TransportServer

The TransportServer resource exposes the non-HTTP traffic configuration for a virtual server address in BIG-IP.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
apiVersion: "cis.f5.com/v1"
kind: TransportServer
metadata:
   name: transport-server
   labels:
     f5cr: "true"
spec:
  virtualServerAddress: "172.16.3.9"
  virtualServerPort: 8585
  mode: standard
  snat: auto
  persistenceProfile: destination-address
  dos: /Common/dos
  profiles:
    tcp:
      client: /Common/f5-tcp-lan
      server: /Common/f5-tcp-wan
  profileL4: /Common/security-fastL4
  iRules:
    - /Common/my-irule
  pool:
    service: svc-3
    servicePort: 8181
    monitor:
      type: tcp
      interval: 10
      timeout: 10
  serviceAddress:
  - icmpEcho: "enable"
    arpEnabled: true
    routeAdvertisement: "all"
    spanningEnabled: false

Important

The TransportServer in this example only forwards the traffic. It is the user’s responsibility to implement secure non-http traffic.

UDP Transport Server

The value spec.type can be used to distinguish a TCP/UDP/SCTP transport sever.

In the example below, transport server creates a UDP Virtual Server on BIG-IP that can be accessed at 172.16.3.10:8444.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
apiVersion: "cis.f5.com/v1"
kind: TransportServer
metadata:
   name: transport-server
   labels:
   f5cr: "true"
spec:
   virtualServerAddress: "172.16.3.10"
   virtualServerPort: 8444
   mode: standard
   snat: auto
   persistenceProfile: none
   dos: /Common/dos
   profileL4: /Common/security-fastL4
   allowVlans: ["/Common/devtraffic"]
   iRules:
     - /Common/my-irule
   type: udp
   pool:
     service: udp-svc
     servicePort: 4444
     monitor:
       type: udp
       interval: 10
       timeout: 31

SCTP Transport Server

The value spec.type can be used to distinguish a TCP/UDP/SCTP transport sever.

In the example below, transport server creates a SCTP Virtual Server on BIG-IP that can be accessed at 10.8.3.12:30102.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
apiVersion: cis.f5.com/v1
kind: TransportServer
metadata:
  labels:
    f5cr: "true"
  name: cr-transport-server
  namespace: default
spec:
  allowVlans: []
  iRules: []
  mode: standard
  pool:
    loadBalancingMethod: dynamic-ratio-member
    service: pytest-svc-1
    servicePort: 30102
  snat: auto
  type: sctp
  virtualServerAddress: 10.8.3.12
  virtualServerPort: 30102
status:
  status: Ok
  vsAddress: None

Components

TransportServer Components

Parameter Type Required Default Description
pool Pool Required N/A BIG-IP Pool member.
virtualServerAddress String Optional N/A IPv4/IPv6 Address of BIG-IP Virtual Server. IP address can also be replaced by a reference to a Service_Address.
ipamLabel String Optional N/A IPAM label name for IP address management which is mapped to IP-range in IPAM controller deployment.
serviceAddress List Optional N/A Service address definition allows you to add a number of properties to your (virtual) server address.
virtualServerPort String Required N/A Port Address of BIG-IP Virtual Server.
virtualServerName String Optional N/A Custom name of BIG-IP Virtual Server.
type String Optional tcp L4 transport server type. Options are tcp, udp or sctp.
mode String Required N/A A Standard mode transport server processes connections using the full proxy architecture. A Performance mode transport server uses FastL4 packet-by-packet TCP behavior. You can use “standard” or “performance”.
snat String Optional auto Reference to SNAT pool on BIG-IP. The other allowed value is: none.
allowVlans List of VLANs Optional Allow traffic from all VLANs List of VLAN objects from which to allow traffic. Example:[“/Common/devtraffic”].
iRules List of iRules Optional N/A List of iRules to attach. Example:[“/Common/my-irule”].
persistenceProfile String Optional source-address CIS uses the AS3 default persistence profile. TransportServer CRD resource takes precedence over Policy CRD. Allowed values are existing BIG-IP Persistence profiles.
dos String Optional N/A Pathname of existing BIG-IP DoS policy.
profiles Object Optional N/A BIG-IP TCP Profiles.
tcp Object Optional tcp BIG-IP TCP client and server profiles.
profileL4 String Optional basic The default value is basic but it is not configurable if the profileL4 spec is not included in TS or Policy CR. Transport CRD resource takes precedence over Policy CRD resource. Allowed values are existing BIG-IP profileL4 profiles.

Pools Components

Parameter Type Required Default Description
service String Required N/A Service deployed in Kubernetes cluster.
servicePort String Required N/A Port to access service.
monitor String Optional N/A Health Monitor to check the health of Pool Members.
monitors String Optional N/A Specifies multiple monitors for TS Pool.
loadBalancingMethod String Optional round-robin Allowed values are existing BIG-IP Load Balancing methods for pools.
serviceDownAction String Optional N/A Specifies connection handling when member is non-responsive. Examples: drop, none, reselect, reset
reselectTries Integer Optional 0 Maximum number of attempts to find a responsive member for a connection.

Monitor Components

Parameter Type Required Default Description
type String Required N/A TCP or UDP.
interval Int Required 5 Seconds between health queries.
timeout Int Optional 16 Seconds before query fails.

TCP Profile Components

Parameter Type Required Default Description
client String Required Custom_TCP CIS uses the AS3 default TCP client profile. Allowed values are existing BIG-IP TCP Client profiles.
server String Optional N/A Allowed values are existing BIG-IP TCP Server profiles. Note: Server TCP Profile can only be used along with Client profile.

Transport Server with IPv6 Address

Transport Server with IPv6
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
apiVersion: "cis.f5.com/v1"
kind: TransportServer
metadata:
  labels:
    f5cr: "true"
  name: svc1-transport-server
  namespace: default
spec:
  virtualServerAddress: "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
  virtualServerPort: 8544
  virtualServerName: svc1-ts
  mode: standard
  snat: auto
  pool:
    service: svc-1
    servicePort: 8181
    monitor:
      type: tcp
      interval: 10
      timeout: 10

Examples Repository

View more examples on GitHub.

View Example Service and Deployment Manifest on Github.


Note

To provide feedback on Container Ingress Services or this documentation, please file a GitHub Issue.