TransportServer

The TransportServer resource exposes the non-HTTP traffic configuration for a virtual server address in BIG-IP.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
apiVersion: "cis.f5.com/v1"
kind: TransportServer
metadata:
   name: transport-server
   labels:
     f5cr: "true"
spec:
  virtualServerAddress: "172.16.3.9"
  virtualServerPort: 8585
  mode: standard
  snat: auto
  persistenceProfile: destination-address
  dos: /Common/dos
  profiles:
    tcp:
      client: /Common/f5-tcp-lan
      server: /Common/f5-tcp-wan
  profileL4: /Common/security-fastL4
  iRules:
    - /Common/my-irule
  pool:
    service: svc-3
    servicePort: 8181
    monitor:
      type: tcp
      interval: 10
      timeout: 10
  serviceAddress:
  - icmpEcho: "enable"
    arpEnabled: true
    routeAdvertisement: "all"
    spanningEnabled: false

Important

The TransportServer in this example only forwards the traffic. It is the user’s responsibility to implement secure non-http traffic.

UDP Transport Server

The value spec.type can be used to distinguish a TCP/UDP/SCTP transport sever.

In the example below, transport server creates a UDP Virtual Server on BIG-IP that can be accessed at 172.16.3.10:8444.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
apiVersion: "cis.f5.com/v1"
kind: TransportServer
metadata:
   name: transport-server
   labels:
   f5cr: "true"
spec:
   virtualServerAddress: "172.16.3.10"
   virtualServerPort: 8444
   mode: standard
   snat: auto
   persistenceProfile: none
   dos: /Common/dos
   profileL4: /Common/security-fastL4
   allowVlans: ["/Common/devtraffic"]
   iRules:
     - /Common/my-irule
   type: udp
   pool:
     service: udp-svc
     servicePort: 4444
     monitor:
       type: udp
       interval: 10
       timeout: 31

SCTP Transport Server

The value spec.type can be used to distinguish a TCP/UDP/SCTP transport sever.

In the example below, transport server creates a SCTP Virtual Server on BIG-IP that can be accessed at 10.8.3.12:30102.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
apiVersion: cis.f5.com/v1
kind: TransportServer
metadata:
  labels:
    f5cr: "true"
  name: cr-transport-server
  namespace: default
spec:
  allowVlans: []
  iRules: []
  mode: standard
  pool:
    loadBalancingMethod: dynamic-ratio-member
    service: pytest-svc-1
    servicePort: 30102
  snat: auto
  type: sctp
  virtualServerAddress: 10.8.3.12
  virtualServerPort: 30102
status:
  status: Ok
  vsAddress: None

Components

TransportServer Components

Parameter Type Required Default Description
pool Pool Required N/A BIG-IP Pool member.
virtualServerAddress String Optional N/A IPv4/IPv6 Address of BIG-IP Virtual Server. IP address can also be replaced by a reference to a Service_Address.
ipamLabel String Optional N/A IPAM label name for IP address management which is mapped to IP-range in IPAM controller deployment.
hostGroup String Optional N/A Use to leverage the IP from the VirtialServer CR using the same VirtualServer HostGroup name and Vice-versa
policyName String Optional N/A Name of Policy CRD to attach profiles/policies defined in it.
serviceAddress List Optional N/A Service address definition allows you to add a number of properties to your (virtual) server address.
virtualServerPort String Required N/A Port Address of BIG-IP Virtual Server.
virtualServerName String Optional N/A Custom name of BIG-IP Virtual Server.
type String Optional tcp L4 transport server type. Options are tcp, udp or sctp.
mode String Required N/A A Standard mode transport server processes connections using the full proxy architecture. A Performance mode transport server uses FastL4 packet-by-packet TCP behavior. You can use “standard” or “performance”.
snat String Optional auto Reference to SNAT pool on BIG-IP. The supported values are none, auto, self and the BIG-IP SNATPool path.
allowVlans List of VLANs Optional Allow traffic from all VLANs List of VLAN objects from which to allow traffic. Example:[“/Common/devtraffic”].
host String Optional N/A HostName of the Virtual Server
iRules List of iRules Optional N/A List of iRules to attach. Example:[“/Common/my-irule”].
persistenceProfile String Optional source-address CIS uses the AS3 default persistence profile. TransportServer CRD resource takes precedence over Policy CRD. Allowed values are existing BIG-IP Persistence profiles.
dos String Optional N/A Pathname of existing BIG-IP DoS policy.
profiles Object Optional N/A BIG-IP TCP Profiles.
tcp Object Optional tcp BIG-IP TCP client and server profiles.
profileL4 String Optional basic The default value is basic but it is not configurable if the profileL4 spec is not included in TS or Policy CR. Transport CRD resource takes precedence over Policy CRD resource. Allowed values are existing BIG-IP profileL4 profiles.
partition String Optional N/A BIG-IP Partition.
bigipRouteDomain Integer Optional 0 Appends route domain to the virtual addresses of the BIG-IP

Pools Components

Parameter Type Required Default Description
service String Required N/A Service deployed in Kubernetes cluster.
servicePort String/Integer Required N/A Port to access service. Could be service port, service port name, or targetPort of the service.
monitor Monitor Optional N/A Health Monitor to check the health of Pool Members.
monitors Monitor Optional N/A Specifies multiple monitors for TS Pool.
loadBalancingMethod String Optional round-robin Allowed values are existing BIG-IP Load Balancing methods for pools.
nodeMemberLabel String Optional N/A List of Nodes to consider in NodePort Mode as BIG-IP pool members. This Option is only applicable for NodePort Mode.
serviceDownAction String Optional N/A Specifies connection handling when member is non-responsive. Examples: drop, none, reselect, reset
reselectTries Integer Optional 0 Maximum number of attempts to find a responsive member for a connection.
serviceNamespace String Optional N/A Namespace of the service. Define it if the service is present in a namespace other than the one where transport Server Custom Resource is present.

Note

Monitors take priority over monitor if both are provided in TS spec.

Monitor Components

Parameter Type Required Default Description
type String Required N/A TCP or UDP.
interval Integer Required 5 Seconds between health queries.
timeout Integer Optional 16 Seconds before query fails.
targetPort Integer Optional 0 Port (if any) the monitor should probe. If 0 (default) then pool member port is used. Translates to “Alias Service Port” on BIG-IP pool.
name String Required N/A Reference to health monitor name existing on the BIG-IP.
reference String Required N/A Value should be bigip for referencing custom monitor on the BIG-IP.

TCP Profile Components

Parameter Type Required Default Description
client String Required Custom_TCP CIS uses the AS3 default TCP client profile. Allowed values are existing BIG-IP TCP Client profiles.
server String Optional N/A Allowed values are existing BIG-IP TCP Server profiles. Note: Server TCP Profile can only be used along with Client profile.

Service Address Components

Parameter Type Required Default Description
arpEnabled Boolean Optional true If true (default), the system services ARP requests on this address.
icmpEcho String Optional enable If enabled (default), the system answers ICMP echo requests on this address. Values: enable, disable, and selective.
routeAdvertisement String Optional disable If enabled, the route is advertised. Values: enable, disable, selective, always, any, and all.
spanningEnabled Boolean Optional false If true, this enables all BIG-IP systems in the device group to listen for and process traffic on the same virtual address.
trafficGroup String Optional default Specifies the traffic group to which the Service_Address belongs.

Transport Server with IPv6 Address

Transport Server with IPv6
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
apiVersion: "cis.f5.com/v1"
kind: TransportServer
metadata:
  labels:
    f5cr: "true"
  name: svc1-transport-server
  namespace: default
spec:
  virtualServerAddress: "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
  virtualServerPort: 8544
  virtualServerName: svc1-ts
  mode: standard
  snat: auto
  pool:
    service: svc-1
    servicePort: 8181
    monitor:
      type: tcp
      interval: 10
      timeout: 10

MultiPartition Support using partition spec parameter

CRD supports the MultiPartition feature for TransportServer CR, where the user can provision BIG-IP in multiple partitions. This helps to easily manage the bigipConfig among the partitions. The MultiPartition feature also improves performance, as CIS processes only the partition when there is a change, instead of sending a unified AS3 declaration to all of the partitions on the BIG-IP every time a change/event is detected.

CIS processes multiple tenant information and still sends the single unified declaration to BIG-IP to avoid multiple posts to BIG-IP for the first time.

Note

AS3 post call is formed as mgmt/shared/appsvcs/declare/tenant1,tenant2.

Multiple VirtualServers do not share the same virtual server address across multiple partitions. F5 does not currently support VS sharing the same host group or host with the same address in multiple partitions. The following rules apply for all VS resources. - Virtual servers with the same host group should be in one partition. - Virtual servers with the same host should be in one partition. - Virtual servers with the same VS address should be in one partition. - Virtual servers cannot share the same VIP across multiple partitions, irrespective of port.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
apiVersion: cis.f5.com/v1
kind: TransportServer
metadata:
  labels:
    f5cr: "true"
  name: cr-transport-server
  namespace: default
spec:
  allowVlans: []
  iRules:
    - /Common/test_rule2
  mode: standard
  partition: dev
  pool:
    monitor:
      interval: 20
      timeout: 10
      type: udp
    service: pytest-svc-1
    servicePort: 1344
  snat: auto
  type: udp
  virtualServerAddress: 10.8.3.11
  virtualServerPort: 1344

Examples Repository

View more examples on GitHub.

View Example Service and Deployment Manifest on Github.


Note

To provide feedback on Container Ingress Services or this documentation, please file a GitHub Issue.