f5xc_udp_loadbalancer Resource - terraform-provider-f5xc
f5xc_udp_loadbalancer (Resource)
Section titled “f5xc_udp_loadbalancer (Resource)”Manages a UDP Load Balancer resource in F5 Distributed Cloud for load balancing UDP traffic across origin pools.
~> Note For more information about this resource, please refer to the F5 XC API Documentation.
Example Usage
Section titled “Example Usage”# UDP Loadbalancer Resource Example# Manages a UDP Load Balancer resource in F5 Distributed Cloud for load balancing UDP traffic across origin pools.
terraform { required_version = ">= 1.0"
required_providers { f5xc = { source = "f5xc-salesdemos/f5xc" version = ">= 0.1.0" } }}
# Basic UDP Loadbalancer configurationresource "f5xc_udp_loadbalancer" "example" { name = "example-udp-loadbalancer" namespace = "staging"
labels = { environment = "production" managed_by = "terraform" }
annotations = { "owner" = "platform-team" }
# UDP Load Balancer configuration listen_port = 53
# Advertise on public internet advertise_on_internet { default_vip {} }
# Origin pools origin_pools_weights { pool { name = "dns-pool" namespace = "staging" } weight = 1 }
# DNS for UDP load balancer dns_volterra_managed = true}Argument Reference
Section titled “Argument Reference”🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.
Metadata Argument Reference
Section titled “Metadata Argument Reference”• name - Required String
Name of the UDP Load Balancer. Must be unique within the namespace
• namespace - Required String
Namespace where the UDP Load Balancer will be created
• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
• description - Optional String
Human readable description for the object
• disable - Optional Bool
A value of true will administratively disable the object
• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering
Spec Argument Reference
Section titled “Spec Argument Reference”-> One of the following:
• active_service_policies - Optional Block
Configuration parameter for active service policies
See Active Service Policies below for details.
• no_service_policies - Optional Block
Configuration parameter for no service policies
-> One of the following:
• advertise_custom - Optional Block
Defines a way to advertise a VIP on specific sites
See Advertise Custom below for details.
• advertise_on_public - Optional Block
Defines a way to advertise a load balancer on public. If optional public_ip is provided, it will only be advertised on RE sites where that public_ip is available
See Advertise On Public below for details.
• advertise_on_public_default_vip - Optional Block
Enable this option
• dns_volterra_managed - Required Bool
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain to be delegated to F5 Distributed Cloud using the Delegated Domain feature or a DNS CNAME record must be created in your DNS provider’s portal
• do_not_advertise - Optional Block
Configuration parameter for do not advertise
• domains - Required List
List of domains (host/authority header) that will be matched to this load balancer
• enable_per_packet_load_balancing - Required Bool
Per packet load balancing: If disabled (default): First packet identified by source IP/port and local IP/port is sent to an upstream server as the load balancing algorithm dictates, and subsequent packets with the same identity are forwarded to the same
upstream server without recheckingg the
-> One of the following:
• hash_policy_choice_random - Optional Block
Configuration parameter for hash policy choice random
• hash_policy_choice_round_robin - Optional Block
Configuration parameter for hash policy choice round robin
• hash_policy_choice_source_ip_stickiness - Optional Block
Enable this option
• idle_timeout - Required Number
The amount of time that a session can exist without upstream or downstream activity, in milliseconds
-> One of the following:
• listen_port - Optional Number
Listen Port for this load balancer
• port_ranges - Optional String
A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ’-’
• origin_pools_weights - Optional Block
Origin pools with weights and priorities used for this load balancer
See Origin Pools Weights below for details.
• service_policies_from_namespace - Optional Block
Enable this option
• timeouts - Optional Block
See Timeouts below for details.
• udp - Optional Block
Enable this option
Attributes Reference
Section titled “Attributes Reference”In addition to all arguments above, the following attributes are exported:
• id - Optional String
Unique identifier for the resource
Active Service Policies
Section titled “Active Service Policies”An active_service_policies block supports the following:
• policies - Optional Block
Service Policies is a sequential engine where policies (and rules within the policy) are evaluated one after the other. It’s important to define the correct order (policies evaluated from top to bottom in the list) for service policies, to GET the intended result. For each
request, its
See Policies below.
Active Service Policies Policies
Section titled “Active Service Policies Policies”A policies block (within active_service_policies) supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
Advertise Custom
Section titled “Advertise Custom”An advertise_custom block supports the following:
• advertise_where - Optional Block
Where should this load balancer be available
See Advertise Where below.
Advertise Custom Advertise Where
Section titled “Advertise Custom Advertise Where”An advertise_where block (within advertise_custom) supports the following:
• advertise_on_public - Optional Block
Defines a way to advertise a load balancer on public. If optional public_ip is provided, it will only be advertised on RE sites where that public_ip is available
See Advertise On Public below.
• port - Optional Number
Port to Listen
• port_ranges - Optional String
A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ’-’
• site - Optional Block
Defines a reference to a CE site along with network type and an optional IP address where a load balancer could be advertised
See Site below.
• use_default_port - Optional Block
Enable this option
• virtual_network - Optional Block
Parameters to advertise on a given virtual network
See Virtual Network below.
• virtual_site - Optional Block
Defines a reference to a customer site virtual site along with network type where a load balancer could be advertised
See Virtual Site below.
• virtual_site_with_vip - Optional Block
Defines a reference to a customer site virtual site along with network type and IP where a load balancer could be advertised
See Virtual Site With VIP below.
• vk8s_service - Optional Block
Defines a reference to a RE site or virtual site where a load balancer could be advertised in the vK8s service network
See Vk8s Service below.
Advertise Custom Advertise Where Advertise On Public
Section titled “Advertise Custom Advertise Where Advertise On Public”An advertise_on_public block (within advertise_custom.advertise_where) supports the following:
• public_ip - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Public IP below.
Advertise Custom Advertise Where Advertise On Public Public IP
Section titled “Advertise Custom Advertise Where Advertise On Public Public IP”Deeply nested IP block collapsed for readability.
Advertise Custom Advertise Where Site
Section titled “Advertise Custom Advertise Where Site”A site block (within advertise_custom.advertise_where) supports the following:
• ip - Optional String
Use given IP address as VIP on the site
• network - Optional String Defaults to SITE_NETWORK_INSIDE_AND_OUTSIDE
Possible values are SITE_NETWORK_INSIDE_AND_OUTSIDE, SITE_NETWORK_INSIDE, SITE_NETWORK_OUTSIDE, SITE_NETWORK_SERVICE, SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP, SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP, SITE_NETWORK_IP_FABRIC
[Enum:
SITE_NETWORK_INSIDE_AND_OUTSIDE|SITE_NETWORK_INSIDE|SITE_NETWORK_OUTSIDE|SITE_NETWORK_SERVICE|SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_IP_FABRIC] Defines network types to be used on site All inside and outside networks. All inside and outside networks with internet VIP support. All inside networks
• site - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Site below.
Advertise Custom Advertise Where Site Site
Section titled “Advertise Custom Advertise Where Site Site”A site block (within advertise_custom.advertise_where.site) supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
Advertise Custom Advertise Where Virtual Network
Section titled “Advertise Custom Advertise Where Virtual Network”A virtual_network block (within advertise_custom.advertise_where) supports the following:
• default_v6_vip - Optional Block
Enable this option
• default_vip - Optional Block
Enable this option
• specific_v6_vip - Optional String
Use given IPv6 address as VIP on virtual Network
• specific_vip - Optional String
Use given IPv4 address as VIP on virtual Network
• virtual_network - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Virtual Network below.
Advertise Custom Advertise Where Virtual Network Virtual Network
Section titled “Advertise Custom Advertise Where Virtual Network Virtual Network”Deeply nested Network block collapsed for readability.
Advertise Custom Advertise Where Virtual Site
Section titled “Advertise Custom Advertise Where Virtual Site”A virtual_site block (within advertise_custom.advertise_where) supports the following:
• network - Optional String Defaults to SITE_NETWORK_INSIDE_AND_OUTSIDE
Possible values are SITE_NETWORK_INSIDE_AND_OUTSIDE, SITE_NETWORK_INSIDE, SITE_NETWORK_OUTSIDE, SITE_NETWORK_SERVICE, SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP, SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP, SITE_NETWORK_IP_FABRIC
[Enum:
SITE_NETWORK_INSIDE_AND_OUTSIDE|SITE_NETWORK_INSIDE|SITE_NETWORK_OUTSIDE|SITE_NETWORK_SERVICE|SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_IP_FABRIC] Defines network types to be used on site All inside and outside networks. All inside and outside networks with internet VIP support. All inside networks
• virtual_site - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Virtual Site below.
Advertise Custom Advertise Where Virtual Site Virtual Site
Section titled “Advertise Custom Advertise Where Virtual Site Virtual Site”Deeply nested Site block collapsed for readability.
Advertise Custom Advertise Where Virtual Site With VIP
Section titled “Advertise Custom Advertise Where Virtual Site With VIP”Deeply nested VIP block collapsed for readability.
Advertise Custom Advertise Where Virtual Site With VIP Virtual Site
Section titled “Advertise Custom Advertise Where Virtual Site With VIP Virtual Site”Deeply nested Site block collapsed for readability.
Advertise Custom Advertise Where Vk8s Service
Section titled “Advertise Custom Advertise Where Vk8s Service”A vk8s_service block (within advertise_custom.advertise_where) supports the following:
• site - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Site below.
• virtual_site - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Virtual Site below.
Advertise Custom Advertise Where Vk8s Service Site
Section titled “Advertise Custom Advertise Where Vk8s Service Site”A site block (within advertise_custom.advertise_where.vk8s_service) supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
Advertise Custom Advertise Where Vk8s Service Virtual Site
Section titled “Advertise Custom Advertise Where Vk8s Service Virtual Site”Deeply nested Site block collapsed for readability.
Advertise On Public
Section titled “Advertise On Public”An advertise_on_public block supports the following:
• public_ip - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Public IP below.
Advertise On Public Public IP
Section titled “Advertise On Public Public IP”A public_ip block (within advertise_on_public) supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
Origin Pools Weights
Section titled “Origin Pools Weights”An origin_pools_weights block supports the following:
• cluster - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Cluster below.
• endpoint_subsets - Optional Block
Upstream origin pool may be configured to divide its origin servers into subsets based on metadata attached to the origin servers. Routes may then specify the metadata that an endpoint must match in order to be selected by the load balancer For origin servers
which are discovered in K8S or Consul
• pool - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Pool below.
• priority - Optional Number
Priority of this origin pool, valid only with multiple origin pools. Value of 0 will make the pool as lowest priority origin pool Priority of 1 means highest priority and is considered active. When active origin pool is not available, lower priority origin pools are made active as
per the
• weight - Optional Number
Weight of this origin pool, valid only with multiple origin pool. Value of 0 will disable the pool
Origin Pools Weights Cluster
Section titled “Origin Pools Weights Cluster”A cluster block (within origin_pools_weights) supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
Origin Pools Weights Pool
Section titled “Origin Pools Weights Pool”A pool block (within origin_pools_weights) supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
Timeouts
Section titled “Timeouts”A timeouts block supports the following:
• create - Optional String (Defaults to 10 minutes)
Used when creating the resource
• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource
• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource
• update - Optional String (Defaults to 10 minutes)
Used when updating the resource
Common Types
Section titled “Common Types”The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.
Object Reference {#common-object-reference}
Section titled “Object Reference {#common-object-reference}”Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.
| Field | Type | Description |
|---|---|---|
name | String | Name of the referenced object |
namespace | String | Namespace containing the referenced object |
tenant | String | Tenant of the referenced object (system-managed) |
Transformers {#common-transformers}
Section titled “Transformers {#common-transformers}”Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.
| Value | Description |
|---|---|
LOWER_CASE | Convert to lowercase |
UPPER_CASE | Convert to uppercase |
BASE64_DECODE | Decodebase64 content |
NORMALIZE_PATH | Normalize URL path |
REMOVE_WHITESPACE | Remove whitespace characters |
URL_DECODE | Decode URL-encoded characters |
TRIM_LEFT | Trim leading whitespace |
TRIM_RIGHT | Trim trailing whitespace |
TRIM | Trim both leading and trailing whitespace |
HTTP Methods {#common-http-methods}
Section titled “HTTP Methods {#common-http-methods}”HTTP methods used for request matching.
| Value | Description |
|---|---|
ANY | Match any HTTP method |
GET | HTTP GET request |
HEAD | HTTP HEAD request |
POST | HTTP POST request |
PUT | HTTP PUT request |
DELETE | HTTP DELETE request |
CONNECT | HTTP CONNECT request |
OPTIONS | HTTP OPTIONS request |
TRACE | HTTP TRACE request |
PATCH | HTTP PATCH request |
COPY | HTTP COPY request (WebDAV) |
TLS Fingerprints {#common-tls-fingerprints}
Section titled “TLS Fingerprints {#common-tls-fingerprints}”TLS fingerprint categories for malicious client detection.
| Value | Description |
|---|---|
TLS_FINGERPRINT_NONE | No fingerprint matching |
ANY_MALICIOUS_FINGERPRINT | Match any known malicious fingerprint |
ADWARE | Adware-associated fingerprints |
DRIDEX | Dridex malware fingerprints |
GOOTKIT | Gootkit malware fingerprints |
RANSOMWARE | Ransomware-associated fingerprints |
TRICKBOT | Trickbot malware fingerprints |
IP Threat Categories {#common-ip-threat-categories}
Section titled “IP Threat Categories {#common-ip-threat-categories}”IP address threat categories for security filtering.
| Value | Description |
|---|---|
SPAM_SOURCES | Known spam sources |
WINDOWS_EXPLOITS | Windows exploit sources |
WEB_ATTACKS | Web attack sources |
BOTNETS | Known botnet IPs |
SCANNERS | Network scanner IPs |
REPUTATION | Poor reputation IPs |
PHISHING | Phishing-related IPs |
PROXY | Anonymous proxy IPs |
MOBILE_THREATS | Mobile threat sources |
TOR_PROXY | Tor exit nodes |
DENIAL_OF_SERVICE | DoS attack sources |
NETWORK | Known bad network ranges |
Import
Section titled “Import”Import is supported using the following syntax:
# Import using namespace/name formatterraform import f5xc_udp_loadbalancer.example system/example