1114 lines
42 KiB
YAML
1114 lines
42 KiB
YAML
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: f5-bigip-ctlr
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: f5-bigip-ctlr
|
|
name: virtualservers.cis.f5.com
|
|
spec:
|
|
group: cis.f5.com
|
|
names:
|
|
kind: VirtualServer
|
|
plural: virtualservers
|
|
shortNames:
|
|
- vs
|
|
singular: virtualserver
|
|
scope: Namespaced
|
|
versions:
|
|
-
|
|
name: v1
|
|
served: true
|
|
storage: true
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
spec:
|
|
type: object
|
|
properties:
|
|
partition:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+[-A-z0-9_.]+$'
|
|
host:
|
|
type: string
|
|
pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$'
|
|
hostGroup:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+[-A-z0-9_.:]*[A-z0-9]*$'
|
|
httpTraffic:
|
|
type: string
|
|
enum: [allow, none, redirect]
|
|
ipamLabel:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+[-A-z0-9_.:]+[A-z0-9]+$'
|
|
snat:
|
|
type: string
|
|
pattern: '^$|^\/?[a-zA-Z]+([-A-z0-9_+]+\/)*([-A-z0-9_.:]+\/?)+$'
|
|
connectionMirroring:
|
|
type: string
|
|
enum: [ none, L4 ]
|
|
tlsProfileName:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+[-A-z0-9_.:]+[A-z0-9]+$'
|
|
persistenceProfile:
|
|
type: string
|
|
pattern: '^\/?[a-zA-Z]+([-A-z0-9_+]+\/)*([-A-z0-9_.:]+\/?)*$'
|
|
htmlProfile:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
profiles:
|
|
type: object
|
|
properties:
|
|
tcp:
|
|
type: object
|
|
properties:
|
|
client:
|
|
type: string
|
|
pattern: '^\/([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
server:
|
|
type: string
|
|
pattern: '^\/([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
http2:
|
|
type: object
|
|
properties:
|
|
client:
|
|
type: string
|
|
pattern: '^\/([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
server:
|
|
type: string
|
|
pattern: '^\/([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
dos:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
botDefense:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
policyName:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+[-A-z0-9_.:]+[A-z0-9]+$'
|
|
rewriteAppRoot:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)*([-A-z0-9_.:]+\/?)*$'
|
|
waf:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
profileMultiplex:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
allowVlans:
|
|
items:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.]+\/?)*$'
|
|
type: array
|
|
allowSourceRange:
|
|
items:
|
|
type: string
|
|
type: array
|
|
httpMrfRoutingEnabled:
|
|
type: boolean
|
|
iRules:
|
|
type: array
|
|
items:
|
|
type: string
|
|
pattern: '^none$|^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
serviceAddress:
|
|
type: array
|
|
maxItems: 1
|
|
items:
|
|
type: object
|
|
properties:
|
|
arpEnabled:
|
|
type: boolean
|
|
icmpEcho:
|
|
type: string
|
|
enum: [enable, disable, selective]
|
|
routeAdvertisement:
|
|
type: string
|
|
enum: [enable, disable, selective, always, any, all]
|
|
spanningEnabled:
|
|
type: boolean
|
|
trafficGroup:
|
|
type: string
|
|
pattern: '^\/([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
defaultPool:
|
|
type: object
|
|
properties:
|
|
name:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
service:
|
|
type: string
|
|
pattern: '[a-z]([-a-z0-9]*[a-z0-9])?'
|
|
servicePort:
|
|
x-kubernetes-int-or-string: true
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
serviceNamespace:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+([-A-z0-9_.+:])*([A-z0-9])+$'
|
|
loadBalancingMethod:
|
|
type: string
|
|
pattern: '^[a-z]+[a-z_-]+[a-z]+$'
|
|
nodeMemberLabel:
|
|
type: string
|
|
pattern: '^[a-zA-Z0-9][-A-Za-z0-9_.\/]{0,61}[a-zA-Z0-9]=[a-zA-Z0-9][-A-Za-z0-9_.]{0,61}[a-zA-Z0-9]$'
|
|
monitors:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
enum: [ tcp, udp, http, https ]
|
|
interval:
|
|
type: integer
|
|
timeout:
|
|
type: integer
|
|
targetPort:
|
|
type: integer
|
|
name:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
reference:
|
|
type: string
|
|
enum: [ bigip ]
|
|
send:
|
|
type: string
|
|
recv:
|
|
type: string
|
|
reference:
|
|
type: string
|
|
enum: [ bigip, service ]
|
|
reselectTries:
|
|
type: integer
|
|
minimum: 0
|
|
maximum: 65535
|
|
serviceDownAction:
|
|
type: string
|
|
required:
|
|
- reference
|
|
pools:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
name:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+([-A-z0-9_.+:])*([A-z0-9])+$'
|
|
path:
|
|
type: string
|
|
pattern: '^\/([A-z0-9-_+]+\/)*([-A-z0-9_.:]+\/?)*$'
|
|
service:
|
|
type: string
|
|
pattern: '[a-z]([-a-z0-9]*[a-z0-9])?'
|
|
weight:
|
|
type: integer
|
|
minimum: 0
|
|
maximum: 256
|
|
alternateBackends:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
service:
|
|
type: string
|
|
pattern: '[a-z]([-a-z0-9]*[a-z0-9])?'
|
|
serviceNamespace:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+([-A-z0-9_.+:])*([A-z0-9])+$'
|
|
weight:
|
|
type: integer
|
|
minimum: 0
|
|
maximum: 256
|
|
required:
|
|
- service
|
|
loadBalancingMethod:
|
|
type: string
|
|
pattern: '^[a-z]+[a-z_-]+[a-z]+$'
|
|
nodeMemberLabel:
|
|
type: string
|
|
pattern: '^[a-zA-Z0-9][-A-Za-z0-9_.\/]{0,61}[a-zA-Z0-9]=[a-zA-Z0-9][-A-Za-z0-9_.]{0,61}[a-zA-Z0-9]$'
|
|
servicePort:
|
|
x-kubernetes-int-or-string: true
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
rewrite:
|
|
type: string
|
|
pattern: '^\/([A-z0-9-_+]+\/)*([-A-z0-9_.:]+\/?)*$'
|
|
hostRewrite:
|
|
type: string
|
|
pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$'
|
|
waf:
|
|
type: string
|
|
pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$'
|
|
serviceNamespace:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+([-A-z0-9_.+:])*([A-z0-9])+$'
|
|
monitor:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
enum: [http, https, tcp]
|
|
send:
|
|
type: string
|
|
recv:
|
|
type: string
|
|
interval:
|
|
type: integer
|
|
timeout:
|
|
type: integer
|
|
targetPort:
|
|
type: integer
|
|
name:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
reference:
|
|
type: string
|
|
enum: [bigip]
|
|
monitors:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
enum: [ http, https, tcp ]
|
|
send:
|
|
type: string
|
|
recv:
|
|
type: string
|
|
interval:
|
|
type: integer
|
|
timeout:
|
|
type: integer
|
|
targetPort:
|
|
type: integer
|
|
name:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
reference:
|
|
type: string
|
|
enum: [bigip]
|
|
minimumMonitors:
|
|
x-kubernetes-int-or-string: true
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
reselectTries:
|
|
type: integer
|
|
minimum: 0
|
|
maximum: 65535
|
|
serviceDownAction:
|
|
type: string
|
|
extendedServiceReferences:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
clusterName:
|
|
type: string
|
|
serviceName:
|
|
type: string
|
|
pattern: '[a-z]([-a-z0-9]*[a-z0-9])?'
|
|
namespace:
|
|
type: string
|
|
port:
|
|
x-kubernetes-int-or-string: true
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
weight:
|
|
type: integer
|
|
minimum: 0
|
|
maximum: 256
|
|
required:
|
|
- service
|
|
- servicePort
|
|
virtualServerAddress:
|
|
type: string
|
|
pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$'
|
|
additionalVirtualServerAddresses:
|
|
type: array
|
|
items:
|
|
type: string
|
|
pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$'
|
|
virtualServerName:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+([A-z0-9-_+])*([A-z0-9])$'
|
|
virtualServerHTTPPort:
|
|
type: integer
|
|
minimum: 1
|
|
maximum: 65535
|
|
virtualServerHTTPSPort:
|
|
type: integer
|
|
minimum: 1
|
|
maximum: 65535
|
|
status:
|
|
type: object
|
|
properties:
|
|
vsAddress:
|
|
type: string
|
|
default: None
|
|
status:
|
|
type: string
|
|
default: Pending
|
|
additionalPrinterColumns:
|
|
- name: host
|
|
type: string
|
|
description: hostname
|
|
jsonPath: .spec.host
|
|
- name: tlsProfileName
|
|
type: string
|
|
description: TLS Profile attached
|
|
jsonPath: .spec.tlsProfileName
|
|
- name: httpTraffic
|
|
type: string
|
|
description: Http Traffic Termination
|
|
jsonPath: .spec.httpTraffic
|
|
- name: IPAddress
|
|
type: string
|
|
description: IP address of virtualServer
|
|
jsonPath: .spec.virtualServerAddress
|
|
- name: ipamLabel
|
|
type: string
|
|
description: ipamLabel for virtual server
|
|
jsonPath: .spec.ipamLabel
|
|
- name: IPAMVSAddress
|
|
type: string
|
|
description: IP address of virtualServer
|
|
jsonPath: .status.vsAddress
|
|
- name: STATUS
|
|
type: string
|
|
description: status of VirtualServer
|
|
jsonPath: .status.status
|
|
- name: Age
|
|
type: date
|
|
jsonPath: .metadata.creationTimestamp
|
|
subresources:
|
|
status: {}
|
|
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: f5-bigip-ctlr
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: f5-bigip-ctlr
|
|
name: tlsprofiles.cis.f5.com
|
|
spec:
|
|
group: cis.f5.com
|
|
names:
|
|
kind: TLSProfile
|
|
plural: tlsprofiles
|
|
shortNames:
|
|
- tls
|
|
singular: tlsprofile
|
|
scope: Namespaced
|
|
versions:
|
|
-
|
|
name: v1
|
|
served: true
|
|
storage: true
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
spec:
|
|
type: object
|
|
properties:
|
|
hosts:
|
|
type: array
|
|
items:
|
|
type: string
|
|
pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$'
|
|
tls:
|
|
type: object
|
|
properties:
|
|
termination:
|
|
type: string
|
|
enum: [edge, reencrypt, passthrough]
|
|
clientSSL:
|
|
type: string
|
|
pattern: '^\/?[a-zA-Z]+([-A-z0-9_+]+\/)*([-A-z0-9_.:]+\/?)*$'
|
|
clientSSLs:
|
|
type: array
|
|
items:
|
|
type: string
|
|
pattern: '^\/?[a-zA-Z]+([-A-z0-9_+]+\/)*([-A-z0-9_.:]+\/?)*$'
|
|
serverSSL:
|
|
type: string
|
|
pattern: '^\/?[a-zA-Z]+([-A-z0-9_+]+\/)*([-A-z0-9_.:]+\/?)*$'
|
|
serverSSLs:
|
|
type: array
|
|
items:
|
|
type: string
|
|
pattern: '^\/?[a-zA-Z]+([-A-z0-9_+]+\/)*([-A-z0-9_.:]+\/?)*$'
|
|
reference:
|
|
type: string
|
|
enum: [bigip, secret]
|
|
clientSSLParams:
|
|
type: object
|
|
properties:
|
|
renegotiationEnabled:
|
|
type: boolean
|
|
default: true
|
|
serverSSLParams:
|
|
type: object
|
|
properties:
|
|
renegotiationEnabled:
|
|
type: boolean
|
|
default: true
|
|
required:
|
|
- termination
|
|
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: f5-bigip-ctlr
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: f5-bigip-ctlr
|
|
name: transportservers.cis.f5.com
|
|
spec:
|
|
group: cis.f5.com
|
|
names:
|
|
kind: TransportServer
|
|
plural: transportservers
|
|
shortNames:
|
|
- ts
|
|
singular: transportserver
|
|
scope: Namespaced
|
|
versions:
|
|
-
|
|
name: v1
|
|
served: true
|
|
storage: true
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
spec:
|
|
type: object
|
|
properties:
|
|
partition:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+[-A-z0-9_.]+$'
|
|
virtualServerAddress:
|
|
type: string
|
|
pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$'
|
|
virtualServerPort:
|
|
type: integer
|
|
minimum: 1
|
|
maximum: 65535
|
|
virtualServerName:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+([A-z0-9-_+])*([A-z0-9])$'
|
|
host:
|
|
type: string
|
|
pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$'
|
|
hostGroup:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+[-A-z0-9_.:]*[A-z0-9]*$'
|
|
policyName:
|
|
type: string
|
|
pattern: '^([A-z0-9-_+])*([A-z0-9])$'
|
|
mode:
|
|
type: string
|
|
enum: [standard, performance]
|
|
type:
|
|
type: string
|
|
enum: [tcp, udp, sctp]
|
|
snat:
|
|
type: string
|
|
pattern: '^$|^\/?[a-zA-Z]+([-A-z0-9_+]+\/)*([-A-z0-9_.:]+\/?)+$'
|
|
connectionMirroring:
|
|
type: string
|
|
enum: [ none, L4 ]
|
|
profiles:
|
|
type: object
|
|
properties:
|
|
tcp:
|
|
type: object
|
|
properties:
|
|
client:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
server:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
persistenceProfile:
|
|
type: string
|
|
pattern: '^\/?[a-zA-Z]+([-A-z0-9_+]+\/)*([-A-z0-9_.:]+\/?)*$'
|
|
dos:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
profileL4:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
allowVlans:
|
|
items:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.]+\/?)*$'
|
|
type: array
|
|
iRules:
|
|
type: array
|
|
items:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
ipamLabel:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+[-A-z0-9_.:]+[A-z0-9]+$'
|
|
serviceAddress:
|
|
type: array
|
|
maxItems: 1
|
|
items:
|
|
type: object
|
|
properties:
|
|
arpEnabled:
|
|
type: boolean
|
|
icmpEcho:
|
|
type: string
|
|
enum: [enable, disable, selective]
|
|
routeAdvertisement:
|
|
type: string
|
|
enum: [enable, disable, selective, always, any, all]
|
|
spanningEnabled:
|
|
type: boolean
|
|
trafficGroup:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
pool:
|
|
type: object
|
|
properties:
|
|
name:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+([-A-z0-9_.+:])*([A-z0-9])+$'
|
|
service:
|
|
type: string
|
|
pattern: '[a-z]([-a-z0-9]*[a-z0-9])?'
|
|
servicePort:
|
|
x-kubernetes-int-or-string: true
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
serviceNamespace:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+([-A-z0-9_.+:])*([A-z0-9])+$'
|
|
loadBalancingMethod:
|
|
type: string
|
|
pattern: '^[a-z]+[a-z_-]+[a-z]+$'
|
|
nodeMemberLabel:
|
|
type: string
|
|
pattern: '^[a-zA-Z0-9][-A-Za-z0-9_.\/]{0,61}[a-zA-Z0-9]=[a-zA-Z0-9][-A-Za-z0-9_.]{0,61}[a-zA-Z0-9]$'
|
|
monitor:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
enum: [tcp, udp, http, https]
|
|
interval:
|
|
type: integer
|
|
timeout:
|
|
type: integer
|
|
targetPort:
|
|
type: integer
|
|
name:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
reference:
|
|
type: string
|
|
enum: [bigip]
|
|
send:
|
|
type: string
|
|
recv:
|
|
type: string
|
|
monitors:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
enum: [ tcp, udp, http, https ]
|
|
interval:
|
|
type: integer
|
|
timeout:
|
|
type: integer
|
|
targetPort:
|
|
type: integer
|
|
name:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
reference:
|
|
type: string
|
|
enum: [bigip]
|
|
send:
|
|
type: string
|
|
recv:
|
|
type: string
|
|
reselectTries:
|
|
type: integer
|
|
minimum: 0
|
|
maximum: 65535
|
|
serviceDownAction:
|
|
type: string
|
|
extendedServiceReferences:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
clusterName:
|
|
type: string
|
|
serviceName:
|
|
type: string
|
|
pattern: '[a-z]([-a-z0-9]*[a-z0-9])?'
|
|
namespace:
|
|
type: string
|
|
port:
|
|
x-kubernetes-int-or-string: true
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
required:
|
|
- service
|
|
- servicePort
|
|
required:
|
|
- virtualServerPort
|
|
- pool
|
|
- mode
|
|
status:
|
|
type: object
|
|
properties:
|
|
vsAddress:
|
|
type: string
|
|
default: None
|
|
status:
|
|
type: string
|
|
default: Pending
|
|
additionalPrinterColumns:
|
|
- name: virtualServerAddress
|
|
type: string
|
|
description: IP address of virtualServer
|
|
jsonPath: .spec.virtualServerAddress
|
|
- name: virtualServerPort
|
|
type: integer
|
|
description: Port of virtualServer
|
|
jsonPath: .spec.virtualServerPort
|
|
- name: pool
|
|
type: string
|
|
description: Name of service
|
|
jsonPath: .spec.pool.service
|
|
- name: poolPort
|
|
type: string
|
|
description: Port of service
|
|
jsonPath: .spec.pool.servicePort
|
|
- name: ipamLabel
|
|
type: string
|
|
description: ipamLabel for transport server
|
|
jsonPath: .spec.ipamLabel
|
|
- name: IPAMVSAddress
|
|
type: string
|
|
description: IP address of transport server
|
|
jsonPath: .status.vsAddress
|
|
- name: STATUS
|
|
type: string
|
|
description: status of TransportServer
|
|
jsonPath: .status.status
|
|
- name: Age
|
|
type: date
|
|
jsonPath: .metadata.creationTimestamp
|
|
subresources:
|
|
status: { }
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: f5-bigip-ctlr
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: f5-bigip-ctlr
|
|
name: externaldnses.cis.f5.com
|
|
spec:
|
|
group: cis.f5.com
|
|
names:
|
|
kind: ExternalDNS
|
|
plural: externaldnses
|
|
shortNames:
|
|
- edns
|
|
singular: externaldns
|
|
scope: Namespaced
|
|
versions:
|
|
-
|
|
name: v1
|
|
served: true
|
|
storage: true
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
spec:
|
|
type: object
|
|
properties:
|
|
domainName:
|
|
type: string
|
|
pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$'
|
|
dnsRecordType:
|
|
type: string
|
|
pattern: 'A'
|
|
loadBalanceMethod:
|
|
type: string
|
|
pattern: '^[a-z]+[a-z_-]+[a-z]+$'
|
|
clientSubnetPreferred:
|
|
type: boolean
|
|
persistenceEnabled:
|
|
type: boolean
|
|
persistCidrIpv4:
|
|
type: integer
|
|
minimum: 0
|
|
maximum: 32
|
|
persistCidrIpv6:
|
|
type: integer
|
|
minimum: 0
|
|
maximum: 128
|
|
ttlPersistence:
|
|
type: integer
|
|
format: int64
|
|
minimum: 0
|
|
maximum: 4294967295
|
|
pools:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
dataServerName:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
dnsRecordType:
|
|
type: string
|
|
pattern: 'A'
|
|
loadBalanceMethod:
|
|
type: string
|
|
pattern: '^[a-z]+[a-z_-]+[a-z]+$'
|
|
lbModeFallback:
|
|
type: string
|
|
pattern: '^[a-z]+[a-z_-]+[a-z]+$'
|
|
order:
|
|
type: integer
|
|
ratio:
|
|
type: integer
|
|
monitor:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
enum: [http, https, tcp]
|
|
send:
|
|
type: string
|
|
recv:
|
|
type: string
|
|
interval:
|
|
type: integer
|
|
timeout:
|
|
type: integer
|
|
required:
|
|
- type
|
|
- interval
|
|
monitors:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
enum: [http, https, tcp]
|
|
send:
|
|
type: string
|
|
recv:
|
|
type: string
|
|
interval:
|
|
type: integer
|
|
timeout:
|
|
type: integer
|
|
required:
|
|
- type
|
|
- interval
|
|
required:
|
|
- dataServerName
|
|
required:
|
|
- domainName
|
|
additionalPrinterColumns:
|
|
- name: domainName
|
|
type: string
|
|
description: Domain name of virtual server resource
|
|
jsonPath: .spec.domainName
|
|
- name: Age
|
|
type: date
|
|
jsonPath: .metadata.creationTimestamp
|
|
- name: CREATED ON
|
|
type: string
|
|
jsonPath: .metadata.creationTimestamp
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: f5-bigip-ctlr
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: f5-bigip-ctlr
|
|
name: ingresslinks.cis.f5.com
|
|
spec:
|
|
group: cis.f5.com
|
|
names:
|
|
kind: IngressLink
|
|
shortNames:
|
|
- il
|
|
singular: ingresslink
|
|
plural: ingresslinks
|
|
scope: Namespaced
|
|
versions:
|
|
-
|
|
name: v1
|
|
served: true
|
|
storage: true
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
spec:
|
|
type: object
|
|
properties:
|
|
partition:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+[-A-z0-9_.]+$'
|
|
virtualServerAddress:
|
|
type: string
|
|
pattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$'
|
|
host:
|
|
type: string
|
|
pattern: '^(([a-zA-Z0-9\*]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$'
|
|
ipamLabel:
|
|
type: string
|
|
pattern: '^[a-zA-Z]+[-A-z0-9_.:]+[A-z0-9]+$'
|
|
iRules:
|
|
type: array
|
|
items:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
selector:
|
|
properties:
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
status:
|
|
type: object
|
|
properties:
|
|
vsAddress:
|
|
type: string
|
|
additionalPrinterColumns:
|
|
- name: IPAMVSAddress
|
|
type: string
|
|
description: IP address of virtualServer
|
|
jsonPath: .status.vsAddress
|
|
- name: Age
|
|
type: date
|
|
jsonPath: .metadata.creationTimestamp
|
|
subresources:
|
|
status: { }
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/instance: f5-bigip-ctlr
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: f5-bigip-ctlr
|
|
name: policies.cis.f5.com
|
|
spec:
|
|
group: cis.f5.com
|
|
names:
|
|
kind: Policy
|
|
shortNames:
|
|
- plc
|
|
singular: policy
|
|
plural: policies
|
|
scope: Namespaced
|
|
versions:
|
|
-
|
|
name: v1
|
|
served: true
|
|
storage: true
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
spec:
|
|
type: object
|
|
properties:
|
|
l7Policies:
|
|
type: object
|
|
properties:
|
|
waf:
|
|
type: string
|
|
pattern: '^\/([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$'
|
|
l3Policies:
|
|
type: object
|
|
properties:
|
|
dos:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
botDefense:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
firewallPolicy:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$'
|
|
ipIntelligencePolicy:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
allowSourceRange:
|
|
items:
|
|
type: string
|
|
type: array
|
|
allowVlans:
|
|
items:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)*([A-z0-9-_.\s]+\/?)*$'
|
|
type: array
|
|
ltmPolicies:
|
|
type: object
|
|
properties:
|
|
insecure:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([-A-z0-9_+:]+\/)+([A-z0-9]+\/?)*$'
|
|
secure:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([-A-z0-9_+:]+\/)+([A-z0-9]+\/?)*$'
|
|
priority:
|
|
type: string
|
|
enum: [low, high]
|
|
iRules:
|
|
type: object
|
|
properties:
|
|
insecure:
|
|
type: string
|
|
pattern: '^none$|^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
secure:
|
|
type: string
|
|
pattern: '^none$|^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
priority:
|
|
type: string
|
|
enum: [ low, high ]
|
|
iRuleList:
|
|
type: array
|
|
items:
|
|
type: string
|
|
pattern: '^none$|^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
profiles:
|
|
type: object
|
|
properties:
|
|
tcp:
|
|
type: object
|
|
properties:
|
|
client:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
server:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
udp:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
http:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
http2:
|
|
type: object
|
|
properties:
|
|
client:
|
|
type: string
|
|
pattern: '^\/([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
server:
|
|
type: string
|
|
pattern: '^\/([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
persistenceProfile:
|
|
type: string
|
|
pattern: '^\/?[a-zA-Z]+([-A-z0-9_+]+\/)*([-A-z0-9_.:]+\/?)*$'
|
|
profileL4:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
profileWebSocket:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
profileMultiplex:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
rewriteProfile:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([A-z0-9]+\/?)*$'
|
|
logProfiles:
|
|
items:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)*([-A-z0-9._\s]+\/?)*$'
|
|
type: array
|
|
httpMrfRoutingEnabled:
|
|
type: boolean
|
|
sslProfiles:
|
|
type: object
|
|
properties:
|
|
clientProfiles:
|
|
items:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
type: array
|
|
serverProfiles:
|
|
items:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
type: array
|
|
analyticsProfiles:
|
|
type: object
|
|
properties:
|
|
http:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
htmlProfile:
|
|
type: string
|
|
pattern: '^\/[a-zA-Z]+([A-z0-9-_+]+\/)+([-A-z0-9_.:]+\/?)*$'
|
|
autoLastHop:
|
|
type: string
|
|
enum: [ default, auto, disable ]
|
|
snat:
|
|
type: string
|
|
pattern: '^$|^\/?[a-zA-Z]+([-A-z0-9_+]+\/)*([-A-z0-9_.:]+\/?)+$'
|
|
poolSettings:
|
|
type: object
|
|
properties:
|
|
reselectTries:
|
|
type: integer
|
|
minimum: 0
|
|
maximum: 65535
|
|
serviceDownAction:
|
|
type: string
|
|
slowRampTime:
|
|
type: integer
|
|
minimum: 0
|
|
maximum: 900
|
|
multiPoolPersistence:
|
|
type: object
|
|
properties:
|
|
method:
|
|
type: string
|
|
enum: [ uieSourceAddress, hashSourceAddress ]
|
|
timeOut:
|
|
type: integer
|
|
minimum: 1
|
|
default: 180
|