f5xc_dns_proxy Resource - terraform-provider-f5xc

f5xc_dns_proxy (Resource)

Manages DNS Proxy in a given namespace. If one already exists it will give an error. in F5 Distributed Cloud.

~> Note For more information about this resource, please refer to the F5 XC API Documentation.

Example Usage

# DNS Proxy Resource Example
# Manages DNS Proxy in a given namespace. If one already exists it will give an error. in F5 Distributed Cloud.

terraform {
  required_version = ">= 1.0"

  required_providers {
    f5xc = {
      source  = "f5xc-salesdemos/f5xc"
      version = ">= 0.1.0"
    }
  }
}

# Basic DNS Proxy configuration
resource "f5xc_dns_proxy" "example" {
  name      = "example-dns-proxy"
  namespace = "staging"

  labels = {
    environment = "production"
    managed_by  = "terraform"
  }

  annotations = {
    "owner" = "platform-team"
  }

  # Resource-specific configuration
  # DNS Cache specifies cache configuration.
  cache_profile {
    # Configure cache_profile settings
  }
  # Configuration parameter for disable cache profile.
  disable_cache_profile {
    # Configure disable_cache_profile settings
  }
  # Configuration parameter for ddos profile.
  ddos_profile {
    # Configure ddos_profile settings
  }
}

Argument Reference

🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.

Metadata Argument Reference

• name - Required String
Name of the DNS Proxy. Must be unique within the namespace

• namespace - Required String
Namespace where the DNS Proxy will be created

• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata

• description - Optional String
Human readable description for the object

• disable - Optional Bool
A value of true will administratively disable the object

• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering

Spec Argument Reference

• cache_profile - Optional Block
DNS Cache specifies cache configuration
See Cache Profile below for details.

• ddos_profile - Optional Block
Configuration parameter for DDOS profile
See DDOS Profile below for details.

• irules - Optional Block
OPTIONS for attaching iRules to DNS proxy
See Irules below for details.

• lb_algorithm - Optional Block
Configuration parameter for LB algorithm
See LB Algorithm below for details.

• origin_servers - Optional Block
List of origin Servers for the DNS proxy
See Origin Servers below for details.

• protocol_inspection - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Protocol Inspection below for details.

• proxy_advertisement - Optional Block
Configuration parameter for proxy advertisement
See Proxy Advertisement below for details.

• timeouts - Optional Block
See Timeouts below for details.

• transport_type - Required String Defaults to UDP
Possible values are UDP, TCP, BothTCPAndUDP
[Enum: UDP|TCP|BothTCPAndUDP] Transport Type - UDP: UDP - TCP: TCP - BothTCPAndUDP: Both TCP and UDP

Attributes Reference

In addition to all arguments above, the following attributes are exported:

• id - Optional String
Unique identifier for the resource

---

Cache Profile

A cache_profile block supports the following:

• cache_size - Optional Number
cache size

• disable_cache_profile - Optional Block
Configuration parameter for disable cache profile

DDOS Profile

A ddos_profile block supports the following:

• disable_ddos_mitigation - Optional Block
Enable this option

• enable_ddos_mitigation - Optional Block
Enable this option

Irules

An irules block supports the following:

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

LB Algorithm

A lb_algorithm block supports the following:

• round_robin - Optional Block
Configuration parameter for round robin

Origin Servers

An origin_servers block supports the following:

• health_checks - Optional Block
Configuration parameter for health checks
See Health Checks below.

• origin_servers - Optional Block
List of origin servers for Proxy
See Origin Servers below.

Origin Servers Health Checks

A health_checks block (within origin_servers) supports the following:

• health_check - Optional Block
List of Health Checks. List of Health Checks
See Health Check below.

• healthy_threshold - Optional Number
Number of successful responses before declaring healthy. In other words, this is the number of healthy health checks required before a host is marked healthy. Note that during startup, only a single successful health check is required to mark a host healthy

• interval - Optional Number
Time interval in seconds between two healthcheck requests

• timeout - Optional Number
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure

• unhealthy_threshold - Optional Number
Number of failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a host is marked unhealthy. Note that for HTTP health checkingg if a host responds with 503 this threshold is ignored and the host is considered unhealthy immediately

Origin Servers Health Checks Health Check

A health_check block (within origin_servers.health_checks) supports the following:

• dns_health_check - Optional Block
DNS health check reports healthy if DNS query is successful and response header and answer matches the given value
See DNS Health Check below.

• icmp_health_check - Optional Block
Configuration parameter for ICMP health check

• tcp_health_check - Optional Block
Monitor reports healthy status if UDP connection is successful and response payload matches expected response pattern
See TCP Health Check below.

Origin Servers Health Checks Health Check DNS Health Check

Deeply nested Check block collapsed for readability.

Origin Servers Health Checks Health Check TCP Health Check

Deeply nested Check block collapsed for readability.

Origin Servers Origin Servers

An origin_servers block (within origin_servers) supports the following:

• k8s_service - Optional Block
Specify origin server with K8S service name and site information
See K8S Service below.

• no_preference - Optional Block
Configuration parameter for no preference

• public_ip - Optional Block
Specify origin server with public IP address
See Public IP below.

• public_name - Optional Block
Specify origin server with public DNS name
See Public Name below.

• site_preferences - Optional Block
Carries the references to one or more sites
See Site Preferences below.

Origin Servers Origin Servers K8S Service

A k8s_service block (within origin_servers.origin_servers) supports the following:

• inside_network - Optional Block
Configuration parameter for inside network

• outside_network - Optional Block
Configuration parameter for outside network

• protocol - Optional String Defaults to PROTOCOL_TCP
Possible values are PROTOCOL_TCP, PROTOCOL_UDP
[Enum: PROTOCOL_TCP|PROTOCOL_UDP] Type of protocol - PROTOCOL_TCP: TCP - PROTOCOL_UDP: UDP

• service_name - Optional String
K8S service name of the origin server will be listed, including the namespace and cluster-ID. For vK8s services, you need to enter a string with the format servicename.namespace:cluster-ID. If the servicename is ‘frontend’, namespace is ‘speedtest’ and cluster-ID is ‘prod’

• site_locator - Optional Block
Message defines a reference to a site or virtual site object
See Site Locator below.

• snat_pool - Optional Block
SNAT Pool. SNAT Pool configuration
See Snat Pool below.

• vk8s_networks - Optional Block
Configuration parameter for vk8s networks

Origin Servers Origin Servers K8S Service Site Locator

Deeply nested Locator block collapsed for readability.

Origin Servers Origin Servers K8S Service Site Locator Site

Deeply nested Site block collapsed for readability.

Origin Servers Origin Servers K8S Service Site Locator Virtual Site

Deeply nested Site block collapsed for readability.

Origin Servers Origin Servers K8S Service Snat Pool

Deeply nested Pool block collapsed for readability.

Origin Servers Origin Servers K8S Service Snat Pool Snat Pool

Deeply nested Pool block collapsed for readability.

Origin Servers Origin Servers Public IP

A public_ip block (within origin_servers.origin_servers) supports the following:

• ip - Optional String
Public IPv4. Public IPv4 address

Origin Servers Origin Servers Public Name

A public_name block (within origin_servers.origin_servers) supports the following:

• dns_name - Optional String
DNS Name. DNS Name

• refresh_interval - Optional Number
Interval for DNS refresh in seconds. Max value is 7 days as per HTTPS://datatracker.ietf.org/doc/HTML/rfc8767.

Origin Servers Origin Servers Site Preferences

A site_preferences block (within origin_servers.origin_servers) supports the following:

• refs - Optional Block
Site References. Reference to one or more sites
See Refs below.

Origin Servers Origin Servers Site Preferences Refs

A refs block (within origin_servers.origin_servers.site_preferences) supports the following:

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

Protocol Inspection

A protocol_inspection block supports the following:

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

Proxy Advertisement

A proxy_advertisement block supports the following:

• advertise_custom - Optional Block
Defines a way to advertise a VIP on specific sites
See Advertise Custom below.

• advertise_on_public - Optional Block
Defines a way to advertise a load balancer on public. If optional public_ip is provided, it will only be advertised on RE sites where that public_ip is available
See Advertise On Public below.

• advertise_on_public_default_vip - Optional Block
Enable this option

• do_not_advertise - Optional Block
Configuration parameter for do not advertise

Proxy Advertisement Advertise Custom

An advertise_custom block (within proxy_advertisement) supports the following:

• advertise_where - Optional Block
Where should this load balancer be available
See Advertise Where below.

Proxy Advertisement Advertise Custom Advertise Where

An advertise_where block (within proxy_advertisement.advertise_custom) supports the following:

• advertise_on_public - Optional Block
Defines a way to advertise a load balancer on public. If optional public_ip is provided, it will only be advertised on RE sites where that public_ip is available
See Advertise On Public below.

• port - Optional Number
Port to Listen

• port_ranges - Optional String
A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ’-’

• site - Optional Block
Defines a reference to a CE site along with network type and an optional IP address where a load balancer could be advertised
See Site below.

• use_default_port - Optional Block
Enable this option

• virtual_network - Optional Block
Parameters to advertise on a given virtual network
See Virtual Network below.

• virtual_site - Optional Block
Defines a reference to a customer site virtual site along with network type where a load balancer could be advertised
See Virtual Site below.

• virtual_site_with_vip - Optional Block
Defines a reference to a customer site virtual site along with network type and IP where a load balancer could be advertised
See Virtual Site With VIP below.

• vk8s_service - Optional Block
Defines a reference to a RE site or virtual site where a load balancer could be advertised in the vK8s service network
See Vk8s Service below.

Proxy Advertisement Advertise Custom Advertise Where Advertise On Public

Deeply nested Public block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Advertise On Public Public IP

Deeply nested IP block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Site

A site block (within proxy_advertisement.advertise_custom.advertise_where) supports the following:

• ip - Optional String
Use given IP address as VIP on the site

• network - Optional String Defaults to SITE_NETWORK_INSIDE_AND_OUTSIDE
Possible values are SITE_NETWORK_INSIDE_AND_OUTSIDE, SITE_NETWORK_INSIDE, SITE_NETWORK_OUTSIDE, SITE_NETWORK_SERVICE, SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP, SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP, SITE_NETWORK_IP_FABRIC
[Enum: SITE_NETWORK_INSIDE_AND_OUTSIDE|SITE_NETWORK_INSIDE|SITE_NETWORK_OUTSIDE|SITE_NETWORK_SERVICE|SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_IP_FABRIC] Defines network types to be used on site All inside and outside networks. All inside and outside networks with internet VIP support. All inside networks

• site - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Site below.

Proxy Advertisement Advertise Custom Advertise Where Site Site

Deeply nested Site block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Virtual Network

Deeply nested Network block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Virtual Network Virtual Network

Deeply nested Network block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Virtual Site

Deeply nested Site block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Virtual Site Virtual Site

Deeply nested Site block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Virtual Site With VIP

Deeply nested VIP block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Virtual Site With VIP Virtual Site

Deeply nested Site block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Vk8s Service

Deeply nested Service block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Vk8s Service Site

Deeply nested Site block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Vk8s Service Virtual Site

Deeply nested Site block collapsed for readability.

Proxy Advertisement Advertise On Public

An advertise_on_public block (within proxy_advertisement) supports the following:

• public_ip - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Public IP below.

Proxy Advertisement Advertise On Public Public IP

A public_ip block (within proxy_advertisement.advertise_on_public) supports the following:

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

Timeouts

A timeouts block supports the following:

• create - Optional String (Defaults to 10 minutes)
Used when creating the resource

• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource

• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource

• update - Optional String (Defaults to 10 minutes)
Used when updating the resource

---

Common Types

The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.

Object Reference {#common-object-reference}

Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.

Field	Type	Description
name	String	Name of the referenced object
namespace	String	Namespace containing the referenced object
tenant	String	Tenant of the referenced object (system-managed)

Transformers {#common-transformers}

Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.

Value	Description
LOWER_CASE	Convert to lowercase
UPPER_CASE	Convert to uppercase
BASE64_DECODE	Decodebase64 content
NORMALIZE_PATH	Normalize URL path
REMOVE_WHITESPACE	Remove whitespace characters
URL_DECODE	Decode URL-encoded characters
TRIM_LEFT	Trim leading whitespace
TRIM_RIGHT	Trim trailing whitespace
TRIM	Trim both leading and trailing whitespace

HTTP Methods {#common-http-methods}

HTTP methods used for request matching.

Value	Description
ANY	Match any HTTP method
GET	HTTP GET request
HEAD	HTTP HEAD request
POST	HTTP POST request
PUT	HTTP PUT request
DELETE	HTTP DELETE request
CONNECT	HTTP CONNECT request
OPTIONS	HTTP OPTIONS request
TRACE	HTTP TRACE request
PATCH	HTTP PATCH request
COPY	HTTP COPY request (WebDAV)

TLS Fingerprints {#common-tls-fingerprints}

TLS fingerprint categories for malicious client detection.

Value	Description
TLS_FINGERPRINT_NONE	No fingerprint matching
ANY_MALICIOUS_FINGERPRINT	Match any known malicious fingerprint
ADWARE	Adware-associated fingerprints
DRIDEX	Dridex malware fingerprints
GOOTKIT	Gootkit malware fingerprints
RANSOMWARE	Ransomware-associated fingerprints
TRICKBOT	Trickbot malware fingerprints

IP Threat Categories {#common-ip-threat-categories}

IP address threat categories for security filtering.

Value	Description
SPAM_SOURCES	Known spam sources
WINDOWS_EXPLOITS	Windows exploit sources
WEB_ATTACKS	Web attack sources
BOTNETS	Known botnet IPs
SCANNERS	Network scanner IPs
REPUTATION	Poor reputation IPs
PHISHING	Phishing-related IPs
PROXY	Anonymous proxy IPs
MOBILE_THREATS	Mobile threat sources
TOR_PROXY	Tor exit nodes
DENIAL_OF_SERVICE	DoS attack sources
NETWORK	Known bad network ranges

Import

Import is supported using the following syntax:

# Import using namespace/name format
terraform import f5xc_dns_proxy.example system/example