TransportServer¶

The TransportServer resource exposes the non-HTTP traffic configuration for a virtual server address in BIG-IP.

apiVersion: "cis.f5.com/v1"
kind: TransportServer
metadata:
   name: transport-server
   labels:
     f5cr: "true"
spec:
  virtualServerAddress: "172.16.3.9"
  virtualServerPort: 8585
  mode: standard
  snat: auto
  persistenceProfile: destination-address
  dos: /Common/dos
  profiles:
    tcp:
      client: /Common/f5-tcp-lan
      server: /Common/f5-tcp-wan
  profileL4: /Common/security-fastL4
  iRules:
    - /Common/my-irule
  pool:
    service: svc-3
    servicePort: 8181
    monitor:
      type: tcp
      interval: 10
      timeout: 10
  serviceAddress:
  - icmpEcho: "enable"
    arpEnabled: true
    routeAdvertisement: "all"
    spanningEnabled: false

Important

The TransportServer in this example only forwards the traffic. It is the user’s responsibility to implement secure non-http traffic.

UDP Transport Server¶

The value spec.type can be used to distinguish a TCP/UDP/SCTP transport sever.

In the example below, transport server creates a UDP Virtual Server on BIG-IP that can be accessed at 172.16.3.10:8444.

apiVersion: "cis.f5.com/v1"
kind: TransportServer
metadata:
   name: transport-server
   labels:
   f5cr: "true"
spec:
   virtualServerAddress: "172.16.3.10"
   virtualServerPort: 8444
   mode: standard
   snat: auto
   persistenceProfile: none
   dos: /Common/dos
   profileL4: /Common/security-fastL4
   allowVlans: ["/Common/devtraffic"]
   iRules:
     - /Common/my-irule
   type: udp
   pool:
     service: udp-svc
     servicePort: 4444
     monitor:
       type: udp
       interval: 10
       timeout: 31

SCTP Transport Server¶

The value spec.type can be used to distinguish a TCP/UDP/SCTP transport sever.

In the example below, transport server creates a SCTP Virtual Server on BIG-IP that can be accessed at 10.8.3.12:30102.

apiVersion: cis.f5.com/v1
kind: TransportServer
metadata:
  labels:
    f5cr: "true"
  name: cr-transport-server
  namespace: default
spec:
  allowVlans: []
  iRules: []
  mode: standard
  pool:
    loadBalancingMethod: dynamic-ratio-member
    service: pytest-svc-1
    servicePort: 30102
  snat: auto
  type: sctp
  virtualServerAddress: 10.8.3.12
  virtualServerPort: 30102
status:
  status: Ok
  vsAddress: None

Components¶

TransportServer Components¶

Parameter	Type	Required	Default	Description
pool	Pool	Required	N/A	BIG-IP Pool member.
virtualServerAddress	String	Optional	N/A	IPv4/IPv6 Address of BIG-IP Virtual Server. IP address can also be replaced by a reference to a Service_Address.
ipamLabel	String	Optional	N/A	IPAM label name for IP address management which is mapped to IP-range in IPAM controller deployment.
serviceAddress	List	Optional	N/A	Service address definition allows you to add a number of properties to your (virtual) server address.
virtualServerPort	String	Required	N/A	Port Address of BIG-IP Virtual Server.
virtualServerName	String	Optional	N/A	Custom name of BIG-IP Virtual Server.
type	String	Optional	tcp	L4 transport server type. Options are `tcp`, `udp` or `sctp`.
mode	String	Required	N/A	A Standard mode transport server processes connections using the full proxy architecture. A Performance mode transport server uses FastL4 packet-by-packet TCP behavior. You can use “standard” or “performance”.
snat	String	Optional	auto	Reference to SNAT pool on BIG-IP. The other allowed value is: `none`.
allowVlans	List of VLANs	Optional	Allow traffic from all VLANs	List of VLAN objects from which to allow traffic. Example:[“/Common/devtraffic”].
iRules	List of iRules	Optional	N/A	List of iRules to attach. Example:[“/Common/my-irule”].
persistenceProfile	String	Optional	source-address	CIS uses the AS3 default persistence profile. TransportServer CRD resource takes precedence over Policy CRD. Allowed values are existing BIG-IP Persistence profiles.
dos	String	Optional	N/A	Pathname of existing BIG-IP DoS policy.
profiles	Object	Optional	N/A	BIG-IP TCP Profiles.
tcp	Object	Optional	tcp	BIG-IP TCP client and server profiles.
profileL4	String	Optional	basic	The default value is `basic` but it is not configurable if the profileL4 spec is not included in TS or Policy CR. Transport CRD resource takes precedence over Policy CRD resource. Allowed values are existing BIG-IP profileL4 profiles.

Pools Components¶

Parameter	Type	Required	Default	Description
service	String	Required	N/A	Service deployed in Kubernetes cluster.
servicePort	String	Required	N/A	Port to access service.
monitor	String	Optional	N/A	Health Monitor to check the health of Pool Members.
monitors	String	Optional	N/A	Specifies multiple monitors for TS Pool.
loadBalancingMethod	String	Optional	round-robin	Allowed values are existing BIG-IP Load Balancing methods for pools.

Monitor Components¶

Parameter	Type	Required	Default	Description
type	String	Required	N/A	TCP or UDP.
interval	Int	Required	5	Seconds between health queries.
timeout	Int	Optional	16	Seconds before query fails.

TCP Profile Components¶

Parameter	Type	Required	Default	Description
client	String	Required	Custom_TCP	CIS uses the AS3 default TCP client profile. Allowed values are existing BIG-IP TCP Client profiles.
server	String	Optional	N/A	Allowed values are existing BIG-IP TCP Server profiles. Note: Server TCP Profile can only be used along with Client profile.

Transport Server with IPv6 Address¶

Transport Server with IPv6¶

apiVersion: "cis.f5.com/v1"
kind: TransportServer
metadata:
  labels:
    f5cr: "true"
  name: svc1-transport-server
  namespace: default
spec:
  virtualServerAddress: "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
  virtualServerPort: 8544
  virtualServerName: svc1-ts
  mode: standard
  snat: auto
  pool:
    service: svc-1
    servicePort: 8181
    monitor:
      type: tcp
      interval: 10
      timeout: 10

Examples Repository¶

View more examples on GitHub.

View Example Service and Deployment Manifest on Github.

Note

To provide feedback on Container Ingress Services or this documentation, please file a GitHub Issue.

Previous Next