f5xc_healthcheck Resource - terraform-provider-f5xc
f5xc_healthcheck (Resource)
Section titled “f5xc_healthcheck (Resource)”Manages a Healthcheck resource in F5 Distributed Cloud for healthcheck object defines method to determine if the given endpoint is healthy. single healthcheck object can be referred to by one or many cluster objects. configuration.
~> Note For more information about this resource, please refer to the F5 XC API Documentation.
Example Usage
Section titled “Example Usage”# Healthcheck Resource Example# Manages a Healthcheck resource in F5 Distributed Cloud for healthcheck object defines method to determine if the given endpoint is healthy. single healthcheck object can be referred to by one or many cluster objects. configuration.
terraform { required_version = ">= 1.0"
required_providers { f5xc = { source = "f5xc-salesdemos/f5xc" version = ">= 0.1.0" } }}
# Basic Healthcheck configurationresource "f5xc_healthcheck" "example" { name = "example-healthcheck" namespace = "staging"
labels = { environment = "production" managed_by = "terraform" }
annotations = { "owner" = "platform-team" }
// One of the arguments from this list "http_health_check tcp_health_check udp_icmp_health_check" must be set
http_health_check { // One of the arguments from this list "host_header use_origin_server_name" must be set
use_origin_server_name {}
path = "/health" use_http2 = false expected_status_codes = ["200"]
// One of the arguments from this list "headers request_headers_to_remove" must be set
headers = { "x-health-check" = "true" } }
healthy_threshold = 3 unhealthy_threshold = 3 interval = 15 timeout = 5}
# The following optional fields have server-applied defaults and can be omitted:# - jitter_percentVerified Configuration Examples
Section titled “Verified Configuration Examples”These configurations are extracted from acceptance tests verified against the live F5 XC API.
All Attributes
Section titled “All Attributes”resource "f5xc_healthcheck" "test" { name = "example" namespace = "system"
healthy_threshold = 1 unhealthy_threshold = 2 timeout = 3 interval = 5
labels = { environment = "test" managed_by = "terraform-acceptance-test" }
annotations = { purpose = "acceptance-testing" owner = "ci-cd" }
tcp_health_check {}}Http Headers Remove
Section titled “Http Headers Remove”resource "f5xc_healthcheck" "test" { name = "example" namespace = "system"
healthy_threshold = 1 unhealthy_threshold = 2 timeout = 3 interval = 5
http_health_check { path = "example-value" host_header = "example.com" request_headers_to_remove = ["X-Custom-Header", "X-Debug"] }}Http Health Check
Section titled “Http Health Check”resource "f5xc_healthcheck" "test" { name = "example" namespace = "system"
healthy_threshold = 1 unhealthy_threshold = 2 timeout = 3 interval = 5
http_health_check { path = "/health" host_header = "example.com" }}Http Http2
Section titled “Http Http2”resource "f5xc_healthcheck" "test" { name = "example" namespace = "system"
healthy_threshold = 1 unhealthy_threshold = 2 timeout = 3 interval = 5
http_health_check { path = "example-value" host_header = "example.com" use_http2 = true }}Http Origin Server Name
Section titled “Http Origin Server Name”resource "f5xc_healthcheck" "test" { name = "example" namespace = "system"
healthy_threshold = 1 unhealthy_threshold = 2 timeout = 3 interval = 5
http_health_check { path = "example-value" use_origin_server_name {} }}Http Status Codes
Section titled “Http Status Codes”resource "f5xc_healthcheck" "test" { name = "example" namespace = "system"
healthy_threshold = 1 unhealthy_threshold = 2 timeout = 3 interval = 5
http_health_check { path = "example-value" host_header = "example.com" expected_status_codes = ["200", "201", "204"] }}Http With Path
Section titled “Http With Path”resource "f5xc_healthcheck" "test" { name = "example" namespace = "system"
healthy_threshold = 1 unhealthy_threshold = 2 timeout = 3 interval = 5
http_health_check { path = "example-value" host_header = "example.com" }}Thresholds
Section titled “Thresholds”resource "f5xc_healthcheck" "test" { name = "example" namespace = "system"
healthy_threshold = 443 unhealthy_threshold = 3 timeout = 5 interval = 15
tcp_health_check {}}Udp Icmp
Section titled “Udp Icmp”resource "f5xc_healthcheck" "test" { name = "example" namespace = "system"
healthy_threshold = 1 unhealthy_threshold = 2 timeout = 3 interval = 5
udp_icmp_health_check {}}With Annotations
Section titled “With Annotations”resource "f5xc_healthcheck" "test" { name = "example" namespace = "system"
healthy_threshold = 1 unhealthy_threshold = 2 timeout = 3 interval = 5
annotations = { key1 = "example-value" key2 = "example-description" }
tcp_health_check {}}With Description
Section titled “With Description”resource "f5xc_healthcheck" "test" { name = "example" namespace = "system" description = "example-value"
healthy_threshold = 1 unhealthy_threshold = 2 timeout = 3 interval = 5
tcp_health_check {}}With Jitter
Section titled “With Jitter”resource "f5xc_healthcheck" "test" { name = "example" namespace = "system"
healthy_threshold = 1 unhealthy_threshold = 2 timeout = 3 interval = 5 jitter_percent = 443
tcp_health_check {}}With Labels
Section titled “With Labels”resource "f5xc_healthcheck" "test" { name = "example" namespace = "system"
healthy_threshold = 1 unhealthy_threshold = 2 timeout = 3 interval = 5
labels = { environment = "example-value" managed_by = "example-description" }
tcp_health_check {}}Argument Reference
Section titled “Argument Reference”🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.
Minimum Configuration
Section titled “Minimum Configuration”Required fields:
namenamespaceintervaltimeouthealthy_thresholdunhealthy_threshold
Example (API format):
apiVersion: v1kind: healthcheckmetadata: name: http-health namespace: defaultspec: http_health_check: path: /health use_origin_server_name: {} interval: 15 timeout: 3 unhealthy_threshold: 1 healthy_threshold: 3 jitter_percent: 30Metadata Argument Reference
Section titled “Metadata Argument Reference”• name - Required String
Name of the Healthcheck. Must be unique within the namespace
• namespace - Required String
Namespace where the Healthcheck will be created
• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
• description - Optional String
Human readable description for the object
• disable - Optional Bool
A value of true will administratively disable the object
• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering
Spec Argument Reference
Section titled “Spec Argument Reference”• healthy_threshold - Required Number
Number of successful responses before declaring healthy. In other words, this is the number of healthy health checks required before a host is marked healthy. Note that during startup, only a single successful health check is required to mark a host healthy. Recommended: 3
-> One of the following:
• http_health_check - Optional Block
Healthy if ‘GET’ method on URL ‘HTTP(s)://<host>/<path>’ with optional ‘<header>’ returns success. ‘host’ is not used for DNS resolution. It is used as HTTP Header in the request
See HTTP Health Check below for details.
• tcp_health_check - Optional Block
Healthy if TCP connection is successful and response payload matches <expected_response>
See TCP Health Check below for details.
• udp_icmp_health_check - Optional Block
Configuration parameter for UDP ICMP health check
• interval - Required Number
Time interval in seconds between two healthcheck requests. Recommended: 15
• jitter_percent - Optional Number Defaults to 0
Add a random amount of time as a percent value to the interval between successive healthcheck requests. Recommended: 30 ⚙️ Server Default
• timeout - Required Number
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure. Recommended: 3
• timeouts - Optional Block
See Timeouts below for details.
• unhealthy_threshold - Required Number
Number of failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a host is marked unhealthy. Note that for HTTP health checkingg if a host responds with 503 this threshold is ignored and the host is considered unhealthy
immediately. Recommended: 1
Attributes Reference
Section titled “Attributes Reference”In addition to all arguments above, the following attributes are exported:
• id - Optional String
Unique identifier for the resource
HTTP Health Check
Section titled “HTTP Health Check”A http_health_check block supports the following:
• expected_response - Optional String
Raw bytes expected in the response of HTTP health check. Input is to be given in Hex encoded format. If left empty, then response body is not considered for evaluating health check status
• expected_status_codes - Optional List
Specifies a list of HTTP response status codes considered healthy. To treat default HTTP expected status code 200 as healthy, user has to configure it explicitly. This is a list of strings, each of which is single HTTP status code or a range with start
and end values separated by ’-’
• headers - Optional Block
Specifies a list of HTTP headers that should be added to each request that is sent to the health checked cluster. This is a list of key-value pairs
• host_header - Optional String
The value of the host header
• path - Optional String
Specifies the HTTP path that will be requested during health checkingg
• request_headers_to_remove - Optional List
Specifies a list of HTTP headers that should be removed from each request that is sent to the health checked cluster. This is a list of keys of headers
• use_http2 - Optional Bool Defaults to false
If set, health checks will be made using HTTP/2
• use_origin_server_name - Optional Block
Enable this option
TCP Health Check
Section titled “TCP Health Check”A tcp_health_check block supports the following:
• expected_response - Optional String
Raw bytes expected in the request. Describes the encoding of the payload bytes in the payload. Hex encoded payload
• send_payload - Optional String
Raw bytes sent in the request. Empty payloads imply a connect-only health check. Describes the encoding of the payload bytes in the payload. Hex encoded payload
Timeouts
Section titled “Timeouts”A timeouts block supports the following:
• create - Optional String (Defaults to 10 minutes)
Used when creating the resource
• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource
• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource
• update - Optional String (Defaults to 10 minutes)
Used when updating the resource
Common Types
Section titled “Common Types”The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.
Object Reference {#common-object-reference}
Section titled “Object Reference {#common-object-reference}”Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.
| Field | Type | Description |
|---|---|---|
name | String | Name of the referenced object |
namespace | String | Namespace containing the referenced object |
tenant | String | Tenant of the referenced object (system-managed) |
Transformers {#common-transformers}
Section titled “Transformers {#common-transformers}”Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.
| Value | Description |
|---|---|
LOWER_CASE | Convert to lowercase |
UPPER_CASE | Convert to uppercase |
BASE64_DECODE | Decodebase64 content |
NORMALIZE_PATH | Normalize URL path |
REMOVE_WHITESPACE | Remove whitespace characters |
URL_DECODE | Decode URL-encoded characters |
TRIM_LEFT | Trim leading whitespace |
TRIM_RIGHT | Trim trailing whitespace |
TRIM | Trim both leading and trailing whitespace |
HTTP Methods {#common-http-methods}
Section titled “HTTP Methods {#common-http-methods}”HTTP methods used for request matching.
| Value | Description |
|---|---|
ANY | Match any HTTP method |
GET | HTTP GET request |
HEAD | HTTP HEAD request |
POST | HTTP POST request |
PUT | HTTP PUT request |
DELETE | HTTP DELETE request |
CONNECT | HTTP CONNECT request |
OPTIONS | HTTP OPTIONS request |
TRACE | HTTP TRACE request |
PATCH | HTTP PATCH request |
COPY | HTTP COPY request (WebDAV) |
TLS Fingerprints {#common-tls-fingerprints}
Section titled “TLS Fingerprints {#common-tls-fingerprints}”TLS fingerprint categories for malicious client detection.
| Value | Description |
|---|---|
TLS_FINGERPRINT_NONE | No fingerprint matching |
ANY_MALICIOUS_FINGERPRINT | Match any known malicious fingerprint |
ADWARE | Adware-associated fingerprints |
DRIDEX | Dridex malware fingerprints |
GOOTKIT | Gootkit malware fingerprints |
RANSOMWARE | Ransomware-associated fingerprints |
TRICKBOT | Trickbot malware fingerprints |
IP Threat Categories {#common-ip-threat-categories}
Section titled “IP Threat Categories {#common-ip-threat-categories}”IP address threat categories for security filtering.
| Value | Description |
|---|---|
SPAM_SOURCES | Known spam sources |
WINDOWS_EXPLOITS | Windows exploit sources |
WEB_ATTACKS | Web attack sources |
BOTNETS | Known botnet IPs |
SCANNERS | Network scanner IPs |
REPUTATION | Poor reputation IPs |
PHISHING | Phishing-related IPs |
PROXY | Anonymous proxy IPs |
MOBILE_THREATS | Mobile threat sources |
TOR_PROXY | Tor exit nodes |
DENIAL_OF_SERVICE | DoS attack sources |
NETWORK | Known bad network ranges |
Import
Section titled “Import”Import is supported using the following syntax:
# Import using namespace/name formatterraform import f5xc_healthcheck.example system/example