@robinmordasiewicz/f5xc-terraform-mcp 2.4.5 → 2.4.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/docs/resources/addon_subscription.md +5 -5
- package/dist/docs/resources/address_allocator.md +3 -3
- package/dist/docs/resources/advertise_policy.md +39 -39
- package/dist/docs/resources/alert_policy.md +6 -6
- package/dist/docs/resources/alert_receiver.md +57 -57
- package/dist/docs/resources/api_crawler.md +9 -9
- package/dist/docs/resources/api_testing.md +40 -40
- package/dist/docs/resources/apm.md +320 -320
- package/dist/docs/resources/app_api_group.md +10 -10
- package/dist/docs/resources/app_firewall.md +36 -36
- package/dist/docs/resources/app_setting.md +46 -46
- package/dist/docs/resources/app_type.md +3 -3
- package/dist/docs/resources/authentication.md +30 -30
- package/dist/docs/resources/aws_tgw_site.md +184 -184
- package/dist/docs/resources/aws_vpc_site.md +296 -296
- package/dist/docs/resources/azure_vnet_site.md +677 -677
- package/dist/docs/resources/bgp.md +20 -20
- package/dist/docs/resources/bgp_routing_policy.md +4 -4
- package/dist/docs/resources/cdn_cache_rule.md +68 -68
- package/dist/docs/resources/cdn_loadbalancer.md +1166 -1166
- package/dist/docs/resources/certificate.md +4 -4
- package/dist/docs/resources/cloud_connect.md +35 -35
- package/dist/docs/resources/cloud_credentials.md +37 -37
- package/dist/docs/resources/cloud_link.md +16 -16
- package/dist/docs/resources/cluster.md +68 -68
- package/dist/docs/resources/cminstance.md +6 -6
- package/dist/docs/resources/code_base_integration.md +82 -82
- package/dist/docs/resources/container_registry.md +2 -2
- package/dist/docs/resources/data_type.md +12 -12
- package/dist/docs/resources/discovery.md +71 -71
- package/dist/docs/resources/dns_lb_health_check.md +5 -5
- package/dist/docs/resources/dns_load_balancer.md +25 -25
- package/dist/docs/resources/dns_zone.md +144 -144
- package/dist/docs/resources/endpoint.md +1 -1
- package/dist/docs/resources/enhanced_firewall_policy.md +33 -33
- package/dist/docs/resources/external_connector.md +32 -32
- package/dist/docs/resources/fast_acl.md +59 -59
- package/dist/docs/resources/fast_acl_rule.md +2 -2
- package/dist/docs/resources/filter_set.md +3 -3
- package/dist/docs/resources/fleet.md +359 -359
- package/dist/docs/resources/forward_proxy_policy.md +18 -18
- package/dist/docs/resources/gcp_vpc_site.md +280 -280
- package/dist/docs/resources/geo_location_set.md +1 -1
- package/dist/docs/resources/global_log_receiver.md +216 -216
- package/dist/docs/resources/healthcheck.md +2 -2
- package/dist/docs/resources/http_loadbalancer.md +2190 -2190
- package/dist/docs/resources/infraprotect_tunnel.md +9 -9
- package/dist/docs/resources/k8s_cluster.md +39 -39
- package/dist/docs/resources/k8s_cluster_role.md +10 -10
- package/dist/docs/resources/k8s_pod_security_policy.md +9 -9
- package/dist/docs/resources/log_receiver.md +11 -11
- package/dist/docs/resources/malicious_user_mitigation.md +4 -4
- package/dist/docs/resources/nat_policy.md +22 -22
- package/dist/docs/resources/network_connector.md +37 -37
- package/dist/docs/resources/network_firewall.md +15 -15
- package/dist/docs/resources/network_interface.md +78 -78
- package/dist/docs/resources/network_policy.md +21 -21
- package/dist/docs/resources/network_policy_view.md +7 -7
- package/dist/docs/resources/nfv_service.md +306 -306
- package/dist/docs/resources/oidc_provider.md +1 -1
- package/dist/docs/resources/origin_pool.md +151 -151
- package/dist/docs/resources/policy_based_routing.md +71 -71
- package/dist/docs/resources/protocol_inspection.md +8 -8
- package/dist/docs/resources/proxy.md +401 -401
- package/dist/docs/resources/rate_limiter_policy.md +4 -4
- package/dist/docs/resources/registration.md +1 -1
- package/dist/docs/resources/route.md +155 -155
- package/dist/docs/resources/secret_management_access.md +103 -103
- package/dist/docs/resources/secret_policy.md +7 -7
- package/dist/docs/resources/securemesh_site.md +274 -274
- package/dist/docs/resources/securemesh_site_v2.md +940 -940
- package/dist/docs/resources/sensitive_data_policy.md +3 -3
- package/dist/docs/resources/service_policy.md +154 -154
- package/dist/docs/resources/service_policy_rule.md +51 -51
- package/dist/docs/resources/subnet.md +7 -7
- package/dist/docs/resources/tcp_loadbalancer.md +138 -138
- package/dist/docs/resources/tenant_configuration.md +1 -1
- package/dist/docs/resources/ticket_tracking_system.md +2 -2
- package/dist/docs/resources/tunnel.md +16 -16
- package/dist/docs/resources/udp_loadbalancer.md +56 -56
- package/dist/docs/resources/virtual_host.md +146 -146
- package/dist/docs/resources/virtual_network.md +7 -7
- package/dist/docs/resources/voltshare_admin_policy.md +22 -22
- package/dist/docs/resources/voltstack_site.md +778 -778
- package/dist/docs/resources/waf_exclusion_policy.md +22 -22
- package/dist/docs/resources/workload.md +2226 -2226
- package/package.json +1 -1
|
@@ -143,7 +143,7 @@ A [`policies`](#active-service-policies-policies) block (within [`active_service
|
|
|
143
143
|
|
|
144
144
|
<a id="active-service-policies-policies-name"></a>• [`name`](#active-service-policies-policies-name) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
145
145
|
|
|
146
|
-
<a id="
|
|
146
|
+
<a id="namespace-df0e5f"></a>• [`namespace`](#namespace-df0e5f) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
147
147
|
|
|
148
148
|
<a id="active-service-policies-policies-tenant"></a>• [`tenant`](#active-service-policies-policies-tenant) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
149
149
|
|
|
@@ -157,149 +157,149 @@ An [`advertise_custom`](#advertise-custom) block supports the following:
|
|
|
157
157
|
|
|
158
158
|
An [`advertise_where`](#advertise-custom-advertise-where) block (within [`advertise_custom`](#advertise-custom)) supports the following:
|
|
159
159
|
|
|
160
|
-
<a id="
|
|
160
|
+
<a id="public-618a99"></a>• [`advertise_on_public`](#public-618a99) - Optional Block<br>Advertise Public. This defines a way to advertise a load balancer on public. If optional public_ip is provided, it will only be advertised on RE sites where that public_ip is available<br>See [Advertise On Public](#public-618a99) below.
|
|
161
161
|
|
|
162
162
|
<a id="advertise-custom-advertise-where-port"></a>• [`port`](#advertise-custom-advertise-where-port) - Optional Number<br>Listen Port. Port to Listen
|
|
163
163
|
|
|
164
|
-
<a id="
|
|
164
|
+
<a id="ranges-7cbec3"></a>• [`port_ranges`](#ranges-7cbec3) - Optional String<br>Listen Port Ranges. A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by '-'
|
|
165
165
|
|
|
166
166
|
<a id="advertise-custom-advertise-where-site"></a>• [`site`](#advertise-custom-advertise-where-site) - Optional Block<br>Site. This defines a reference to a CE site along with network type and an optional IP address where a load balancer could be advertised<br>See [Site](#advertise-custom-advertise-where-site) below.
|
|
167
167
|
|
|
168
|
-
<a id="
|
|
168
|
+
<a id="port-b19c4f"></a>• [`use_default_port`](#port-b19c4f) - Optional Block<br>Enable this option
|
|
169
169
|
|
|
170
|
-
<a id="
|
|
170
|
+
<a id="network-a20be3"></a>• [`virtual_network`](#network-a20be3) - Optional Block<br>Virtual Network. Parameters to advertise on a given virtual network<br>See [Virtual Network](#network-a20be3) below.
|
|
171
171
|
|
|
172
|
-
<a id="
|
|
172
|
+
<a id="site-5d39fd"></a>• [`virtual_site`](#site-5d39fd) - Optional Block<br>Virtual Site. This defines a reference to a customer site virtual site along with network type where a load balancer could be advertised<br>See [Virtual Site](#site-5d39fd) below.
|
|
173
173
|
|
|
174
|
-
<a id="
|
|
174
|
+
<a id="vip-870b0b"></a>• [`virtual_site_with_vip`](#vip-870b0b) - Optional Block<br>Virtual Site with Specified VIP. This defines a reference to a customer site virtual site along with network type and IP where a load balancer could be advertised<br>See [Virtual Site With VIP](#vip-870b0b) below.
|
|
175
175
|
|
|
176
|
-
<a id="
|
|
176
|
+
<a id="service-1fdc7a"></a>• [`vk8s_service`](#service-1fdc7a) - Optional Block<br>vK8s Services on RE. This defines a reference to a RE site or virtual site where a load balancer could be advertised in the vK8s service network<br>See [Vk8s Service](#service-1fdc7a) below.
|
|
177
177
|
|
|
178
178
|
#### Advertise Custom Advertise Where Advertise On Public
|
|
179
179
|
|
|
180
|
-
An [`advertise_on_public`](#
|
|
180
|
+
An [`advertise_on_public`](#public-618a99) block (within [`advertise_custom.advertise_where`](#advertise-custom-advertise-where)) supports the following:
|
|
181
181
|
|
|
182
|
-
<a id="
|
|
182
|
+
<a id="public-ip-d10b09"></a>• [`public_ip`](#public-ip-d10b09) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Public IP](#public-ip-d10b09) below.
|
|
183
183
|
|
|
184
184
|
#### Advertise Custom Advertise Where Advertise On Public Public IP
|
|
185
185
|
|
|
186
|
-
A [`public_ip`](#
|
|
186
|
+
A [`public_ip`](#public-ip-d10b09) block (within [`advertise_custom.advertise_where.advertise_on_public`](#public-618a99)) supports the following:
|
|
187
187
|
|
|
188
|
-
<a id="
|
|
188
|
+
<a id="name-4126f8"></a>• [`name`](#name-4126f8) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
189
189
|
|
|
190
|
-
<a id="
|
|
190
|
+
<a id="namespace-edf1ff"></a>• [`namespace`](#namespace-edf1ff) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
191
191
|
|
|
192
|
-
<a id="
|
|
192
|
+
<a id="tenant-ac4633"></a>• [`tenant`](#tenant-ac4633) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
193
193
|
|
|
194
194
|
#### Advertise Custom Advertise Where Site
|
|
195
195
|
|
|
196
196
|
A [`site`](#advertise-custom-advertise-where-site) block (within [`advertise_custom.advertise_where`](#advertise-custom-advertise-where)) supports the following:
|
|
197
197
|
|
|
198
|
-
<a id="
|
|
198
|
+
<a id="site-ip-78faa1"></a>• [`ip`](#site-ip-78faa1) - Optional String<br>IP Address. Use given IP address as VIP on the site
|
|
199
199
|
|
|
200
|
-
<a id="
|
|
200
|
+
<a id="network-5811a4"></a>• [`network`](#network-5811a4) - Optional String Defaults to `SITE_NETWORK_INSIDE_AND_OUTSIDE`<br>Possible values are `SITE_NETWORK_INSIDE_AND_OUTSIDE`, `SITE_NETWORK_INSIDE`, `SITE_NETWORK_OUTSIDE`, `SITE_NETWORK_SERVICE`, `SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP`, `SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP`, `SITE_NETWORK_IP_FABRIC`<br>[Enum: SITE_NETWORK_INSIDE_AND_OUTSIDE|SITE_NETWORK_INSIDE|SITE_NETWORK_OUTSIDE|SITE_NETWORK_SERVICE|SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_IP_FABRIC] Site Network. This defines network types to be used on site All inside and outside networks. All inside and outside networks with internet VIP support. All inside networks. All outside networks. All outside networks with internet VIP support. vK8s service network. - SITE_NETWORK_IP_FABRIC: VER IP Fabric network for the site This Virtual network type is used for exposing virtual host on IP Fabric network on the VER site or for endpoint in IP Fabric network
|
|
201
201
|
|
|
202
|
-
<a id="
|
|
202
|
+
<a id="site-7ecf1d"></a>• [`site`](#site-7ecf1d) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Site](#site-7ecf1d) below.
|
|
203
203
|
|
|
204
204
|
#### Advertise Custom Advertise Where Site Site
|
|
205
205
|
|
|
206
|
-
A [`site`](#
|
|
206
|
+
A [`site`](#site-7ecf1d) block (within [`advertise_custom.advertise_where.site`](#advertise-custom-advertise-where-site)) supports the following:
|
|
207
207
|
|
|
208
|
-
<a id="
|
|
208
|
+
<a id="name-201d26"></a>• [`name`](#name-201d26) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
209
209
|
|
|
210
|
-
<a id="
|
|
210
|
+
<a id="namespace-c3f40d"></a>• [`namespace`](#namespace-c3f40d) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
211
211
|
|
|
212
|
-
<a id="
|
|
212
|
+
<a id="tenant-8a632a"></a>• [`tenant`](#tenant-8a632a) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
213
213
|
|
|
214
214
|
#### Advertise Custom Advertise Where Virtual Network
|
|
215
215
|
|
|
216
|
-
A [`virtual_network`](#
|
|
216
|
+
A [`virtual_network`](#network-a20be3) block (within [`advertise_custom.advertise_where`](#advertise-custom-advertise-where)) supports the following:
|
|
217
217
|
|
|
218
|
-
<a id="
|
|
218
|
+
<a id="vip-26d874"></a>• [`default_v6_vip`](#vip-26d874) - Optional Block<br>Enable this option
|
|
219
219
|
|
|
220
|
-
<a id="
|
|
220
|
+
<a id="vip-c51931"></a>• [`default_vip`](#vip-c51931) - Optional Block<br>Enable this option
|
|
221
221
|
|
|
222
|
-
<a id="
|
|
222
|
+
<a id="vip-bb67d7"></a>• [`specific_v6_vip`](#vip-bb67d7) - Optional String<br>Specific V6 VIP. Use given IPv6 address as VIP on virtual Network
|
|
223
223
|
|
|
224
|
-
<a id="
|
|
224
|
+
<a id="vip-943090"></a>• [`specific_vip`](#vip-943090) - Optional String<br>Specific V4 VIP. Use given IPv4 address as VIP on virtual Network
|
|
225
225
|
|
|
226
|
-
<a id="
|
|
226
|
+
<a id="network-bff334"></a>• [`virtual_network`](#network-bff334) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Virtual Network](#network-bff334) below.
|
|
227
227
|
|
|
228
228
|
#### Advertise Custom Advertise Where Virtual Network Virtual Network
|
|
229
229
|
|
|
230
|
-
A [`virtual_network`](#
|
|
230
|
+
A [`virtual_network`](#network-bff334) block (within [`advertise_custom.advertise_where.virtual_network`](#network-a20be3)) supports the following:
|
|
231
231
|
|
|
232
|
-
<a id="
|
|
232
|
+
<a id="name-5596bc"></a>• [`name`](#name-5596bc) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
233
233
|
|
|
234
|
-
<a id="
|
|
234
|
+
<a id="namespace-030577"></a>• [`namespace`](#namespace-030577) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
235
235
|
|
|
236
|
-
<a id="
|
|
236
|
+
<a id="tenant-72f925"></a>• [`tenant`](#tenant-72f925) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
237
237
|
|
|
238
238
|
#### Advertise Custom Advertise Where Virtual Site
|
|
239
239
|
|
|
240
|
-
A [`virtual_site`](#
|
|
240
|
+
A [`virtual_site`](#site-5d39fd) block (within [`advertise_custom.advertise_where`](#advertise-custom-advertise-where)) supports the following:
|
|
241
241
|
|
|
242
|
-
<a id="
|
|
242
|
+
<a id="network-15aca4"></a>• [`network`](#network-15aca4) - Optional String Defaults to `SITE_NETWORK_INSIDE_AND_OUTSIDE`<br>Possible values are `SITE_NETWORK_INSIDE_AND_OUTSIDE`, `SITE_NETWORK_INSIDE`, `SITE_NETWORK_OUTSIDE`, `SITE_NETWORK_SERVICE`, `SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP`, `SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP`, `SITE_NETWORK_IP_FABRIC`<br>[Enum: SITE_NETWORK_INSIDE_AND_OUTSIDE|SITE_NETWORK_INSIDE|SITE_NETWORK_OUTSIDE|SITE_NETWORK_SERVICE|SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_IP_FABRIC] Site Network. This defines network types to be used on site All inside and outside networks. All inside and outside networks with internet VIP support. All inside networks. All outside networks. All outside networks with internet VIP support. vK8s service network. - SITE_NETWORK_IP_FABRIC: VER IP Fabric network for the site This Virtual network type is used for exposing virtual host on IP Fabric network on the VER site or for endpoint in IP Fabric network
|
|
243
243
|
|
|
244
|
-
<a id="
|
|
244
|
+
<a id="site-04fd53"></a>• [`virtual_site`](#site-04fd53) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Virtual Site](#site-04fd53) below.
|
|
245
245
|
|
|
246
246
|
#### Advertise Custom Advertise Where Virtual Site Virtual Site
|
|
247
247
|
|
|
248
|
-
A [`virtual_site`](#
|
|
248
|
+
A [`virtual_site`](#site-04fd53) block (within [`advertise_custom.advertise_where.virtual_site`](#site-5d39fd)) supports the following:
|
|
249
249
|
|
|
250
|
-
<a id="
|
|
250
|
+
<a id="name-b7ccc7"></a>• [`name`](#name-b7ccc7) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
251
251
|
|
|
252
|
-
<a id="
|
|
252
|
+
<a id="namespace-a4ffcf"></a>• [`namespace`](#namespace-a4ffcf) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
253
253
|
|
|
254
|
-
<a id="
|
|
254
|
+
<a id="tenant-637b28"></a>• [`tenant`](#tenant-637b28) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
255
255
|
|
|
256
256
|
#### Advertise Custom Advertise Where Virtual Site With VIP
|
|
257
257
|
|
|
258
|
-
A [`virtual_site_with_vip`](#
|
|
258
|
+
A [`virtual_site_with_vip`](#vip-870b0b) block (within [`advertise_custom.advertise_where`](#advertise-custom-advertise-where)) supports the following:
|
|
259
259
|
|
|
260
|
-
<a id="
|
|
260
|
+
<a id="vip-ip-4850ab"></a>• [`ip`](#vip-ip-4850ab) - Optional String<br>IP Address. Use given IP address as VIP on the site
|
|
261
261
|
|
|
262
|
-
<a id="
|
|
262
|
+
<a id="network-8b2765"></a>• [`network`](#network-8b2765) - Optional String Defaults to `SITE_NETWORK_SPECIFIED_VIP_OUTSIDE`<br>Possible values are `SITE_NETWORK_SPECIFIED_VIP_OUTSIDE`, `SITE_NETWORK_SPECIFIED_VIP_INSIDE`<br>[Enum: SITE_NETWORK_SPECIFIED_VIP_OUTSIDE|SITE_NETWORK_SPECIFIED_VIP_INSIDE] Site Network. This defines network types to be used on virtual-site with specified VIP All outside networks. All inside networks
|
|
263
263
|
|
|
264
|
-
<a id="
|
|
264
|
+
<a id="site-ac753e"></a>• [`virtual_site`](#site-ac753e) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Virtual Site](#site-ac753e) below.
|
|
265
265
|
|
|
266
266
|
#### Advertise Custom Advertise Where Virtual Site With VIP Virtual Site
|
|
267
267
|
|
|
268
|
-
A [`virtual_site`](#
|
|
268
|
+
A [`virtual_site`](#site-ac753e) block (within [`advertise_custom.advertise_where.virtual_site_with_vip`](#vip-870b0b)) supports the following:
|
|
269
269
|
|
|
270
|
-
<a id="
|
|
270
|
+
<a id="name-5f7f0d"></a>• [`name`](#name-5f7f0d) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
271
271
|
|
|
272
|
-
<a id="
|
|
272
|
+
<a id="namespace-414bc8"></a>• [`namespace`](#namespace-414bc8) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
273
273
|
|
|
274
|
-
<a id="
|
|
274
|
+
<a id="tenant-130ed4"></a>• [`tenant`](#tenant-130ed4) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
275
275
|
|
|
276
276
|
#### Advertise Custom Advertise Where Vk8s Service
|
|
277
277
|
|
|
278
|
-
A [`vk8s_service`](#
|
|
278
|
+
A [`vk8s_service`](#service-1fdc7a) block (within [`advertise_custom.advertise_where`](#advertise-custom-advertise-where)) supports the following:
|
|
279
279
|
|
|
280
|
-
<a id="
|
|
280
|
+
<a id="site-ec8d32"></a>• [`site`](#site-ec8d32) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Site](#site-ec8d32) below.
|
|
281
281
|
|
|
282
|
-
<a id="
|
|
282
|
+
<a id="site-5fcbf9"></a>• [`virtual_site`](#site-5fcbf9) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Virtual Site](#site-5fcbf9) below.
|
|
283
283
|
|
|
284
284
|
#### Advertise Custom Advertise Where Vk8s Service Site
|
|
285
285
|
|
|
286
|
-
A [`site`](#
|
|
286
|
+
A [`site`](#site-ec8d32) block (within [`advertise_custom.advertise_where.vk8s_service`](#service-1fdc7a)) supports the following:
|
|
287
287
|
|
|
288
|
-
<a id="
|
|
288
|
+
<a id="name-950776"></a>• [`name`](#name-950776) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
289
289
|
|
|
290
|
-
<a id="
|
|
290
|
+
<a id="namespace-1faf25"></a>• [`namespace`](#namespace-1faf25) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
291
291
|
|
|
292
|
-
<a id="
|
|
292
|
+
<a id="tenant-98cf6a"></a>• [`tenant`](#tenant-98cf6a) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
293
293
|
|
|
294
294
|
#### Advertise Custom Advertise Where Vk8s Service Virtual Site
|
|
295
295
|
|
|
296
|
-
A [`virtual_site`](#
|
|
296
|
+
A [`virtual_site`](#site-5fcbf9) block (within [`advertise_custom.advertise_where.vk8s_service`](#service-1fdc7a)) supports the following:
|
|
297
297
|
|
|
298
|
-
<a id="
|
|
298
|
+
<a id="name-1cf7c0"></a>• [`name`](#name-1cf7c0) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
299
299
|
|
|
300
|
-
<a id="
|
|
300
|
+
<a id="namespace-3dbb7e"></a>• [`namespace`](#namespace-3dbb7e) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
301
301
|
|
|
302
|
-
<a id="
|
|
302
|
+
<a id="tenant-38ddda"></a>• [`tenant`](#tenant-38ddda) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
303
303
|
|
|
304
304
|
#### Advertise On Public
|
|
305
305
|
|
|
@@ -387,77 +387,77 @@ A [`tls_cert_params`](#tls-tcp-tls-cert-params) block (within [`tls_tcp`](#tls-t
|
|
|
387
387
|
|
|
388
388
|
A [`certificates`](#tls-tcp-tls-cert-params-certificates) block (within [`tls_tcp.tls_cert_params`](#tls-tcp-tls-cert-params)) supports the following:
|
|
389
389
|
|
|
390
|
-
<a id="
|
|
390
|
+
<a id="name-e9b502"></a>• [`name`](#name-e9b502) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
391
391
|
|
|
392
|
-
<a id="
|
|
392
|
+
<a id="namespace-19bb2b"></a>• [`namespace`](#namespace-19bb2b) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
393
393
|
|
|
394
|
-
<a id="
|
|
394
|
+
<a id="tenant-6b64b3"></a>• [`tenant`](#tenant-6b64b3) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
395
395
|
|
|
396
396
|
#### TLS TCP TLS Cert Params TLS Config
|
|
397
397
|
|
|
398
398
|
A [`tls_config`](#tls-tcp-tls-cert-params-tls-config) block (within [`tls_tcp.tls_cert_params`](#tls-tcp-tls-cert-params)) supports the following:
|
|
399
399
|
|
|
400
|
-
<a id="
|
|
400
|
+
<a id="security-b4cf97"></a>• [`custom_security`](#security-b4cf97) - Optional Block<br>Custom Ciphers. This defines TLS protocol config including min/max versions and allowed ciphers<br>See [Custom Security](#security-b4cf97) below.
|
|
401
401
|
|
|
402
|
-
<a id="
|
|
402
|
+
<a id="security-f2b15d"></a>• [`default_security`](#security-f2b15d) - Optional Block<br>Enable this option
|
|
403
403
|
|
|
404
|
-
<a id="
|
|
404
|
+
<a id="security-72b87f"></a>• [`low_security`](#security-72b87f) - Optional Block<br>Enable this option
|
|
405
405
|
|
|
406
|
-
<a id="
|
|
406
|
+
<a id="security-06c368"></a>• [`medium_security`](#security-06c368) - Optional Block<br>Enable this option
|
|
407
407
|
|
|
408
408
|
#### TLS TCP TLS Cert Params TLS Config Custom Security
|
|
409
409
|
|
|
410
|
-
A [`custom_security`](#
|
|
410
|
+
A [`custom_security`](#security-b4cf97) block (within [`tls_tcp.tls_cert_params.tls_config`](#tls-tcp-tls-cert-params-tls-config)) supports the following:
|
|
411
411
|
|
|
412
|
-
<a id="
|
|
412
|
+
<a id="suites-e0ab0f"></a>• [`cipher_suites`](#suites-e0ab0f) - Optional List<br>Cipher Suites. The TLS listener will only support the specified cipher list
|
|
413
413
|
|
|
414
|
-
<a id="
|
|
414
|
+
<a id="version-f5b7a8"></a>• [`max_version`](#version-f5b7a8) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
415
415
|
|
|
416
|
-
<a id="
|
|
416
|
+
<a id="version-df2e0f"></a>• [`min_version`](#version-df2e0f) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
417
417
|
|
|
418
418
|
#### TLS TCP TLS Cert Params Use mTLS
|
|
419
419
|
|
|
420
420
|
An [`use_mtls`](#tls-tcp-tls-cert-params-use-mtls) block (within [`tls_tcp.tls_cert_params`](#tls-tcp-tls-cert-params)) supports the following:
|
|
421
421
|
|
|
422
|
-
<a id="
|
|
422
|
+
<a id="optional-0e15db"></a>• [`client_certificate_optional`](#optional-0e15db) - Optional Bool<br>Client Certificate Optional. Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted
|
|
423
423
|
|
|
424
424
|
<a id="tls-tcp-tls-cert-params-use-mtls-crl"></a>• [`crl`](#tls-tcp-tls-cert-params-use-mtls-crl) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [CRL](#tls-tcp-tls-cert-params-use-mtls-crl) below.
|
|
425
425
|
|
|
426
426
|
<a id="tls-tcp-tls-cert-params-use-mtls-no-crl"></a>• [`no_crl`](#tls-tcp-tls-cert-params-use-mtls-no-crl) - Optional Block<br>Enable this option
|
|
427
427
|
|
|
428
|
-
<a id="
|
|
428
|
+
<a id="trusted-ca-902f4f"></a>• [`trusted_ca`](#trusted-ca-902f4f) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Trusted CA](#trusted-ca-902f4f) below.
|
|
429
429
|
|
|
430
|
-
<a id="
|
|
430
|
+
<a id="url-f4f75a"></a>• [`trusted_ca_url`](#url-f4f75a) - Optional String<br>Inline Root CA Certificate (legacy). Upload a Root CA Certificate specifically for this Load Balancer
|
|
431
431
|
|
|
432
|
-
<a id="
|
|
432
|
+
<a id="disabled-2638d6"></a>• [`xfcc_disabled`](#disabled-2638d6) - Optional Block<br>Enable this option
|
|
433
433
|
|
|
434
|
-
<a id="
|
|
434
|
+
<a id="options-ff2b17"></a>• [`xfcc_options`](#options-ff2b17) - Optional Block<br>XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests<br>See [Xfcc Options](#options-ff2b17) below.
|
|
435
435
|
|
|
436
436
|
#### TLS TCP TLS Cert Params Use mTLS CRL
|
|
437
437
|
|
|
438
438
|
A [`crl`](#tls-tcp-tls-cert-params-use-mtls-crl) block (within [`tls_tcp.tls_cert_params.use_mtls`](#tls-tcp-tls-cert-params-use-mtls)) supports the following:
|
|
439
439
|
|
|
440
|
-
<a id="
|
|
440
|
+
<a id="name-bc9a84"></a>• [`name`](#name-bc9a84) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
441
441
|
|
|
442
|
-
<a id="
|
|
442
|
+
<a id="namespace-eda25e"></a>• [`namespace`](#namespace-eda25e) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
443
443
|
|
|
444
|
-
<a id="
|
|
444
|
+
<a id="tenant-e6ad1f"></a>• [`tenant`](#tenant-e6ad1f) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
445
445
|
|
|
446
446
|
#### TLS TCP TLS Cert Params Use mTLS Trusted CA
|
|
447
447
|
|
|
448
|
-
A [`trusted_ca`](#
|
|
448
|
+
A [`trusted_ca`](#trusted-ca-902f4f) block (within [`tls_tcp.tls_cert_params.use_mtls`](#tls-tcp-tls-cert-params-use-mtls)) supports the following:
|
|
449
449
|
|
|
450
|
-
<a id="
|
|
450
|
+
<a id="name-4dc4bb"></a>• [`name`](#name-4dc4bb) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
451
451
|
|
|
452
|
-
<a id="
|
|
452
|
+
<a id="namespace-4a81e5"></a>• [`namespace`](#namespace-4a81e5) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
453
453
|
|
|
454
|
-
<a id="
|
|
454
|
+
<a id="tenant-0f92ae"></a>• [`tenant`](#tenant-0f92ae) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
455
455
|
|
|
456
456
|
#### TLS TCP TLS Cert Params Use mTLS Xfcc Options
|
|
457
457
|
|
|
458
|
-
A [`xfcc_options`](#
|
|
458
|
+
A [`xfcc_options`](#options-ff2b17) block (within [`tls_tcp.tls_cert_params.use_mtls`](#tls-tcp-tls-cert-params-use-mtls)) supports the following:
|
|
459
459
|
|
|
460
|
-
<a id="
|
|
460
|
+
<a id="elements-c613bc"></a>• [`xfcc_header_elements`](#elements-c613bc) - Optional List Defaults to `XFCC_NONE`<br>Possible values are `XFCC_NONE`, `XFCC_CERT`, `XFCC_CHAIN`, `XFCC_SUBJECT`, `XFCC_URI`, `XFCC_DNS`<br>[Enum: XFCC_NONE|XFCC_CERT|XFCC_CHAIN|XFCC_SUBJECT|XFCC_URI|XFCC_DNS] XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests
|
|
461
461
|
|
|
462
462
|
#### TLS TCP TLS Parameters
|
|
463
463
|
|
|
@@ -475,115 +475,115 @@ A [`tls_parameters`](#tls-tcp-tls-parameters) block (within [`tls_tcp`](#tls-tcp
|
|
|
475
475
|
|
|
476
476
|
A [`tls_certificates`](#tls-tcp-tls-parameters-tls-certificates) block (within [`tls_tcp.tls_parameters`](#tls-tcp-tls-parameters)) supports the following:
|
|
477
477
|
|
|
478
|
-
<a id="
|
|
478
|
+
<a id="url-0d247f"></a>• [`certificate_url`](#url-0d247f) - Optional String<br>Certificate. TLS certificate. Certificate or certificate chain in PEM format including the PEM headers
|
|
479
479
|
|
|
480
|
-
<a id="
|
|
480
|
+
<a id="algorithms-44739b"></a>• [`custom_hash_algorithms`](#algorithms-44739b) - Optional Block<br>Hash Algorithms. Specifies the hash algorithms to be used<br>See [Custom Hash Algorithms](#algorithms-44739b) below.
|
|
481
481
|
|
|
482
|
-
<a id="
|
|
482
|
+
<a id="spec-b5de95"></a>• [`description_spec`](#spec-b5de95) - Optional String<br>Description. Description for the certificate
|
|
483
483
|
|
|
484
|
-
<a id="
|
|
484
|
+
<a id="stapling-0ce8b2"></a>• [`disable_ocsp_stapling`](#stapling-0ce8b2) - Optional Block<br>Enable this option
|
|
485
485
|
|
|
486
|
-
<a id="
|
|
486
|
+
<a id="key-d0a2da"></a>• [`private_key`](#key-d0a2da) - Optional Block<br>Secret. SecretType is used in an object to indicate a sensitive/confidential field<br>See [Private Key](#key-d0a2da) below.
|
|
487
487
|
|
|
488
|
-
<a id="
|
|
488
|
+
<a id="defaults-304c9b"></a>• [`use_system_defaults`](#defaults-304c9b) - Optional Block<br>Enable this option
|
|
489
489
|
|
|
490
490
|
#### TLS TCP TLS Parameters TLS Certificates Custom Hash Algorithms
|
|
491
491
|
|
|
492
|
-
A [`custom_hash_algorithms`](#
|
|
492
|
+
A [`custom_hash_algorithms`](#algorithms-44739b) block (within [`tls_tcp.tls_parameters.tls_certificates`](#tls-tcp-tls-parameters-tls-certificates)) supports the following:
|
|
493
493
|
|
|
494
|
-
<a id="
|
|
494
|
+
<a id="algorithms-2a046f"></a>• [`hash_algorithms`](#algorithms-2a046f) - Optional List Defaults to `INVALID_HASH_ALGORITHM`<br>Possible values are `INVALID_HASH_ALGORITHM`, `SHA256`, `SHA1`<br>[Enum: INVALID_HASH_ALGORITHM|SHA256|SHA1] Hash Algorithms. Ordered list of hash algorithms to be used
|
|
495
495
|
|
|
496
496
|
#### TLS TCP TLS Parameters TLS Certificates Private Key
|
|
497
497
|
|
|
498
|
-
A [`private_key`](#
|
|
498
|
+
A [`private_key`](#key-d0a2da) block (within [`tls_tcp.tls_parameters.tls_certificates`](#tls-tcp-tls-parameters-tls-certificates)) supports the following:
|
|
499
499
|
|
|
500
|
-
<a id="
|
|
500
|
+
<a id="info-a21c19"></a>• [`blindfold_secret_info`](#info-a21c19) - Optional Block<br>Blindfold Secret. BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management<br>See [Blindfold Secret Info](#info-a21c19) below.
|
|
501
501
|
|
|
502
|
-
<a id="
|
|
502
|
+
<a id="info-58d186"></a>• [`clear_secret_info`](#info-58d186) - Optional Block<br>In-Clear Secret. ClearSecretInfoType specifies information about the Secret that is not encrypted<br>See [Clear Secret Info](#info-58d186) below.
|
|
503
503
|
|
|
504
504
|
#### TLS TCP TLS Parameters TLS Certificates Private Key Blindfold Secret Info
|
|
505
505
|
|
|
506
|
-
A [`blindfold_secret_info`](#
|
|
506
|
+
A [`blindfold_secret_info`](#info-a21c19) block (within [`tls_tcp.tls_parameters.tls_certificates.private_key`](#key-d0a2da)) supports the following:
|
|
507
507
|
|
|
508
|
-
<a id="
|
|
508
|
+
<a id="provider-5f8f5b"></a>• [`decryption_provider`](#provider-5f8f5b) - Optional String<br>Decryption Provider. Name of the Secret Management Access object that contains information about the backend Secret Management service
|
|
509
509
|
|
|
510
|
-
<a id="
|
|
510
|
+
<a id="location-8a9dd4"></a>• [`location`](#location-8a9dd4) - Optional String<br>Location. Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
|
|
511
511
|
|
|
512
|
-
<a id="
|
|
512
|
+
<a id="provider-fcca21"></a>• [`store_provider`](#provider-fcca21) - Optional String<br>Store Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
513
513
|
|
|
514
514
|
#### TLS TCP TLS Parameters TLS Certificates Private Key Clear Secret Info
|
|
515
515
|
|
|
516
|
-
A [`clear_secret_info`](#
|
|
516
|
+
A [`clear_secret_info`](#info-58d186) block (within [`tls_tcp.tls_parameters.tls_certificates.private_key`](#key-d0a2da)) supports the following:
|
|
517
517
|
|
|
518
|
-
<a id="
|
|
518
|
+
<a id="ref-2a4095"></a>• [`provider_ref`](#ref-2a4095) - Optional String<br>Provider. Name of the Secret Management Access object that contains information about the store to get encrypted bytes This field needs to be provided only if the URL scheme is not string:///
|
|
519
519
|
|
|
520
|
-
<a id="
|
|
520
|
+
<a id="url-7c0786"></a>• [`url`](#url-7c0786) - Optional String<br>URL. URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will get Secret bytes after Base64 decoding
|
|
521
521
|
|
|
522
522
|
#### TLS TCP TLS Parameters TLS Config
|
|
523
523
|
|
|
524
524
|
A [`tls_config`](#tls-tcp-tls-parameters-tls-config) block (within [`tls_tcp.tls_parameters`](#tls-tcp-tls-parameters)) supports the following:
|
|
525
525
|
|
|
526
|
-
<a id="
|
|
526
|
+
<a id="security-101a5b"></a>• [`custom_security`](#security-101a5b) - Optional Block<br>Custom Ciphers. This defines TLS protocol config including min/max versions and allowed ciphers<br>See [Custom Security](#security-101a5b) below.
|
|
527
527
|
|
|
528
|
-
<a id="
|
|
528
|
+
<a id="security-1217a9"></a>• [`default_security`](#security-1217a9) - Optional Block<br>Enable this option
|
|
529
529
|
|
|
530
|
-
<a id="
|
|
530
|
+
<a id="security-629199"></a>• [`low_security`](#security-629199) - Optional Block<br>Enable this option
|
|
531
531
|
|
|
532
|
-
<a id="
|
|
532
|
+
<a id="security-12bbb1"></a>• [`medium_security`](#security-12bbb1) - Optional Block<br>Enable this option
|
|
533
533
|
|
|
534
534
|
#### TLS TCP TLS Parameters TLS Config Custom Security
|
|
535
535
|
|
|
536
|
-
A [`custom_security`](#
|
|
536
|
+
A [`custom_security`](#security-101a5b) block (within [`tls_tcp.tls_parameters.tls_config`](#tls-tcp-tls-parameters-tls-config)) supports the following:
|
|
537
537
|
|
|
538
|
-
<a id="
|
|
538
|
+
<a id="suites-4a5055"></a>• [`cipher_suites`](#suites-4a5055) - Optional List<br>Cipher Suites. The TLS listener will only support the specified cipher list
|
|
539
539
|
|
|
540
|
-
<a id="
|
|
540
|
+
<a id="version-7b5818"></a>• [`max_version`](#version-7b5818) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
541
541
|
|
|
542
|
-
<a id="
|
|
542
|
+
<a id="version-615f2b"></a>• [`min_version`](#version-615f2b) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
543
543
|
|
|
544
544
|
#### TLS TCP TLS Parameters Use mTLS
|
|
545
545
|
|
|
546
546
|
An [`use_mtls`](#tls-tcp-tls-parameters-use-mtls) block (within [`tls_tcp.tls_parameters`](#tls-tcp-tls-parameters)) supports the following:
|
|
547
547
|
|
|
548
|
-
<a id="
|
|
548
|
+
<a id="optional-069f20"></a>• [`client_certificate_optional`](#optional-069f20) - Optional Bool<br>Client Certificate Optional. Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted
|
|
549
549
|
|
|
550
550
|
<a id="tls-tcp-tls-parameters-use-mtls-crl"></a>• [`crl`](#tls-tcp-tls-parameters-use-mtls-crl) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [CRL](#tls-tcp-tls-parameters-use-mtls-crl) below.
|
|
551
551
|
|
|
552
552
|
<a id="tls-tcp-tls-parameters-use-mtls-no-crl"></a>• [`no_crl`](#tls-tcp-tls-parameters-use-mtls-no-crl) - Optional Block<br>Enable this option
|
|
553
553
|
|
|
554
|
-
<a id="
|
|
554
|
+
<a id="trusted-ca-2d90f2"></a>• [`trusted_ca`](#trusted-ca-2d90f2) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Trusted CA](#trusted-ca-2d90f2) below.
|
|
555
555
|
|
|
556
|
-
<a id="
|
|
556
|
+
<a id="url-2f65b3"></a>• [`trusted_ca_url`](#url-2f65b3) - Optional String<br>Inline Root CA Certificate (legacy). Upload a Root CA Certificate specifically for this Load Balancer
|
|
557
557
|
|
|
558
|
-
<a id="
|
|
558
|
+
<a id="disabled-f40808"></a>• [`xfcc_disabled`](#disabled-f40808) - Optional Block<br>Enable this option
|
|
559
559
|
|
|
560
|
-
<a id="
|
|
560
|
+
<a id="options-b6e6a7"></a>• [`xfcc_options`](#options-b6e6a7) - Optional Block<br>XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests<br>See [Xfcc Options](#options-b6e6a7) below.
|
|
561
561
|
|
|
562
562
|
#### TLS TCP TLS Parameters Use mTLS CRL
|
|
563
563
|
|
|
564
564
|
A [`crl`](#tls-tcp-tls-parameters-use-mtls-crl) block (within [`tls_tcp.tls_parameters.use_mtls`](#tls-tcp-tls-parameters-use-mtls)) supports the following:
|
|
565
565
|
|
|
566
|
-
<a id="
|
|
566
|
+
<a id="name-90c648"></a>• [`name`](#name-90c648) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
567
567
|
|
|
568
|
-
<a id="
|
|
568
|
+
<a id="namespace-66647e"></a>• [`namespace`](#namespace-66647e) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
569
569
|
|
|
570
|
-
<a id="
|
|
570
|
+
<a id="tenant-b6dafd"></a>• [`tenant`](#tenant-b6dafd) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
571
571
|
|
|
572
572
|
#### TLS TCP TLS Parameters Use mTLS Trusted CA
|
|
573
573
|
|
|
574
|
-
A [`trusted_ca`](#
|
|
574
|
+
A [`trusted_ca`](#trusted-ca-2d90f2) block (within [`tls_tcp.tls_parameters.use_mtls`](#tls-tcp-tls-parameters-use-mtls)) supports the following:
|
|
575
575
|
|
|
576
|
-
<a id="
|
|
576
|
+
<a id="name-d0b9dd"></a>• [`name`](#name-d0b9dd) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
577
577
|
|
|
578
|
-
<a id="
|
|
578
|
+
<a id="namespace-d9cefe"></a>• [`namespace`](#namespace-d9cefe) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
579
579
|
|
|
580
|
-
<a id="
|
|
580
|
+
<a id="tenant-f4ddde"></a>• [`tenant`](#tenant-f4ddde) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
581
581
|
|
|
582
582
|
#### TLS TCP TLS Parameters Use mTLS Xfcc Options
|
|
583
583
|
|
|
584
|
-
A [`xfcc_options`](#
|
|
584
|
+
A [`xfcc_options`](#options-b6e6a7) block (within [`tls_tcp.tls_parameters.use_mtls`](#tls-tcp-tls-parameters-use-mtls)) supports the following:
|
|
585
585
|
|
|
586
|
-
<a id="
|
|
586
|
+
<a id="elements-58540b"></a>• [`xfcc_header_elements`](#elements-58540b) - Optional List Defaults to `XFCC_NONE`<br>Possible values are `XFCC_NONE`, `XFCC_CERT`, `XFCC_CHAIN`, `XFCC_SUBJECT`, `XFCC_URI`, `XFCC_DNS`<br>[Enum: XFCC_NONE|XFCC_CERT|XFCC_CHAIN|XFCC_SUBJECT|XFCC_URI|XFCC_DNS] XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests
|
|
587
587
|
|
|
588
588
|
#### TLS TCP Auto Cert
|
|
589
589
|
|
|
@@ -599,29 +599,29 @@ A [`tls_tcp_auto_cert`](#tls-tcp-auto-cert) block supports the following:
|
|
|
599
599
|
|
|
600
600
|
A [`tls_config`](#tls-tcp-auto-cert-tls-config) block (within [`tls_tcp_auto_cert`](#tls-tcp-auto-cert)) supports the following:
|
|
601
601
|
|
|
602
|
-
<a id="
|
|
602
|
+
<a id="security-efa56b"></a>• [`custom_security`](#security-efa56b) - Optional Block<br>Custom Ciphers. This defines TLS protocol config including min/max versions and allowed ciphers<br>See [Custom Security](#security-efa56b) below.
|
|
603
603
|
|
|
604
|
-
<a id="
|
|
604
|
+
<a id="security-bab03d"></a>• [`default_security`](#security-bab03d) - Optional Block<br>Enable this option
|
|
605
605
|
|
|
606
|
-
<a id="
|
|
606
|
+
<a id="security-70efce"></a>• [`low_security`](#security-70efce) - Optional Block<br>Enable this option
|
|
607
607
|
|
|
608
|
-
<a id="
|
|
608
|
+
<a id="security-4c95cb"></a>• [`medium_security`](#security-4c95cb) - Optional Block<br>Enable this option
|
|
609
609
|
|
|
610
610
|
#### TLS TCP Auto Cert TLS Config Custom Security
|
|
611
611
|
|
|
612
|
-
A [`custom_security`](#
|
|
612
|
+
A [`custom_security`](#security-efa56b) block (within [`tls_tcp_auto_cert.tls_config`](#tls-tcp-auto-cert-tls-config)) supports the following:
|
|
613
613
|
|
|
614
|
-
<a id="
|
|
614
|
+
<a id="suites-673b61"></a>• [`cipher_suites`](#suites-673b61) - Optional List<br>Cipher Suites. The TLS listener will only support the specified cipher list
|
|
615
615
|
|
|
616
|
-
<a id="
|
|
616
|
+
<a id="version-b3c8dc"></a>• [`max_version`](#version-b3c8dc) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
617
617
|
|
|
618
|
-
<a id="
|
|
618
|
+
<a id="version-434218"></a>• [`min_version`](#version-434218) - Optional String Defaults to `TLS_AUTO`<br>Possible values are `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, `TLSv1_3`<br>[Enum: TLS_AUTO|TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3] TLS Protocol. TlsProtocol is enumeration of supported TLS versions F5 Distributed Cloud will choose the optimal TLS version
|
|
619
619
|
|
|
620
620
|
#### TLS TCP Auto Cert Use mTLS
|
|
621
621
|
|
|
622
622
|
An [`use_mtls`](#tls-tcp-auto-cert-use-mtls) block (within [`tls_tcp_auto_cert`](#tls-tcp-auto-cert)) supports the following:
|
|
623
623
|
|
|
624
|
-
<a id="
|
|
624
|
+
<a id="optional-c30417"></a>• [`client_certificate_optional`](#optional-c30417) - Optional Bool<br>Client Certificate Optional. Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated. If the client does not provide a certificate, the connection will be accepted
|
|
625
625
|
|
|
626
626
|
<a id="tls-tcp-auto-cert-use-mtls-crl"></a>• [`crl`](#tls-tcp-auto-cert-use-mtls-crl) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [CRL](#tls-tcp-auto-cert-use-mtls-crl) below.
|
|
627
627
|
|
|
@@ -629,9 +629,9 @@ An [`use_mtls`](#tls-tcp-auto-cert-use-mtls) block (within [`tls_tcp_auto_cert`]
|
|
|
629
629
|
|
|
630
630
|
<a id="tls-tcp-auto-cert-use-mtls-trusted-ca"></a>• [`trusted_ca`](#tls-tcp-auto-cert-use-mtls-trusted-ca) - Optional Block<br>Object reference. This type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name<br>See [Trusted CA](#tls-tcp-auto-cert-use-mtls-trusted-ca) below.
|
|
631
631
|
|
|
632
|
-
<a id="
|
|
632
|
+
<a id="url-602921"></a>• [`trusted_ca_url`](#url-602921) - Optional String<br>Inline Root CA Certificate (legacy). Upload a Root CA Certificate specifically for this Load Balancer
|
|
633
633
|
|
|
634
|
-
<a id="
|
|
634
|
+
<a id="disabled-a390b4"></a>• [`xfcc_disabled`](#disabled-a390b4) - Optional Block<br>Enable this option
|
|
635
635
|
|
|
636
636
|
<a id="tls-tcp-auto-cert-use-mtls-xfcc-options"></a>• [`xfcc_options`](#tls-tcp-auto-cert-use-mtls-xfcc-options) - Optional Block<br>XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests<br>See [Xfcc Options](#tls-tcp-auto-cert-use-mtls-xfcc-options) below.
|
|
637
637
|
|
|
@@ -641,7 +641,7 @@ A [`crl`](#tls-tcp-auto-cert-use-mtls-crl) block (within [`tls_tcp_auto_cert.use
|
|
|
641
641
|
|
|
642
642
|
<a id="tls-tcp-auto-cert-use-mtls-crl-name"></a>• [`name`](#tls-tcp-auto-cert-use-mtls-crl-name) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
643
643
|
|
|
644
|
-
<a id="
|
|
644
|
+
<a id="namespace-eacebb"></a>• [`namespace`](#namespace-eacebb) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
645
645
|
|
|
646
646
|
<a id="tls-tcp-auto-cert-use-mtls-crl-tenant"></a>• [`tenant`](#tls-tcp-auto-cert-use-mtls-crl-tenant) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
647
647
|
|
|
@@ -649,17 +649,17 @@ A [`crl`](#tls-tcp-auto-cert-use-mtls-crl) block (within [`tls_tcp_auto_cert.use
|
|
|
649
649
|
|
|
650
650
|
A [`trusted_ca`](#tls-tcp-auto-cert-use-mtls-trusted-ca) block (within [`tls_tcp_auto_cert.use_mtls`](#tls-tcp-auto-cert-use-mtls)) supports the following:
|
|
651
651
|
|
|
652
|
-
<a id="
|
|
652
|
+
<a id="name-0415f6"></a>• [`name`](#name-0415f6) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
653
653
|
|
|
654
|
-
<a id="
|
|
654
|
+
<a id="namespace-ac72fe"></a>• [`namespace`](#namespace-ac72fe) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
655
655
|
|
|
656
|
-
<a id="
|
|
656
|
+
<a id="tenant-fa0d7e"></a>• [`tenant`](#tenant-fa0d7e) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
657
657
|
|
|
658
658
|
#### TLS TCP Auto Cert Use mTLS Xfcc Options
|
|
659
659
|
|
|
660
660
|
A [`xfcc_options`](#tls-tcp-auto-cert-use-mtls-xfcc-options) block (within [`tls_tcp_auto_cert.use_mtls`](#tls-tcp-auto-cert-use-mtls)) supports the following:
|
|
661
661
|
|
|
662
|
-
<a id="
|
|
662
|
+
<a id="elements-8eabec"></a>• [`xfcc_header_elements`](#elements-8eabec) - Optional List Defaults to `XFCC_NONE`<br>Possible values are `XFCC_NONE`, `XFCC_CERT`, `XFCC_CHAIN`, `XFCC_SUBJECT`, `XFCC_URI`, `XFCC_DNS`<br>[Enum: XFCC_NONE|XFCC_CERT|XFCC_CHAIN|XFCC_SUBJECT|XFCC_URI|XFCC_DNS] XFCC Header Elements. X-Forwarded-Client-Cert header elements to be added to requests
|
|
663
663
|
|
|
664
664
|
## Import
|
|
665
665
|
|