VirtualServer¶

VirtualServer resource defines the load balancing configuration for a domain name.

 apiVersion: "cis.f5.com/v1"
 kind: VirtualServer
 metadata:
   name: coffee-virtual-server
   labels:
     f5cr: "true"
 spec:
   host: coffee.example.com
   virtualServerAddress: "172.16.3.4"
   pools:
   - path: /coffee
     service: svc-2
     servicePort: 80
   serviceAddress:
   - icmpEcho: "enable"
     arpEnabled: true
     routeAdvertisement: "all"
     spanningEnabled: true

Important

CIS will only process custom resources with f5cr Label as true. See lines 5-6 above.
The above VirtualServer is insecure. Attach a TLSProfile to make it secure.

Open API Schema Validation for VirtualServer

Components¶

VirtualServer Components¶

Parameter	Type	Required	Default	Description
host	String	Optional	N/A	Virtual Host.
pools	List of pools	Required	N/A	List of BIG-IP Pools.
virtualServerAddress	String	Optional	N/A	IP Address of BIG-IP Virtual Server. IP address can also be replaced by a reference to a Service_Address.
serviceAddress	List of service addresses	Optional	N/A	Service address definition allows you to add a number of properties to your (virtual) server address.
ipamLabel	String	Optional	N/A	IPAM label name for IP address management which is map to ip-range in IPAM controller deployment.
virtualServerName	String	Optional	N/A	Custom name of BIG-IP Virtual Server.
TLSProfileName	String	Required	N/A	Describes the TLS configuration for BIG-IP Virtual Server.
rewriteAppRoot	String	Optional	N/A	Rewrites the path in the HTTP Header (and Redirects) from “/” (root path) to specifed path.
waf	String	Optional	N/A	Reference to WAF policy on BIG-IP.
snat	String	Optional	auto	Reference to SNAT pool on BIG-IP. The other allowed value is: `none`.
allowVlans	List of VLANs	Optional	N/A	List of VLAN objects from which to allow traffic.

Pools Components¶

Parameter	Type	Required	Default	Description
path	String	Required	N/A	Path to access the service.
service	String	Required	N/A	Service deployed in Kubernetes cluster.
nodeMemberLabel	String	Optional	N/A	List of Nodes to consider in NodePort mode as BIG-IP pool members. This option is only applicable for NodePort mode.
servicePort	String	Required	N/A	Port to access service.
monitor	String	Optional	N/A	Health Monitor to check the health of Pool Members.
rewrite	String	Optional	N/A	Rewrites the path in the HTTP Header while submitting the request to Server in the pool.

Monitor Components¶

Parameter	Type	Required	Default	Description
type	String	Required	N/A	http or https
send	String	Required	`GET /rn`	HTTP request string to send.
recv	String	Optional	N/A	String or RegEx pattern to match in first 5,120 bytes of backend response.
interval	Int	Required	5	Seconds between health queries.
timeout	Int	Optional	16	Seconds before query fails.

Note

Health Monitor associated with the first path will be considered if multiple paths have the same backend.

Custom Virtual Server Name¶

CRD allows the user to create a custom name for the virtual servers on BIG-IP using the virtualServerName parameter.

By deploying this yaml file in your cluster, CIS will create a Virtual Server on BIG-IP as “<virtual server name>_<virtual server port>”. For example: cafe_virtual_server_80.

This is optional to use. The default name for a virtual server created on BIG-IP is “crd_<virtual IP address>_<virtual server port>”. For example: crd_172_16_3_4_80.

custom-virtual-name.yaml¶

apiVersion: "cis.f5.com/v1"
kind: VirtualServer
metadata:
  name: my-new-virtual-server
  labels:
    f5cr: "true"
spec:
  # This is an insecure virtual, Please use TLSProfile to secure the virtual
  # check out tls examples to understand more.
  host: cafe.example.com
  virtualServerAddress: "172.16.3.4"
  virtualServerName: "cafe-virtual-server"
  pools:
  - path: /coffee
    service: svc-2
    servicePort: 80

Custom Virtual Port in CRD¶

You can configure the virtual address port number in CRD. This is required if you want to use the same VIP with different port numbers for different domains. There are two options for configuring:

virtualServerHTTPPort¶

By deploying this yaml file in your cluster, CIS will create a Virtual Server on BIG-IP with VIP custom http port as 500. It will load balance the traffic for domain cafe.example.com.

custom-http-port.yml¶

apiVersion: "cis.f5.com/v1"
kind: VirtualServer
metadata:
  name: my-new-virtual-server
  labels:
    f5cr: "true"
spec:
  host: cafe.example.com
  virtualServerAddress: "172.16.3.4"
  virtualServerHTTPPort: 8080
  pools:
  - path: /coffee
    service: svc-2
    servicePort: 80

virtualServerHTTPSPort¶

By deploying this yaml file in your cluster, CIS will create a Virtual Server on BIG-IP with VIP custom https port as 500. It will load balance the traffic for domain cafe.example.com.

custom-https-port.yml¶

apiVersion: "cis.f5.com/v1"
kind: VirtualServer
metadata:
  name: my-new-virtual-server
  labels:
    f5cr: "true"
spec:
  host: cafe.example.com
  virtualServerAddress: "172.16.3.4"
  virtualServerHTTPSPort: 8443
  pools:
  - path: /coffee
    service: svc-2
    servicePort: 80

Virtual Server Custom Resource without Host Parameter¶

You can create a simple HTTP Virtual Server without the Host parameter. By deploying the following YAML file in your cluster, CIS will create a Virtual Server on BIG-IP with VIP 172.16.3.4 and attach a policy that forwards the traffic to pool svc-1 when the URI path segment is /coffee.

Note

This is an insecure virtual server, please use TLSProfile to secure the virtual.

noHost-single-pool-virtual.yaml¶

apiVersion: "cis.f5.com/v1"
kind: VirtualServer
metadata:
  name: hoHost-single-pool
  labels:
    f5cr: "true"
spec:
  # This is an insecure virtual, Please use TLSProfile to secure the virtual
  # check out tls examples to understand more.
  virtualServerAddress: "172.16.3.4"
  pools:
  - path: /coffee
    service: svc-1
    servicePort: 80

Note

To provide feedback on Container Ingress Services or this documentation, you can file a GitHub Issue.

Previous Next