VirtualServer¶
VirtualServer resource defines the load balancing configuration for a domain name.
1 2 3 4 5 6 7 8 9 10 11 12 13 | apiVersion: "cis.f5.com/v1"
kind: VirtualServer
metadata:
name: coffee-virtual-server
labels:
f5cr: "true"
spec:
host: coffee.example.com
virtualServerAddress: "172.16.3.4"
pools:
- path: /coffee
service: svc-2
servicePort: 80
|
Important
- CIS will only process custom resources with
f5cr
Label astrue
. See lines 5-6 above. - The above VirtualServer is insecure. Attach a TLSProfile to make it secure.
Open API Schema Validation for VirtualServer
Components¶
VirtualServer Components¶
Parameter | Type | Required | Default | Description |
---|---|---|---|---|
host | String | Required | N/A | Virtual Host. |
pools | List of pools | Required | N/A | List of BIG-IP Pools. |
virtualServerAddress | String | Required | N/A | IP Address of BIG-IP Virtual Server. |
TLSProfileName | String | Required | N/A | Describes the TLS configuration for BIG-IP Virtual Server. |
waf | String | Optional | N/A | Reference to WAF policy on BIG-IP. |
snat | String | Optional | auto | Reference to SNAT pool on BIG-IP. The other allowed value is: none . |
Pools Components¶
Parameter | Type | Required | Default | Description |
---|---|---|---|---|
path | String | Required | N/A | Path to access the service. |
service | String | Required | N/A | Service deployed in Kubernetes cluster. |
nodeMemberLabel | String | Optional | N/A | List of Nodes to consider in NodePort mode as BIG-IP pool members. This option is only applicable for NodePort mode. |
servicePort | String | Required | N/A | Port to access service. |
monitor | String | Optional | N/A | Health Monitor to check the health of Pool Members. |
Monitor Components¶
Parameter | Type | Required | Default | Description |
---|---|---|---|---|
type | String | Required | N/A | http or https |
send | String | Required | GET /rn |
HTTP request string to send. |
recv | String | Optional | N/A | String or RegEx pattern to match in first 5,120 bytes of backend response. |
interval | Int | Required | 5 | Seconds between health queries. |
timeout | Int | Optional | 16 | Seconds before query fails. |
Note
Health Monitor associated with the first path will be considered if multiple paths have the same backend.
Custom Virtual Server Name¶
CRD allows the user to create a custom name for the virtual servers on BIG-IP using the virtualServerName parameter.
By deploying this yaml file in your cluster, CIS will create a Virtual Server on BIG-IP as “<virtual server name>_<virtual server port>”. For example: cafe_virtual_server_80
.
This is optional to use. The default name for a virtual server created on BIG-IP is “crd_<virtual IP address>_<virtual server port>”. For example: crd_172_16_3_4_80
.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | apiVersion: "cis.f5.com/v1"
kind: VirtualServer
metadata:
name: my-new-virtual-server
labels:
f5cr: "true"
spec:
# This is an insecure virtual, Please use TLSProfile to secure the virtual
# check out tls examples to understand more.
host: cafe.example.com
virtualServerAddress: "172.16.3.4"
virtualServerName: "cafe-virtual-server"
pools:
- path: /coffee
service: svc-2
servicePort: 80
|
Custom Virtual Port in CRD¶
You can configure the virtual address port number in CRD. This is required if you want to use the same VIP with different port numbers for different domains. There are two options for configuring:
virtualServerHTTPPort¶
By deploying this yaml file in your cluster, CIS will create a Virtual Server on BIG-IP with VIP custom http port as 500. It will load balance the traffic for domain cafe.example.com.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | apiVersion: "cis.f5.com/v1"
kind: VirtualServer
metadata:
name: my-new-virtual-server
labels:
f5cr: "true"
spec:
host: cafe.example.com
virtualServerAddress: "172.16.3.4"
virtualServerHTTPPort: 8080
pools:
- path: /coffee
service: svc-2
servicePort: 80
|
virtualServerHTTPSPort¶
By deploying this yaml file in your cluster, CIS will create a Virtual Server on BIG-IP with VIP custom https port as 500. It will load balance the traffic for domain cafe.example.com.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | apiVersion: "cis.f5.com/v1"
kind: VirtualServer
metadata:
name: my-new-virtual-server
labels:
f5cr: "true"
spec:
host: cafe.example.com
virtualServerAddress: "172.16.3.4"
virtualServerHTTPSPort: 8443
pools:
- path: /coffee
service: svc-2
servicePort: 80
|
Virtual Server Custom Resource without Host Parameter¶
You can create a simple HTTP Virtual Server without the Host parameter. By deploying the following YAML file in your cluster, CIS will create a Virtual Server on BIG-IP with VIP 172.16.3.4
and attach a policy that forwards the traffic to pool svc-1
when the URI path segment is /coffee
.
Note
This is an insecure virtual server, please use TLSProfile to secure the virtual.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | apiVersion: "cis.f5.com/v1"
kind: VirtualServer
metadata:
name: hoHost-single-pool
labels:
f5cr: "true"
spec:
# This is an insecure virtual, Please use TLSProfile to secure the virtual
# check out tls examples to understand more.
virtualServerAddress: "172.16.3.4"
pools:
- path: /coffee
service: svc-1
servicePort: 80
|