gateway
spec:
  destinationAddress: "192.0.2.10"
  destinationPort: 80
  protocol: tcp
  protocolProfile:
    clientside: "example-tcp-profile"
    serverside: "example-tcp-profile"

  http:
    clientside: "example-http-profile"
    serverside: "example-http-profile"

  pool: "example-pool"

  loadBalancingMethod: ROUND_ROBIN
  iRules:
  - "example-irule-1"
  snat:
    type: none
    pool: ""

Example: UDP + QUIC + HTTP/3 virtual server¶

apiVersion: k8s.f5net.com/v1
kind: F5VirtualServer
metadata:
  name: example-vs-http3
  namespace: cnf-gateway
spec:
  destinationAddress: "2001:db8::10"
  destinationPort: 443
  protocol: udp
  protocolProfile:
    clientside: "example-udp-profile"
    serverside: "example-udp-profile"

  httpRouter: true

  http:
    clientside: "example-http-profile"
    serverside: "example-http-profile"

  quic:
    clientside: "example-quic-profile"
    serverside: "example-quic-profile"

  http3:
    clientside: "example-http3-profile"
    serverside: "example-http3-profile"

  clientssl: "example-clientssl-profile"

  snat:
    type: automap
    pool: ""