F5SPKIngressDiameter Reference¶
The F5SPKIngressDiameter Custom Resource (CR) configuration parameters. Each heading below represents the top-level parameter element. For example, to set the Kubernetes Service name
, use service.name
.
service¶
Parameter | Description |
---|---|
name |
Name of the Kubernetes Service providing access to the Pods. |
port |
The exposed port for the service. |
clientssl¶
Parameter | Description |
---|---|
name |
|
enableTls13 |
Enables TLS 1.3 protocol support: true (default) or false. |
enableTls12 |
Enables TLS 1.2 protocol support: true (default) or false. |
enableTls11 |
Enables TLS 1.1 protocol support: true (default) or false. |
ciphers |
Specifies OpenSSL-style cipher string: DEFAULT. |
enableSessionTicket |
Enables Session Ticket support: true (default) or false. |
enableRenegotiation |
Enables Renegotiation support: true or false (default). |
renegotiationMode |
Specifies the secure renegotiation mode: SSL_SECURE_RENEGOTIATION_MODE_REQUIRE. |
keyCertPairs.key |
Specifies the private key. |
keyCertPairs.cert |
Specifies the content of certificate and intermediate CA(s) if any. |
serverssl¶
Parameter | Description |
---|---|
name |
|
enableTls13 |
Enables TLS 1.3 protocol support: true (default) or false. |
enableTls12 |
Enables TLS 1.2 protocol support: true (default) or false. |
enableTls11 |
Enables TLS 1.1 protocol support: true (default) or false. |
ciphers |
Specifies OpenSSL-style cipher string: DEFAULT. |
enableSessionTicket |
Enables Session Ticket support: true (default) or false. |
enableRenegotiation |
Enables Renegotiation support: true or false (default). |
renegotiationMode |
Specifies the secure renegotiation mode: SSL_SECURE_RENEGOTIATION_MODE_REQUIRE. |
trustedCa |
Specifies list of Root CAs in PEM format used for server certificate verification. |
keyCertPairs.key |
Specifies the private key. Supported formats are Embedded PEM, Vault Path, or File Path. |
keyCertPairs.cert |
Specifies the content of certificate and intermediate CA(s) if any. upported formats are Embedded PEM or File Path. |
spec¶
Parameter | Description |
---|---|
loadBalancingMethod |
The traffic load balancing algorithm used. |
ipfamilies |
The IP version capabilities of the application: IPv4, IPv6, IPv4andIPv6. |
egressSnatpool |
Specifies an F5SPKsnatpool CR to reference using the spec.name parameter. |
router.enablePerPeerStats |
Enables additional statistics collection per pool member. |
router.transactionTimeout |
The maximum expected time of a Diameter transaction. |
router.enableForwardingEgress |
Enables connection to an external diameter peer from an internal diameter peer: true or false (default). |
router.defaultEgressDestinations |
Specifies an array of IP address and port pairs to be used as a pool of external Diameter destinations for Diameter traffic egressing from the application pods. For example, the address/port of an external Diameter server or proxy. |
spec.externalTCP¶
Parameter | Description |
---|---|
enabled |
Create an external TCP virtual server on the TMM container. The default is enabled (true). |
serviceName |
Selects the Service object name for the internal applications (Pods). |
servicePort |
Selects the Service object port value. |
destinationAddress |
The external TCP virtual server IPv4 address. |
v6destinationAddress |
The external TCP virtual server IPv6 address. |
destinationPort |
The external TCP virtual server destination service port. |
idleTimeout |
The number of seconds a TCP connection can remain idle before deletion. The default value is 300 seconds. |
outboundSnatEnabled |
Outbound external connections will be SNATed to the virtual server IP address: true (default) or false. |
spec.internalTCP¶
Parameter | Description |
---|---|
enabled |
Create an internal TCP virtual server on the TMM container. The default is enabled (true). |
serviceName |
Selects the Service object name for the external applications (Pods). |
servicePort |
Selects the Service object port value. |
destinationAddress |
The internal TCP virtual server IPv4 address. |
v6destinationAddress |
The internal TCP virtual server IPv6 address. |
destinationPort |
The internal TCP virtual server destination service port. |
idleTimeout |
The number of seconds a TCP connection can remain idle before deletion. The default value is 300 seconds. |
outboundSnatEnabled |
Outbound external connections will be SNATed to the virtual server IP address: true (default) or false. |
spec.externalSCTP¶
Parameter | Description |
---|---|
enabled |
Create an external SCTP virtual server on the TMM container. The default is enabled (true). |
destinationAddress |
The external SCTP virtual server IP address. |
destinationPort |
The external SCTP virtual server destination service port. |
idleTimeout |
The number of seconds a SCTP connection can remain idle before deletion. The default value is 300 seconds. |
outboundSnatEnabled |
Outbound external connections will be SNATed to the virtual server IP address. |
clientSideMultihoming |
Enable client side connection multihoming: true or false (default). |
alternateAddressList |
Specifies a list of alternate IP addresses when clientsideMultihoming is enabled. Each TMM POD requires unique alternate IP address, and these IP address will be advertised via BGP to the upstream router. Each list defined will be allocated to TMMs in order: first list to first TMM, continuing through each list. |
streamsCount |
Set the advertised number of streams the SCTP filter will accept. |
spec.internalSCTP¶
Parameter | Description |
---|---|
enabled |
Create an internal SCTP virtual server on the TMM container. The default is enabled (true). |
destinationAddress |
The internal SCTP virtual server IP address. |
destinationPort |
The nternal SCTP virtual server destination service port. |
idleTimeout |
The number of seconds an SCTP connection can remain idle before deletion. The default value is 300 seconds. |
outboundSnatEnabled |
Outbound internal connections will be SNATed to the virtual server IP address. |
streamsCount |
Set the advertised number of streams the SCTP filter will accept. |
spec.externalSession¶
Parameter | Description |
---|---|
persistenceKey |
The diameter AVP to be used as a persistence key. |
persistenceTimeout |
The length of time in seconds that an idle persistence entry will be kept. |
originHost |
The diameter host name sent to external peers in capabilities exchange messages. |
originRealm |
The diameter realm name sent to external peers in capabilities exchange messages. |
alternateOriginHost |
The alternate diameter host for substituting origin host used by internal peers. |
alternateOriginRealm |
The alternate origin realm for substituting origin realms used by internal peers. |
vendorId |
The vendor ID sent to external peers in capabilities exchange messages. |
productName |
The product name sent to external peers in capabilities exchange messages. |
authorizationAppIds |
The list of authorization application IDs sent to external peers in capabilities exchange messages. Comma-seperated. For example; "id1,id2". |
accountingAppIds |
The list of accounting application IDs sent to external peers in capabilities exchange messages. Comma-seperated. For example; "id1,id2". |
dynamicRouteInsertion |
Enables inserting routes that route incoming messages toward connected peers using their origin-host AVP: enabled or disabled (default). |
dynamicRouteLlookup |
Enables using the destination-host AVP for route lookups when the dynamic-route-insertion parameter is enabled: enabled or disabled (default). |
dynamicRouteTimeout |
Specifies the period of time in seconds that dynamic routes will remain in the route table after a connection is closed. The default value is 300. |
spec.internalSession¶
Parameter | Description |
---|---|
persistenceKey |
The diameter AVP to be used as a persistence key. |
persistenceTimeout |
The length of time in seconds that an idle persistence entry will be kept. |
originHost |
The diameter host name sent to internal peers in capabilities exchange messages. |
originRealm |
The diameter realm name sent to internal peers in capabilities exchange messages. |
vendorId |
The vendor ID sent to internal peers in capabilities exchange messages. |
productName |
The product name sent to internal peers in capabilities exchange messages. |
authorizationAppIds |
The list of authorization application IDs sent to internal peers in capabilities exchange messages. Comma-seperated. For example; "id1,id2". |
accountingAppIds |
The list of accounting application IDs sent to internal peers in capabilities exchange messages. Comma-seperated. For example; "id1,id2". |
dynamicRouteInsertion |
Enables inserting routes that route incoming messages toward connected peers using their origin-host AVP: enabled or disabled (default). |
dynamicRouteLlookup |
Enables using the destination-host AVP for route lookups when the dynamic-route-insertion parameter is enabled: enabled or disabled (default). |
dynamicRouteTimeout |
Specifies the period of time in seconds that dynamic routes will remain in the route table after a connection is closed. The default value is 300. |
spec.internalWCSession¶
Parameter | Description |
---|---|
originHost |
The diameter host name sent to internal peers in capabilities exchange messages. |
originRealm |
The diameter realm name sent to internal peers in capabilities exchange messages. |
vendorId |
The vendor ID sent to internal peers in capabilities exchange messages. |
productName |
The product name sent to internal peers in capabilities exchange messages. |
authorizationAppIds |
The list of authorization application IDs sent to internal peers in capabilities exchange messages. Comma-seperated. For example; "id1,id2". |
accountingAppIds |
The list of accounting application IDs sent to internal peers in capabilities exchange messages. Comma-seperated. For example; "id1,id2". |
spec.ingressVlans¶
Parameter | Description |
---|---|
vlanList |
Specifies a list of F5SPKVlan CRs to listen for ingress traffic, using the CR's metadata.name . The list can also be disabled using disableListedVlans . |
category |
Specifies an F5SPKVlan CR category to listen for ingress traffic. The category can also be disabled using disableListedVlans . |
disableListedVlans |
Whether to use all vlans on the ingress side except the listed ones true (default), or only the ones in the list false. |
spec.egressVlans¶
Parameter | Description |
---|---|
vlanList |
Specifies a list of F5SPKVlan CRs to listen for ingress traffic, using the CR's metadata.name . The list can also be disabled using disableListedVlans . |
category |
Specifies an F5SPKVlan CR category to listen for ingress traffic. The category can also be disabled using disableListedVlans . |
disableListedVlans |
Whether to use all vlans on the ingress side except the listed ones true (default), or only the ones in the list false. |