TLSProfile¶
TLSProfile is used to specify the TLS termination for a single/list of services in a VirtualServer Custom Resource. TLS termination relies on SNI. Any non-SNI traffic received on port 443 may result in connection issues. TLSProfile can be created either with certificates stored as k8s secrets or can be referenced by profiles existing in BIG-IP.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | apiVersion: cis.f5.com/v1 kind: TLSProfile metadata: name: reencrypt-tls labels: f5cr: "true" spec: tls: termination: reencrypt clientSSL: /Common/clientssl serverSSL: /Common/serverssl reference: bigip # --> reference profiles created in BIG-IP by User hosts: - coffee.example.com |
Important
CIS will only process custom resources with f5cr label set as true. See lines 5-6 above.
TLSProfile Components¶
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| termination | String | Required | N/A | Termination on BIG-IP Virtual Server. Allowed options are edge, reencrypt, and passthrough. |
| clientSSL | String | Required | N/A | ClientSSL Profile on the BIG-IP. For example /Common/clientssl. |
| serverSSL | String | Optional | N/A | ServerSSL Profile on the BIG-IP. For example /Common/serverssl. |
| reference | String | Required | N/A | Describes the location of profile: BIG-IP, or k8s Secrets. CIS currently supports BIG-IP and secret references. Available options are bigip and secret. |
Note
To provide feedback on Container Ingress Services or this documentation, please file a GitHub Issue.