VirtualServer with TLSProfileΒΆ
VirtualServer with TLSProfile is used to specify the TLS termination. TLS termination relies on SNI. Any non-SNI traffic received on port 443 may result in connection issues. The example below shows how to attach a TLSProfile to a VirtualServer.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | apiVersion: cis.f5.com/v1
kind: VirtualServer
metadata:
name: coffee-virtual-server
labels:
f5cr: "true"
namespace: default
spec:
host: coffee.example.com
tlsProfileName: reencrypt-tls # --> This will attach reencrypt-tls TLSProfile
virtualServerAddress: "172.16.3.4"
pools:
- path: /coffee
service: svc
servicePort: 80
|
- CIS has a 1:1 mapping for a domain (CommonName) and BIG-IP-VirtualServer.
- You can create any number of custom resources for a single domain. For example, you can create 2 VirtualServers with different terminations (for the same domain): one with edge and another with re-encrypt. To do this you need to create two VirtualServers: one with edge TLSProfile and another with re-encrypt TLSProfile. Both the VirutalServers should be created with same virtualServerAddress.
- Single or Group of VirtualServers (with the same virtualServerAddress) will be created as one common BIG-IP-VirtualServer.
- If you want to update secure virtual (TLS Virtual) server to insecure virtual (non-TLS server) server. You need to delete the secure virtual server first and create a new virtual server.