Skip to content
API Enriched

HTTP LoadBalancer Enhancements

Enrichment metadata for HTTP load balancer schemas. See OpenAPI Extensions for extension definitions.

Enriched Schemas

Section titled “Enriched Schemas”

Pattern

Section titled “Pattern”

All schemas matching viewshttp_loadbalancer.*SpecType receive enrichments:

  • viewshttp_loadbalancerCreateSpecType
  • viewshttp_loadbalancerReplaceSpecType
  • viewshttp_loadbalancerGetSpecType

Minimum Configuration Metadata

Section titled “Minimum Configuration Metadata”

The x-f5xc-minimum-configuration extension provides comprehensive CLI metadata for creating minimal viable HTTP load balancers.

Required Fields

Section titled “Required Fields”
FieldConstraintDescription
metadata.nameDNS label format: [a-z0-9]([-a-z0-9]*[a-z0-9])?Resource name
metadata.namespaceDNS label formatNamespace
spec.domainsArray, min_items: 1Domains to serve

Load Balancer Type (OneOf Required)

Section titled “Load Balancer Type (OneOf Required)”

One of the following load balancer types must be specified:

VariantDescription
spec.httpHTTP only
spec.httpsHTTPS with manual certificate
spec.https_auto_certHTTPS with automatic certificate
spec.http_httpsBoth HTTP and HTTPS

Note: The load balancer type OneOf group is referred to as:

  • lb_type in configuration files (short form in config/minimum_configs.yaml)
  • loadbalancer_type in OpenAPI spec native extensions (native field name)

API Schema Reference: x-ves-oneof-field-loadbalancer_type: ["http", "https", "https_auto_cert", "http_https"]

Example Configuration

Section titled “Example Configuration”

Minimal JSON configuration:

{
  "metadata": {
    "name": "example-app",
    "namespace": "default"
  },
  "spec": {
    "domains": ["example.com"],
    "https_auto_cert": {
      "port": 443,
      "tls_config": {"default_security": {}}
    },
    "advertise_on_public_default_vip": {},
    "routes": [{"prefix": "/", "origin_pool": {"pool_name": "backend-pool"}}]
  }
}

Server-applied defaults: When omitted, the server applies defaults including https_auto_cert.port=443, https_auto_cert.http_redirect=false, https_auto_cert.add_hsts=false, https_auto_cert.tls_config.default_security={}, and multiple security feature defaults (see configuration file for complete list).

Mutually Exclusive Field Groups

Section titled “Mutually Exclusive Field Groups”

Fields marked with x-f5xc-conflicts-with indicate OneOf patterns. Only one field from each group can be specified.

Core Configuration Groups

Section titled “Core Configuration Groups”
Group NameFieldsDescription
lb_typehttp, https, https_auto_cert, http_httpsLoad balancer protocol type
advertisingadvertise_on_public_default_vip, advertise_on_public, advertise_custom, do_not_advertiseHow to advertise the load balancer
load_balancing_algorithmround_robin, least_request, ring_hash, randomTraffic distribution algorithm

HTTPS Configuration Groups (10 groups)

Section titled “HTTPS Configuration Groups (10 groups)”

TLS Configuration

Section titled “TLS Configuration”
Group NameFieldsDescription
tls_configdefault_security, medium_security, low_security, custom_securityTLS security level
mtlsno_mtls, use_mtlsMutual TLS enabled or disabled

Protocol and Headers

Section titled “Protocol and Headers”
Group NameFieldsDescription
http_protocolhttp_protocol_enable_v1_only, http_protocol_enable_v1_v2, http_protocol_enable_v2_onlyHTTP protocol versions
header_transformationlegacy_header_transformation, proper_header_transformation, preserve_case_header_transformationHTTP header transformation type
server_name_headerdefault_header, append_server_name_header, pass_through_server_name_headerServer name header handling

Connection Management

Section titled “Connection Management”
Group NameFieldsDescription
path_normalizeenable_path_normalize, disable_path_normalizePath normalization enabled or disabled
loadbalancer_choicenon_default_loadbalancer, default_loadbalancerDefault or non-default load balancer
coalescingdefault_coalescing, disable_coalescing, enable_for_same_originHTTP/2 connection coalescing options

Security Feature Groups (11 groups)

Section titled “Security Feature Groups (11 groups)”
Group NameFieldsDescription
wafdisable_waf, enable_wafWeb Application Firewall
bot_defensedisable_bot_defense, enable_bot_defenseBot detection and mitigation
rate_limitdisable_rate_limit, enable_rate_limitRate limiting
api_discoverydisable_api_discovery, enable_api_discoveryAPI discovery
api_testingdisable_api_testing, enable_api_testingAPI testing
api_definitiondisable_api_definition, enable_api_definitionAPI definition
malware_protectiondisable_malware_protection, enable_malware_protectionMalware protection
client_side_defensedisable_client_side_defense, enable_client_side_defenseClient-side defense
ip_reputationdisable_ip_reputation, enable_ip_reputationIP reputation
threat_meshdisable_threat_mesh, enable_threat_meshThreat mesh
malicious_user_detectiondisable_malicious_user_detection, enable_malicious_user_detectionMalicious user detection

DDoS Protection Groups (4 groups)

Section titled “DDoS Protection Groups (4 groups)”
Group NameFieldsDescription
ddos_mitigationmitigation_block, mitigation_challenge, mitigation_noneDDoS mitigation action
ddos_rps_thresholddefault_rps_threshold, custom_rps_thresholdRequests per second threshold
ddos_clientside_actionclientside_action_none, clientside_action_javascript, clientside_action_captchaClient-side DDoS validation action
ddos_policyddos_policy_none, ddos_policy_refDDoS policy reference or none

Other Settings Groups (5 groups)

Section titled “Other Settings Groups (5 groups)”
Group NameFieldsDescription
challengeno_challenge, js_challenge, captcha_challengeClient challenge type for bot detection
user_identificationuser_id_client_ip, user_identificationUser identification method
client_ip_headersdisable_trust_client_ip_headers, enable_trust_client_ip_headersTrust client IP headers or not
timeoutssystem_default_timeouts, custom_timeoutsUse system default or custom timeouts
service_policies_sourceservice_policies_from_namespace, active_service_policiesService policies from namespace or active list
sensitive_data_policydefault_sensitive_data_policy, custom_sensitive_data_policyUse default or custom sensitive data policy

OneOf Variant Recommendations (Future Extension)

Section titled “OneOf Variant Recommendations (Future Extension)”

Status: Not yet applied to http_loadbalancer schemas.

Unlike healthcheck, which includes x-f5xc-recommended-oneof-variant to indicate the most common choice for OneOf groups, http_loadbalancer currently lacks this extension.

Comparison with Healthcheck

Section titled “Comparison with Healthcheck”

Healthcheck (implemented):

viewshealthcheckCreateSpecType:
  x-f5xc-recommended-oneof-variant:
    health_check: "http_health_check"

HTTP LoadBalancer (not yet implemented):

viewshttp_loadbalancerCreateSpecType:
  x-f5xc-recommended-oneof-variant: null  # Would indicate recommended lb_type variant

Future Implementation

Section titled “Future Implementation”

To add this extension for http_loadbalancer:

  1. Observe F5 XC console default selections (e.g., which lb_type is preselected in the UI)
  2. Add configuration to config/discovered_defaults.yaml
  3. Re-run enrichment pipeline to apply extension

Expected structure when added:

viewshttp_loadbalancerCreateSpecType:
  x-f5xc-recommended-oneof-variant:
    loadbalancer_type: "https_auto_cert"  # Example - requires verification

This extension would enable downstream tools to preselect the most commonly used variant when presenting configuration options to users.

Constraint Metadata

Section titled “Constraint Metadata”

Fields marked with x-f5xc-constraints include validation constraints discovered from API analysis.

Array Constraints

Section titled “Array Constraints”
FieldminItemsmaxItemsuniqueItems
spec.domains1-false
spec.routes1256false
spec.blocked_clients1128true
spec.trusted_clients1128true
spec.data_guard_rules1256true

Integer Constraints

Section titled “Integer Constraints”
FieldMinimumMaximumDefaultDescription
spec.https_auto_cert.port165535443HTTPS port number
spec.https_auto_cert.connection_idle_timeout10003600000120000Connection idle timeout (milliseconds, 1s to 1h)

Enum Constraints

Section titled “Enum Constraints”
FieldValuesDefaultDescription
spec.https_auto_cert.tls_configdefault_security, medium_security, low_security, custom_securitydefault_securityTLS security level
spec.https_auto_cert.header_transformation_typelegacy_header_transformation, proper_header_transformation, preserve_case_header_transformationlegacy_header_transformationHTTP header transformation
spec.https_auto_cert.http_protocol_optionshttp_protocol_enable_v1_only, http_protocol_enable_v1_v2, http_protocol_enable_v2_onlyhttp_protocol_enable_v1_v2HTTP protocol versions
spec.https_auto_cert.coalescing_optionsdefault_coalescing, disable_coalescing, enable_for_same_origindefault_coalescingHTTP/2 connection coalescing
spec.load_balancing_algorithmround_robin, least_request, ring_hash, randomround_robinLoad balancing algorithm
spec.l7_ddos_protection.mitigationmitigation_block, mitigation_challenge, mitigation_nonemitigation_blockLayer 7 DDoS mitigation action
spec.l7_ddos_protection.rps_thresholddefault_rps_threshold, custom_rps_thresholddefault_rps_thresholdRPS threshold for DDoS detection
spec.l7_ddos_protection.clientside_actionclientside_action_none, clientside_action_javascript, clientside_action_captchaclientside_action_noneClient-side DDoS validation
spec.challengeno_challenge, js_challenge, captcha_challengeno_challengeClient challenge type
spec.advertisingadvertise_on_public_default_vip, advertise_on_public, advertise_custom, do_not_advertiseadvertise_on_public_default_vipLoad balancer advertising

OpenAPI Extensions Reference

Section titled “OpenAPI Extensions Reference”

These vendor extensions are added to the standard OpenAPI schema to convey F5 XC-specific metadata.

x-f5xc-cli-domain

Section titled “x-f5xc-cli-domain”

Type: string

Indicates the domain classification for CLI and tooling organization.

viewshttp_loadbalancerCreateSpecType:
  type: object
  x-f5xc-cli-domain: "virtual"

x-f5xc-minimum-configuration

Section titled “x-f5xc-minimum-configuration”

Type: object

Provides comprehensive metadata for creating minimal viable configurations. Includes:

  • Description
  • Required fields with constraints
  • Mutually exclusive groups
  • Example configurations (YAML, JSON)
  • curl command examples
viewshttp_loadbalancerCreateSpecType:
  type: object
  x-f5xc-minimum-configuration:
    description: "HTTP/HTTPS load balancer for distributing traffic across origin pools"
    required_fields:
      - "metadata.name"
      - "metadata.namespace"
      - "spec.domains"
    mutually_exclusive_groups:
      - name: "lb_type"
        fields: ["spec.http", "spec.https", "spec.https_auto_cert", "spec.http_https"]
        reason: "Choose exactly one load balancer type"
    example_yaml: |
      ...
    example_json: |
      ...
    example_curl: |
      ...

x-f5xc-conflicts-with

Section titled “x-f5xc-conflicts-with”

Type: array of strings

Lists field names that are mutually exclusive with the current field, indicating OneOf patterns.

advertise_custom:
  type: object
  x-f5xc-conflicts-with:
    - advertise_on_public
    - advertise_on_public_default_vip
    - do_not_advertise

x-f5xc-constraints

Section titled “x-f5xc-constraints”

Type: object

Provides validation constraints including array size limits, integer ranges, uniqueness requirements, and discovery metadata.

routes:
  type: array
  x-f5xc-constraints:
    type: "array"
    array:
      minItems: 1
      maxItems: 256
      uniqueItems: false
    metadata:
      source: "discovery"
      confidence: 0.99
      validatedAt: "2026-01-19T12:00:00Z"
port:
  type: integer
  x-f5xc-constraints:
    type: "number"
    number:
      minimum: 1
      maximum: 65535
    metadata:
      source: "discovery"
      confidence: 0.99

x-f5xc-description-short and x-f5xc-description-medium

Section titled “x-f5xc-description-short and x-f5xc-description-medium”

Type: string

Provides alternative description lengths for different use cases:

  • x-f5xc-description-short: 60 characters max (CLI columns, badges)
  • x-f5xc-description-medium: 150 characters max (tooltips, summaries)
domains:
  type: array
  description: "List of domains the load balancer will serve"
  x-f5xc-description-short: "Domains to serve"
  x-f5xc-description-medium: "List of domains for which the load balancer accepts traffic"

x-f5xc-example

Section titled “x-f5xc-example”

Type: any (matches field type)

Provides concrete field examples for documentation and tooling.

name:
  type: string
  x-f5xc-example: "example-app"


domains:
  type: array
  x-f5xc-example: ["example.com", "www.example.com"]

x-f5xc-required-for

Section titled “x-f5xc-required-for”

Type: array of strings

Indicates context-specific requirements using flags: minimum_config, create, update, read.

metadata.name:
  type: string
  x-f5xc-required-for: ["minimum_config", "create"]


metadata.uid:
  type: string
  x-f5xc-required-for: ["read"]

Data Access

Section titled “Data Access”

OpenAPI Specifications

Section titled “OpenAPI Specifications”
FileContent
docs/specifications/api/virtual.jsonAll http_loadbalancer schemas with enrichments
docs/specifications/api/openapi.jsonMerged specification with all schemas

Configuration Files

Section titled “Configuration Files”
FilePurpose
config/minimum_configs.yamlSource of minimum configuration metadata (lines 16-297)
config/constraint_patterns.yamlConstraint pattern definitions
config/domain_descriptions.yamlDomain-level description metadata

Schemas Enriched

Section titled “Schemas Enriched”
  • viewshttp_loadbalancerCreateSpecType - Create operation schema
  • viewshttp_loadbalancerReplaceSpecType - Update operation schema
  • viewshttp_loadbalancerGetSpecType - Read operation schema
Section titled “Related Documentation”

Changelog

Section titled “Changelog”
VersionDateChanges
2.0.452026-01-20Initial http_loadbalancer enrichments documentation