f5xc_azure_vnet_site Resource - terraform-provider-f5xc
f5xc_azure_vnet_site (Resource)
Section titled “f5xc_azure_vnet_site (Resource)”Manages a Azure VNET Site resource in F5 Distributed Cloud for deploying F5 sites within Azure Virtual Network environments.
~> Note For more information about this resource, please refer to the F5 XC API Documentation.
Example Usage
Section titled “Example Usage”# Azure VNET Site Resource Example# Manages a Azure VNET Site resource in F5 Distributed Cloud for deploying F5 sites within Azure Virtual Network environments.
terraform { required_version = ">= 1.0"
required_providers { f5xc = { source = "f5xc-salesdemos/f5xc" version = ">= 0.1.0" } }}
# Basic Azure VNET Site configurationresource "f5xc_azure_vnet_site" "example" { name = "example-Azure-vnet-site" namespace = "staging"
labels = { environment = "production" managed_by = "terraform" }
annotations = { "owner" = "platform-team" }
# Azure VNET Site configuration azure_region = "westus2"
# Azure credentials reference azure_cred { name = "Azure-credentials" namespace = "staging" }
# Resource group resource_group = "f5xc-rg"
# VNET configuration vnet { new_vnet { name = "f5xc-vnet" primary_ipv4 = "10.0.0.0/16" } }
# Machine type machine_type = "Standard_D3_v2"
# Ingress/Egress gateway ingress_egress_gw { azure_certified_hw = "Azure-byol-multi-nic-voltmesh" az_nodes { azure_az = "1" inside_subnet { subnet_param { ipv4 = "10.0.1.0/24" } } outside_subnet { subnet_param { ipv4 = "10.0.2.0/24" } } } }
# No worker nodes by default no_worker_nodes {}}
# The following optional fields have server-applied defaults and can be omitted:# - disk_size# - block_all_services# - logs_streaming_disabled# - no_worker_nodes# - tagsArgument Reference
Section titled “Argument Reference”🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.
~> Dependencies — This resource requires: cloud_credentials.
Metadata Argument Reference
Section titled “Metadata Argument Reference”• name - Required String
Name of the Azure VNET Site. Must be unique within the namespace
• namespace - Required String
Namespace where the Azure VNET Site will be created
• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
• description - Optional String
Human readable description for the object
• disable - Optional Bool
A value of true will administratively disable the object
• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering
Spec Argument Reference
Section titled “Spec Argument Reference”• address - Optional String
Site’s geographical address that can be used to determine its latitude and longitude
• admin_password - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Admin Password below for details.
-> One of the following:
• alternate_region - Optional String
Name of the Azure region which does not support availability zones
• azure_region - Optional String
Name of the Azure region which supports availability zones
• azure_cred - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Azure Cred below for details.
-> One of the following:
• block_all_services - Optional Block Defaults to map[]
Enable this option. Server applies default when omitted
• blocked_services - Optional Block
Disable node local services on this site
See Blocked Services below for details.
• coordinates - Optional Block
Coordinates of the site which provides the site physical location
See Coordinates below for details.
• custom_dns - Optional Block
Custom DNS is the configured for specify CE site
See Custom DNS below for details.
• default_blocked_services - Optional Block
Enable this option
-> One of the following:
• disable_encryption - Optional Block
Configuration parameter for disable encryption
• disk_size - Optional Number
Disk size to be used for this instance in GiB. 80 is 80 GiB. Server applies default when omitted
• enable_encryption - Optional Block
Configuration parameter for enable encryption
See Enable Encryption below for details.
-> One of the following:
• ingress_egress_gw - Optional Block
Two interface Azure ingress/egress site
See Ingress Egress Gw below for details.
• ingress_egress_gw_ar - Optional Block
Two interface Azure ingress/egress site on Alternate Region with no support for zones
• ingress_gw - Optional Block
Single interface Azure ingress site on on Recommended Region
• ingress_gw_ar - Optional Block
Configuration parameter for ingress gw ar
• voltstack_cluster - Optional Block
App Stack Cluster of single interface Azure nodes
• voltstack_cluster_ar - Optional Block
App Stack Cluster of single interface Azure nodes
• kubernetes_upgrade_drain - Optional Block
Specify how worker nodes within a site will be upgraded
-> One of the following:
• log_receiver - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
• logs_streaming_disabled - Optional Block Defaults to map[]
Enable this option. Server applies default when omitted
• machine_type - Required String
Select Instance size based on performance needed. The default setting for Accelerated Networking is enabled, thus make sure you select a Virtual Machine that supports accelerated networking or disable the setting under, Select Ingress Gateway or Ingress/Egress Gateway > advanced OPTIONS
-> One of the following:
• no_worker_nodes - Optional Block Defaults to map[]
Configuration parameter for no worker nodes. Server applies default when omitted
• nodes_per_az - Optional Number
Desired Worker Nodes Per AZ. Max limit is up to 21
• offline_survivability_mode - Optional Block
Offline Survivability allows the Site to continue functioning normally without traffic loss during periods of connectivity loss to the Regional Edge (RE) or the Global Controller (GC). When this feature is enabled, a site can continue to function as is with existing
configuration for upto 7
• os - Optional Block
Select the F5XC Operating System Version for the site. By default, latest available OS Version will be used. Refer to release notes to find required released OS versions
• resource_group - Required String
Azure resource group for resources that will be created
• ssh_key - Required String
Public SSH key for accessing the site
• sw - Optional Block
Select the F5XC Software Version for the site. By default, latest available F5XC Software Version will be used. Refer to release notes to find required released SW versions
• tags - Optional Block Defaults to map[]
Azure Tags is a label consisting of a user-defined key and value. It helps to manage, identify, organize, search for, and filter resources in Azure console. Server applies default when omitted
• timeouts - Optional Block
• total_nodes - Optional Number
Total number of worker nodes to be deployed across all AZ’s used in the Site
• vnet - Optional Block
Defines choice about Azure VNET for a view
Attributes Reference
Section titled “Attributes Reference”In addition to all arguments above, the following attributes are exported:
• id - Optional String
Unique identifier for the resource
Admin Password
Section titled “Admin Password”An admin_password block supports the following:
• blindfold_secret_info - Optional Block
X-displayName: ‘Blindfold Secret’ BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.
• blindfold_secret_info_internal - Optional Block
X-displayName: ‘Blindfold Secret’ BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info Internal below.
• clear_secret_info - Optional Block
X-displayName: ‘In-Clear Secret’ ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.
• secret_encoding_type - Optional String Defaults to EncodingNone
Possible values are EncodingNone, Encodingbase64
[Enum: EncodingNone|Encodingbase64] X-displayName: ‘Secret Encoding’ SecretEncodingType defines the encoding type of the secret before handled by the Secret Management
Service. - EncodingNone: x-displayName: ‘None’ No Encoding - Encodingbase64: base64 x-displayName: ‘base64’ base64 encoding
• vault_secret_info - Optional Block
X-displayName: ‘Vault Secret’ VaultSecretInfoType specifies information about the Secret managed by Hashicorp Vault
See Vault Secret Info below.
• wingman_secret_info - Optional Block
X-displayName: ‘Wingman Secret’ WingmanSecretInfoType specifies the handle to the wingman secret
See Wingman Secret Info below.
Admin Password Blindfold Secret Info
Section titled “Admin Password Blindfold Secret Info”A blindfold_secret_info block (within admin_password) supports the following:
• decryption_provider - Optional String
Name of the Secret Management Access object that contains information about the backend Secret Management service
• location - Optional String
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
• store_provider - Optional String
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///
Admin Password Blindfold Secret Info Internal
Section titled “Admin Password Blindfold Secret Info Internal”A blindfold_secret_info_internal block (within admin_password) supports the following:
• decryption_provider - Optional String
Name of the Secret Management Access object that contains information about the backend Secret Management service
• location - Optional String
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
• store_provider - Optional String
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///
Admin Password Clear Secret Info
Section titled “Admin Password Clear Secret Info”A clear_secret_info block (within admin_password) supports the following:
• provider_ref - Optional String
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///
• url - Optional String
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded base64 format. When asked for this secret, caller will GET Secret bytes after base64 decoding
Admin Password Vault Secret Info
Section titled “Admin Password Vault Secret Info”A vault_secret_info block (within admin_password) supports the following:
• key - Optional String
X-displayName: ‘Key’ Key of the individual secret. Vault Secrets are stored as key-value pair. If user is only interested in one value from the map, this field should be set to the corresponding key
• location - Optional String
X-displayName: ‘Location’Path to secret in Vault
• provider_ref - Optional String
X-displayName: ‘Provider’Name of the Secret Management Access object that contains information about the backend Vault
• secret_encoding - Optional String Defaults to EncodingNone
Possible values are EncodingNone, Encodingbase64
[Enum: EncodingNone|Encodingbase64] X-displayName: ‘Secret Encoding’ SecretEncodingType defines the encoding type of the secret before handled by the Secret Management Service. - EncodingNone: x-displayName: ‘None’ No
Encoding - Encodingbase64: base64 x-displayName: ‘base64’ base64 encoding
• version - Optional Number
X-displayName: ‘Version’ Version of the secret to be fetched. As vault secrets are versioned, user can specify this field to fetch specific version. If not provided latest version will be returned
Admin Password Wingman Secret Info
Section titled “Admin Password Wingman Secret Info”A wingman_secret_info block (within admin_password) supports the following:
• name - Optional String
X-displayName: ‘Name’Name of the secret
Azure Cred
Section titled “Azure Cred”An azure_cred block supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
Blocked Services
Section titled “Blocked Services”A blocked_services block supports the following:
• blocked_service - Optional Block
Disable Node Local Services. Blocking or denial configuration
See Blocked Service below.
Blocked Services Blocked Service
Section titled “Blocked Services Blocked Service”A blocked_service block (within blocked_services) supports the following:
• dns - Optional Block
Enable this option
• network_type - Optional String Defaults to VIRTUAL_NETWORK_SITE_LOCAL
Possible values are VIRTUAL_NETWORK_SITE_LOCAL, VIRTUAL_NETWORK_SITE_LOCAL_INSIDE, VIRTUAL_NETWORK_PER_SITE, VIRTUAL_NETWORK_PUBLIC, VIRTUAL_NETWORK_GLOBAL, VIRTUAL_NETWORK_SITE_SERVICE, VIRTUAL_NETWORK_VER_INTERNAL,
VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE, VIRTUAL_NETWORK_IP_AUTO, VIRTUAL_NETWORK_VOLTADN_PRIVATE_NETWORK, VIRTUAL_NETWORK_SRV6_NETWORK, VIRTUAL_NETWORK_IP_FABRIC, VIRTUAL_NETWORK_SEGMENT, VIRTUAL_NETWORK_MANAGEMENT
[Enum:
VIRTUAL_NETWORK_SITE_LOCAL|VIRTUAL_NETWORK_SITE_LOCAL_INSIDE|VIRTUAL_NETWORK_PER_SITE|VIRTUAL_NETWORK_PUBLIC|VIRTUAL_NETWORK_GLOBAL|VIRTUAL_NETWORK_SITE_SERVICE|VIRTUAL_NETWORK_VER_INTERNAL|VIRTUAL_NETWORK_SITE_LOCAL_INSIDE_OUTSIDE|VIRTUAL_NETWORK_IP_AUTO|VIRTUAL_NETWORK_VOLTADN_PRIVATE_NETWORK|VIRTUAL_NETWORK_SRV6_NETWORK|VIRTUAL_NETWORK_IP_FABRIC|VIRTUAL_NETWORK_SEGMENT|VIRTUAL_NETWORK_MANAGEMENT]
Different types of virtual networks understood by the system Virtual-network of type VIRTUAL_NETWORK_SITE_LOCAL provides connectivity to public (outside) network. This is an insecure network and is connected to public internet via NAT Gateways/firwalls Virtual-network of this type is local to
• ssh - Optional Block
Enable this option
• web_user_interface - Optional Block
Enable this option
Coordinates
Section titled “Coordinates”A coordinates block supports the following:
• latitude - Optional Number
Latitude. Latitude of the site location
• longitude - Optional Number
Longitude. Longitude of site location
Custom DNS
Section titled “Custom DNS”A custom_dns block supports the following:
• inside_nameserver - Optional String
Optional DNS server IP to be used for name resolution in inside network
• outside_nameserver - Optional String
Optional DNS server IP to be used for name resolution in outside network
Enable Encryption
Section titled “Enable Encryption”An enable_encryption block supports the following:
• disk_encryption_set_id - Optional String
Azure Disk Encryption Set to be used to encrypt the disk attached to the VM
• resource_group - Optional String
The resource group in which the Disk Encryption Set is present
Ingress Egress Gw
Section titled “Ingress Egress Gw”An ingress_egress_gw block supports the following:
• accelerated_networking - Optional Block
X-displayName: ‘Accelerated Networking Type’Accelerated Networking to reduce Latency, When Mode is toggled, traffic disruption will be seen
See Accelerated Networking below.
• active_enhanced_firewall_policies - Optional Block
List of Enhanced Firewall Policies These policies use session-based rules and provide all OPTIONS available under firewall policies with an additional option for service insertion
See Active Enhanced Firewall Policies below.
• active_forward_proxy_policies - Optional Block
Ordered List of Forward Proxy Policies active
See Active Forward Proxy Policies below.
• active_network_policies - Optional Block
Configuration parameter for active network policies
See Active Network Policies below.
• az_nodes - Optional Block
Only Single AZ or Three AZ(s) nodes are supported currently
See Az Nodes below.
• azure_certified_hw - Optional String
Name for Azure certified hardware
• dc_cluster_group_inside_vn - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Dc Cluster Group Inside Vn below.
• dc_cluster_group_outside_vn - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Dc Cluster Group Outside Vn below.
• forward_proxy_allow_all - Optional Block
Configuration parameter for forward proxy allow all
• global_network_list - Optional Block
Global Network Connection List. List of global network connections
See Global Network List below.
• hub - Optional Block
Hub VNET type. Hub VNET type
See Hub below.
• inside_static_routes - Optional Block
Configuration parameter for inside static routes
See Inside Static Routes below.
• no_dc_cluster_group - Optional Block
Enable this option
• no_forward_proxy - Optional Block
Configuration parameter for no forward proxy
• no_global_network - Optional Block
Configuration parameter for no global network
• no_inside_static_routes - Optional Block
Configuration parameter for no inside static routes
• no_network_policy - Optional Block
Policy configuration for this feature
• no_outside_static_routes - Optional Block
Configuration parameter for no outside static routes
• not_hub - Optional Block
Enable this option
• outside_static_routes - Optional Block
Configuration parameter for outside static routes
See Outside Static Routes below.
• performance_enhancement_mode - Optional Block
Optimize the site for L3 or L7 traffic processing. L7 optimized is the default
See Performance Enhancement Mode below.
• sm_connection_public_ip - Optional Block
Enable this option
• sm_connection_pvt_ip - Optional Block
Enable this option
Ingress Egress Gw Accelerated Networking
Section titled “Ingress Egress Gw Accelerated Networking”An accelerated_networking block (within ingress_egress_gw) supports the following:
• disable_spec - Optional Block
Enable this option
• enable - Optional Block
Enable this option
Ingress Egress Gw Active Enhanced Firewall Policies
Section titled “Ingress Egress Gw Active Enhanced Firewall Policies”An active_enhanced_firewall_policies block (within ingress_egress_gw) supports the following:
• enhanced_firewall_policies - Optional Block
Ordered List of Enhanced Firewall Policies active
See Enhanced Firewall Policies below.
Ingress Egress Gw Active Enhanced Firewall Policies Enhanced Firewall Policies
Section titled “Ingress Egress Gw Active Enhanced Firewall Policies Enhanced Firewall Policies”Deeply nested Policies block collapsed for readability.
Ingress Egress Gw Active Forward Proxy Policies
Section titled “Ingress Egress Gw Active Forward Proxy Policies”An active_forward_proxy_policies block (within ingress_egress_gw) supports the following:
• forward_proxy_policies - Optional Block
Ordered List of Forward Proxy Policies active
See Forward Proxy Policies below.
Ingress Egress Gw Active Forward Proxy Policies Forward Proxy Policies
Section titled “Ingress Egress Gw Active Forward Proxy Policies Forward Proxy Policies”Deeply nested Policies block collapsed for readability.
Ingress Egress Gw Active Network Policies
Section titled “Ingress Egress Gw Active Network Policies”An active_network_policies block (within ingress_egress_gw) supports the following:
• network_policies - Optional Block
Ordered List of Firewall Policies active for this network firewall
See Network Policies below.
Ingress Egress Gw Active Network Policies Network Policies
Section titled “Ingress Egress Gw Active Network Policies Network Policies”Deeply nested Policies block collapsed for readability.
Ingress Egress Gw Az Nodes
Section titled “Ingress Egress Gw Az Nodes”An az_nodes block (within ingress_egress_gw) supports the following:
• azure_az - Optional String
Zone depicting a grouping of datacenters within an Azure region. Expecting numeric input
• inside_subnet - Optional Block
Configuration parameter for inside subnet
See Inside Subnet below.
• outside_subnet - Optional Block
Configuration parameter for outside subnet
See Outside Subnet below.
Ingress Egress Gw Az Nodes Inside Subnet
Section titled “Ingress Egress Gw Az Nodes Inside Subnet”An inside_subnet block (within ingress_egress_gw.az_nodes) supports the following:
• subnet - Optional Block
Subnet specification for network segmentation
See Subnet below.
• subnet_param - Optional Block
Parameters for creating a new cloud subnet
See Subnet Param below.
Ingress Egress Gw Az Nodes Inside Subnet Subnet
Section titled “Ingress Egress Gw Az Nodes Inside Subnet Subnet”Deeply nested Subnet block collapsed for readability.
Ingress Egress Gw Az Nodes Inside Subnet Subnet Param
Section titled “Ingress Egress Gw Az Nodes Inside Subnet Subnet Param”Deeply nested Param block collapsed for readability.
Ingress Egress Gw Az Nodes Outside Subnet
Section titled “Ingress Egress Gw Az Nodes Outside Subnet”An outside_subnet block (within ingress_egress_gw.az_nodes) supports the following:
• subnet - Optional Block
Subnet specification for network segmentation
See Subnet below.
• subnet_param - Optional Block
Parameters for creating a new cloud subnet
See Subnet Param below.
Ingress Egress Gw Az Nodes Outside Subnet Subnet
Section titled “Ingress Egress Gw Az Nodes Outside Subnet Subnet”Deeply nested Subnet block collapsed for readability.
Ingress Egress Gw Az Nodes Outside Subnet Subnet Param
Section titled “Ingress Egress Gw Az Nodes Outside Subnet Subnet Param”Deeply nested Param block collapsed for readability.
Ingress Egress Gw Dc Cluster Group Inside Vn
Section titled “Ingress Egress Gw Dc Cluster Group Inside Vn”Deeply nested Vn block collapsed for readability.
Ingress Egress Gw Dc Cluster Group Outside Vn
Section titled “Ingress Egress Gw Dc Cluster Group Outside Vn”Deeply nested Vn block collapsed for readability.
Ingress Egress Gw Global Network List
Section titled “Ingress Egress Gw Global Network List”A global_network_list block (within ingress_egress_gw) supports the following:
• global_network_connections - Optional Block
Global network connections
See Global Network Connections below.
Ingress Egress Gw Global Network List Global Network Connections
Section titled “Ingress Egress Gw Global Network List Global Network Connections”Deeply nested Connections block collapsed for readability.
Ingress Egress Gw Global Network List Global Network Connections SLI To Global DR
Section titled “Ingress Egress Gw Global Network List Global Network Connections SLI To Global DR”Deeply nested DR block collapsed for readability.
Ingress Egress Gw Global Network List Global Network Connections SLI To Global DR Global Vn
Section titled “Ingress Egress Gw Global Network List Global Network Connections SLI To Global DR Global Vn”Deeply nested Vn block collapsed for readability.
Ingress Egress Gw Global Network List Global Network Connections Slo To Global DR
Section titled “Ingress Egress Gw Global Network List Global Network Connections Slo To Global DR”Deeply nested DR block collapsed for readability.
Ingress Egress Gw Global Network List Global Network Connections Slo To Global DR Global Vn
Section titled “Ingress Egress Gw Global Network List Global Network Connections Slo To Global DR Global Vn”Deeply nested Vn block collapsed for readability.
Ingress Egress Gw Hub
Section titled “Ingress Egress Gw Hub”A hub block (within ingress_egress_gw) supports the following:
• express_route_disabled - Optional Block
Enable this option
• express_route_enabled - Optional Block
Express Route Configuration. Express Route Configuration
See Express Route Enabled below.
• spoke_vnets - Optional Block
Spoke VNET Peering (Legacy). Spoke VNET Peering
See Spoke Vnets below.
Ingress Egress Gw Hub Express Route Enabled
Section titled “Ingress Egress Gw Hub Express Route Enabled”An express_route_enabled block (within ingress_egress_gw.hub) supports the following:
• advertise_to_route_server - Optional Block
Configuration parameter for advertise to route server
• auto_asn - Optional Block
Enable this option
• connections - Optional Block
Add the ExpressRoute Circuit Connections to this site
See Connections below.
• custom_asn - Optional Number
Set custom ASN for F5XC Site
• do_not_advertise_to_route_server - Optional Block
Configuration parameter for do not advertise to route server
• gateway_subnet - Optional Block
Configuration parameter for gateway subnet
See Gateway Subnet below.
• route_server_subnet - Optional Block
Configuration parameter for route server subnet
See Route Server Subnet below.
• site_registration_over_express_route - Optional Block
CloudLink AND Network Config
See Site Registration Over Express Route below.
• site_registration_over_internet - Optional Block
Enable this option
• sku_ergw1az - Optional Block
Configuration parameter for sku ergw1az
• sku_ergw2az - Optional Block
Configuration parameter for sku ergw2az
• sku_high_perf - Optional Block
Configuration parameter for sku high perf
• sku_standard - Optional Block
Configuration parameter for sku standard
Ingress Egress Gw Hub Express Route Enabled Connections
Section titled “Ingress Egress Gw Hub Express Route Enabled Connections”Deeply nested Connections block collapsed for readability.
Ingress Egress Gw Hub Express Route Enabled Connections Metadata
Section titled “Ingress Egress Gw Hub Express Route Enabled Connections Metadata”Deeply nested Metadata block collapsed for readability.
Ingress Egress Gw Hub Express Route Enabled Connections Other Subscription
Section titled “Ingress Egress Gw Hub Express Route Enabled Connections Other Subscription”Deeply nested Subscription block collapsed for readability.
Ingress Egress Gw Hub Express Route Enabled Connections Other Subscription Authorized Key
Section titled “Ingress Egress Gw Hub Express Route Enabled Connections Other Subscription Authorized Key”Deeply nested Key block collapsed for readability.
Ingress Egress Gw Hub Express Route Enabled Connections Other Subscription Authorized Key Blindfold Secret Info
Section titled “Ingress Egress Gw Hub Express Route Enabled Connections Other Subscription Authorized Key Blindfold Secret Info”Deeply nested Info block collapsed for readability.
Ingress Egress Gw Hub Express Route Enabled Connections Other Subscription Authorized Key Blindfold Secret Info Internal
Section titled “Ingress Egress Gw Hub Express Route Enabled Connections Other Subscription Authorized Key Blindfold Secret Info Internal”Deeply nested Internal block collapsed for readability.
Ingress Egress Gw Hub Express Route Enabled Connections Other Subscription Authorized Key Clear Secret Info
Section titled “Ingress Egress Gw Hub Express Route Enabled Connections Other Subscription Authorized Key Clear Secret Info”Deeply nested Info block collapsed for readability.
Ingress Egress Gw Hub Express Route Enabled Connections Other Subscription Authorized Key Vault Secret Info
Section titled “Ingress Egress Gw Hub Express Route Enabled Connections Other Subscription Authorized Key Vault Secret Info”Deeply nested Info block collapsed for readability.
Ingress Egress Gw Hub Express Route Enabled Connections Other Subscription Authorized Key Wingman Secret Info
Section titled “Ingress Egress Gw Hub Express Route Enabled Connections Other Subscription Authorized Key Wingman Secret Info”Deeply nested Info block collapsed for readability.
Ingress Egress Gw Hub Express Route Enabled Gateway Subnet
Section titled “Ingress Egress Gw Hub Express Route Enabled Gateway Subnet”Deeply nested Subnet block collapsed for readability.
Ingress Egress Gw Hub Express Route Enabled Gateway Subnet Subnet
Section titled “Ingress Egress Gw Hub Express Route Enabled Gateway Subnet Subnet”Deeply nested Subnet block collapsed for readability.
Ingress Egress Gw Hub Express Route Enabled Gateway Subnet Subnet Param
Section titled “Ingress Egress Gw Hub Express Route Enabled Gateway Subnet Subnet Param”Deeply nested Param block collapsed for readability.
Ingress Egress Gw Hub Express Route Enabled Route Server Subnet
Section titled “Ingress Egress Gw Hub Express Route Enabled Route Server Subnet”Deeply nested Subnet block collapsed for readability.
Ingress Egress Gw Hub Express Route Enabled Route Server Subnet Subnet
Section titled “Ingress Egress Gw Hub Express Route Enabled Route Server Subnet Subnet”Deeply nested Subnet block collapsed for readability.
Ingress Egress Gw Hub Express Route Enabled Route Server Subnet Subnet Param
Section titled “Ingress Egress Gw Hub Express Route Enabled Route Server Subnet Subnet Param”Deeply nested Param block collapsed for readability.
Ingress Egress Gw Hub Express Route Enabled Site Registration Over Express Route
Section titled “Ingress Egress Gw Hub Express Route Enabled Site Registration Over Express Route”Deeply nested Route block collapsed for readability.
Ingress Egress Gw Hub Spoke Vnets
Section titled “Ingress Egress Gw Hub Spoke Vnets”A spoke_vnets block (within ingress_egress_gw.hub) supports the following:
• auto - Optional Block
Enable this option
• labels - Optional Block
Add Labels for each of the VNets peered with transit VNET, these labels can be used in firewall policy These labels used must be from known key and label defined in shared namespace
• manual - Optional Block
Enable this option
• vnet - Optional Block
Resource group and name of existing Azure VNET
See VNET below.
Ingress Egress Gw Hub Spoke Vnets VNET
Section titled “Ingress Egress Gw Hub Spoke Vnets VNET”A vnet block (within ingress_egress_gw.hub.spoke_vnets) supports the following:
• f5_orchestrated_routing - Optional Block
Enable this option
• manual_routing - Optional Block
Enable this option
• resource_group - Optional String
Resource group of existing VNET
• vnet_name - Optional String
X-displayName: ‘Existing VNET Name’Name of existing VNET
Ingress Egress Gw Inside Static Routes
Section titled “Ingress Egress Gw Inside Static Routes”An inside_static_routes block (within ingress_egress_gw) supports the following:
• static_route_list - Optional Block
List of Static Routes. List of Static routes
See Static Route List below.
Ingress Egress Gw Inside Static Routes Static Route List
Section titled “Ingress Egress Gw Inside Static Routes Static Route List”Deeply nested List block collapsed for readability.
Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route
Section titled “Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route”Deeply nested Route block collapsed for readability.
Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Nexthop
Section titled “Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Nexthop”Deeply nested Nexthop block collapsed for readability.
Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Nexthop Interface
Section titled “Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Nexthop Interface”Deeply nested Interface block collapsed for readability.
Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address
Section titled “Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address”Deeply nested Address block collapsed for readability.
Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv4
Section titled “Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv4”Deeply nested IPv4 block collapsed for readability.
Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv6
Section titled “Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv6”Deeply nested IPv6 block collapsed for readability.
Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Subnets
Section titled “Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Subnets”Deeply nested Subnets block collapsed for readability.
Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Subnets IPv4
Section titled “Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Subnets IPv4”Deeply nested IPv4 block collapsed for readability.
Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Subnets IPv6
Section titled “Ingress Egress Gw Inside Static Routes Static Route List Custom Static Route Subnets IPv6”Deeply nested IPv6 block collapsed for readability.
Ingress Egress Gw Outside Static Routes
Section titled “Ingress Egress Gw Outside Static Routes”An outside_static_routes block (within ingress_egress_gw) supports the following:
• static_route_list - Optional Block
List of Static Routes. List of Static routes
See Static Route List below.
Ingress Egress Gw Outside Static Routes Static Route List
Section titled “Ingress Egress Gw Outside Static Routes Static Route List”Deeply nested List block collapsed for readability.
Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route
Section titled “Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route”Deeply nested Route block collapsed for readability.
Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Nexthop
Section titled “Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Nexthop”Deeply nested Nexthop block collapsed for readability.
Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Nexthop Interface
Section titled “Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Nexthop Interface”Deeply nested Interface block collapsed for readability.
Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address
Section titled “Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address”Deeply nested Address block collapsed for readability.
Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv4
Section titled “Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv4”Deeply nested IPv4 block collapsed for readability.
Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv6
Section titled “Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv6”Deeply nested IPv6 block collapsed for readability.
Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Subnets
Section titled “Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Subnets”Deeply nested Subnets block collapsed for readability.
Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Subnets IPv4
Section titled “Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Subnets IPv4”Deeply nested IPv4 block collapsed for readability.
Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Subnets IPv6
Section titled “Ingress Egress Gw Outside Static Routes Static Route List Custom Static Route Subnets IPv6”Deeply nested IPv6 block collapsed for readability.
Ingress Egress Gw Performance Enhancement Mode
Section titled “Ingress Egress Gw Performance Enhancement Mode”A performance_enhancement_mode block (within ingress_egress_gw) supports the following:
• perf_mode_l3_enhanced - Optional Block
Configuration parameter for perf mode l3 enhanced
See Perf Mode L3 Enhanced below.
• perf_mode_l7_enhanced - Optional Block
Configuration parameter for perf mode l7 enhanced
Ingress Egress Gw Performance Enhancement Mode Perf Mode L3 Enhanced
Section titled “Ingress Egress Gw Performance Enhancement Mode Perf Mode L3 Enhanced”Deeply nested Enhanced block collapsed for readability.
Ingress Egress Gw Ar
Section titled “Ingress Egress Gw Ar”An ingress_egress_gw_ar block supports the following:
• accelerated_networking - Optional Block
X-displayName: ‘Accelerated Networking Type’Accelerated Networking to reduce Latency, When Mode is toggled, traffic disruption will be seen
See Accelerated Networking below.
• active_enhanced_firewall_policies - Optional Block
List of Enhanced Firewall Policies These policies use session-based rules and provide all OPTIONS available under firewall policies with an additional option for service insertion
See Active Enhanced Firewall Policies below.
• active_forward_proxy_policies - Optional Block
Ordered List of Forward Proxy Policies active
See Active Forward Proxy Policies below.
• active_network_policies - Optional Block
Configuration parameter for active network policies
See Active Network Policies below.
• azure_certified_hw - Optional String
Name for Azure certified hardware
• dc_cluster_group_inside_vn - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Dc Cluster Group Inside Vn below.
• dc_cluster_group_outside_vn - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Dc Cluster Group Outside Vn below.
• forward_proxy_allow_all - Optional Block
Configuration parameter for forward proxy allow all
• global_network_list - Optional Block
Global Network Connection List. List of global network connections
See Global Network List below.
• hub - Optional Block
Hub VNET type. Hub VNET type
See Hub below.
• inside_static_routes - Optional Block
Configuration parameter for inside static routes
See Inside Static Routes below.
• no_dc_cluster_group - Optional Block
Enable this option
• no_forward_proxy - Optional Block
Configuration parameter for no forward proxy
• no_global_network - Optional Block
Configuration parameter for no global network
• no_inside_static_routes - Optional Block
Configuration parameter for no inside static routes
• no_network_policy - Optional Block
Policy configuration for this feature
• no_outside_static_routes - Optional Block
Configuration parameter for no outside static routes
• node - Optional Block
Parameters for creating two interface Node in one AZ
See Node below.
• not_hub - Optional Block
Enable this option
• outside_static_routes - Optional Block
Configuration parameter for outside static routes
See Outside Static Routes below.
• performance_enhancement_mode - Optional Block
Optimize the site for L3 or L7 traffic processing. L7 optimized is the default
See Performance Enhancement Mode below.
• sm_connection_public_ip - Optional Block
Enable this option
• sm_connection_pvt_ip - Optional Block
Enable this option
Ingress Egress Gw Ar Accelerated Networking
Section titled “Ingress Egress Gw Ar Accelerated Networking”An accelerated_networking block (within ingress_egress_gw_ar) supports the following:
• disable_spec - Optional Block
Enable this option
• enable - Optional Block
Enable this option
Ingress Egress Gw Ar Active Enhanced Firewall Policies
Section titled “Ingress Egress Gw Ar Active Enhanced Firewall Policies”Deeply nested Policies block collapsed for readability.
Ingress Egress Gw Ar Active Enhanced Firewall Policies Enhanced Firewall Policies
Section titled “Ingress Egress Gw Ar Active Enhanced Firewall Policies Enhanced Firewall Policies”Deeply nested Policies block collapsed for readability.
Ingress Egress Gw Ar Active Forward Proxy Policies
Section titled “Ingress Egress Gw Ar Active Forward Proxy Policies”Deeply nested Policies block collapsed for readability.
Ingress Egress Gw Ar Active Forward Proxy Policies Forward Proxy Policies
Section titled “Ingress Egress Gw Ar Active Forward Proxy Policies Forward Proxy Policies”Deeply nested Policies block collapsed for readability.
Ingress Egress Gw Ar Active Network Policies
Section titled “Ingress Egress Gw Ar Active Network Policies”An active_network_policies block (within ingress_egress_gw_ar) supports the following:
• network_policies - Optional Block
Ordered List of Firewall Policies active for this network firewall
See Network Policies below.
Ingress Egress Gw Ar Active Network Policies Network Policies
Section titled “Ingress Egress Gw Ar Active Network Policies Network Policies”Deeply nested Policies block collapsed for readability.
Ingress Egress Gw Ar Dc Cluster Group Inside Vn
Section titled “Ingress Egress Gw Ar Dc Cluster Group Inside Vn”Deeply nested Vn block collapsed for readability.
Ingress Egress Gw Ar Dc Cluster Group Outside Vn
Section titled “Ingress Egress Gw Ar Dc Cluster Group Outside Vn”Deeply nested Vn block collapsed for readability.
Ingress Egress Gw Ar Global Network List
Section titled “Ingress Egress Gw Ar Global Network List”A global_network_list block (within ingress_egress_gw_ar) supports the following:
• global_network_connections - Optional Block
Global network connections
See Global Network Connections below.
Ingress Egress Gw Ar Global Network List Global Network Connections
Section titled “Ingress Egress Gw Ar Global Network List Global Network Connections”Deeply nested Connections block collapsed for readability.
Ingress Egress Gw Ar Global Network List Global Network Connections SLI To Global DR
Section titled “Ingress Egress Gw Ar Global Network List Global Network Connections SLI To Global DR”Deeply nested DR block collapsed for readability.
Ingress Egress Gw Ar Global Network List Global Network Connections SLI To Global DR Global Vn
Section titled “Ingress Egress Gw Ar Global Network List Global Network Connections SLI To Global DR Global Vn”Deeply nested Vn block collapsed for readability.
Ingress Egress Gw Ar Global Network List Global Network Connections Slo To Global DR
Section titled “Ingress Egress Gw Ar Global Network List Global Network Connections Slo To Global DR”Deeply nested DR block collapsed for readability.
Ingress Egress Gw Ar Global Network List Global Network Connections Slo To Global DR Global Vn
Section titled “Ingress Egress Gw Ar Global Network List Global Network Connections Slo To Global DR Global Vn”Deeply nested Vn block collapsed for readability.
Ingress Egress Gw Ar Hub
Section titled “Ingress Egress Gw Ar Hub”A hub block (within ingress_egress_gw_ar) supports the following:
• express_route_disabled - Optional Block
Enable this option
• express_route_enabled - Optional Block
Express Route Configuration. Express Route Configuration
See Express Route Enabled below.
• spoke_vnets - Optional Block
Spoke VNET Peering (Legacy). Spoke VNET Peering
See Spoke Vnets below.
Ingress Egress Gw Ar Hub Express Route Enabled
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled”Deeply nested Enabled block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Connections
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Connections”Deeply nested Connections block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Connections Metadata
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Connections Metadata”Deeply nested Metadata block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Connections Other Subscription
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Connections Other Subscription”Deeply nested Subscription block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Connections Other Subscription Authorized Key
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Connections Other Subscription Authorized Key”Deeply nested Key block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Connections Other Subscription Authorized Key Blindfold Secret Info
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Connections Other Subscription Authorized Key Blindfold Secret Info”Deeply nested Info block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Connections Other Subscription Authorized Key Blindfold Secret Info Internal
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Connections Other Subscription Authorized Key Blindfold Secret Info Internal”Deeply nested Internal block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Connections Other Subscription Authorized Key Clear Secret Info
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Connections Other Subscription Authorized Key Clear Secret Info”Deeply nested Info block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Connections Other Subscription Authorized Key Vault Secret Info
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Connections Other Subscription Authorized Key Vault Secret Info”Deeply nested Info block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Connections Other Subscription Authorized Key Wingman Secret Info
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Connections Other Subscription Authorized Key Wingman Secret Info”Deeply nested Info block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Gateway Subnet
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Gateway Subnet”Deeply nested Subnet block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Gateway Subnet Subnet
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Gateway Subnet Subnet”Deeply nested Subnet block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Gateway Subnet Subnet Param
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Gateway Subnet Subnet Param”Deeply nested Param block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Route Server Subnet
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Route Server Subnet”Deeply nested Subnet block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Route Server Subnet Subnet
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Route Server Subnet Subnet”Deeply nested Subnet block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Route Server Subnet Subnet Param
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Route Server Subnet Subnet Param”Deeply nested Param block collapsed for readability.
Ingress Egress Gw Ar Hub Express Route Enabled Site Registration Over Express Route
Section titled “Ingress Egress Gw Ar Hub Express Route Enabled Site Registration Over Express Route”Deeply nested Route block collapsed for readability.
Ingress Egress Gw Ar Hub Spoke Vnets
Section titled “Ingress Egress Gw Ar Hub Spoke Vnets”A spoke_vnets block (within ingress_egress_gw_ar.hub) supports the following:
• auto - Optional Block
Enable this option
• labels - Optional Block
Add Labels for each of the VNets peered with transit VNET, these labels can be used in firewall policy These labels used must be from known key and label defined in shared namespace
• manual - Optional Block
Enable this option
• vnet - Optional Block
Resource group and name of existing Azure VNET
See VNET below.
Ingress Egress Gw Ar Hub Spoke Vnets VNET
Section titled “Ingress Egress Gw Ar Hub Spoke Vnets VNET”Deeply nested VNET block collapsed for readability.
Ingress Egress Gw Ar Inside Static Routes
Section titled “Ingress Egress Gw Ar Inside Static Routes”An inside_static_routes block (within ingress_egress_gw_ar) supports the following:
• static_route_list - Optional Block
List of Static Routes. List of Static routes
See Static Route List below.
Ingress Egress Gw Ar Inside Static Routes Static Route List
Section titled “Ingress Egress Gw Ar Inside Static Routes Static Route List”Deeply nested List block collapsed for readability.
Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route
Section titled “Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route”Deeply nested Route block collapsed for readability.
Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Nexthop
Section titled “Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Nexthop”Deeply nested Nexthop block collapsed for readability.
Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Nexthop Interface
Section titled “Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Nexthop Interface”Deeply nested Interface block collapsed for readability.
Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address
Section titled “Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address”Deeply nested Address block collapsed for readability.
Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv4
Section titled “Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv4”Deeply nested IPv4 block collapsed for readability.
Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv6
Section titled “Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv6”Deeply nested IPv6 block collapsed for readability.
Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Subnets
Section titled “Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Subnets”Deeply nested Subnets block collapsed for readability.
Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Subnets IPv4
Section titled “Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Subnets IPv4”Deeply nested IPv4 block collapsed for readability.
Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Subnets IPv6
Section titled “Ingress Egress Gw Ar Inside Static Routes Static Route List Custom Static Route Subnets IPv6”Deeply nested IPv6 block collapsed for readability.
Ingress Egress Gw Ar Node
Section titled “Ingress Egress Gw Ar Node”A node block (within ingress_egress_gw_ar) supports the following:
• fault_domain - Optional Number
Namuber of fault domains to be used while creating the availability set
• inside_subnet - Optional Block
Configuration parameter for inside subnet
See Inside Subnet below.
• node_number - Optional Number
Number of main nodes to create, either 1 or 3
• outside_subnet - Optional Block
Configuration parameter for outside subnet
See Outside Subnet below.
• update_domain - Optional Number
Namuber of update domains to be used while creating the availability set
Ingress Egress Gw Ar Node Inside Subnet
Section titled “Ingress Egress Gw Ar Node Inside Subnet”An inside_subnet block (within ingress_egress_gw_ar.node) supports the following:
• subnet - Optional Block
Subnet specification for network segmentation
See Subnet below.
• subnet_param - Optional Block
Parameters for creating a new cloud subnet
See Subnet Param below.
Ingress Egress Gw Ar Node Inside Subnet Subnet
Section titled “Ingress Egress Gw Ar Node Inside Subnet Subnet”Deeply nested Subnet block collapsed for readability.
Ingress Egress Gw Ar Node Inside Subnet Subnet Param
Section titled “Ingress Egress Gw Ar Node Inside Subnet Subnet Param”Deeply nested Param block collapsed for readability.
Ingress Egress Gw Ar Node Outside Subnet
Section titled “Ingress Egress Gw Ar Node Outside Subnet”An outside_subnet block (within ingress_egress_gw_ar.node) supports the following:
• subnet - Optional Block
Subnet specification for network segmentation
See Subnet below.
• subnet_param - Optional Block
Parameters for creating a new cloud subnet
See Subnet Param below.
Ingress Egress Gw Ar Node Outside Subnet Subnet
Section titled “Ingress Egress Gw Ar Node Outside Subnet Subnet”Deeply nested Subnet block collapsed for readability.
Ingress Egress Gw Ar Node Outside Subnet Subnet Param
Section titled “Ingress Egress Gw Ar Node Outside Subnet Subnet Param”Deeply nested Param block collapsed for readability.
Ingress Egress Gw Ar Outside Static Routes
Section titled “Ingress Egress Gw Ar Outside Static Routes”An outside_static_routes block (within ingress_egress_gw_ar) supports the following:
• static_route_list - Optional Block
List of Static Routes. List of Static routes
See Static Route List below.
Ingress Egress Gw Ar Outside Static Routes Static Route List
Section titled “Ingress Egress Gw Ar Outside Static Routes Static Route List”Deeply nested List block collapsed for readability.
Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route
Section titled “Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route”Deeply nested Route block collapsed for readability.
Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Nexthop
Section titled “Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Nexthop”Deeply nested Nexthop block collapsed for readability.
Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Nexthop Interface
Section titled “Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Nexthop Interface”Deeply nested Interface block collapsed for readability.
Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address
Section titled “Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address”Deeply nested Address block collapsed for readability.
Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv4
Section titled “Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv4”Deeply nested IPv4 block collapsed for readability.
Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv6
Section titled “Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv6”Deeply nested IPv6 block collapsed for readability.
Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Subnets
Section titled “Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Subnets”Deeply nested Subnets block collapsed for readability.
Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Subnets IPv4
Section titled “Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Subnets IPv4”Deeply nested IPv4 block collapsed for readability.
Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Subnets IPv6
Section titled “Ingress Egress Gw Ar Outside Static Routes Static Route List Custom Static Route Subnets IPv6”Deeply nested IPv6 block collapsed for readability.
Ingress Egress Gw Ar Performance Enhancement Mode
Section titled “Ingress Egress Gw Ar Performance Enhancement Mode”A performance_enhancement_mode block (within ingress_egress_gw_ar) supports the following:
• perf_mode_l3_enhanced - Optional Block
Configuration parameter for perf mode l3 enhanced
See Perf Mode L3 Enhanced below.
• perf_mode_l7_enhanced - Optional Block
Configuration parameter for perf mode l7 enhanced
Ingress Egress Gw Ar Performance Enhancement Mode Perf Mode L3 Enhanced
Section titled “Ingress Egress Gw Ar Performance Enhancement Mode Perf Mode L3 Enhanced”Deeply nested Enhanced block collapsed for readability.
Ingress Gw
Section titled “Ingress Gw”An ingress_gw block supports the following:
• accelerated_networking - Optional Block
X-displayName: ‘Accelerated Networking Type’Accelerated Networking to reduce Latency, When Mode is toggled, traffic disruption will be seen
See Accelerated Networking below.
• az_nodes - Optional Block
Only Single AZ or Three AZ(s) nodes are supported currently
See Az Nodes below.
• azure_certified_hw - Optional String
Name for Azure certified hardware
• performance_enhancement_mode - Optional Block
Optimize the site for L3 or L7 traffic processing. L7 optimized is the default
See Performance Enhancement Mode below.
Ingress Gw Accelerated Networking
Section titled “Ingress Gw Accelerated Networking”An accelerated_networking block (within ingress_gw) supports the following:
• disable_spec - Optional Block
Enable this option
• enable - Optional Block
Enable this option
Ingress Gw Az Nodes
Section titled “Ingress Gw Az Nodes”An az_nodes block (within ingress_gw) supports the following:
• azure_az - Optional String
Zone depicting a grouping of datacenters within an Azure region. Expecting numeric input
• local_subnet - Optional Block
Configuration parameter for local subnet
See Local Subnet below.
Ingress Gw Az Nodes Local Subnet
Section titled “Ingress Gw Az Nodes Local Subnet”A local_subnet block (within ingress_gw.az_nodes) supports the following:
• subnet - Optional Block
Subnet specification for network segmentation
See Subnet below.
• subnet_param - Optional Block
Parameters for creating a new cloud subnet
See Subnet Param below.
Ingress Gw Az Nodes Local Subnet Subnet
Section titled “Ingress Gw Az Nodes Local Subnet Subnet”A subnet block (within ingress_gw.az_nodes.local_subnet) supports the following:
• subnet_name - Optional String
Subnet Name. Name of existing subnet
• subnet_resource_grp - Optional String
Specify name of Resource Group
• vnet_resource_group - Optional Block
Configuration parameter for VNET resource group
Ingress Gw Az Nodes Local Subnet Subnet Param
Section titled “Ingress Gw Az Nodes Local Subnet Subnet Param”Deeply nested Param block collapsed for readability.
Ingress Gw Performance Enhancement Mode
Section titled “Ingress Gw Performance Enhancement Mode”A performance_enhancement_mode block (within ingress_gw) supports the following:
• perf_mode_l3_enhanced - Optional Block
Configuration parameter for perf mode l3 enhanced
See Perf Mode L3 Enhanced below.
• perf_mode_l7_enhanced - Optional Block
Configuration parameter for perf mode l7 enhanced
Ingress Gw Performance Enhancement Mode Perf Mode L3 Enhanced
Section titled “Ingress Gw Performance Enhancement Mode Perf Mode L3 Enhanced”Deeply nested Enhanced block collapsed for readability.
Ingress Gw Ar
Section titled “Ingress Gw Ar”An ingress_gw_ar block supports the following:
• accelerated_networking - Optional Block
X-displayName: ‘Accelerated Networking Type’Accelerated Networking to reduce Latency, When Mode is toggled, traffic disruption will be seen
See Accelerated Networking below.
• azure_certified_hw - Optional String
Name for Azure certified hardware
• node - Optional Block
Parameters for creating Single interface Node for Alternate Region
See Node below.
• performance_enhancement_mode - Optional Block
Optimize the site for L3 or L7 traffic processing. L7 optimized is the default
See Performance Enhancement Mode below.
Ingress Gw Ar Accelerated Networking
Section titled “Ingress Gw Ar Accelerated Networking”An accelerated_networking block (within ingress_gw_ar) supports the following:
• disable_spec - Optional Block
Enable this option
• enable - Optional Block
Enable this option
Ingress Gw Ar Node
Section titled “Ingress Gw Ar Node”A node block (within ingress_gw_ar) supports the following:
• fault_domain - Optional Number
Namuber of fault domains to be used while creating the availability set
• local_subnet - Optional Block
Configuration parameter for local subnet
See Local Subnet below.
• node_number - Optional Number
Number of main nodes to create, either 1 or 3
• update_domain - Optional Number
Namuber of update domains to be used while creating the availability set
Ingress Gw Ar Node Local Subnet
Section titled “Ingress Gw Ar Node Local Subnet”A local_subnet block (within ingress_gw_ar.node) supports the following:
• subnet - Optional Block
Subnet specification for network segmentation
See Subnet below.
• subnet_param - Optional Block
Parameters for creating a new cloud subnet
See Subnet Param below.
Ingress Gw Ar Node Local Subnet Subnet
Section titled “Ingress Gw Ar Node Local Subnet Subnet”A subnet block (within ingress_gw_ar.node.local_subnet) supports the following:
• subnet_name - Optional String
Subnet Name. Name of existing subnet
• subnet_resource_grp - Optional String
Specify name of Resource Group
• vnet_resource_group - Optional Block
Configuration parameter for VNET resource group
Ingress Gw Ar Node Local Subnet Subnet Param
Section titled “Ingress Gw Ar Node Local Subnet Subnet Param”Deeply nested Param block collapsed for readability.
Ingress Gw Ar Performance Enhancement Mode
Section titled “Ingress Gw Ar Performance Enhancement Mode”A performance_enhancement_mode block (within ingress_gw_ar) supports the following:
• perf_mode_l3_enhanced - Optional Block
Configuration parameter for perf mode l3 enhanced
See Perf Mode L3 Enhanced below.
• perf_mode_l7_enhanced - Optional Block
Configuration parameter for perf mode l7 enhanced
Ingress Gw Ar Performance Enhancement Mode Perf Mode L3 Enhanced
Section titled “Ingress Gw Ar Performance Enhancement Mode Perf Mode L3 Enhanced”Deeply nested Enhanced block collapsed for readability.
Kubernetes Upgrade Drain
Section titled “Kubernetes Upgrade Drain”A kubernetes_upgrade_drain block supports the following:
• disable_upgrade_drain - Optional Block
Configuration parameter for disable upgrade drain
• enable_upgrade_drain - Optional Block
Specify batch upgrade settings for worker nodes within a site
See Enable Upgrade Drain below.
Kubernetes Upgrade Drain Enable Upgrade Drain
Section titled “Kubernetes Upgrade Drain Enable Upgrade Drain”An enable_upgrade_drain block (within kubernetes_upgrade_drain) supports the following:
• disable_vega_upgrade_mode - Optional Block
Configuration parameter for disable vega upgrade mode
• drain_max_unavailable_node_count - Optional Number
Node Batch Size Count
• drain_node_timeout - Optional Number
Seconds to wait before initiating upgrade on the next set of nodes. Setting it to 0 will wait indefinitely for all services on nodes to be upgraded gracefully before proceeding to the next set of nodes. (Warning: It may block upgrade if services on a node cannot be gracefully upgraded. It is
• enable_vega_upgrade_mode - Optional Block
Configuration parameter for enable vega upgrade mode
Log Receiver
Section titled “Log Receiver”A log_receiver block supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
Offline Survivability Mode
Section titled “Offline Survivability Mode”An offline_survivability_mode block supports the following:
• enable_offline_survivability_mode - Optional Block
Configuration parameter for enable offline survivability mode
• no_offline_survivability_mode - Optional Block
Configuration parameter for no offline survivability mode
An os block supports the following:
• default_os_version - Optional Block
Enable this option
• operating_system_version - Optional String
Specify a OS version to be used e.g. 9.2024.6
A sw block supports the following:
• default_sw_version - Optional Block
Enable this option
• volterra_software_version - Optional String
Specify a F5XC Software Version to be used e.g. Crt-20210329-1002
Timeouts
Section titled “Timeouts”A timeouts block supports the following:
• create - Optional String (Defaults to 30 minutes)
Used when creating the resource
• delete - Optional String (Defaults to 30 minutes)
Used when deleting the resource
• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource
• update - Optional String (Defaults to 30 minutes)
Used when updating the resource
A vnet block supports the following:
• existing_vnet - Optional Block
Resource group and name of existing Azure VNET
See Existing VNET below.
• new_vnet - Optional Block
X-displayName: ‘Azure VNET Parameters’ Parameters to create a new Azure VNET
See New VNET below.
VNET Existing VNET
Section titled “VNET Existing VNET”An existing_vnet block (within vnet) supports the following:
• f5_orchestrated_routing - Optional Block
Enable this option
• manual_routing - Optional Block
Enable this option
• resource_group - Optional String
Resource group of existing VNET
• vnet_name - Optional String
X-displayName: ‘Existing VNET Name’Name of existing VNET
VNET New VNET
Section titled “VNET New VNET”A new_vnet block (within vnet) supports the following:
• autogenerate - Optional Block
Configuration parameter for autogenerate
• name - Optional String
Specify the VNET Name
• primary_ipv4 - Optional String
X-displayName: ‘IPv4 CIDR block’IPv4 CIDR block for this VNET. It has to be private address space
Voltstack Cluster
Section titled “Voltstack Cluster”A voltstack_cluster block supports the following:
• accelerated_networking - Optional Block
X-displayName: ‘Accelerated Networking Type’Accelerated Networking to reduce Latency, When Mode is toggled, traffic disruption will be seen
See Accelerated Networking below.
• active_enhanced_firewall_policies - Optional Block
List of Enhanced Firewall Policies These policies use session-based rules and provide all OPTIONS available under firewall policies with an additional option for service insertion
See Active Enhanced Firewall Policies below.
• active_forward_proxy_policies - Optional Block
Ordered List of Forward Proxy Policies active
See Active Forward Proxy Policies below.
• active_network_policies - Optional Block
Configuration parameter for active network policies
See Active Network Policies below.
• az_nodes - Optional Block
Only Single AZ or Three AZ(s) nodes are supported currently
See Az Nodes below.
• azure_certified_hw - Optional String
Name for Azure certified hardware
• dc_cluster_group - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Dc Cluster Group below.
• default_storage - Optional Block
Configuration parameter for default storage
• forward_proxy_allow_all - Optional Block
Configuration parameter for forward proxy allow all
• global_network_list - Optional Block
Global Network Connection List. List of global network connections
See Global Network List below.
• k8s_cluster - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See K8S Cluster below.
• no_dc_cluster_group - Optional Block
Enable this option
• no_forward_proxy - Optional Block
Configuration parameter for no forward proxy
• no_global_network - Optional Block
Configuration parameter for no global network
• no_k8s_cluster - Optional Block
Enable this option
• no_network_policy - Optional Block
Policy configuration for this feature
• no_outside_static_routes - Optional Block
Configuration parameter for no outside static routes
• outside_static_routes - Optional Block
Configuration parameter for outside static routes
See Outside Static Routes below.
• sm_connection_public_ip - Optional Block
Enable this option
• sm_connection_pvt_ip - Optional Block
Enable this option
• storage_class_list - Optional Block
Add additional custom storage classes in Kubernetes for this site
See Storage Class List below.
Voltstack Cluster Accelerated Networking
Section titled “Voltstack Cluster Accelerated Networking”An accelerated_networking block (within voltstack_cluster) supports the following:
• disable_spec - Optional Block
Enable this option
• enable - Optional Block
Enable this option
Voltstack Cluster Active Enhanced Firewall Policies
Section titled “Voltstack Cluster Active Enhanced Firewall Policies”An active_enhanced_firewall_policies block (within voltstack_cluster) supports the following:
• enhanced_firewall_policies - Optional Block
Ordered List of Enhanced Firewall Policies active
See Enhanced Firewall Policies below.
Voltstack Cluster Active Enhanced Firewall Policies Enhanced Firewall Policies
Section titled “Voltstack Cluster Active Enhanced Firewall Policies Enhanced Firewall Policies”Deeply nested Policies block collapsed for readability.
Voltstack Cluster Active Forward Proxy Policies
Section titled “Voltstack Cluster Active Forward Proxy Policies”An active_forward_proxy_policies block (within voltstack_cluster) supports the following:
• forward_proxy_policies - Optional Block
Ordered List of Forward Proxy Policies active
See Forward Proxy Policies below.
Voltstack Cluster Active Forward Proxy Policies Forward Proxy Policies
Section titled “Voltstack Cluster Active Forward Proxy Policies Forward Proxy Policies”Deeply nested Policies block collapsed for readability.
Voltstack Cluster Active Network Policies
Section titled “Voltstack Cluster Active Network Policies”An active_network_policies block (within voltstack_cluster) supports the following:
• network_policies - Optional Block
Ordered List of Firewall Policies active for this network firewall
See Network Policies below.
Voltstack Cluster Active Network Policies Network Policies
Section titled “Voltstack Cluster Active Network Policies Network Policies”A network_policies block (within voltstack_cluster.active_network_policies) supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
Voltstack Cluster Az Nodes
Section titled “Voltstack Cluster Az Nodes”An az_nodes block (within voltstack_cluster) supports the following:
• azure_az - Optional String
Zone depicting a grouping of datacenters within an Azure region. Expecting numeric input
• local_subnet - Optional Block
Configuration parameter for local subnet
See Local Subnet below.
Voltstack Cluster Az Nodes Local Subnet
Section titled “Voltstack Cluster Az Nodes Local Subnet”A local_subnet block (within voltstack_cluster.az_nodes) supports the following:
• subnet - Optional Block
Subnet specification for network segmentation
See Subnet below.
• subnet_param - Optional Block
Parameters for creating a new cloud subnet
See Subnet Param below.
Voltstack Cluster Az Nodes Local Subnet Subnet
Section titled “Voltstack Cluster Az Nodes Local Subnet Subnet”A subnet block (within voltstack_cluster.az_nodes.local_subnet) supports the following:
• subnet_name - Optional String
Subnet Name. Name of existing subnet
• subnet_resource_grp - Optional String
Specify name of Resource Group
• vnet_resource_group - Optional Block
Configuration parameter for VNET resource group
Voltstack Cluster Az Nodes Local Subnet Subnet Param
Section titled “Voltstack Cluster Az Nodes Local Subnet Subnet Param”Deeply nested Param block collapsed for readability.
Voltstack Cluster Dc Cluster Group
Section titled “Voltstack Cluster Dc Cluster Group”A dc_cluster_group block (within voltstack_cluster) supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
Voltstack Cluster Global Network List
Section titled “Voltstack Cluster Global Network List”A global_network_list block (within voltstack_cluster) supports the following:
• global_network_connections - Optional Block
Global network connections
See Global Network Connections below.
Voltstack Cluster Global Network List Global Network Connections
Section titled “Voltstack Cluster Global Network List Global Network Connections”Deeply nested Connections block collapsed for readability.
Voltstack Cluster Global Network List Global Network Connections SLI To Global DR
Section titled “Voltstack Cluster Global Network List Global Network Connections SLI To Global DR”Deeply nested DR block collapsed for readability.
Voltstack Cluster Global Network List Global Network Connections SLI To Global DR Global Vn
Section titled “Voltstack Cluster Global Network List Global Network Connections SLI To Global DR Global Vn”Deeply nested Vn block collapsed for readability.
Voltstack Cluster Global Network List Global Network Connections Slo To Global DR
Section titled “Voltstack Cluster Global Network List Global Network Connections Slo To Global DR”Deeply nested DR block collapsed for readability.
Voltstack Cluster Global Network List Global Network Connections Slo To Global DR Global Vn
Section titled “Voltstack Cluster Global Network List Global Network Connections Slo To Global DR Global Vn”Deeply nested Vn block collapsed for readability.
Voltstack Cluster K8S Cluster
Section titled “Voltstack Cluster K8S Cluster”A k8s_cluster block (within voltstack_cluster) supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
Voltstack Cluster Outside Static Routes
Section titled “Voltstack Cluster Outside Static Routes”An outside_static_routes block (within voltstack_cluster) supports the following:
• static_route_list - Optional Block
List of Static Routes. List of Static routes
See Static Route List below.
Voltstack Cluster Outside Static Routes Static Route List
Section titled “Voltstack Cluster Outside Static Routes Static Route List”Deeply nested List block collapsed for readability.
Voltstack Cluster Outside Static Routes Static Route List Custom Static Route
Section titled “Voltstack Cluster Outside Static Routes Static Route List Custom Static Route”Deeply nested Route block collapsed for readability.
Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Nexthop
Section titled “Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Nexthop”Deeply nested Nexthop block collapsed for readability.
Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Nexthop Interface
Section titled “Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Nexthop Interface”Deeply nested Interface block collapsed for readability.
Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address
Section titled “Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address”Deeply nested Address block collapsed for readability.
Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv4
Section titled “Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv4”Deeply nested IPv4 block collapsed for readability.
Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv6
Section titled “Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv6”Deeply nested IPv6 block collapsed for readability.
Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Subnets
Section titled “Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Subnets”Deeply nested Subnets block collapsed for readability.
Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Subnets IPv4
Section titled “Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Subnets IPv4”Deeply nested IPv4 block collapsed for readability.
Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Subnets IPv6
Section titled “Voltstack Cluster Outside Static Routes Static Route List Custom Static Route Subnets IPv6”Deeply nested IPv6 block collapsed for readability.
Voltstack Cluster Storage Class List
Section titled “Voltstack Cluster Storage Class List”A storage_class_list block (within voltstack_cluster) supports the following:
• storage_classes - Optional Block
List of Storage Classes. List of custom storage classes
See Storage Classes below.
Voltstack Cluster Storage Class List Storage Classes
Section titled “Voltstack Cluster Storage Class List Storage Classes”A storage_classes block (within voltstack_cluster.storage_class_list) supports the following:
• default_storage_class - Optional Bool
Make this storage class default storage class for the K8S cluster
• storage_class_name - Optional String
Name of the storage class as it will appear in K8S
Voltstack Cluster Ar
Section titled “Voltstack Cluster Ar”A voltstack_cluster_ar block supports the following:
• accelerated_networking - Optional Block
X-displayName: ‘Accelerated Networking Type’Accelerated Networking to reduce Latency, When Mode is toggled, traffic disruption will be seen
See Accelerated Networking below.
• active_enhanced_firewall_policies - Optional Block
List of Enhanced Firewall Policies These policies use session-based rules and provide all OPTIONS available under firewall policies with an additional option for service insertion
See Active Enhanced Firewall Policies below.
• active_forward_proxy_policies - Optional Block
Ordered List of Forward Proxy Policies active
See Active Forward Proxy Policies below.
• active_network_policies - Optional Block
Configuration parameter for active network policies
See Active Network Policies below.
• azure_certified_hw - Optional String
Name for Azure certified hardware
• dc_cluster_group - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Dc Cluster Group below.
• default_storage - Optional Block
Configuration parameter for default storage
• forward_proxy_allow_all - Optional Block
Configuration parameter for forward proxy allow all
• global_network_list - Optional Block
Global Network Connection List. List of global network connections
See Global Network List below.
• k8s_cluster - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See K8S Cluster below.
• no_dc_cluster_group - Optional Block
Enable this option
• no_forward_proxy - Optional Block
Configuration parameter for no forward proxy
• no_global_network - Optional Block
Configuration parameter for no global network
• no_k8s_cluster - Optional Block
Enable this option
• no_network_policy - Optional Block
Policy configuration for this feature
• no_outside_static_routes - Optional Block
Configuration parameter for no outside static routes
• node - Optional Block
Parameters for creating Single interface Node for Alternate Region
See Node below.
• outside_static_routes - Optional Block
Configuration parameter for outside static routes
See Outside Static Routes below.
• sm_connection_public_ip - Optional Block
Enable this option
• sm_connection_pvt_ip - Optional Block
Enable this option
• storage_class_list - Optional Block
Add additional custom storage classes in Kubernetes for this site
See Storage Class List below.
Voltstack Cluster Ar Accelerated Networking
Section titled “Voltstack Cluster Ar Accelerated Networking”An accelerated_networking block (within voltstack_cluster_ar) supports the following:
• disable_spec - Optional Block
Enable this option
• enable - Optional Block
Enable this option
Voltstack Cluster Ar Active Enhanced Firewall Policies
Section titled “Voltstack Cluster Ar Active Enhanced Firewall Policies”An active_enhanced_firewall_policies block (within voltstack_cluster_ar) supports the following:
• enhanced_firewall_policies - Optional Block
Ordered List of Enhanced Firewall Policies active
See Enhanced Firewall Policies below.
Voltstack Cluster Ar Active Enhanced Firewall Policies Enhanced Firewall Policies
Section titled “Voltstack Cluster Ar Active Enhanced Firewall Policies Enhanced Firewall Policies”Deeply nested Policies block collapsed for readability.
Voltstack Cluster Ar Active Forward Proxy Policies
Section titled “Voltstack Cluster Ar Active Forward Proxy Policies”An active_forward_proxy_policies block (within voltstack_cluster_ar) supports the following:
• forward_proxy_policies - Optional Block
Ordered List of Forward Proxy Policies active
See Forward Proxy Policies below.
Voltstack Cluster Ar Active Forward Proxy Policies Forward Proxy Policies
Section titled “Voltstack Cluster Ar Active Forward Proxy Policies Forward Proxy Policies”Deeply nested Policies block collapsed for readability.
Voltstack Cluster Ar Active Network Policies
Section titled “Voltstack Cluster Ar Active Network Policies”An active_network_policies block (within voltstack_cluster_ar) supports the following:
• network_policies - Optional Block
Ordered List of Firewall Policies active for this network firewall
See Network Policies below.
Voltstack Cluster Ar Active Network Policies Network Policies
Section titled “Voltstack Cluster Ar Active Network Policies Network Policies”Deeply nested Policies block collapsed for readability.
Voltstack Cluster Ar Dc Cluster Group
Section titled “Voltstack Cluster Ar Dc Cluster Group”A dc_cluster_group block (within voltstack_cluster_ar) supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
Voltstack Cluster Ar Global Network List
Section titled “Voltstack Cluster Ar Global Network List”A global_network_list block (within voltstack_cluster_ar) supports the following:
• global_network_connections - Optional Block
Global network connections
See Global Network Connections below.
Voltstack Cluster Ar Global Network List Global Network Connections
Section titled “Voltstack Cluster Ar Global Network List Global Network Connections”Deeply nested Connections block collapsed for readability.
Voltstack Cluster Ar Global Network List Global Network Connections SLI To Global DR
Section titled “Voltstack Cluster Ar Global Network List Global Network Connections SLI To Global DR”Deeply nested DR block collapsed for readability.
Voltstack Cluster Ar Global Network List Global Network Connections SLI To Global DR Global Vn
Section titled “Voltstack Cluster Ar Global Network List Global Network Connections SLI To Global DR Global Vn”Deeply nested Vn block collapsed for readability.
Voltstack Cluster Ar Global Network List Global Network Connections Slo To Global DR
Section titled “Voltstack Cluster Ar Global Network List Global Network Connections Slo To Global DR”Deeply nested DR block collapsed for readability.
Voltstack Cluster Ar Global Network List Global Network Connections Slo To Global DR Global Vn
Section titled “Voltstack Cluster Ar Global Network List Global Network Connections Slo To Global DR Global Vn”Deeply nested Vn block collapsed for readability.
Voltstack Cluster Ar K8S Cluster
Section titled “Voltstack Cluster Ar K8S Cluster”A k8s_cluster block (within voltstack_cluster_ar) supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
Voltstack Cluster Ar Node
Section titled “Voltstack Cluster Ar Node”A node block (within voltstack_cluster_ar) supports the following:
• fault_domain - Optional Number
Namuber of fault domains to be used while creating the availability set
• local_subnet - Optional Block
Configuration parameter for local subnet
See Local Subnet below.
• node_number - Optional Number
Number of main nodes to create, either 1 or 3
• update_domain - Optional Number
Namuber of update domains to be used while creating the availability set
Voltstack Cluster Ar Node Local Subnet
Section titled “Voltstack Cluster Ar Node Local Subnet”A local_subnet block (within voltstack_cluster_ar.node) supports the following:
• subnet - Optional Block
Subnet specification for network segmentation
See Subnet below.
• subnet_param - Optional Block
Parameters for creating a new cloud subnet
See Subnet Param below.
Voltstack Cluster Ar Node Local Subnet Subnet
Section titled “Voltstack Cluster Ar Node Local Subnet Subnet”A subnet block (within voltstack_cluster_ar.node.local_subnet) supports the following:
• subnet_name - Optional String
Subnet Name. Name of existing subnet
• subnet_resource_grp - Optional String
Specify name of Resource Group
• vnet_resource_group - Optional Block
Configuration parameter for VNET resource group
Voltstack Cluster Ar Node Local Subnet Subnet Param
Section titled “Voltstack Cluster Ar Node Local Subnet Subnet Param”Deeply nested Param block collapsed for readability.
Voltstack Cluster Ar Outside Static Routes
Section titled “Voltstack Cluster Ar Outside Static Routes”An outside_static_routes block (within voltstack_cluster_ar) supports the following:
• static_route_list - Optional Block
List of Static Routes. List of Static routes
See Static Route List below.
Voltstack Cluster Ar Outside Static Routes Static Route List
Section titled “Voltstack Cluster Ar Outside Static Routes Static Route List”Deeply nested List block collapsed for readability.
Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route
Section titled “Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route”Deeply nested Route block collapsed for readability.
Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Nexthop
Section titled “Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Nexthop”Deeply nested Nexthop block collapsed for readability.
Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Nexthop Interface
Section titled “Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Nexthop Interface”Deeply nested Interface block collapsed for readability.
Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address
Section titled “Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address”Deeply nested Address block collapsed for readability.
Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv4
Section titled “Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv4”Deeply nested IPv4 block collapsed for readability.
Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv6
Section titled “Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Nexthop Nexthop Address IPv6”Deeply nested IPv6 block collapsed for readability.
Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Subnets
Section titled “Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Subnets”Deeply nested Subnets block collapsed for readability.
Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Subnets IPv4
Section titled “Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Subnets IPv4”Deeply nested IPv4 block collapsed for readability.
Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Subnets IPv6
Section titled “Voltstack Cluster Ar Outside Static Routes Static Route List Custom Static Route Subnets IPv6”Deeply nested IPv6 block collapsed for readability.
Voltstack Cluster Ar Storage Class List
Section titled “Voltstack Cluster Ar Storage Class List”A storage_class_list block (within voltstack_cluster_ar) supports the following:
• storage_classes - Optional Block
List of Storage Classes. List of custom storage classes
See Storage Classes below.
Voltstack Cluster Ar Storage Class List Storage Classes
Section titled “Voltstack Cluster Ar Storage Class List Storage Classes”Deeply nested Classes block collapsed for readability.
Common Types
Section titled “Common Types”The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.
Object Reference {#common-object-reference}
Section titled “Object Reference {#common-object-reference}”Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.
| Field | Type | Description |
|---|---|---|
name | String | Name of the referenced object |
namespace | String | Namespace containing the referenced object |
tenant | String | Tenant of the referenced object (system-managed) |
Transformers {#common-transformers}
Section titled “Transformers {#common-transformers}”Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.
| Value | Description |
|---|---|
LOWER_CASE | Convert to lowercase |
UPPER_CASE | Convert to uppercase |
BASE64_DECODE | Decodebase64 content |
NORMALIZE_PATH | Normalize URL path |
REMOVE_WHITESPACE | Remove whitespace characters |
URL_DECODE | Decode URL-encoded characters |
TRIM_LEFT | Trim leading whitespace |
TRIM_RIGHT | Trim trailing whitespace |
TRIM | Trim both leading and trailing whitespace |
HTTP Methods {#common-http-methods}
Section titled “HTTP Methods {#common-http-methods}”HTTP methods used for request matching.
| Value | Description |
|---|---|
ANY | Match any HTTP method |
GET | HTTP GET request |
HEAD | HTTP HEAD request |
POST | HTTP POST request |
PUT | HTTP PUT request |
DELETE | HTTP DELETE request |
CONNECT | HTTP CONNECT request |
OPTIONS | HTTP OPTIONS request |
TRACE | HTTP TRACE request |
PATCH | HTTP PATCH request |
COPY | HTTP COPY request (WebDAV) |
TLS Fingerprints {#common-tls-fingerprints}
Section titled “TLS Fingerprints {#common-tls-fingerprints}”TLS fingerprint categories for malicious client detection.
| Value | Description |
|---|---|
TLS_FINGERPRINT_NONE | No fingerprint matching |
ANY_MALICIOUS_FINGERPRINT | Match any known malicious fingerprint |
ADWARE | Adware-associated fingerprints |
DRIDEX | Dridex malware fingerprints |
GOOTKIT | Gootkit malware fingerprints |
RANSOMWARE | Ransomware-associated fingerprints |
TRICKBOT | Trickbot malware fingerprints |
IP Threat Categories {#common-ip-threat-categories}
Section titled “IP Threat Categories {#common-ip-threat-categories}”IP address threat categories for security filtering.
| Value | Description |
|---|---|
SPAM_SOURCES | Known spam sources |
WINDOWS_EXPLOITS | Windows exploit sources |
WEB_ATTACKS | Web attack sources |
BOTNETS | Known botnet IPs |
SCANNERS | Network scanner IPs |
REPUTATION | Poor reputation IPs |
PHISHING | Phishing-related IPs |
PROXY | Anonymous proxy IPs |
MOBILE_THREATS | Mobile threat sources |
TOR_PROXY | Tor exit nodes |
DENIAL_OF_SERVICE | DoS attack sources |
NETWORK | Known bad network ranges |
Import
Section titled “Import”Import is supported using the following syntax:
# Import using namespace/name formatterraform import f5xc_azure_vnet_site.example system/example