Last updated on: 2023-05-31 04:59:08.

TransportServer¶

The TransportServer resource exposes the non-HTTP traffic configuration for a virtual server address in BIG-IP.

apiVersion: "cis.f5.com/v1"
kind: TransportServer
metadata:
   name: transport-server
   labels:
     f5cr: "true"
spec:
  virtualServerAddress: "172.16.3.9"
  virtualServerPort: 8585
  mode: standard
  snat: auto
  persistenceProfile: destination-address
  dos: /Common/dos
  profiles:
    tcp:
      client: /Common/f5-tcp-lan
      server: /Common/f5-tcp-wan
  profileL4: /Common/security-fastL4
  iRules:
    - /Common/my-irule
  pool:
    service: svc-3
    servicePort: 8181
    monitor:
      type: tcp
      interval: 10
      timeout: 10
  serviceAddress:
  - icmpEcho: "enable"
    arpEnabled: true
    routeAdvertisement: "all"
    spanningEnabled: false

Important

The TransportServer in this example only forwards the traffic. It is the user’s responsibility to implement secure non-http traffic.

UDP Transport Server¶

The value spec.type can be used to distinguish a TCP/UDP/SCTP transport sever.

In the example below, transport server creates a UDP Virtual Server on BIG-IP that can be accessed at 172.16.3.10:8444.

apiVersion: "cis.f5.com/v1"
kind: TransportServer
metadata:
   name: transport-server
   labels:
   f5cr: "true"
spec:
   virtualServerAddress: "172.16.3.10"
   virtualServerPort: 8444
   mode: standard
   snat: auto
   persistenceProfile: none
   dos: /Common/dos
   profileL4: /Common/security-fastL4
   allowVlans: ["/Common/devtraffic"]
   iRules:
     - /Common/my-irule
   type: udp
   pool:
     service: udp-svc
     servicePort: 4444
     monitor:
       type: udp
       interval: 10
       timeout: 31

SCTP Transport Server¶

The value spec.type can be used to distinguish a TCP/UDP/SCTP transport sever.

In the example below, transport server creates a SCTP Virtual Server on BIG-IP that can be accessed at 10.8.3.12:30102.

apiVersion: cis.f5.com/v1
kind: TransportServer
metadata:
  labels:
    f5cr: "true"
  name: cr-transport-server
  namespace: default
spec:
  allowVlans: []
  iRules: []
  mode: standard
  pool:
    loadBalancingMethod: dynamic-ratio-member
    service: pytest-svc-1
    servicePort: 30102
  snat: auto
  type: sctp
  virtualServerAddress: 10.8.3.12
  virtualServerPort: 30102
status:
  status: Ok
  vsAddress: None

Components¶

TransportServer Components¶

Parameter	Type	Required	Default	Description
pool	Pool	Required	N/A	BIG-IP Pool member.
virtualServerAddress	String	Optional	N/A	IPv4/IPv6 Address of BIG-IP Virtual Server. IP address can also be replaced by a reference to a Service_Address.
ipamLabel	String	Optional	N/A	IPAM label name for IP address management which is mapped to IP-range in IPAM controller deployment.
hostGroup	String	Optional	N/A	Use to leverage the IP from the VirtialServer CR using the same VirtualServer HostGroup name and Vice-versa
policyName	String	Optional	N/A	Name of Policy CRD to attach profiles/policies defined in it.
serviceAddress	List	Optional	N/A	Service address definition allows you to add a number of properties to your (virtual) server address.
virtualServerPort	String	Required	N/A	Port Address of BIG-IP Virtual Server.
virtualServerName	String	Optional	N/A	Custom name of BIG-IP Virtual Server.
type	String	Optional	tcp	L4 transport server type. Options are `tcp`, `udp` or `sctp`.
mode	String	Required	N/A	A Standard mode transport server processes connections using the full proxy architecture. A Performance mode transport server uses FastL4 packet-by-packet TCP behavior. You can use “standard” or “performance”.
snat	String	Optional	auto	Reference to SNAT pool on BIG-IP. The other allowed value is: `none`.
allowVlans	List of VLANs	Optional	Allow traffic from all VLANs	List of VLAN objects from which to allow traffic. Example:[“/Common/devtraffic”].
host	String	Optional	N/A	HostName of the Virtual Server
iRules	List of iRules	Optional	N/A	List of iRules to attach. Example:[“/Common/my-irule”].
persistenceProfile	String	Optional	source-address	CIS uses the AS3 default persistence profile. TransportServer CRD resource takes precedence over Policy CRD. Allowed values are existing BIG-IP Persistence profiles.
dos	String	Optional	N/A	Pathname of existing BIG-IP DoS policy.
profiles	Object	Optional	N/A	BIG-IP TCP Profiles.
tcp	Object	Optional	tcp	BIG-IP TCP client and server profiles.
profileL4	String	Optional	basic	The default value is `basic` but it is not configurable if the profileL4 spec is not included in TS or Policy CR. Transport CRD resource takes precedence over Policy CRD resource. Allowed values are existing BIG-IP profileL4 profiles.
partition	String	Optional	N/A	BIG-IP Partition.

Pools Components¶

Parameter	Type	Required	Default	Description
service	String	Required	N/A	Service deployed in Kubernetes cluster.
servicePort	String/Integer	Required	N/A	Port to access service. Could be service port, service port name, or targetPort of the service.
monitor	Monitor	Optional	N/A	Health Monitor to check the health of Pool Members.
monitors	Monitor	Optional	N/A	Specifies multiple monitors for TS Pool.
loadBalancingMethod	String	Optional	round-robin	Allowed values are existing BIG-IP Load Balancing methods for pools.
nodeMemberLabel	String	Optional	N/A	List of Nodes to consider in NodePort Mode as BIG-IP pool members. This Option is only applicable for NodePort Mode.
serviceDownAction	String	Optional	N/A	Specifies connection handling when member is non-responsive. Examples: `drop`, `none`, `reselect`, `reset`
reselectTries	Integer	Optional	0	Maximum number of attempts to find a responsive member for a connection.
serviceNamespace	String	Optional	N/A	Namespace of the service. Define it if the service is present in a namespace other than the one where transport Server Custom Resource is present.

Note

Monitors take priority over monitor if both are provided in TS spec.

Monitor Components¶

Parameter	Type	Required	Default	Description
type	String	Required	N/A	TCP or UDP.
interval	Integer	Required	5	Seconds between health queries.
timeout	Integer	Optional	16	Seconds before query fails.
targetPort	Integer	Optional	0	Port (if any) the monitor should probe. If 0 (default) then pool member port is used. Translates to “Alias Service Port” on BIG-IP pool.
name	String	Required	N/A	Reference to health monitor name existing on the BIG-IP.
reference	String	Required	N/A	Value should be `bigip` for referencing custom monitor on the BIG-IP.

TCP Profile Components¶

Parameter	Type	Required	Default	Description
client	String	Required	Custom_TCP	CIS uses the AS3 default TCP client profile. Allowed values are existing BIG-IP TCP Client profiles.
server	String	Optional	N/A	Allowed values are existing BIG-IP TCP Server profiles. Note: Server TCP Profile can only be used along with Client profile.

Service Address Components¶

Parameter	Type	Required	Default	Description
arpEnabled	Boolean	Optional	true	If true (default), the system services ARP requests on this address.
icmpEcho	String	Optional	enable	If enabled (default), the system answers ICMP echo requests on this address. Values: `enable`, `disable`, and `selective`.
routeAdvertisement	String	Optional	disable	If enabled, the route is advertised. Values: `enable`, `disable`, `selective`, `always`, `any`, and `all`.
spanningEnabled	Boolean	Optional	false	If true, this enables all BIG-IP systems in the device group to listen for and process traffic on the same virtual address.
trafficGroup	String	Optional	default	Specifies the traffic group to which the Service_Address belongs.

Transport Server with IPv6 Address¶

Transport Server with IPv6¶

apiVersion: "cis.f5.com/v1"
kind: TransportServer
metadata:
  labels:
    f5cr: "true"
  name: svc1-transport-server
  namespace: default
spec:
  virtualServerAddress: "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
  virtualServerPort: 8544
  virtualServerName: svc1-ts
  mode: standard
  snat: auto
  pool:
    service: svc-1
    servicePort: 8181
    monitor:
      type: tcp
      interval: 10
      timeout: 10

MultiPartition Support using partition spec parameter¶

CRD supports the MultiPartition feature for TransportServer CR, where the user can provision BIG-IP in multiple partitions. This helps to easily manage the bigipConfig among the partitions. The MultiPartition feature also improves performance, as CIS processes only the partition when there is a change, instead of sending a unified AS3 declaration to all of the partitions on the BIG-IP every time a change/event is detected.

CIS processes multiple tenant information and still sends the single unified declaration to BIG-IP to avoid multiple posts to BIG-IP for the first time.

Note

AS3 post call is formed as mgmt/shared/appsvcs/declare/tenant1,tenant2.

Multiple VirtualServers do not share the same virtual server address across multiple partitions. F5 does not currently support VS sharing the same host group or host with the same address in multiple partitions. The following rules apply for all VS resources. - Virtual servers with the same host group should be in one partition. - Virtual servers with the same host should be in one partition. - Virtual servers with the same VS address should be in one partition. - Virtual servers cannot share the same VIP across multiple partitions, irrespective of port.

Example of VS using “partition” spec parameter (https://github.com/F5Networks/k8s-bigip-ctlr/tree/master/docs/config_examples/customResource/TransportServer/partition)¶

apiVersion: cis.f5.com/v1
kind: TransportServer
metadata:
  labels:
    f5cr: "true"
  name: cr-transport-server
  namespace: default
spec:
  allowVlans: []
  iRules:
    - /Common/test_rule2
  mode: standard
  partition: dev
  pool:
    monitor:
      interval: 20
      timeout: 10
      type: udp
    service: pytest-svc-1
    servicePort: 1344
  snat: auto
  type: udp
  virtualServerAddress: 10.8.3.11
  virtualServerPort: 1344

Examples Repository¶

View more examples on GitHub.

View Example Service and Deployment Manifest on Github.

Note

To provide feedback on Container Ingress Services or this documentation, please file a GitHub Issue.

Previous Next