loadbalancer.oracle.com/v1beta1
Back to API Reference
APIVersion: loadbalancer.oracle.com/v1beta1
This content is generated from the checked-in CRD schemas in config/crd/bases/. If a description is missing or incorrect, fix the source comments or generator inputs and rerun make generate manifests; do not hand-edit config/crd/bases/*.yaml.
Packages
No customer-visible package currently exposes loadbalancer.oracle.com/v1beta1.
Resources
Backend
Backend is the Schema for the backends API.
Plural: backendsScope: NamespacedAPIVersion: loadbalancer.oracle.com/v1beta1Sample: Sample (config/samples/loadbalancer_v1beta1_backend.yaml)Packages: Not currently exposed by a customer-visible package.
Spec
BackendSpec defines the desired state of Backend.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendSetName |
The name of the backend set associated with the backend server. Example: example_backend_set |
string |
Yes |
- |
- |
backup |
Whether the load balancer should treat this server as a backup unit. If true, the load balancer forwards no ingress traffic to this backend server unless all other backend servers not marked as "backup" fail the health check policy. Note: You cannot add a backend server marked as backup to a backend set that uses the IP Hash policy. Example: false |
boolean |
No |
- |
- |
drain |
Whether the load balancer should drain this server. Servers marked "drain" receive no new incoming traffic. Example: false |
boolean |
No |
- |
- |
ipAddress |
The IP address of the backend server. Example: 10.0.0.3 |
string |
Yes |
- |
- |
loadBalancerId |
The OCID (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of the load balancer associated with the backend set and server. |
string |
Yes |
- |
- |
maxConnections |
The maximum number of simultaneous connections the load balancer can make to the backend. If this is not set or set to 0 then the maximum number of simultaneous connections the load balancer can make to the backend is unlimited. If setting maxConnections to some value other than 0 then that value must be greater or equal to 256. Example: 300 |
integer |
No |
- |
- |
offline |
Whether the load balancer should treat this server as offline. Offline servers receive no incoming traffic. Example: false |
boolean |
No |
- |
- |
port |
The communication port for the backend server. Example: 8080 |
integer |
Yes |
- |
- |
weight |
The load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. For example, a server weighted '3' receives 3 times the number of new connections as a server weighted '1'. For more information on load balancing policies, see How Load Balancing Policies Work (https://docs.oracle.com/iaas/Content/Balance/Reference/lbpolicies.htm). Example: 3 |
integer |
No |
- |
- |
Status
BackendStatus defines the observed state of Backend.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendSetName |
The bound backend set name used to address this backend. |
string |
No |
- |
- |
backup |
Whether the load balancer should treat this server as a backup unit. If true, the load balancer forwards no ingress traffic to this backend server unless all other backend servers not marked as "backup" fail the health check policy. Note: You cannot add a backend server marked as backup to a backend set that uses the IP Hash policy. Example: false |
boolean |
No |
- |
- |
drain |
Whether the load balancer should drain this server. Servers marked "drain" receive no new incoming traffic. Example: false |
boolean |
No |
- |
- |
ipAddress |
The IP address of the backend server. Example: 10.0.0.3 |
string |
No |
- |
- |
loadBalancerId |
The bound load balancer OCID used to address this backend. |
string |
No |
- |
- |
maxConnections |
The maximum number of simultaneous connections the load balancer can make to the backend. If this is not set or set to 0 then the maximum number of simultaneous connections the load balancer can make to the backend is unlimited. Example: 300 |
integer |
No |
- |
- |
name |
A read-only field showing the IP address and port that uniquely identify this backend server in the backend set. Example: 10.0.0.3:8080 |
string |
No |
- |
- |
offline |
Whether the load balancer should treat this server as offline. Offline servers receive no incoming traffic. Example: false |
boolean |
No |
- |
- |
port |
The communication port for the backend server. Example: 8080 |
integer |
No |
- |
- |
status |
- |
object |
Yes |
- |
- |
weight |
The load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. For example, a server weighted '3' receives 3 times the number of new connections as a server weighted '1'. For more information on load balancing policies, see How Load Balancing Policies Work (https://docs.oracle.com/iaas/Content/Balance/Reference/lbpolicies.htm). Example: 3 |
integer |
No |
- |
- |
Status.status
Back to Backend status
| Field |
Description |
Type |
Required |
Default |
Enum |
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. |
object |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
createdAt |
- |
string (date-time) |
No |
- |
- |
deletedAt |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
ocid |
- |
string |
No |
- |
- |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
requestedAt |
- |
string (date-time) |
No |
- |
- |
updatedAt |
- |
string (date-time) |
No |
- |
- |
Status.status.async
Back to Backend status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field |
Description |
Type |
Required |
Default |
Enum |
current |
- |
object |
No |
- |
- |
Status.status.async.current
Back to Backend status
| Field |
Description |
Type |
Required |
Default |
Enum |
message |
- |
string |
No |
- |
- |
normalizedClass |
- |
string |
Yes |
- |
attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- |
number |
No |
- |
- |
phase |
- |
string |
Yes |
- |
create, delete, update |
rawOperationType |
- |
string |
No |
- |
- |
rawStatus |
- |
string |
No |
- |
- |
source |
- |
string |
Yes |
- |
lifecycle, none, workrequest |
updatedAt |
- |
string (date-time) |
Yes |
- |
- |
workRequestId |
- |
string |
No |
- |
- |
Status.status.conditions[]
Back to Backend status
| Field |
Description |
Type |
Required |
Default |
Enum |
lastTransitionTime |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
status |
- |
string |
Yes |
- |
- |
type |
- |
string |
Yes |
- |
- |
BackendSet
BackendSet is the Schema for the backendsets API.
Plural: backendsetsScope: NamespacedAPIVersion: loadbalancer.oracle.com/v1beta1Sample: Sample (config/samples/loadbalancer_v1beta1_backendset.yaml)Packages: Not currently exposed by a customer-visible package.
Spec
BackendSetSpec defines the desired state of BackendSet.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendMaxConnections |
The maximum number of simultaneous connections the load balancer can make to any backend in the backend set unless the backend has its own maxConnections setting. If this is not set or set to 0 then the number of simultaneous connections the load balancer can make to any backend in the backend set unless the backend has its own maxConnections setting is unlimited. If setting backendMaxConnections to some value other than 0 then that value must be greater or equal to 256. Example: 300 |
integer |
No |
- |
- |
backends |
- |
list[object] |
No |
- |
- |
healthChecker |
BackendSetHealthChecker defines nested fields for BackendSet.HealthChecker. |
object |
Yes |
- |
- |
lbCookieSessionPersistenceConfiguration |
BackendSetLbCookieSessionPersistenceConfiguration defines nested fields for BackendSet.LbCookieSessionPersistenceConfiguration. |
object |
No |
- |
- |
loadBalancerId |
The OCID (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of the load balancer that owns this backend set. |
string |
Yes |
- |
- |
name |
A friendly name for the backend set. It must be unique and it cannot be changed. Valid backend set names include only alphanumeric characters, dashes, and underscores. Backend set names cannot contain spaces. Avoid entering confidential information. Example: example_backend_set |
string |
Yes |
- |
- |
policy |
The load balancer policy for the backend set. To get a list of available policies, use the ListPolicies operation. Example: LEAST_CONNECTIONS |
string |
Yes |
- |
- |
sessionPersistenceConfiguration |
BackendSetSessionPersistenceConfiguration defines nested fields for BackendSet.SessionPersistenceConfiguration. |
object |
No |
- |
- |
sslConfiguration |
BackendSetSslConfiguration defines nested fields for BackendSet.SslConfiguration. |
object |
No |
- |
- |
Spec.backends[]
Back to BackendSet spec
BackendSetBackend defines nested fields for BackendSet.Backend.
| Field |
Description |
Type |
Required |
Default |
Enum |
backup |
Whether the load balancer should treat this server as a backup unit. If true, the load balancer forwards no ingress traffic to this backend server unless all other backend servers not marked as "backup" fail the health check policy. Note: You cannot add a backend server marked as backup to a backend set that uses the IP Hash policy. Example: false |
boolean |
No |
- |
- |
drain |
Whether the load balancer should drain this server. Servers marked "drain" receive no new incoming traffic. Example: false |
boolean |
No |
- |
- |
ipAddress |
The IP address of the backend server. Example: 10.0.0.3 |
string |
Yes |
- |
- |
maxConnections |
The maximum number of simultaneous connections the load balancer can make to the backend. If this is not set or set to 0 then the maximum number of simultaneous connections the load balancer can make to the backend is unlimited. If setting maxConnections to some value other than 0 then that value must be greater or equal to 256. Example: 300 |
integer |
No |
- |
- |
offline |
Whether the load balancer should treat this server as offline. Offline servers receive no incoming traffic. Example: false |
boolean |
No |
- |
- |
port |
The communication port for the backend server. Example: 8080 |
integer |
Yes |
- |
- |
weight |
The load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. For example, a server weighted '3' receives 3 times the number of new connections as a server weighted '1'. For more information on load balancing policies, see How Load Balancing Policies Work (https://docs.oracle.com/iaas/Content/Balance/Reference/lbpolicies.htm). Example: 3 |
integer |
No |
- |
- |
Spec.healthChecker
Back to BackendSet spec
BackendSetHealthChecker defines nested fields for BackendSet.HealthChecker.
| Field |
Description |
Type |
Required |
Default |
Enum |
intervalInMillis |
The interval between health checks, in milliseconds. Example: 10000 |
integer |
No |
- |
- |
isForcePlainText |
Specifies if health checks should always be done using plain text instead of depending on whether or not the associated backend set is using SSL. If "true", health checks will be done using plain text even if the associated backend set is configured to use SSL. If "false", health checks will be done using SSL encryption if the associated backend set is configured to use SSL. If the backend set is not so configured the health checks will be done using plain text. Example: false |
boolean |
No |
- |
- |
port |
The backend server port against which to run the health check. If the port is not specified, the load balancer uses the port information from the Backend object. Example: 8080 |
integer |
No |
- |
- |
protocol |
The protocol the health check must use; either HTTP or TCP. Example: HTTP |
string |
Yes |
- |
- |
responseBodyRegex |
A regular expression for parsing the response body from the backend server. Example: ^((?!false).\|\s)*$ |
string |
No |
- |
- |
retries |
The number of retries to attempt before a backend server is considered "unhealthy". This number also applies when recovering a server to the "healthy" state. Example: 3 |
integer |
No |
- |
- |
returnCode |
The status code a healthy backend server should return. Example: 200 |
integer |
No |
- |
- |
timeoutInMillis |
The maximum time, in milliseconds, to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. Example: 3000 |
integer |
No |
- |
- |
urlPath |
The path against which to run the health check. Example: /healthcheck |
string |
No |
- |
- |
Spec.lbCookieSessionPersistenceConfiguration
Back to BackendSet spec
BackendSetLbCookieSessionPersistenceConfiguration defines nested fields for BackendSet.LbCookieSessionPersistenceConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
cookieName |
The name of the cookie inserted by the load balancer. If this field is not configured, the cookie name defaults to "X-Oracle-BMC-LBS-Route". Example: example_cookie Notes: * Ensure that the cookie name used at the backend application servers is different from the cookie name used at the load balancer. To minimize the chance of name collision, Oracle recommends that you use a prefix such as "X-Oracle-OCI-" for this field. * If a backend server and the load balancer both insert cookies with the same name, the client or browser behavior can vary depending on the domain and path values associated with the cookie. If the name, domain, and path values of the Set-cookie generated by a backend server and the Set-cookie generated by the load balancer are all the same, the client or browser treats them as one cookie and returns only one of the cookie values in subsequent requests. If both Set-cookie names are the same, but the domain and path names are different, the client or browser treats them as two different cookies. |
string |
No |
- |
- |
disableFallback |
Whether the load balancer is prevented from directing traffic from a persistent session client to a different backend server if the original server is unavailable. Defaults to false. Example: false |
boolean |
No |
- |
- |
domain |
The domain in which the cookie is valid. The Set-cookie header inserted by the load balancer contains a domain attribute with the specified value. This attribute has no default value. If you do not specify a value, the load balancer does not insert the domain attribute into the Set-cookie header. Notes: * RFC 6265 - HTTP State Management Mechanism (https://www.ietf.org/rfc/rfc6265.txt) describes client and browser behavior when the domain attribute is present or not present in the Set-cookie header. If the value of the Domain attribute is example.com in the Set-cookie header, the client includes the same cookie in the Cookie header when making HTTP requests to example.com, www.example.com, and www.abc.example.com. If the Domain attribute is not present, the client returns the cookie only for the domain to which the original request was made. * Ensure that this attribute specifies the correct domain value. If the Domain attribute in the Set-cookie header does not include the domain to which the original request was made, the client or browser might reject the cookie. As specified in RFC 6265, the client accepts a cookie with the Domain attribute value example.com or www.example.com sent from www.example.com. It does not accept a cookie with the Domain attribute abc.example.com or www.abc.example.com sent from www.example.com. Example: example.com |
string |
No |
- |
- |
isHttpOnly |
Whether the Set-cookie header should contain the HttpOnly attribute. If true, the Set-cookie header inserted by the load balancer contains the HttpOnly attribute, which limits the scope of the cookie to HTTP requests. This attribute directs the client or browser to omit the cookie when providing access to cookies through non-HTTP APIs. For example, it restricts the cookie from JavaScript channels. Example: true |
boolean |
No |
- |
- |
isSecure |
Whether the Set-cookie header should contain the Secure attribute. If true, the Set-cookie header inserted by the load balancer contains the Secure attribute, which directs the client or browser to send the cookie only using a secure protocol. Note: If you set this field to true, you cannot associate the corresponding backend set with an HTTP listener. Example: true |
boolean |
No |
- |
- |
maxAgeInSeconds |
The amount of time the cookie remains valid. The Set-cookie header inserted by the load balancer contains a Max-Age attribute with the specified value. The specified value must be at least one second. There is no default value for this attribute. If you do not specify a value, the load balancer does not include the Max-Age attribute in the Set-cookie header. In most cases, the client or browser retains the cookie until the current session ends, as defined by the client. Example: 3600 |
integer |
No |
- |
- |
path |
The path in which the cookie is valid. The Set-cookie header inserted by the load balancer contains a Path attribute with the specified value. Clients include the cookie in an HTTP request only if the path portion of the request-uri matches, or is a subdirectory of, the cookie's Path attribute. The default value is /. Example: /example |
string |
No |
- |
- |
Spec.sessionPersistenceConfiguration
Back to BackendSet spec
BackendSetSessionPersistenceConfiguration defines nested fields for BackendSet.SessionPersistenceConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
cookieName |
The name of the cookie used to detect a session initiated by the backend server. Use '*' to specify that any cookie set by the backend causes the session to persist. Example: example_cookie |
string |
Yes |
- |
- |
disableFallback |
Whether the load balancer is prevented from directing traffic from a persistent session client to a different backend server if the original server is unavailable. Defaults to false. Example: false |
boolean |
No |
- |
- |
Spec.sslConfiguration
Back to BackendSet spec
BackendSetSslConfiguration defines nested fields for BackendSet.SslConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
certificateIds |
Ids for OCI certificates service certificates. Currently only a single Id may be passed. Example: [ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq] |
list[string] |
No |
- |
- |
certificateName |
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information. Example: example_certificate_bundle |
string |
No |
- |
- |
cipherSuiteName |
The name of the cipher suite to use for HTTPS or SSL connections. If this field is not specified, the default is oci-default-ssl-cipher-suite-v1. Notes: * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. Clients cannot perform an SSL handshake if there is an incompatible configuration. * You must ensure compatibility between the ciphers configured in the cipher suite and the configured certificates. For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers require ECDSA certificates. * If the cipher configuration is not modified after load balancer creation, the GET operation returns oci-default-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing listeners that predate this feature. * If the cipher configuration was modified using Oracle operations after load balancer creation, the GET operation returns oci-customized-ssl-cipher-suite as the value of this field in the SSL configuration for existing listeners that predate this feature. * The GET operation returns oci-wider-compatible-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing backend sets that predate this feature. * If the GET operation on a listener returns oci-customized-ssl-cipher-suite as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource. * The oci-customized-ssl-cipher-suite Oracle reserved cipher suite name is not accepted as valid input for this field. example: example_cipher_suite |
string |
No |
- |
- |
hasSessionResumption |
Whether the load balancer listener should resume an encrypted session by reusing the cryptographic parameters of a previous TLS session, without having to perform a full handshake again. If "true", the service resumes the previous TLS encrypted session. If "false", the service starts a new TLS encrypted session. Enabling session resumption improves performance but provides a lower level of security. Disabling session resumption improves security but reduces performance. Example: true |
boolean |
No |
- |
- |
protocols |
A list of SSL protocols the load balancer must support for HTTPS or SSL connections. The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private. The Load Balancing service supports the following protocols: * TLSv1 * TLSv1.1 * TLSv1.2 * TLSv1.3 If this field is not specified, TLSv1.2 is the default. Warning: All SSL listeners created on a given port must use the same set of SSL protocols. Notes: * The handshake to establish an SSL connection fails if the client supports none of the specified protocols. * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. * For all existing load balancer listeners and backend sets that predate this feature, the GET operation displays a list of SSL protocols currently used by those resources. example: ["TLSv1.1", "TLSv1.2"] |
list[string] |
No |
- |
- |
serverOrderPreference |
When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers. Note: This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This field is ignored when the SSLConfiguration object is associated with a backend set. |
string |
No |
- |
- |
trustedCertificateAuthorityIds |
Ids for OCI certificates service CA or CA bundles for the load balancer to trust. Example: [ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq] |
list[string] |
No |
- |
- |
verifyDepth |
The maximum depth for peer certificate chain verification. Example: 3 |
integer |
No |
- |
- |
verifyPeerCertificate |
Whether the load balancer listener should verify peer certificates. Example: true |
boolean |
No |
- |
- |
Status
BackendSetStatus defines the observed state of BackendSet.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendMaxConnections |
The maximum number of simultaneous connections the load balancer can make to any backend in the backend set unless the backend has its own maxConnections setting. If this is not set or set to 0 then the number of simultaneous connections the load balancer can make to any backend in the backend set unless the backend has its own maxConnections setting is unlimited. Example: 300 |
integer |
No |
- |
- |
backends |
- |
list[object] |
No |
- |
- |
healthChecker |
BackendSetHealthChecker defines nested fields for BackendSet.HealthChecker. |
object |
No |
- |
- |
lbCookieSessionPersistenceConfiguration |
BackendSetLbCookieSessionPersistenceConfiguration defines nested fields for BackendSet.LbCookieSessionPersistenceConfiguration. |
object |
No |
- |
- |
loadBalancerId |
The bound load balancer OCID used to address this backend set. |
string |
No |
- |
- |
name |
A friendly name for the backend set. It must be unique and it cannot be changed. Valid backend set names include only alphanumeric characters, dashes, and underscores. Backend set names cannot contain spaces. Avoid entering confidential information. Example: example_backend_set |
string |
No |
- |
- |
policy |
The load balancer policy for the backend set. To get a list of available policies, use the ListPolicies operation. Example: LEAST_CONNECTIONS |
string |
No |
- |
- |
sessionPersistenceConfiguration |
BackendSetSessionPersistenceConfiguration defines nested fields for BackendSet.SessionPersistenceConfiguration. |
object |
No |
- |
- |
sslConfiguration |
BackendSetSslConfiguration defines nested fields for BackendSet.SslConfiguration. |
object |
No |
- |
- |
status |
- |
object |
Yes |
- |
- |
Status.backends[]
Back to BackendSet status
BackendSetBackend defines nested fields for BackendSet.Backend.
| Field |
Description |
Type |
Required |
Default |
Enum |
backup |
Whether the load balancer should treat this server as a backup unit. If true, the load balancer forwards no ingress traffic to this backend server unless all other backend servers not marked as "backup" fail the health check policy. Note: You cannot add a backend server marked as backup to a backend set that uses the IP Hash policy. Example: false |
boolean |
No |
- |
- |
drain |
Whether the load balancer should drain this server. Servers marked "drain" receive no new incoming traffic. Example: false |
boolean |
No |
- |
- |
ipAddress |
The IP address of the backend server. Example: 10.0.0.3 |
string |
Yes |
- |
- |
maxConnections |
The maximum number of simultaneous connections the load balancer can make to the backend. If this is not set or set to 0 then the maximum number of simultaneous connections the load balancer can make to the backend is unlimited. If setting maxConnections to some value other than 0 then that value must be greater or equal to 256. Example: 300 |
integer |
No |
- |
- |
offline |
Whether the load balancer should treat this server as offline. Offline servers receive no incoming traffic. Example: false |
boolean |
No |
- |
- |
port |
The communication port for the backend server. Example: 8080 |
integer |
Yes |
- |
- |
weight |
The load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. For example, a server weighted '3' receives 3 times the number of new connections as a server weighted '1'. For more information on load balancing policies, see How Load Balancing Policies Work (https://docs.oracle.com/iaas/Content/Balance/Reference/lbpolicies.htm). Example: 3 |
integer |
No |
- |
- |
Status.healthChecker
Back to BackendSet status
BackendSetHealthChecker defines nested fields for BackendSet.HealthChecker.
| Field |
Description |
Type |
Required |
Default |
Enum |
intervalInMillis |
The interval between health checks, in milliseconds. Example: 10000 |
integer |
No |
- |
- |
isForcePlainText |
Specifies if health checks should always be done using plain text instead of depending on whether or not the associated backend set is using SSL. If "true", health checks will be done using plain text even if the associated backend set is configured to use SSL. If "false", health checks will be done using SSL encryption if the associated backend set is configured to use SSL. If the backend set is not so configured the health checks will be done using plain text. Example: false |
boolean |
No |
- |
- |
port |
The backend server port against which to run the health check. If the port is not specified, the load balancer uses the port information from the Backend object. Example: 8080 |
integer |
No |
- |
- |
protocol |
The protocol the health check must use; either HTTP or TCP. Example: HTTP |
string |
Yes |
- |
- |
responseBodyRegex |
A regular expression for parsing the response body from the backend server. Example: ^((?!false).\|\s)*$ |
string |
No |
- |
- |
retries |
The number of retries to attempt before a backend server is considered "unhealthy". This number also applies when recovering a server to the "healthy" state. Example: 3 |
integer |
No |
- |
- |
returnCode |
The status code a healthy backend server should return. Example: 200 |
integer |
No |
- |
- |
timeoutInMillis |
The maximum time, in milliseconds, to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. Example: 3000 |
integer |
No |
- |
- |
urlPath |
The path against which to run the health check. Example: /healthcheck |
string |
No |
- |
- |
Status.lbCookieSessionPersistenceConfiguration
Back to BackendSet status
BackendSetLbCookieSessionPersistenceConfiguration defines nested fields for BackendSet.LbCookieSessionPersistenceConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
cookieName |
The name of the cookie inserted by the load balancer. If this field is not configured, the cookie name defaults to "X-Oracle-BMC-LBS-Route". Example: example_cookie Notes: * Ensure that the cookie name used at the backend application servers is different from the cookie name used at the load balancer. To minimize the chance of name collision, Oracle recommends that you use a prefix such as "X-Oracle-OCI-" for this field. * If a backend server and the load balancer both insert cookies with the same name, the client or browser behavior can vary depending on the domain and path values associated with the cookie. If the name, domain, and path values of the Set-cookie generated by a backend server and the Set-cookie generated by the load balancer are all the same, the client or browser treats them as one cookie and returns only one of the cookie values in subsequent requests. If both Set-cookie names are the same, but the domain and path names are different, the client or browser treats them as two different cookies. |
string |
No |
- |
- |
disableFallback |
Whether the load balancer is prevented from directing traffic from a persistent session client to a different backend server if the original server is unavailable. Defaults to false. Example: false |
boolean |
No |
- |
- |
domain |
The domain in which the cookie is valid. The Set-cookie header inserted by the load balancer contains a domain attribute with the specified value. This attribute has no default value. If you do not specify a value, the load balancer does not insert the domain attribute into the Set-cookie header. Notes: * RFC 6265 - HTTP State Management Mechanism (https://www.ietf.org/rfc/rfc6265.txt) describes client and browser behavior when the domain attribute is present or not present in the Set-cookie header. If the value of the Domain attribute is example.com in the Set-cookie header, the client includes the same cookie in the Cookie header when making HTTP requests to example.com, www.example.com, and www.abc.example.com. If the Domain attribute is not present, the client returns the cookie only for the domain to which the original request was made. * Ensure that this attribute specifies the correct domain value. If the Domain attribute in the Set-cookie header does not include the domain to which the original request was made, the client or browser might reject the cookie. As specified in RFC 6265, the client accepts a cookie with the Domain attribute value example.com or www.example.com sent from www.example.com. It does not accept a cookie with the Domain attribute abc.example.com or www.abc.example.com sent from www.example.com. Example: example.com |
string |
No |
- |
- |
isHttpOnly |
Whether the Set-cookie header should contain the HttpOnly attribute. If true, the Set-cookie header inserted by the load balancer contains the HttpOnly attribute, which limits the scope of the cookie to HTTP requests. This attribute directs the client or browser to omit the cookie when providing access to cookies through non-HTTP APIs. For example, it restricts the cookie from JavaScript channels. Example: true |
boolean |
No |
- |
- |
isSecure |
Whether the Set-cookie header should contain the Secure attribute. If true, the Set-cookie header inserted by the load balancer contains the Secure attribute, which directs the client or browser to send the cookie only using a secure protocol. Note: If you set this field to true, you cannot associate the corresponding backend set with an HTTP listener. Example: true |
boolean |
No |
- |
- |
maxAgeInSeconds |
The amount of time the cookie remains valid. The Set-cookie header inserted by the load balancer contains a Max-Age attribute with the specified value. The specified value must be at least one second. There is no default value for this attribute. If you do not specify a value, the load balancer does not include the Max-Age attribute in the Set-cookie header. In most cases, the client or browser retains the cookie until the current session ends, as defined by the client. Example: 3600 |
integer |
No |
- |
- |
path |
The path in which the cookie is valid. The Set-cookie header inserted by the load balancer contains a Path attribute with the specified value. Clients include the cookie in an HTTP request only if the path portion of the request-uri matches, or is a subdirectory of, the cookie's Path attribute. The default value is /. Example: /example |
string |
No |
- |
- |
Status.sessionPersistenceConfiguration
Back to BackendSet status
BackendSetSessionPersistenceConfiguration defines nested fields for BackendSet.SessionPersistenceConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
cookieName |
The name of the cookie used to detect a session initiated by the backend server. Use '*' to specify that any cookie set by the backend causes the session to persist. Example: example_cookie |
string |
Yes |
- |
- |
disableFallback |
Whether the load balancer is prevented from directing traffic from a persistent session client to a different backend server if the original server is unavailable. Defaults to false. Example: false |
boolean |
No |
- |
- |
Status.sslConfiguration
Back to BackendSet status
BackendSetSslConfiguration defines nested fields for BackendSet.SslConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
certificateIds |
Ids for OCI certificates service certificates. Currently only a single Id may be passed. Example: [ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq] |
list[string] |
No |
- |
- |
certificateName |
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information. Example: example_certificate_bundle |
string |
No |
- |
- |
cipherSuiteName |
The name of the cipher suite to use for HTTPS or SSL connections. If this field is not specified, the default is oci-default-ssl-cipher-suite-v1. Notes: * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. Clients cannot perform an SSL handshake if there is an incompatible configuration. * You must ensure compatibility between the ciphers configured in the cipher suite and the configured certificates. For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers require ECDSA certificates. * If the cipher configuration is not modified after load balancer creation, the GET operation returns oci-default-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing listeners that predate this feature. * If the cipher configuration was modified using Oracle operations after load balancer creation, the GET operation returns oci-customized-ssl-cipher-suite as the value of this field in the SSL configuration for existing listeners that predate this feature. * The GET operation returns oci-wider-compatible-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing backend sets that predate this feature. * If the GET operation on a listener returns oci-customized-ssl-cipher-suite as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource. * The oci-customized-ssl-cipher-suite Oracle reserved cipher suite name is not accepted as valid input for this field. example: example_cipher_suite |
string |
No |
- |
- |
hasSessionResumption |
Whether the load balancer listener should resume an encrypted session by reusing the cryptographic parameters of a previous TLS session, without having to perform a full handshake again. If "true", the service resumes the previous TLS encrypted session. If "false", the service starts a new TLS encrypted session. Enabling session resumption improves performance but provides a lower level of security. Disabling session resumption improves security but reduces performance. Example: true |
boolean |
No |
- |
- |
protocols |
A list of SSL protocols the load balancer must support for HTTPS or SSL connections. The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private. The Load Balancing service supports the following protocols: * TLSv1 * TLSv1.1 * TLSv1.2 * TLSv1.3 If this field is not specified, TLSv1.2 is the default. Warning: All SSL listeners created on a given port must use the same set of SSL protocols. Notes: * The handshake to establish an SSL connection fails if the client supports none of the specified protocols. * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. * For all existing load balancer listeners and backend sets that predate this feature, the GET operation displays a list of SSL protocols currently used by those resources. example: ["TLSv1.1", "TLSv1.2"] |
list[string] |
No |
- |
- |
serverOrderPreference |
When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers. Note: This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This field is ignored when the SSLConfiguration object is associated with a backend set. |
string |
No |
- |
- |
trustedCertificateAuthorityIds |
Ids for OCI certificates service CA or CA bundles for the load balancer to trust. Example: [ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq] |
list[string] |
No |
- |
- |
verifyDepth |
The maximum depth for peer certificate chain verification. Example: 3 |
integer |
No |
- |
- |
verifyPeerCertificate |
Whether the load balancer listener should verify peer certificates. Example: true |
boolean |
No |
- |
- |
Status.status
Back to BackendSet status
| Field |
Description |
Type |
Required |
Default |
Enum |
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. |
object |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
createdAt |
- |
string (date-time) |
No |
- |
- |
deletedAt |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
ocid |
- |
string |
No |
- |
- |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
requestedAt |
- |
string (date-time) |
No |
- |
- |
updatedAt |
- |
string (date-time) |
No |
- |
- |
Status.status.async
Back to BackendSet status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field |
Description |
Type |
Required |
Default |
Enum |
current |
- |
object |
No |
- |
- |
Status.status.async.current
Back to BackendSet status
| Field |
Description |
Type |
Required |
Default |
Enum |
message |
- |
string |
No |
- |
- |
normalizedClass |
- |
string |
Yes |
- |
attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- |
number |
No |
- |
- |
phase |
- |
string |
Yes |
- |
create, delete, update |
rawOperationType |
- |
string |
No |
- |
- |
rawStatus |
- |
string |
No |
- |
- |
source |
- |
string |
Yes |
- |
lifecycle, none, workrequest |
updatedAt |
- |
string (date-time) |
Yes |
- |
- |
workRequestId |
- |
string |
No |
- |
- |
Status.status.conditions[]
Back to BackendSet status
| Field |
Description |
Type |
Required |
Default |
Enum |
lastTransitionTime |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
status |
- |
string |
Yes |
- |
- |
type |
- |
string |
Yes |
- |
- |
Certificate
Certificate is the Schema for the certificates API.
Plural: certificatesScope: NamespacedAPIVersion: loadbalancer.oracle.com/v1beta1Sample: Sample (config/samples/loadbalancer_v1beta1_certificate.yaml)Packages: Not currently exposed by a customer-visible package.
Spec
CertificateSpec defines the desired state of Certificate.
| Field |
Description |
Type |
Required |
Default |
Enum |
caCertificate |
The Certificate Authority certificate, or any interim certificate, that you received from your SSL certificate provider. Example: -----BEGIN CERTIFICATE----- MIIEczCCA1ugAwIBAgIBADANBgkqhkiG9w0BAQQFAD..AkGA1UEBhMCR0Ix EzARBgNVBAgTClNvbWUtU3RhdGUxFDASBgNVBAoTC0..0EgTHRkMTcwNQYD VQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcn..XRpb24gQXV0aG9y aXR5MRQwEgYDVQQDEwtCZXN0IENBIEx0ZDAeFw0wMD..TUwMTZaFw0wMTAy ... -----END CERTIFICATE----- |
string |
No |
- |
- |
certificateName |
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information. Example: example_certificate_bundle |
string |
Yes |
- |
- |
passphrase |
A passphrase for encrypted private keys. This is needed only if you created your certificate with a passphrase. |
string |
No |
- |
- |
privateKey |
The SSL private key for your certificate, in PEM format. Example: -----BEGIN RSA PRIVATE KEY----- jO1O1v2ftXMsawM90tnXwc6xhOAT1gDBC9S8DKeca..JZNUgYYwNS0dP2UK tmyN+XqVcAKw4HqVmChXy5b5msu8eIq3uc2NqNVtR..2ksSLukP8pxXcHyb /Umr7wJzVrMqK5sDiSu4WuaaBdqMGfL5hLsTjcBFD..Da2iyQmSKuVD4lIZ ... -----END RSA PRIVATE KEY----- |
string |
No |
- |
- |
publicCertificate |
The public certificate, in PEM format, that you received from your SSL certificate provider. Example: -----BEGIN CERTIFICATE----- MIIC2jCCAkMCAg38MA0GCSqGSIb3DQEBBQUAMIGbM..QswCQYDVQQGEwJKU A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxE..TAPBgNVBAoTCEZyY MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWB..gNVBAMTD0ZyYW5rN YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmc..mFuazRkZC5jb20wH ... -----END CERTIFICATE----- |
string |
No |
- |
- |
Status
CertificateStatus defines the observed state of Certificate.
| Field |
Description |
Type |
Required |
Default |
Enum |
caCertificate |
The Certificate Authority certificate, or any interim certificate, that you received from your SSL certificate provider. Example: -----BEGIN CERTIFICATE----- MIIEczCCA1ugAwIBAgIBADANBgkqhkiG9w0BAQQFAD..AkGA1UEBhMCR0Ix EzARBgNVBAgTClNvbWUtU3RhdGUxFDASBgNVBAoTC0..0EgTHRkMTcwNQYD VQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcn..XRpb24gQXV0aG9y aXR5MRQwEgYDVQQDEwtCZXN0IENBIEx0ZDAeFw0wMD..TUwMTZaFw0wMTAy ... -----END CERTIFICATE----- |
string |
No |
- |
- |
certificateName |
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information. Example: example_certificate_bundle |
string |
No |
- |
- |
publicCertificate |
The public certificate, in PEM format, that you received from your SSL certificate provider. Example: -----BEGIN CERTIFICATE----- MIIC2jCCAkMCAg38MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw ... -----END CERTIFICATE----- |
string |
No |
- |
- |
status |
- |
object |
Yes |
- |
- |
Status.status
Back to Certificate status
| Field |
Description |
Type |
Required |
Default |
Enum |
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. |
object |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
createdAt |
- |
string (date-time) |
No |
- |
- |
deletedAt |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
ocid |
- |
string |
No |
- |
- |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
requestedAt |
- |
string (date-time) |
No |
- |
- |
updatedAt |
- |
string (date-time) |
No |
- |
- |
Status.status.async
Back to Certificate status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field |
Description |
Type |
Required |
Default |
Enum |
current |
- |
object |
No |
- |
- |
Status.status.async.current
Back to Certificate status
| Field |
Description |
Type |
Required |
Default |
Enum |
message |
- |
string |
No |
- |
- |
normalizedClass |
- |
string |
Yes |
- |
attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- |
number |
No |
- |
- |
phase |
- |
string |
Yes |
- |
create, delete, update |
rawOperationType |
- |
string |
No |
- |
- |
rawStatus |
- |
string |
No |
- |
- |
source |
- |
string |
Yes |
- |
lifecycle, none, workrequest |
updatedAt |
- |
string (date-time) |
Yes |
- |
- |
workRequestId |
- |
string |
No |
- |
- |
Status.status.conditions[]
Back to Certificate status
| Field |
Description |
Type |
Required |
Default |
Enum |
lastTransitionTime |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
status |
- |
string |
Yes |
- |
- |
type |
- |
string |
Yes |
- |
- |
Hostname
Hostname is the Schema for the hostnames API.
Plural: hostnamesScope: NamespacedAPIVersion: loadbalancer.oracle.com/v1beta1Sample: Sample (config/samples/loadbalancer_v1beta1_hostname.yaml)Packages: Not currently exposed by a customer-visible package.
Spec
HostnameSpec defines the desired state of Hostname.
| Field |
Description |
Type |
Required |
Default |
Enum |
hostname |
A virtual hostname. For more information about virtual hostname string construction, see Managing Request Routing (https://docs.oracle.com/iaas/Content/Balance/Tasks/managingrequest.htm#routing). Example: app.example.com |
string |
Yes |
- |
- |
name |
A friendly name for the hostname resource. It must be unique and it cannot be changed. Avoid entering confidential information. Example: example_hostname_001 |
string |
Yes |
- |
- |
Status
HostnameStatus defines the observed state of Hostname.
| Field |
Description |
Type |
Required |
Default |
Enum |
hostname |
A virtual hostname. For more information about virtual hostname string construction, see Managing Request Routing (https://docs.oracle.com/iaas/Content/Balance/Tasks/managingrequest.htm#routing). Example: app.example.com |
string |
No |
- |
- |
name |
A friendly name for the hostname resource. It must be unique and it cannot be changed. Avoid entering confidential information. Example: example_hostname_001 |
string |
No |
- |
- |
status |
- |
object |
Yes |
- |
- |
Status.status
Back to Hostname status
| Field |
Description |
Type |
Required |
Default |
Enum |
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. |
object |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
createdAt |
- |
string (date-time) |
No |
- |
- |
deletedAt |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
ocid |
- |
string |
No |
- |
- |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
requestedAt |
- |
string (date-time) |
No |
- |
- |
updatedAt |
- |
string (date-time) |
No |
- |
- |
Status.status.async
Back to Hostname status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field |
Description |
Type |
Required |
Default |
Enum |
current |
- |
object |
No |
- |
- |
Status.status.async.current
Back to Hostname status
| Field |
Description |
Type |
Required |
Default |
Enum |
message |
- |
string |
No |
- |
- |
normalizedClass |
- |
string |
Yes |
- |
attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- |
number |
No |
- |
- |
phase |
- |
string |
Yes |
- |
create, delete, update |
rawOperationType |
- |
string |
No |
- |
- |
rawStatus |
- |
string |
No |
- |
- |
source |
- |
string |
Yes |
- |
lifecycle, none, workrequest |
updatedAt |
- |
string (date-time) |
Yes |
- |
- |
workRequestId |
- |
string |
No |
- |
- |
Status.status.conditions[]
Back to Hostname status
| Field |
Description |
Type |
Required |
Default |
Enum |
lastTransitionTime |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
status |
- |
string |
Yes |
- |
- |
type |
- |
string |
Yes |
- |
- |
Listener
Listener is the Schema for the listeners API.
Plural: listenersScope: NamespacedAPIVersion: loadbalancer.oracle.com/v1beta1Sample: Sample (config/samples/loadbalancer_v1beta1_listener.yaml)Packages: Not currently exposed by a customer-visible package.
Spec
ListenerSpec defines the desired state of Listener.
| Field |
Description |
Type |
Required |
Default |
Enum |
connectionConfiguration |
ListenerConnectionConfiguration defines nested fields for Listener.ConnectionConfiguration. |
object |
No |
- |
- |
defaultBackendSetName |
The name of the associated backend set. Example: example_backend_set |
string |
Yes |
- |
- |
hostnameNames |
An array of hostname resource names. |
list[string] |
No |
- |
- |
loadBalancerId |
The OCID (https://docs.cloud.oracle.com/Content/General/Concepts/identifiers.htm) of the load balancer that owns this listener. |
string |
Yes |
- |
- |
name |
A friendly name for the listener. It must be unique and it cannot be changed. Avoid entering confidential information. Example: example_listener |
string |
Yes |
- |
- |
pathRouteSetName |
Deprecated. Please use routingPolicies instead. The name of the set of path-based routing rules, PathRouteSet, applied to this listener's traffic. Example: example_path_route_set |
string |
No |
- |
- |
port |
The communication port for the listener. Example: 80 |
integer |
Yes |
- |
- |
protocol |
The protocol on which the listener accepts connection requests. To get a list of valid protocols, use the ListProtocols operation. Example: HTTP |
string |
Yes |
- |
- |
routingPolicyName |
The name of the routing policy applied to this listener's traffic. Example: example_routing_policy |
string |
No |
- |
- |
ruleSetNames |
The names of the RuleSet to apply to the listener. Example: ["example_rule_set"] |
list[string] |
No |
- |
- |
sslConfiguration |
ListenerSslConfiguration defines nested fields for Listener.SslConfiguration. |
object |
No |
- |
- |
Spec.connectionConfiguration
Back to Listener spec
ListenerConnectionConfiguration defines nested fields for Listener.ConnectionConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendTcpProxyProtocolOptions |
An array that represents the PPV2 Options that can be enabled on TCP Listeners. Example: ["PP2_TYPE_AUTHORITY"] |
list[string] |
No |
- |
- |
backendTcpProxyProtocolVersion |
The backend TCP Proxy Protocol version. Example: 1 |
integer |
No |
- |
- |
idleTimeout |
The maximum idle time, in seconds, allowed between two successive receive or two successive send operations between the client and backend servers. A send operation does not reset the timer for receive operations. A receive operation does not reset the timer for send operations. For more information, see Connection Configuration (https://docs.oracle.com/iaas/Content/Balance/Reference/connectionreuse.htm#ConnectionConfiguration). Example: 1200 |
integer (int64) |
Yes |
- |
- |
Spec.sslConfiguration
Back to Listener spec
ListenerSslConfiguration defines nested fields for Listener.SslConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
certificateIds |
Ids for OCI certificates service certificates. Currently only a single Id may be passed. Example: [ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq] |
list[string] |
No |
- |
- |
certificateName |
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information. Example: example_certificate_bundle |
string |
No |
- |
- |
cipherSuiteName |
The name of the cipher suite to use for HTTPS or SSL connections. If this field is not specified, the default is oci-default-ssl-cipher-suite-v1. Notes: * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. Clients cannot perform an SSL handshake if there is an incompatible configuration. * You must ensure compatibility between the ciphers configured in the cipher suite and the configured certificates. For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers require ECDSA certificates. * If the cipher configuration is not modified after load balancer creation, the GET operation returns oci-default-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing listeners that predate this feature. * If the cipher configuration was modified using Oracle operations after load balancer creation, the GET operation returns oci-customized-ssl-cipher-suite as the value of this field in the SSL configuration for existing listeners that predate this feature. * The GET operation returns oci-wider-compatible-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing backend sets that predate this feature. * If the GET operation on a listener returns oci-customized-ssl-cipher-suite as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource. * The oci-customized-ssl-cipher-suite Oracle reserved cipher suite name is not accepted as valid input for this field. example: example_cipher_suite |
string |
No |
- |
- |
hasSessionResumption |
Whether the load balancer listener should resume an encrypted session by reusing the cryptographic parameters of a previous TLS session, without having to perform a full handshake again. If "true", the service resumes the previous TLS encrypted session. If "false", the service starts a new TLS encrypted session. Enabling session resumption improves performance but provides a lower level of security. Disabling session resumption improves security but reduces performance. Example: true |
boolean |
No |
- |
- |
protocols |
A list of SSL protocols the load balancer must support for HTTPS or SSL connections. The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private. The Load Balancing service supports the following protocols: * TLSv1 * TLSv1.1 * TLSv1.2 * TLSv1.3 If this field is not specified, TLSv1.2 is the default. Warning: All SSL listeners created on a given port must use the same set of SSL protocols. Notes: * The handshake to establish an SSL connection fails if the client supports none of the specified protocols. * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. * For all existing load balancer listeners and backend sets that predate this feature, the GET operation displays a list of SSL protocols currently used by those resources. example: ["TLSv1.1", "TLSv1.2"] |
list[string] |
No |
- |
- |
serverOrderPreference |
When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers. Note: This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This field is ignored when the SSLConfiguration object is associated with a backend set. |
string |
No |
- |
- |
trustedCertificateAuthorityIds |
Ids for OCI certificates service CA or CA bundles for the load balancer to trust. Example: [ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq] |
list[string] |
No |
- |
- |
verifyDepth |
The maximum depth for peer certificate chain verification. Example: 3 |
integer |
No |
- |
- |
verifyPeerCertificate |
Whether the load balancer listener should verify peer certificates. Example: true |
boolean |
No |
- |
- |
Status
ListenerStatus defines the observed state of Listener.
| Field |
Description |
Type |
Required |
Default |
Enum |
connectionConfiguration |
ListenerConnectionConfiguration defines nested fields for Listener.ConnectionConfiguration. |
object |
No |
- |
- |
defaultBackendSetName |
The name of the associated backend set. Example: example_backend_set |
string |
No |
- |
- |
hostnameNames |
An array of hostname resource names. |
list[string] |
No |
- |
- |
loadBalancerId |
The bound load balancer OCID used to address this listener. |
string |
No |
- |
- |
name |
A friendly name for the listener. It must be unique and it cannot be changed. Example: example_listener |
string |
No |
- |
- |
pathRouteSetName |
Deprecated. Please use routingPolicies instead. The name of the set of path-based routing rules, PathRouteSet, applied to this listener's traffic. Example: example_path_route_set |
string |
No |
- |
- |
port |
The communication port for the listener. Example: 80 |
integer |
No |
- |
- |
protocol |
The protocol on which the listener accepts connection requests. To get a list of valid protocols, use the ListProtocols operation. Example: HTTP |
string |
No |
- |
- |
routingPolicyName |
The name of the routing policy applied to this listener's traffic. Example: example_routing_policy_name |
string |
No |
- |
- |
ruleSetNames |
The names of the RuleSet to apply to the listener. Example: ["example_rule_set"] |
list[string] |
No |
- |
- |
sslConfiguration |
ListenerSslConfiguration defines nested fields for Listener.SslConfiguration. |
object |
No |
- |
- |
status |
- |
object |
Yes |
- |
- |
Status.connectionConfiguration
Back to Listener status
ListenerConnectionConfiguration defines nested fields for Listener.ConnectionConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendTcpProxyProtocolOptions |
An array that represents the PPV2 Options that can be enabled on TCP Listeners. Example: ["PP2_TYPE_AUTHORITY"] |
list[string] |
No |
- |
- |
backendTcpProxyProtocolVersion |
The backend TCP Proxy Protocol version. Example: 1 |
integer |
No |
- |
- |
idleTimeout |
The maximum idle time, in seconds, allowed between two successive receive or two successive send operations between the client and backend servers. A send operation does not reset the timer for receive operations. A receive operation does not reset the timer for send operations. For more information, see Connection Configuration (https://docs.oracle.com/iaas/Content/Balance/Reference/connectionreuse.htm#ConnectionConfiguration). Example: 1200 |
integer (int64) |
Yes |
- |
- |
Status.sslConfiguration
Back to Listener status
ListenerSslConfiguration defines nested fields for Listener.SslConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
certificateIds |
Ids for OCI certificates service certificates. Currently only a single Id may be passed. Example: [ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq] |
list[string] |
No |
- |
- |
certificateName |
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information. Example: example_certificate_bundle |
string |
No |
- |
- |
cipherSuiteName |
The name of the cipher suite to use for HTTPS or SSL connections. If this field is not specified, the default is oci-default-ssl-cipher-suite-v1. Notes: * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. Clients cannot perform an SSL handshake if there is an incompatible configuration. * You must ensure compatibility between the ciphers configured in the cipher suite and the configured certificates. For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers require ECDSA certificates. * If the cipher configuration is not modified after load balancer creation, the GET operation returns oci-default-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing listeners that predate this feature. * If the cipher configuration was modified using Oracle operations after load balancer creation, the GET operation returns oci-customized-ssl-cipher-suite as the value of this field in the SSL configuration for existing listeners that predate this feature. * The GET operation returns oci-wider-compatible-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing backend sets that predate this feature. * If the GET operation on a listener returns oci-customized-ssl-cipher-suite as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource. * The oci-customized-ssl-cipher-suite Oracle reserved cipher suite name is not accepted as valid input for this field. example: example_cipher_suite |
string |
No |
- |
- |
hasSessionResumption |
Whether the load balancer listener should resume an encrypted session by reusing the cryptographic parameters of a previous TLS session, without having to perform a full handshake again. If "true", the service resumes the previous TLS encrypted session. If "false", the service starts a new TLS encrypted session. Enabling session resumption improves performance but provides a lower level of security. Disabling session resumption improves security but reduces performance. Example: true |
boolean |
No |
- |
- |
protocols |
A list of SSL protocols the load balancer must support for HTTPS or SSL connections. The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private. The Load Balancing service supports the following protocols: * TLSv1 * TLSv1.1 * TLSv1.2 * TLSv1.3 If this field is not specified, TLSv1.2 is the default. Warning: All SSL listeners created on a given port must use the same set of SSL protocols. Notes: * The handshake to establish an SSL connection fails if the client supports none of the specified protocols. * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. * For all existing load balancer listeners and backend sets that predate this feature, the GET operation displays a list of SSL protocols currently used by those resources. example: ["TLSv1.1", "TLSv1.2"] |
list[string] |
No |
- |
- |
serverOrderPreference |
When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers. Note: This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This field is ignored when the SSLConfiguration object is associated with a backend set. |
string |
No |
- |
- |
trustedCertificateAuthorityIds |
Ids for OCI certificates service CA or CA bundles for the load balancer to trust. Example: [ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq] |
list[string] |
No |
- |
- |
verifyDepth |
The maximum depth for peer certificate chain verification. Example: 3 |
integer |
No |
- |
- |
verifyPeerCertificate |
Whether the load balancer listener should verify peer certificates. Example: true |
boolean |
No |
- |
- |
Status.status
Back to Listener status
| Field |
Description |
Type |
Required |
Default |
Enum |
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. |
object |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
createdAt |
- |
string (date-time) |
No |
- |
- |
deletedAt |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
ocid |
- |
string |
No |
- |
- |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
requestedAt |
- |
string (date-time) |
No |
- |
- |
updatedAt |
- |
string (date-time) |
No |
- |
- |
Status.status.async
Back to Listener status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field |
Description |
Type |
Required |
Default |
Enum |
current |
- |
object |
No |
- |
- |
Status.status.async.current
Back to Listener status
| Field |
Description |
Type |
Required |
Default |
Enum |
message |
- |
string |
No |
- |
- |
normalizedClass |
- |
string |
Yes |
- |
attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- |
number |
No |
- |
- |
phase |
- |
string |
Yes |
- |
create, delete, update |
rawOperationType |
- |
string |
No |
- |
- |
rawStatus |
- |
string |
No |
- |
- |
source |
- |
string |
Yes |
- |
lifecycle, none, workrequest |
updatedAt |
- |
string (date-time) |
Yes |
- |
- |
workRequestId |
- |
string |
No |
- |
- |
Status.status.conditions[]
Back to Listener status
| Field |
Description |
Type |
Required |
Default |
Enum |
lastTransitionTime |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
status |
- |
string |
Yes |
- |
- |
type |
- |
string |
Yes |
- |
- |
LoadBalancer
LoadBalancer is the Schema for the loadbalancers API.
Plural: loadbalancersScope: NamespacedAPIVersion: loadbalancer.oracle.com/v1beta1Sample: Sample (config/samples/loadbalancer_v1beta1_loadbalancer.yaml)Packages: Not currently exposed by a customer-visible package.
Spec
LoadBalancerSpec defines the desired state of LoadBalancer.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendSets |
- |
map[string, object] |
No |
- |
- |
certificates |
- |
map[string, object] |
No |
- |
- |
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment in which to create the load balancer. |
string |
Yes |
- |
- |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No |
- |
- |
displayName |
A user-friendly name. It does not have to be unique, and it is changeable. Avoid entering confidential information. Example: example_load_balancer |
string |
Yes |
- |
- |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Department": "Finance"} |
map[string, string] |
No |
- |
- |
hostnames |
- |
map[string, object] |
No |
- |
- |
ipMode |
Whether the load balancer has an IPv4 or IPv6 IP address. If "IPV4", the service assigns an IPv4 address and the load balancer supports IPv4 traffic. If "IPV6", the service assigns an IPv6 address and the load balancer supports IPv6 traffic. Example: "ipMode":"IPV6" |
string |
No |
- |
- |
ipv6SubnetCidr |
Applies to IPV6 LB creation only. Used to disambiguate which subnet prefix should be used to create an IPv6 LB. Example: "2002::1234:abcd:ffff:c0a8:101/64" |
string |
No |
- |
- |
isDeleteProtectionEnabled |
Whether or not the load balancer has delete protection enabled. If "true", the loadbalancer will be protected against deletion if configured to accept traffic. If "false", the loadbalancer will not be protected against deletion. Delete protection will not be enabled unless a value of "true" is provided. Example: true |
boolean |
No |
- |
- |
isPrivate |
Whether the load balancer has a VCN-local (private) IP address. If "true", the service assigns a private IP address to the load balancer. If "false", the service assigns a public IP address to the load balancer. A public load balancer is accessible from the internet, depending on your VCN's security list rules (https://docs.oracle.com/iaas/Content/Network/Concepts/securitylists.htm). For more information about public and private load balancers, see How Load Balancing Works (https://docs.oracle.com/iaas/Content/Balance/Concepts/balanceoverview.htm#how-load-balancing-works). Example: true |
boolean |
No |
- |
- |
isRequestIdEnabled |
Whether or not the load balancer has the Request Id feature enabled for HTTP listeners. If "true", the load balancer will attach a unique request id header to every request passed through from the load balancer to load balancer backends. This same request id header also will be added to the response the lb received from the backend handling the request before the load balancer returns the response to the requestor. The name of the unique request id header is set the by value of requestIdHeader. If "false", the loadbalancer not add this unique request id header to either the request passed through to the load balancer backends nor to the reponse returned to the user. New load balancers have the Request Id feature disabled unless isRequestIdEnabled is set to true. Example: true |
boolean |
No |
- |
- |
listeners |
- |
map[string, object] |
No |
- |
- |
networkSecurityGroupIds |
An array of NSG OCIDs (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) associated with this load balancer. During the load balancer's creation, the service adds the new load balancer to the specified NSGs. The benefits of using NSGs with the load balancer include: * NSGs define network security rules to govern ingress and egress traffic for the load balancer. * The network security rules of other resources can reference the NSGs associated with the load balancer to ensure access. Example: ["ocid1.nsg.oc1.phx.unique_ID"] |
list[string] |
No |
- |
- |
pathRouteSets |
- |
map[string, object] |
No |
- |
- |
requestIdHeader |
If isRequestIdEnabled is true then this field contains the name of the header field that contains the unique request id that is attached to every request from the load balancer to the load balancer backends and to every response from the load balancer. If a request to the load balancer already contains a header with same name as specified in requestIdHeader then the load balancer will not change the value of that field. If isRequestIdEnabled is false then this field is ignored. If this field is not set or is set to "" then this field defaults to X-Request-Id Notes: * Unless the header name is "" it must start with "X-" prefix. * Setting the header name to "" will set it to the default: X-Request-Id. |
string |
No |
- |
- |
reservedIps |
An array of reserved Ips. |
list[object] |
No |
- |
- |
ruleSets |
- |
map[string, object] |
No |
- |
- |
securityAttributes |
Extended Defined tags for ZPR for this resource. Each key is predefined and scoped to a namespace. Example: {"Oracle-ZPR": {"MaxEgressCount": {"value":"42","mode":"audit", "usagetype" : "zpr"}}} |
map[string, map[string, string]] |
No |
- |
- |
shapeDetails |
The configuration details to create load balancer using Flexible shape. This is required only if shapeName is Flexible. |
object |
No |
- |
- |
shapeName |
A template that determines the total pre-provisioned bandwidth (ingress plus egress). To get a list of available shapes, use the ListShapes operation. Example: flexible NOTE: After May 2023, Fixed shapes - 10Mbps, 100Mbps, 400Mbps, 8000Mbps would be deprecated and only shape allowed would be Flexible |
string |
Yes |
- |
- |
sslCipherSuites |
- |
map[string, object] |
No |
- |
- |
subnetIds |
An array of subnet OCIDs (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm). |
list[string] |
Yes |
- |
- |
Spec.backendSets{}
Back to LoadBalancer spec
LoadBalancerBackendSets defines nested fields for LoadBalancer.BackendSets.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendMaxConnections |
The maximum number of simultaneous connections the load balancer can make to any backend in the backend set unless the backend has its own maxConnections setting. If this is not set or set to 0 then the number of simultaneous connections the load balancer can make to any backend in the backend set unless the backend has its own maxConnections setting is unlimited. If setting backendMaxConnections to some value other than 0 then that value must be greater or equal to 256. Example: 300 |
integer |
No |
- |
- |
backends |
- |
list[object] |
No |
- |
- |
healthChecker |
LoadBalancerBackendSetsHealthChecker defines nested fields for LoadBalancer.BackendSets.HealthChecker. |
object |
Yes |
- |
- |
lbCookieSessionPersistenceConfiguration |
LoadBalancerBackendSetsLbCookieSessionPersistenceConfiguration defines nested fields for LoadBalancer.BackendSets.LbCookieSessionPersistenceConfiguration. |
object |
No |
- |
- |
policy |
The load balancer policy for the backend set. To get a list of available policies, use the ListPolicies operation. Example: LEAST_CONNECTIONS |
string |
Yes |
- |
- |
sessionPersistenceConfiguration |
LoadBalancerBackendSetsSessionPersistenceConfiguration defines nested fields for LoadBalancer.BackendSets.SessionPersistenceConfiguration. |
object |
No |
- |
- |
sslConfiguration |
LoadBalancerBackendSetsSslConfiguration defines nested fields for LoadBalancer.BackendSets.SslConfiguration. |
object |
No |
- |
- |
Spec.backendSets{}.backends[]
Back to LoadBalancer spec
LoadBalancerBackendSetsBackend defines nested fields for LoadBalancer.BackendSets.Backend.
| Field |
Description |
Type |
Required |
Default |
Enum |
backup |
Whether the load balancer should treat this server as a backup unit. If true, the load balancer forwards no ingress traffic to this backend server unless all other backend servers not marked as "backup" fail the health check policy. Note: You cannot add a backend server marked as backup to a backend set that uses the IP Hash policy. Example: false |
boolean |
No |
- |
- |
drain |
Whether the load balancer should drain this server. Servers marked "drain" receive no new incoming traffic. Example: false |
boolean |
No |
- |
- |
ipAddress |
The IP address of the backend server. Example: 10.0.0.3 |
string |
Yes |
- |
- |
maxConnections |
The maximum number of simultaneous connections the load balancer can make to the backend. If this is not set or set to 0 then the maximum number of simultaneous connections the load balancer can make to the backend is unlimited. If setting maxConnections to some value other than 0 then that value must be greater or equal to 256. Example: 300 |
integer |
No |
- |
- |
offline |
Whether the load balancer should treat this server as offline. Offline servers receive no incoming traffic. Example: false |
boolean |
No |
- |
- |
port |
The communication port for the backend server. Example: 8080 |
integer |
Yes |
- |
- |
weight |
The load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. For example, a server weighted '3' receives 3 times the number of new connections as a server weighted '1'. For more information on load balancing policies, see How Load Balancing Policies Work (https://docs.oracle.com/iaas/Content/Balance/Reference/lbpolicies.htm). Example: 3 |
integer |
No |
- |
- |
Spec.backendSets{}.healthChecker
Back to LoadBalancer spec
LoadBalancerBackendSetsHealthChecker defines nested fields for LoadBalancer.BackendSets.HealthChecker.
| Field |
Description |
Type |
Required |
Default |
Enum |
intervalInMillis |
The interval between health checks, in milliseconds. Example: 10000 |
integer |
No |
- |
- |
isForcePlainText |
Specifies if health checks should always be done using plain text instead of depending on whether or not the associated backend set is using SSL. If "true", health checks will be done using plain text even if the associated backend set is configured to use SSL. If "false", health checks will be done using SSL encryption if the associated backend set is configured to use SSL. If the backend set is not so configured the health checks will be done using plain text. Example: false |
boolean |
No |
- |
- |
port |
The backend server port against which to run the health check. If the port is not specified, the load balancer uses the port information from the Backend object. Example: 8080 |
integer |
No |
- |
- |
protocol |
The protocol the health check must use; either HTTP or TCP. Example: HTTP |
string |
Yes |
- |
- |
responseBodyRegex |
A regular expression for parsing the response body from the backend server. Example: ^((?!false).\|\s)*$ |
string |
No |
- |
- |
retries |
The number of retries to attempt before a backend server is considered "unhealthy". This number also applies when recovering a server to the "healthy" state. Example: 3 |
integer |
No |
- |
- |
returnCode |
The status code a healthy backend server should return. Example: 200 |
integer |
No |
- |
- |
timeoutInMillis |
The maximum time, in milliseconds, to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. Example: 3000 |
integer |
No |
- |
- |
urlPath |
The path against which to run the health check. Example: /healthcheck |
string |
No |
- |
- |
Spec.backendSets{}.lbCookieSessionPersistenceConfiguration
Back to LoadBalancer spec
LoadBalancerBackendSetsLbCookieSessionPersistenceConfiguration defines nested fields for LoadBalancer.BackendSets.LbCookieSessionPersistenceConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
cookieName |
The name of the cookie inserted by the load balancer. If this field is not configured, the cookie name defaults to "X-Oracle-BMC-LBS-Route". Example: example_cookie Notes: * Ensure that the cookie name used at the backend application servers is different from the cookie name used at the load balancer. To minimize the chance of name collision, Oracle recommends that you use a prefix such as "X-Oracle-OCI-" for this field. * If a backend server and the load balancer both insert cookies with the same name, the client or browser behavior can vary depending on the domain and path values associated with the cookie. If the name, domain, and path values of the Set-cookie generated by a backend server and the Set-cookie generated by the load balancer are all the same, the client or browser treats them as one cookie and returns only one of the cookie values in subsequent requests. If both Set-cookie names are the same, but the domain and path names are different, the client or browser treats them as two different cookies. |
string |
No |
- |
- |
disableFallback |
Whether the load balancer is prevented from directing traffic from a persistent session client to a different backend server if the original server is unavailable. Defaults to false. Example: false |
boolean |
No |
- |
- |
domain |
The domain in which the cookie is valid. The Set-cookie header inserted by the load balancer contains a domain attribute with the specified value. This attribute has no default value. If you do not specify a value, the load balancer does not insert the domain attribute into the Set-cookie header. Notes: * RFC 6265 - HTTP State Management Mechanism (https://www.ietf.org/rfc/rfc6265.txt) describes client and browser behavior when the domain attribute is present or not present in the Set-cookie header. If the value of the Domain attribute is example.com in the Set-cookie header, the client includes the same cookie in the Cookie header when making HTTP requests to example.com, www.example.com, and www.abc.example.com. If the Domain attribute is not present, the client returns the cookie only for the domain to which the original request was made. * Ensure that this attribute specifies the correct domain value. If the Domain attribute in the Set-cookie header does not include the domain to which the original request was made, the client or browser might reject the cookie. As specified in RFC 6265, the client accepts a cookie with the Domain attribute value example.com or www.example.com sent from www.example.com. It does not accept a cookie with the Domain attribute abc.example.com or www.abc.example.com sent from www.example.com. Example: example.com |
string |
No |
- |
- |
isHttpOnly |
Whether the Set-cookie header should contain the HttpOnly attribute. If true, the Set-cookie header inserted by the load balancer contains the HttpOnly attribute, which limits the scope of the cookie to HTTP requests. This attribute directs the client or browser to omit the cookie when providing access to cookies through non-HTTP APIs. For example, it restricts the cookie from JavaScript channels. Example: true |
boolean |
No |
- |
- |
isSecure |
Whether the Set-cookie header should contain the Secure attribute. If true, the Set-cookie header inserted by the load balancer contains the Secure attribute, which directs the client or browser to send the cookie only using a secure protocol. Note: If you set this field to true, you cannot associate the corresponding backend set with an HTTP listener. Example: true |
boolean |
No |
- |
- |
maxAgeInSeconds |
The amount of time the cookie remains valid. The Set-cookie header inserted by the load balancer contains a Max-Age attribute with the specified value. The specified value must be at least one second. There is no default value for this attribute. If you do not specify a value, the load balancer does not include the Max-Age attribute in the Set-cookie header. In most cases, the client or browser retains the cookie until the current session ends, as defined by the client. Example: 3600 |
integer |
No |
- |
- |
path |
The path in which the cookie is valid. The Set-cookie header inserted by the load balancer contains a Path attribute with the specified value. Clients include the cookie in an HTTP request only if the path portion of the request-uri matches, or is a subdirectory of, the cookie's Path attribute. The default value is /. Example: /example |
string |
No |
- |
- |
Spec.backendSets{}.sessionPersistenceConfiguration
Back to LoadBalancer spec
LoadBalancerBackendSetsSessionPersistenceConfiguration defines nested fields for LoadBalancer.BackendSets.SessionPersistenceConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
cookieName |
The name of the cookie used to detect a session initiated by the backend server. Use '*' to specify that any cookie set by the backend causes the session to persist. Example: example_cookie |
string |
Yes |
- |
- |
disableFallback |
Whether the load balancer is prevented from directing traffic from a persistent session client to a different backend server if the original server is unavailable. Defaults to false. Example: false |
boolean |
No |
- |
- |
Spec.backendSets{}.sslConfiguration
Back to LoadBalancer spec
LoadBalancerBackendSetsSslConfiguration defines nested fields for LoadBalancer.BackendSets.SslConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
certificateIds |
Ids for OCI certificates service certificates. Currently only a single Id may be passed. Example: [ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq] |
list[string] |
No |
- |
- |
certificateName |
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information. Example: example_certificate_bundle |
string |
No |
- |
- |
cipherSuiteName |
The name of the cipher suite to use for HTTPS or SSL connections. If this field is not specified, the default is oci-default-ssl-cipher-suite-v1. Notes: * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. Clients cannot perform an SSL handshake if there is an incompatible configuration. * You must ensure compatibility between the ciphers configured in the cipher suite and the configured certificates. For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers require ECDSA certificates. * If the cipher configuration is not modified after load balancer creation, the GET operation returns oci-default-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing listeners that predate this feature. * If the cipher configuration was modified using Oracle operations after load balancer creation, the GET operation returns oci-customized-ssl-cipher-suite as the value of this field in the SSL configuration for existing listeners that predate this feature. * The GET operation returns oci-wider-compatible-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing backend sets that predate this feature. * If the GET operation on a listener returns oci-customized-ssl-cipher-suite as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource. * The oci-customized-ssl-cipher-suite Oracle reserved cipher suite name is not accepted as valid input for this field. example: example_cipher_suite |
string |
No |
- |
- |
hasSessionResumption |
Whether the load balancer listener should resume an encrypted session by reusing the cryptographic parameters of a previous TLS session, without having to perform a full handshake again. If "true", the service resumes the previous TLS encrypted session. If "false", the service starts a new TLS encrypted session. Enabling session resumption improves performance but provides a lower level of security. Disabling session resumption improves security but reduces performance. Example: true |
boolean |
No |
- |
- |
protocols |
A list of SSL protocols the load balancer must support for HTTPS or SSL connections. The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private. The Load Balancing service supports the following protocols: * TLSv1 * TLSv1.1 * TLSv1.2 * TLSv1.3 If this field is not specified, TLSv1.2 is the default. Warning: All SSL listeners created on a given port must use the same set of SSL protocols. Notes: * The handshake to establish an SSL connection fails if the client supports none of the specified protocols. * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. * For all existing load balancer listeners and backend sets that predate this feature, the GET operation displays a list of SSL protocols currently used by those resources. example: ["TLSv1.1", "TLSv1.2"] |
list[string] |
No |
- |
- |
serverOrderPreference |
When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers. Note: This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This field is ignored when the SSLConfiguration object is associated with a backend set. |
string |
No |
- |
- |
trustedCertificateAuthorityIds |
Ids for OCI certificates service CA or CA bundles for the load balancer to trust. Example: [ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq] |
list[string] |
No |
- |
- |
verifyDepth |
The maximum depth for peer certificate chain verification. Example: 3 |
integer |
No |
- |
- |
verifyPeerCertificate |
Whether the load balancer listener should verify peer certificates. Example: true |
boolean |
No |
- |
- |
Spec.certificates{}
Back to LoadBalancer spec
LoadBalancerCertificates defines nested fields for LoadBalancer.Certificates.
| Field |
Description |
Type |
Required |
Default |
Enum |
caCertificate |
The Certificate Authority certificate, or any interim certificate, that you received from your SSL certificate provider. Example: -----BEGIN CERTIFICATE----- MIIEczCCA1ugAwIBAgIBADANBgkqhkiG9w0BAQQFAD..AkGA1UEBhMCR0Ix EzARBgNVBAgTClNvbWUtU3RhdGUxFDASBgNVBAoTC0..0EgTHRkMTcwNQYD VQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcn..XRpb24gQXV0aG9y aXR5MRQwEgYDVQQDEwtCZXN0IENBIEx0ZDAeFw0wMD..TUwMTZaFw0wMTAy ... -----END CERTIFICATE----- |
string |
No |
- |
- |
certificateName |
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information. Example: example_certificate_bundle |
string |
Yes |
- |
- |
passphrase |
A passphrase for encrypted private keys. This is needed only if you created your certificate with a passphrase. |
string |
No |
- |
- |
privateKey |
The SSL private key for your certificate, in PEM format. Example: -----BEGIN RSA PRIVATE KEY----- jO1O1v2ftXMsawM90tnXwc6xhOAT1gDBC9S8DKeca..JZNUgYYwNS0dP2UK tmyN+XqVcAKw4HqVmChXy5b5msu8eIq3uc2NqNVtR..2ksSLukP8pxXcHyb /Umr7wJzVrMqK5sDiSu4WuaaBdqMGfL5hLsTjcBFD..Da2iyQmSKuVD4lIZ ... -----END RSA PRIVATE KEY----- |
string |
No |
- |
- |
publicCertificate |
The public certificate, in PEM format, that you received from your SSL certificate provider. Example: -----BEGIN CERTIFICATE----- MIIC2jCCAkMCAg38MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw ... -----END CERTIFICATE----- |
string |
No |
- |
- |
Spec.hostnames{}
Back to LoadBalancer spec
LoadBalancerHostnames defines nested fields for LoadBalancer.Hostnames.
| Field |
Description |
Type |
Required |
Default |
Enum |
hostname |
A virtual hostname. For more information about virtual hostname string construction, see Managing Request Routing (https://docs.oracle.com/iaas/Content/Balance/Tasks/managingrequest.htm#routing). Example: app.example.com |
string |
Yes |
- |
- |
name |
The name of the hostname resource. Example: example_hostname_001 |
string |
Yes |
- |
- |
Spec.listeners{}
Back to LoadBalancer spec
LoadBalancerListeners defines nested fields for LoadBalancer.Listeners.
| Field |
Description |
Type |
Required |
Default |
Enum |
connectionConfiguration |
LoadBalancerListenersConnectionConfiguration defines nested fields for LoadBalancer.Listeners.ConnectionConfiguration. |
object |
No |
- |
- |
defaultBackendSetName |
The name of the associated backend set. Example: example_backend_set |
string |
Yes |
- |
- |
hostnameNames |
An array of hostname resource names. |
list[string] |
No |
- |
- |
pathRouteSetName |
Deprecated. Please use routingPolicies instead. The name of the set of path-based routing rules, PathRouteSet, applied to this listener's traffic. Example: example_path_route_set |
string |
No |
- |
- |
port |
The communication port for the listener. Example: 80 |
integer |
Yes |
- |
- |
protocol |
The protocol on which the listener accepts connection requests. To get a list of valid protocols, use the ListProtocols operation. Example: HTTP |
string |
Yes |
- |
- |
routingPolicyName |
The name of the routing policy applied to this listener's traffic. Example: example_routing_policy |
string |
No |
- |
- |
ruleSetNames |
The names of the RuleSet to apply to the listener. Example: ["example_rule_set"] |
list[string] |
No |
- |
- |
sslConfiguration |
LoadBalancerListenersSslConfiguration defines nested fields for LoadBalancer.Listeners.SslConfiguration. |
object |
No |
- |
- |
Spec.listeners{}.connectionConfiguration
Back to LoadBalancer spec
LoadBalancerListenersConnectionConfiguration defines nested fields for LoadBalancer.Listeners.ConnectionConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendTcpProxyProtocolOptions |
An array that represents the PPV2 Options that can be enabled on TCP Listeners. Example: ["PP2_TYPE_AUTHORITY"] |
list[string] |
No |
- |
- |
backendTcpProxyProtocolVersion |
The backend TCP Proxy Protocol version. Example: 1 |
integer |
No |
- |
- |
idleTimeout |
The maximum idle time, in seconds, allowed between two successive receive or two successive send operations between the client and backend servers. A send operation does not reset the timer for receive operations. A receive operation does not reset the timer for send operations. For more information, see Connection Configuration (https://docs.oracle.com/iaas/Content/Balance/Reference/connectionreuse.htm#ConnectionConfiguration). Example: 1200 |
integer (int64) |
Yes |
- |
- |
Back to LoadBalancer spec
LoadBalancerListenersSslConfiguration defines nested fields for LoadBalancer.Listeners.SslConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
certificateIds |
Ids for OCI certificates service certificates. Currently only a single Id may be passed. Example: [ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq] |
list[string] |
No |
- |
- |
certificateName |
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information. Example: example_certificate_bundle |
string |
No |
- |
- |
cipherSuiteName |
The name of the cipher suite to use for HTTPS or SSL connections. If this field is not specified, the default is oci-default-ssl-cipher-suite-v1. Notes: * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. Clients cannot perform an SSL handshake if there is an incompatible configuration. * You must ensure compatibility between the ciphers configured in the cipher suite and the configured certificates. For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers require ECDSA certificates. * If the cipher configuration is not modified after load balancer creation, the GET operation returns oci-default-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing listeners that predate this feature. * If the cipher configuration was modified using Oracle operations after load balancer creation, the GET operation returns oci-customized-ssl-cipher-suite as the value of this field in the SSL configuration for existing listeners that predate this feature. * The GET operation returns oci-wider-compatible-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing backend sets that predate this feature. * If the GET operation on a listener returns oci-customized-ssl-cipher-suite as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource. * The oci-customized-ssl-cipher-suite Oracle reserved cipher suite name is not accepted as valid input for this field. example: example_cipher_suite |
string |
No |
- |
- |
hasSessionResumption |
Whether the load balancer listener should resume an encrypted session by reusing the cryptographic parameters of a previous TLS session, without having to perform a full handshake again. If "true", the service resumes the previous TLS encrypted session. If "false", the service starts a new TLS encrypted session. Enabling session resumption improves performance but provides a lower level of security. Disabling session resumption improves security but reduces performance. Example: true |
boolean |
No |
- |
- |
protocols |
A list of SSL protocols the load balancer must support for HTTPS or SSL connections. The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private. The Load Balancing service supports the following protocols: * TLSv1 * TLSv1.1 * TLSv1.2 * TLSv1.3 If this field is not specified, TLSv1.2 is the default. Warning: All SSL listeners created on a given port must use the same set of SSL protocols. Notes: * The handshake to establish an SSL connection fails if the client supports none of the specified protocols. * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. * For all existing load balancer listeners and backend sets that predate this feature, the GET operation displays a list of SSL protocols currently used by those resources. example: ["TLSv1.1", "TLSv1.2"] |
list[string] |
No |
- |
- |
serverOrderPreference |
When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers. Note: This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This field is ignored when the SSLConfiguration object is associated with a backend set. |
string |
No |
- |
- |
trustedCertificateAuthorityIds |
Ids for OCI certificates service CA or CA bundles for the load balancer to trust. Example: [ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq] |
list[string] |
No |
- |
- |
verifyDepth |
The maximum depth for peer certificate chain verification. Example: 3 |
integer |
No |
- |
- |
verifyPeerCertificate |
Whether the load balancer listener should verify peer certificates. Example: true |
boolean |
No |
- |
- |
Spec.pathRouteSets{}
Back to LoadBalancer spec
LoadBalancerPathRouteSets defines nested fields for LoadBalancer.PathRouteSets.
| Field |
Description |
Type |
Required |
Default |
Enum |
pathRoutes |
The set of path route rules. |
list[object] |
Yes |
- |
- |
Spec.pathRouteSets{}.pathRoutes[]
Back to LoadBalancer spec
LoadBalancerPathRouteSetsPathRoute defines nested fields for LoadBalancer.PathRouteSets.PathRoute.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendSetName |
The name of the target backend set for requests where the incoming URI matches the specified path. Example: example_backend_set |
string |
Yes |
- |
- |
path |
The path string to match against the incoming URI path. * Path strings are case-insensitive. * Asterisk (*) wildcards are not supported. * Regular expressions are not supported. Example: /example/video/123 |
string |
Yes |
- |
- |
pathMatchType |
The type of matching to apply to incoming URIs. |
object |
Yes |
- |
- |
Spec.pathRouteSets{}.pathRoutes[].pathMatchType
Back to LoadBalancer spec
The type of matching to apply to incoming URIs.
| Field |
Description |
Type |
Required |
Default |
Enum |
matchType |
Specifies how the load balancing service compares a PathRoute object's path string against the incoming URI. * EXACT_MATCH - Looks for a path string that exactly matches the incoming URI path. * FORCE_LONGEST_PREFIX_MATCH - Looks for the path string with the best, longest match of the beginning portion of the incoming URI path. * PREFIX_MATCH - Looks for a path string that matches the beginning portion of the incoming URI path. * SUFFIX_MATCH - Looks for a path string that matches the ending portion of the incoming URI path. For a full description of how the system handles matchType in a path route set containing multiple rules, see Managing Request Routing (https://docs.oracle.com/iaas/Content/Balance/Tasks/managingrequest.htm). |
string |
Yes |
- |
- |
Spec.reservedIps[]
Back to LoadBalancer spec
LoadBalancerReservedIp defines nested fields for LoadBalancer.ReservedIp.
| Field |
Description |
Type |
Required |
Default |
Enum |
id |
Ocid of the Reserved IP/Public Ip created with VCN. Reserved IPs are IPs which already registered using VCN API. Create a reserved Public IP and then while creating the load balancer pass the ocid of the reserved IP in this field reservedIp to attach the Ip to Load balancer. Load balancer will be configured to listen to traffic on this IP. Reserved IPs will not be deleted when the Load balancer is deleted. They will be unattached from the Load balancer. Example: "ocid1.publicip.oc1.phx.unique_ID" IPV6 example: "ocid1.ipv6.oc1.phx.unique_ID" |
string |
No |
- |
- |
Spec.ruleSets{}
Back to LoadBalancer spec
LoadBalancerRuleSets defines nested fields for LoadBalancer.RuleSets.
| Field |
Description |
Type |
Required |
Default |
Enum |
items |
An array of rules that compose the rule set. |
list[object] |
Yes |
- |
- |
Spec.ruleSets{}.items[]
Back to LoadBalancer spec
LoadBalancerRuleSetsItem defines nested fields for LoadBalancer.RuleSets.Item.
| Field |
Description |
Type |
Required |
Default |
Enum |
action |
- |
string |
No |
- |
- |
allowedMethods |
The list of HTTP methods allowed for this listener. By default, you can specify only the standard HTTP methods defined in the HTTP Method Registry (http://www.iana.org/assignments/http-methods/http-methods.xhtml). You can also see a list of supported standard HTTP methods in the Load Balancing service documentation at Managing Rule Sets (https://docs.oracle.com/iaas/Content/Balance/Tasks/managingrulesets.htm). Your backend application must be able to handle the methods specified in this list. The list of HTTP methods is extensible. If you need to configure custom HTTP methods, contact My Oracle Support (http://support.oracle.com/) to remove the restriction for your tenancy. Example: ["GET", "PUT", "POST", "PROPFIND"] |
list[string] |
No |
- |
- |
areInvalidCharactersAllowed |
Indicates whether or not invalid characters in client header fields will be allowed. Valid names are composed of English letters, digits, hyphens and underscores. If "true", invalid characters are allowed in the HTTP header. If "false", invalid characters are not allowed in the HTTP header |
boolean |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
defaultMaxConnections |
The maximum number of connections that the any IP can make to a listener unless the IP is mentioned in maxConnections. If no defaultMaxConnections is specified the default is unlimited. |
integer |
No |
- |
- |
description |
A brief description of the access control rule. Avoid entering confidential information. example: 192.168.0.0/16 and 2001:db8::/32 are trusted clients. Whitelist them. |
string |
No |
- |
- |
header |
A header name that conforms to RFC 7230. Example: example_header_name |
string |
No |
- |
- |
httpLargeHeaderSizeInKB |
The maximum size of each buffer used for reading http client request header. This value indicates the maximum size allowed for each buffer. The allowed values for buffer size are 8, 16, 32 and 64. |
integer |
No |
- |
- |
ipMaxConnections |
An array of IPs that have a maxConnection setting different than the default and what that maxConnection setting is |
list[object] |
No |
- |
- |
jsonData |
- |
string |
No |
- |
- |
prefix |
A string to prepend to the header value. The resulting header value must conform to RFC 7230. With the following exceptions: * value cannot contain $ * value cannot contain patterns like {variable_name}. They are reserved for future extensions. Currently, such values are invalid. Example: example_prefix_value |
string |
No |
- |
- |
redirectUri |
LoadBalancerRuleSetsItemRedirectUri defines nested fields for LoadBalancer.RuleSets.Item.RedirectUri. |
object |
No |
- |
- |
responseCode |
The HTTP status code to return when the incoming request is redirected. The status line returned with the code is mapped from the standard HTTP specification. Valid response codes for redirection are: * 301 * 302 * 303 * 307 * 308 The default value is 302 (Found). Example: 301 |
integer |
No |
- |
- |
statusCode |
The HTTP status code to return when the requested HTTP method is not in the list of allowed methods. The associated status line returned with the code is mapped from the standard HTTP specification. The default value is 405 (Method Not Allowed). Example: 403 |
integer |
No |
- |
- |
suffix |
A string to append to the header value. The resulting header value must conform to RFC 7230. With the following exceptions: * value cannot contain $ * value cannot contain patterns like {variable_name}. They are reserved for future extensions. Currently, such values are invalid. Example: example_suffix_value |
string |
No |
- |
- |
value |
A header value that conforms to RFC 7230. With the following exceptions: * value cannot contain $ * value cannot contain patterns like {variable_name}. They are reserved for future extensions. Currently, such values are invalid. Example: example_value |
string |
No |
- |
- |
Spec.ruleSets{}.items[].conditions[]
Back to LoadBalancer spec
LoadBalancerRuleSetsItemCondition defines nested fields for LoadBalancer.RuleSets.Item.Condition.
| Field |
Description |
Type |
Required |
Default |
Enum |
attributeName |
- |
string |
No |
- |
- |
attributeValue |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the originating VCN that an incoming packet must match. You can use this condition in conjunction with SourceVcnIpAddressCondition. NOTE: If you define this condition for a rule without a SourceVcnIpAddressCondition, this condition matches all incoming traffic in the specified VCN. |
string |
No |
- |
- |
jsonData |
- |
string |
No |
- |
- |
operator |
A string that specifies how to compare the PathMatchCondition object's attributeValue string to the incoming URI. * EXACT_MATCH - The incoming URI path must exactly and completely match the attributeValue string. * FORCE_LONGEST_PREFIX_MATCH - The system looks for the attributeValue string with the best, longest match of the beginning portion of the incoming URI path. * PREFIX_MATCH - The beginning portion of the incoming URI path must exactly match the attributeValue string. * SUFFIX_MATCH - The ending portion of the incoming URI path must exactly match the attributeValue string. |
string |
No |
- |
- |
Spec.ruleSets{}.items[].ipMaxConnections[]
Back to LoadBalancer spec
LoadBalancerRuleSetsItemIpMaxConnection defines nested fields for LoadBalancer.RuleSets.Item.IpMaxConnection.
| Field |
Description |
Type |
Required |
Default |
Enum |
ipAddresses |
Each element in the list should be valid IPv4 or IPv6 CIDR Block address. Example: '["129.213.176.0/24", "150.136.187.0/24", "2002::1234:abcd:ffff:c0a8:101/64"]' |
list[string] |
Yes |
- |
- |
maxConnections |
The maximum number of simultaneous connections that the specified IPs can make to the Listener. IPs without a maxConnections setting can make either defaultMaxConnections simultaneous connections to a listener or, if no defaultMaxConnections is specified, an unlimited number of simultaneous connections to a listener. |
integer |
Yes |
- |
- |
Spec.ruleSets{}.items[].redirectUri
Back to LoadBalancer spec
LoadBalancerRuleSetsItemRedirectUri defines nested fields for LoadBalancer.RuleSets.Item.RedirectUri.
| Field |
Description |
Type |
Required |
Default |
Enum |
host |
The valid domain name (hostname) or IP address to use in the redirect URI. When this value is null, not set, or set to {host}, the service preserves the original domain name from the incoming HTTP request URI. All RedirectUri tokens are valid for this property. You can use any token more than once. Curly braces are valid in this property only to surround tokens, such as {host} Examples: * example.com appears as example.com in the redirect URI. * in{host} appears as inexample.com in the redirect URI if example.com is the hostname in the incoming HTTP request URI. * {port}{host} appears as 8081example.com in the redirect URI if example.com is the hostname and the port is 8081 in the incoming HTTP request URI. |
string |
No |
- |
- |
path |
The HTTP URI path to use in the redirect URI. When this value is null, not set, or set to {path}, the service preserves the original path from the incoming HTTP request URI. To omit the path from the redirect URI, set this value to an empty string, "". All RedirectUri tokens are valid for this property. You can use any token more than once. The path string must begin with / if it does not begin with the {path} token. Examples: * /example/video/123 appears as /example/video/123 in the redirect URI. * /example{path} appears as /example/video/123 in the redirect URI if /video/123 is the path in the incoming HTTP request URI. * {path}/123 appears as /example/video/123 in the redirect URI if /example/video is the path in the incoming HTTP request URI. * {path}123 appears as /example/video123 in the redirect URI if /example/video is the path in the incoming HTTP request URI. * /{host}/123 appears as /example.com/123 in the redirect URI if example.com is the hostname in the incoming HTTP request URI. * /{host}/{port} appears as /example.com/123 in the redirect URI if example.com is the hostname and 123 is the port in the incoming HTTP request URI. * /{query} appears as /lang=en in the redirect URI if the query is lang=en in the incoming HTTP request URI. |
string |
No |
- |
- |
port |
The communication port to use in the redirect URI. Valid values include integers from 1 to 65535. When this value is null, the service preserves the original port from the incoming HTTP request URI. Example: 8081 |
integer |
No |
- |
- |
protocol |
The HTTP protocol to use in the redirect URI. When this value is null, not set, or set to {protocol}, the service preserves the original protocol from the incoming HTTP request URI. Allowed values are: * HTTP * HTTPS * {protocol} {protocol} is the only valid token for this property. It can appear only once in the value string. Example: HTTPS |
string |
No |
- |
- |
query |
The query string to use in the redirect URI. When this value is null, not set, or set to {query}, the service preserves the original query parameters from the incoming HTTP request URI. All RedirectUri tokens are valid for this property. You can use any token more than once. If the query string does not begin with the {query} token, it must begin with the question mark (?) character. You can specify multiple query parameters as a single string. Separate each query parameter with an ampersand (&) character. To omit all incoming query parameters from the redirect URI, set this value to an empty string, "". If the specified query string results in a redirect URI ending with ? or &, the last character is truncated. For example, if the incoming URI is http://host.com:8080/documents and the query property value is ?lang=en&{query}, the redirect URI is http://host.com:8080/documents?lang=en. The system truncates the final ampersand (&) because the incoming URI included no value to replace the {query} token. Examples: * lang=en&time_zone=PST appears as lang=en&time_zone=PST in the redirect URI. * {query} appears as lang=en&time_zone=PST in the redirect URI if lang=en&time_zone=PST is the query string in the incoming HTTP request. If the incoming HTTP request has no query parameters, the {query} token renders as an empty string. * lang=en&{query}&time_zone=PST appears as lang=en&country=us&time_zone=PST in the redirect URI if country=us is the query string in the incoming HTTP request. If the incoming HTTP request has no query parameters, this value renders as lang=en&time_zone=PST. * protocol={protocol}&hostname={host} appears as protocol=http&hostname=example.com in the redirect URI if the protocol is HTTP and the hostname is example.com in the incoming HTTP request. * port={port}&hostname={host} appears as port=8080&hostname=example.com in the redirect URI if the port is 8080 and the hostname is example.com in the incoming HTTP request URI. |
string |
No |
- |
- |
Spec.shapeDetails
Back to LoadBalancer spec
The configuration details to create load balancer using Flexible shape. This is required only if shapeName is Flexible.
| Field |
Description |
Type |
Required |
Default |
Enum |
maximumBandwidthInMbps |
Bandwidth in Mbps that determines the maximum bandwidth (ingress plus egress) that the load balancer can achieve. This bandwidth cannot be always guaranteed. For a guaranteed bandwidth use the minimumBandwidthInMbps parameter. The values must be between minimumBandwidthInMbps and 8000 (8Gbps). Example: 1500 |
integer |
Yes |
- |
- |
minimumBandwidthInMbps |
Bandwidth in Mbps that determines the total pre-provisioned bandwidth (ingress plus egress). The values must be between 10 and the maximumBandwidthInMbps. Example: 150 |
integer |
Yes |
- |
- |
Spec.sslCipherSuites{}
Back to LoadBalancer spec
LoadBalancerSslCipherSuites defines nested fields for LoadBalancer.SslCipherSuites.
| Field |
Description |
Type |
Required |
Default |
Enum |
ciphers |
A list of SSL ciphers the load balancer must support for HTTPS or SSL connections. The following ciphers are valid values for this property: * TLSv1.3 ciphers "TLS_AES_128_GCM_SHA256" "TLS_AES_256_GCM_SHA384" "TLS_CHACHA20_POLY1305_SHA256" "TLS_AES_128_CCM_SHA256" "TLS_AES_128_CCM_8_SHA256" * TLSv1.2 ciphers "AES128-GCM-SHA256" "AES128-SHA256" "AES256-GCM-SHA384" "AES256-SHA256" "DH-DSS-AES128-GCM-SHA256" "DH-DSS-AES128-SHA256" "DH-DSS-AES256-GCM-SHA384" "DH-DSS-AES256-SHA256" "DH-RSA-AES128-GCM-SHA256" "DH-RSA-AES128-SHA256" "DH-RSA-AES256-GCM-SHA384" "DH-RSA-AES256-SHA256" "DHE-DSS-AES128-GCM-SHA256" "DHE-DSS-AES128-SHA256" "DHE-DSS-AES256-GCM-SHA384" "DHE-DSS-AES256-SHA256" "DHE-RSA-AES128-GCM-SHA256" "DHE-RSA-AES128-SHA256" "DHE-RSA-AES256-GCM-SHA384" "DHE-RSA-AES256-SHA256" "ECDH-ECDSA-AES128-GCM-SHA256" "ECDH-ECDSA-AES128-SHA256" "ECDH-ECDSA-AES256-GCM-SHA384" "ECDH-ECDSA-AES256-SHA384" "ECDH-RSA-AES128-GCM-SHA256" "ECDH-RSA-AES128-SHA256" "ECDH-RSA-AES256-GCM-SHA384" "ECDH-RSA-AES256-SHA384" "ECDHE-ECDSA-AES128-GCM-SHA256" "ECDHE-ECDSA-AES128-SHA256" "ECDHE-ECDSA-AES256-GCM-SHA384" "ECDHE-ECDSA-AES256-SHA384" "ECDHE-RSA-AES128-GCM-SHA256" "ECDHE-RSA-AES128-SHA256" "ECDHE-RSA-AES256-GCM-SHA384" "ECDHE-RSA-AES256-SHA384" * TLSv1 ciphers also supported by TLSv1.2 "AES128-SHA" "AES256-SHA" "CAMELLIA128-SHA" "CAMELLIA256-SHA" "DES-CBC3-SHA" "DH-DSS-AES128-SHA" "DH-DSS-AES256-SHA" "DH-DSS-CAMELLIA128-SHA" "DH-DSS-CAMELLIA256-SHA" "DH-DSS-DES-CBC3-SHAv" "DH-DSS-SEED-SHA" "DH-RSA-AES128-SHA" "DH-RSA-AES256-SHA" "DH-RSA-CAMELLIA128-SHA" "DH-RSA-CAMELLIA256-SHA" "DH-RSA-DES-CBC3-SHA" "DH-RSA-SEED-SHA" "DHE-DSS-AES128-SHA" "DHE-DSS-AES256-SHA" "DHE-DSS-CAMELLIA128-SHA" "DHE-DSS-CAMELLIA256-SHA" "DHE-DSS-DES-CBC3-SHA" "DHE-DSS-SEED-SHA" "DHE-RSA-AES128-SHA" "DHE-RSA-AES256-SHA" "DHE-RSA-CAMELLIA128-SHA" "DHE-RSA-CAMELLIA256-SHA" "DHE-RSA-DES-CBC3-SHA" "DHE-RSA-SEED-SHA" "ECDH-ECDSA-AES128-SHA" "ECDH-ECDSA-AES256-SHA" "ECDH-ECDSA-DES-CBC3-SHA" "ECDH-ECDSA-RC4-SHA" "ECDH-RSA-AES128-SHA" "ECDH-RSA-AES256-SHA" "ECDH-RSA-DES-CBC3-SHA" "ECDH-RSA-RC4-SHA" "ECDHE-ECDSA-AES128-SHA" "ECDHE-ECDSA-AES256-SHA" "ECDHE-ECDSA-DES-CBC3-SHA" "ECDHE-ECDSA-RC4-SHA" "ECDHE-RSA-AES128-SHA" "ECDHE-RSA-AES256-SHA" "ECDHE-RSA-DES-CBC3-SHA" "ECDHE-RSA-RC4-SHA" "IDEA-CBC-SHA" "KRB5-DES-CBC3-MD5" "KRB5-DES-CBC3-SHA" "KRB5-IDEA-CBC-MD5" "KRB5-IDEA-CBC-SHA" "KRB5-RC4-MD5" "KRB5-RC4-SHA" "PSK-3DES-EDE-CBC-SHA" "PSK-AES128-CBC-SHA" "PSK-AES256-CBC-SHA" "PSK-RC4-SHA" "RC4-MD5" "RC4-SHA" "SEED-SHA" example: ["ECDHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES128-GCM-SHA256"] |
list[string] |
Yes |
- |
- |
name |
A friendly name for the SSL cipher suite. It must be unique and it cannot be changed. Note: The name of your user-defined cipher suite must not be the same as any of Oracle's predefined or reserved SSL cipher suite names: * oci-default-ssl-cipher-suite-v1 * oci-modern-ssl-cipher-suite-v1 * oci-compatible-ssl-cipher-suite-v1 * oci-wider-compatible-ssl-cipher-suite-v1 * oci-customized-ssl-cipher-suite * oci-default-http2-ssl-cipher-suite-v1 * oci-default-http2-tls-13-ssl-cipher-suite-v1 * oci-default-http2-tls-12-13-ssl-cipher-suite-v1 * oci-tls-13-recommended-ssl-cipher-suite-v1 * oci-tls-12-13-wider-ssl-cipher-suite-v1 * oci-tls-11-12-13-wider-ssl-cipher-suite-v1 example: example_cipher_suite |
string |
Yes |
- |
- |
Status
LoadBalancerStatus defines the observed state of LoadBalancer.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendSets |
- |
map[string, object] |
No |
- |
- |
certificates |
- |
map[string, object] |
No |
- |
- |
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment containing the load balancer. |
string |
No |
- |
- |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Operations": {"CostCenter": "42"}} |
map[string, map[string, string]] |
No |
- |
- |
displayName |
A user-friendly name. It does not have to be unique, and it is changeable. Example: example_load_balancer |
string |
No |
- |
- |
freeformTags |
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: {"Department": "Finance"} |
map[string, string] |
No |
- |
- |
hostnames |
- |
map[string, object] |
No |
- |
- |
id |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the load balancer. |
string |
No |
- |
- |
ipAddresses |
An array of IP addresses. |
list[object] |
No |
- |
- |
ipMode |
Whether the load balancer has an IPv4 or IPv6 IP address. If "IPV4", the service assigns an IPv4 address and the load balancer supports IPv4 traffic. If "IPV6", the service assigns an IPv6 address and the load balancer supports IPv6 traffic. Example: "ipMode":"IPV6" |
string |
No |
- |
- |
isDeleteProtectionEnabled |
Whether or not the load balancer has delete protection enabled. If "true", the loadbalancer will be protected against deletion if configured to accept traffic. If "false", the loadbalancer will not be protected against deletion. Delete protection is not be enabled unless this field is set to "true". Example: true |
boolean |
No |
- |
- |
isPrivate |
Whether the load balancer has a VCN-local (private) IP address. If "true", the service assigns a private IP address to the load balancer. If "false", the service assigns a public IP address to the load balancer. A public load balancer is accessible from the internet, depending on your VCN's security list rules (https://docs.oracle.com/iaas/Content/Network/Concepts/securitylists.htm). For more information about public and private load balancers, see How Load Balancing Works (https://docs.oracle.com/iaas/Content/Balance/Concepts/balanceoverview.htm#how-load-balancing-works). Example: true |
boolean |
No |
- |
- |
isRequestIdEnabled |
Whether or not the load balancer has the Request Id feature enabled for HTTP listeners. If "true", the load balancer will attach a unique request id header to every request passed through from the load balancer to load balancer backends. This same request id header also will be added to the response the lb received from the backend handling the request before the load balancer returns the response to the requestor. The name of the unique request id header is set the by value of requestIdHeader. If "false", the loadbalancer not add this unique request id header to either the request passed through to the load balancer backends nor to the reponse returned to the user. Example: true |
boolean |
No |
- |
- |
lifecycleState |
The current state of the load balancer. |
string |
No |
- |
- |
listeners |
- |
map[string, object] |
No |
- |
- |
networkSecurityGroupIds |
An array of NSG OCIDs (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) associated with the load balancer. During the load balancer's creation, the service adds the new load balancer to the specified NSGs. The benefits of associating the load balancer with NSGs include: * NSGs define network security rules to govern ingress and egress traffic for the load balancer. * The network security rules of other resources can reference the NSGs associated with the load balancer to ensure access. Example: ["ocid1.nsg.oc1.phx.unique_ID"] |
list[string] |
No |
- |
- |
pathRouteSets |
- |
map[string, object] |
No |
- |
- |
requestIdHeader |
If isRequestIdEnabled is true then this field contains the name of the header field that contains the unique request id that is attached to every request from the load balancer to the load balancer backends and to every response from the load balancer. If a request to the load balancer already contains a header with same name as specified in requestIdHeader then the load balancer will not change the value of that field. If this field is set to "" this field defaults to X-Request-Id. |
string |
No |
- |
- |
routingPolicies |
- |
map[string, object] |
No |
- |
- |
ruleSets |
- |
map[string, object] |
No |
- |
- |
securityAttributes |
Extended Defined tags for ZPR for this resource. Each key is predefined and scoped to a namespace. Example: {"Oracle-ZPR": {"MaxEgressCount": {"value":"42","mode":"audit", "usagetype" : "zpr"}}} |
map[string, map[string, string]] |
No |
- |
- |
shapeDetails |
LoadBalancerShapeDetails defines nested fields for LoadBalancer.ShapeDetails. |
object |
No |
- |
- |
shapeName |
A template that determines the total pre-provisioned bandwidth (ingress plus egress). To get a list of available shapes, use the ListShapes operation. Example: 100Mbps |
string |
No |
- |
- |
sslCipherSuites |
- |
map[string, object] |
No |
- |
- |
status |
- |
object |
Yes |
- |
- |
subnetIds |
An array of subnet OCIDs (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm). |
list[string] |
No |
- |
- |
systemTags |
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags (https://docs.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). System tags can be viewed by users, but can only be created by the system. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No |
- |
- |
timeCreated |
The date and time the load balancer was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z |
string |
No |
- |
- |
Status.backendSets{}
Back to LoadBalancer status
LoadBalancerBackendSets defines nested fields for LoadBalancer.BackendSets.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendMaxConnections |
The maximum number of simultaneous connections the load balancer can make to any backend in the backend set unless the backend has its own maxConnections setting. If this is not set or set to 0 then the number of simultaneous connections the load balancer can make to any backend in the backend set unless the backend has its own maxConnections setting is unlimited. If setting backendMaxConnections to some value other than 0 then that value must be greater or equal to 256. Example: 300 |
integer |
No |
- |
- |
backends |
- |
list[object] |
No |
- |
- |
healthChecker |
LoadBalancerBackendSetsHealthChecker defines nested fields for LoadBalancer.BackendSets.HealthChecker. |
object |
Yes |
- |
- |
lbCookieSessionPersistenceConfiguration |
LoadBalancerBackendSetsLbCookieSessionPersistenceConfiguration defines nested fields for LoadBalancer.BackendSets.LbCookieSessionPersistenceConfiguration. |
object |
No |
- |
- |
policy |
The load balancer policy for the backend set. To get a list of available policies, use the ListPolicies operation. Example: LEAST_CONNECTIONS |
string |
Yes |
- |
- |
sessionPersistenceConfiguration |
LoadBalancerBackendSetsSessionPersistenceConfiguration defines nested fields for LoadBalancer.BackendSets.SessionPersistenceConfiguration. |
object |
No |
- |
- |
sslConfiguration |
LoadBalancerBackendSetsSslConfiguration defines nested fields for LoadBalancer.BackendSets.SslConfiguration. |
object |
No |
- |
- |
Status.backendSets{}.backends[]
Back to LoadBalancer status
LoadBalancerBackendSetsBackend defines nested fields for LoadBalancer.BackendSets.Backend.
| Field |
Description |
Type |
Required |
Default |
Enum |
backup |
Whether the load balancer should treat this server as a backup unit. If true, the load balancer forwards no ingress traffic to this backend server unless all other backend servers not marked as "backup" fail the health check policy. Note: You cannot add a backend server marked as backup to a backend set that uses the IP Hash policy. Example: false |
boolean |
No |
- |
- |
drain |
Whether the load balancer should drain this server. Servers marked "drain" receive no new incoming traffic. Example: false |
boolean |
No |
- |
- |
ipAddress |
The IP address of the backend server. Example: 10.0.0.3 |
string |
Yes |
- |
- |
maxConnections |
The maximum number of simultaneous connections the load balancer can make to the backend. If this is not set or set to 0 then the maximum number of simultaneous connections the load balancer can make to the backend is unlimited. If setting maxConnections to some value other than 0 then that value must be greater or equal to 256. Example: 300 |
integer |
No |
- |
- |
offline |
Whether the load balancer should treat this server as offline. Offline servers receive no incoming traffic. Example: false |
boolean |
No |
- |
- |
port |
The communication port for the backend server. Example: 8080 |
integer |
Yes |
- |
- |
weight |
The load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. For example, a server weighted '3' receives 3 times the number of new connections as a server weighted '1'. For more information on load balancing policies, see How Load Balancing Policies Work (https://docs.oracle.com/iaas/Content/Balance/Reference/lbpolicies.htm). Example: 3 |
integer |
No |
- |
- |
Status.backendSets{}.healthChecker
Back to LoadBalancer status
LoadBalancerBackendSetsHealthChecker defines nested fields for LoadBalancer.BackendSets.HealthChecker.
| Field |
Description |
Type |
Required |
Default |
Enum |
intervalInMillis |
The interval between health checks, in milliseconds. Example: 10000 |
integer |
No |
- |
- |
isForcePlainText |
Specifies if health checks should always be done using plain text instead of depending on whether or not the associated backend set is using SSL. If "true", health checks will be done using plain text even if the associated backend set is configured to use SSL. If "false", health checks will be done using SSL encryption if the associated backend set is configured to use SSL. If the backend set is not so configured the health checks will be done using plain text. Example: false |
boolean |
No |
- |
- |
port |
The backend server port against which to run the health check. If the port is not specified, the load balancer uses the port information from the Backend object. Example: 8080 |
integer |
No |
- |
- |
protocol |
The protocol the health check must use; either HTTP or TCP. Example: HTTP |
string |
Yes |
- |
- |
responseBodyRegex |
A regular expression for parsing the response body from the backend server. Example: ^((?!false).\|\s)*$ |
string |
No |
- |
- |
retries |
The number of retries to attempt before a backend server is considered "unhealthy". This number also applies when recovering a server to the "healthy" state. Example: 3 |
integer |
No |
- |
- |
returnCode |
The status code a healthy backend server should return. Example: 200 |
integer |
No |
- |
- |
timeoutInMillis |
The maximum time, in milliseconds, to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. Example: 3000 |
integer |
No |
- |
- |
urlPath |
The path against which to run the health check. Example: /healthcheck |
string |
No |
- |
- |
Status.backendSets{}.lbCookieSessionPersistenceConfiguration
Back to LoadBalancer status
LoadBalancerBackendSetsLbCookieSessionPersistenceConfiguration defines nested fields for LoadBalancer.BackendSets.LbCookieSessionPersistenceConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
cookieName |
The name of the cookie inserted by the load balancer. If this field is not configured, the cookie name defaults to "X-Oracle-BMC-LBS-Route". Example: example_cookie Notes: * Ensure that the cookie name used at the backend application servers is different from the cookie name used at the load balancer. To minimize the chance of name collision, Oracle recommends that you use a prefix such as "X-Oracle-OCI-" for this field. * If a backend server and the load balancer both insert cookies with the same name, the client or browser behavior can vary depending on the domain and path values associated with the cookie. If the name, domain, and path values of the Set-cookie generated by a backend server and the Set-cookie generated by the load balancer are all the same, the client or browser treats them as one cookie and returns only one of the cookie values in subsequent requests. If both Set-cookie names are the same, but the domain and path names are different, the client or browser treats them as two different cookies. |
string |
No |
- |
- |
disableFallback |
Whether the load balancer is prevented from directing traffic from a persistent session client to a different backend server if the original server is unavailable. Defaults to false. Example: false |
boolean |
No |
- |
- |
domain |
The domain in which the cookie is valid. The Set-cookie header inserted by the load balancer contains a domain attribute with the specified value. This attribute has no default value. If you do not specify a value, the load balancer does not insert the domain attribute into the Set-cookie header. Notes: * RFC 6265 - HTTP State Management Mechanism (https://www.ietf.org/rfc/rfc6265.txt) describes client and browser behavior when the domain attribute is present or not present in the Set-cookie header. If the value of the Domain attribute is example.com in the Set-cookie header, the client includes the same cookie in the Cookie header when making HTTP requests to example.com, www.example.com, and www.abc.example.com. If the Domain attribute is not present, the client returns the cookie only for the domain to which the original request was made. * Ensure that this attribute specifies the correct domain value. If the Domain attribute in the Set-cookie header does not include the domain to which the original request was made, the client or browser might reject the cookie. As specified in RFC 6265, the client accepts a cookie with the Domain attribute value example.com or www.example.com sent from www.example.com. It does not accept a cookie with the Domain attribute abc.example.com or www.abc.example.com sent from www.example.com. Example: example.com |
string |
No |
- |
- |
isHttpOnly |
Whether the Set-cookie header should contain the HttpOnly attribute. If true, the Set-cookie header inserted by the load balancer contains the HttpOnly attribute, which limits the scope of the cookie to HTTP requests. This attribute directs the client or browser to omit the cookie when providing access to cookies through non-HTTP APIs. For example, it restricts the cookie from JavaScript channels. Example: true |
boolean |
No |
- |
- |
isSecure |
Whether the Set-cookie header should contain the Secure attribute. If true, the Set-cookie header inserted by the load balancer contains the Secure attribute, which directs the client or browser to send the cookie only using a secure protocol. Note: If you set this field to true, you cannot associate the corresponding backend set with an HTTP listener. Example: true |
boolean |
No |
- |
- |
maxAgeInSeconds |
The amount of time the cookie remains valid. The Set-cookie header inserted by the load balancer contains a Max-Age attribute with the specified value. The specified value must be at least one second. There is no default value for this attribute. If you do not specify a value, the load balancer does not include the Max-Age attribute in the Set-cookie header. In most cases, the client or browser retains the cookie until the current session ends, as defined by the client. Example: 3600 |
integer |
No |
- |
- |
path |
The path in which the cookie is valid. The Set-cookie header inserted by the load balancer contains a Path attribute with the specified value. Clients include the cookie in an HTTP request only if the path portion of the request-uri matches, or is a subdirectory of, the cookie's Path attribute. The default value is /. Example: /example |
string |
No |
- |
- |
Status.backendSets{}.sessionPersistenceConfiguration
Back to LoadBalancer status
LoadBalancerBackendSetsSessionPersistenceConfiguration defines nested fields for LoadBalancer.BackendSets.SessionPersistenceConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
cookieName |
The name of the cookie used to detect a session initiated by the backend server. Use '*' to specify that any cookie set by the backend causes the session to persist. Example: example_cookie |
string |
Yes |
- |
- |
disableFallback |
Whether the load balancer is prevented from directing traffic from a persistent session client to a different backend server if the original server is unavailable. Defaults to false. Example: false |
boolean |
No |
- |
- |
Status.backendSets{}.sslConfiguration
Back to LoadBalancer status
LoadBalancerBackendSetsSslConfiguration defines nested fields for LoadBalancer.BackendSets.SslConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
certificateIds |
Ids for OCI certificates service certificates. Currently only a single Id may be passed. Example: [ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq] |
list[string] |
No |
- |
- |
certificateName |
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information. Example: example_certificate_bundle |
string |
No |
- |
- |
cipherSuiteName |
The name of the cipher suite to use for HTTPS or SSL connections. If this field is not specified, the default is oci-default-ssl-cipher-suite-v1. Notes: * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. Clients cannot perform an SSL handshake if there is an incompatible configuration. * You must ensure compatibility between the ciphers configured in the cipher suite and the configured certificates. For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers require ECDSA certificates. * If the cipher configuration is not modified after load balancer creation, the GET operation returns oci-default-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing listeners that predate this feature. * If the cipher configuration was modified using Oracle operations after load balancer creation, the GET operation returns oci-customized-ssl-cipher-suite as the value of this field in the SSL configuration for existing listeners that predate this feature. * The GET operation returns oci-wider-compatible-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing backend sets that predate this feature. * If the GET operation on a listener returns oci-customized-ssl-cipher-suite as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource. * The oci-customized-ssl-cipher-suite Oracle reserved cipher suite name is not accepted as valid input for this field. example: example_cipher_suite |
string |
No |
- |
- |
hasSessionResumption |
Whether the load balancer listener should resume an encrypted session by reusing the cryptographic parameters of a previous TLS session, without having to perform a full handshake again. If "true", the service resumes the previous TLS encrypted session. If "false", the service starts a new TLS encrypted session. Enabling session resumption improves performance but provides a lower level of security. Disabling session resumption improves security but reduces performance. Example: true |
boolean |
No |
- |
- |
protocols |
A list of SSL protocols the load balancer must support for HTTPS or SSL connections. The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private. The Load Balancing service supports the following protocols: * TLSv1 * TLSv1.1 * TLSv1.2 * TLSv1.3 If this field is not specified, TLSv1.2 is the default. Warning: All SSL listeners created on a given port must use the same set of SSL protocols. Notes: * The handshake to establish an SSL connection fails if the client supports none of the specified protocols. * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. * For all existing load balancer listeners and backend sets that predate this feature, the GET operation displays a list of SSL protocols currently used by those resources. example: ["TLSv1.1", "TLSv1.2"] |
list[string] |
No |
- |
- |
serverOrderPreference |
When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers. Note: This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This field is ignored when the SSLConfiguration object is associated with a backend set. |
string |
No |
- |
- |
trustedCertificateAuthorityIds |
Ids for OCI certificates service CA or CA bundles for the load balancer to trust. Example: [ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq] |
list[string] |
No |
- |
- |
verifyDepth |
The maximum depth for peer certificate chain verification. Example: 3 |
integer |
No |
- |
- |
verifyPeerCertificate |
Whether the load balancer listener should verify peer certificates. Example: true |
boolean |
No |
- |
- |
Status.certificates{}
Back to LoadBalancer status
LoadBalancerCertificates defines nested fields for LoadBalancer.Certificates.
| Field |
Description |
Type |
Required |
Default |
Enum |
caCertificate |
The Certificate Authority certificate, or any interim certificate, that you received from your SSL certificate provider. Example: -----BEGIN CERTIFICATE----- MIIEczCCA1ugAwIBAgIBADANBgkqhkiG9w0BAQQFAD..AkGA1UEBhMCR0Ix EzARBgNVBAgTClNvbWUtU3RhdGUxFDASBgNVBAoTC0..0EgTHRkMTcwNQYD VQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcn..XRpb24gQXV0aG9y aXR5MRQwEgYDVQQDEwtCZXN0IENBIEx0ZDAeFw0wMD..TUwMTZaFw0wMTAy ... -----END CERTIFICATE----- |
string |
No |
- |
- |
certificateName |
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information. Example: example_certificate_bundle |
string |
Yes |
- |
- |
passphrase |
A passphrase for encrypted private keys. This is needed only if you created your certificate with a passphrase. |
string |
No |
- |
- |
privateKey |
The SSL private key for your certificate, in PEM format. Example: -----BEGIN RSA PRIVATE KEY----- jO1O1v2ftXMsawM90tnXwc6xhOAT1gDBC9S8DKeca..JZNUgYYwNS0dP2UK tmyN+XqVcAKw4HqVmChXy5b5msu8eIq3uc2NqNVtR..2ksSLukP8pxXcHyb /Umr7wJzVrMqK5sDiSu4WuaaBdqMGfL5hLsTjcBFD..Da2iyQmSKuVD4lIZ ... -----END RSA PRIVATE KEY----- |
string |
No |
- |
- |
publicCertificate |
The public certificate, in PEM format, that you received from your SSL certificate provider. Example: -----BEGIN CERTIFICATE----- MIIC2jCCAkMCAg38MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw ... -----END CERTIFICATE----- |
string |
No |
- |
- |
Status.hostnames{}
Back to LoadBalancer status
LoadBalancerHostnames defines nested fields for LoadBalancer.Hostnames.
| Field |
Description |
Type |
Required |
Default |
Enum |
hostname |
A virtual hostname. For more information about virtual hostname string construction, see Managing Request Routing (https://docs.oracle.com/iaas/Content/Balance/Tasks/managingrequest.htm#routing). Example: app.example.com |
string |
Yes |
- |
- |
name |
The name of the hostname resource. Example: example_hostname_001 |
string |
Yes |
- |
- |
Status.ipAddresses[]
Back to LoadBalancer status
LoadBalancerIpAddress defines nested fields for LoadBalancer.IpAddress.
| Field |
Description |
Type |
Required |
Default |
Enum |
ipAddress |
An IP address. Example: 192.168.0.3 |
string |
No |
- |
- |
isPublic |
Whether the IP address is public or private. If "true", the IP address is public and accessible from the internet. If "false", the IP address is private and accessible only from within the associated VCN. |
boolean |
No |
- |
- |
reservedIp |
LoadBalancerIpAddressReservedIp defines nested fields for LoadBalancer.IpAddress.ReservedIp. |
object |
No |
- |
- |
Status.ipAddresses[].reservedIp
Back to LoadBalancer status
LoadBalancerIpAddressReservedIp defines nested fields for LoadBalancer.IpAddress.ReservedIp.
| Field |
Description |
Type |
Required |
Default |
Enum |
id |
Ocid of the Reserved IP/Public Ip created with VCN. Reserved IPs are IPs which already registered using VCN API. Create a reserved Public IP and then while creating the load balancer pass the ocid of the reserved IP in this field reservedIp to attach the Ip to Load balancer. Load balancer will be configured to listen to traffic on this IP. Reserved IPs will not be deleted when the Load balancer is deleted. They will be unattached from the Load balancer. Example: "ocid1.publicip.oc1.phx.unique_ID" IPV6 example: "ocid1.ipv6.oc1.phx.unique_ID" |
string |
No |
- |
- |
Status.listeners{}
Back to LoadBalancer status
LoadBalancerListeners defines nested fields for LoadBalancer.Listeners.
| Field |
Description |
Type |
Required |
Default |
Enum |
connectionConfiguration |
LoadBalancerListenersConnectionConfiguration defines nested fields for LoadBalancer.Listeners.ConnectionConfiguration. |
object |
No |
- |
- |
defaultBackendSetName |
The name of the associated backend set. Example: example_backend_set |
string |
Yes |
- |
- |
hostnameNames |
An array of hostname resource names. |
list[string] |
No |
- |
- |
pathRouteSetName |
Deprecated. Please use routingPolicies instead. The name of the set of path-based routing rules, PathRouteSet, applied to this listener's traffic. Example: example_path_route_set |
string |
No |
- |
- |
port |
The communication port for the listener. Example: 80 |
integer |
Yes |
- |
- |
protocol |
The protocol on which the listener accepts connection requests. To get a list of valid protocols, use the ListProtocols operation. Example: HTTP |
string |
Yes |
- |
- |
routingPolicyName |
The name of the routing policy applied to this listener's traffic. Example: example_routing_policy |
string |
No |
- |
- |
ruleSetNames |
The names of the RuleSet to apply to the listener. Example: ["example_rule_set"] |
list[string] |
No |
- |
- |
sslConfiguration |
LoadBalancerListenersSslConfiguration defines nested fields for LoadBalancer.Listeners.SslConfiguration. |
object |
No |
- |
- |
Status.listeners{}.connectionConfiguration
Back to LoadBalancer status
LoadBalancerListenersConnectionConfiguration defines nested fields for LoadBalancer.Listeners.ConnectionConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendTcpProxyProtocolOptions |
An array that represents the PPV2 Options that can be enabled on TCP Listeners. Example: ["PP2_TYPE_AUTHORITY"] |
list[string] |
No |
- |
- |
backendTcpProxyProtocolVersion |
The backend TCP Proxy Protocol version. Example: 1 |
integer |
No |
- |
- |
idleTimeout |
The maximum idle time, in seconds, allowed between two successive receive or two successive send operations between the client and backend servers. A send operation does not reset the timer for receive operations. A receive operation does not reset the timer for send operations. For more information, see Connection Configuration (https://docs.oracle.com/iaas/Content/Balance/Reference/connectionreuse.htm#ConnectionConfiguration). Example: 1200 |
integer (int64) |
Yes |
- |
- |
Back to LoadBalancer status
LoadBalancerListenersSslConfiguration defines nested fields for LoadBalancer.Listeners.SslConfiguration.
| Field |
Description |
Type |
Required |
Default |
Enum |
certificateIds |
Ids for OCI certificates service certificates. Currently only a single Id may be passed. Example: [ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq] |
list[string] |
No |
- |
- |
certificateName |
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information. Example: example_certificate_bundle |
string |
No |
- |
- |
cipherSuiteName |
The name of the cipher suite to use for HTTPS or SSL connections. If this field is not specified, the default is oci-default-ssl-cipher-suite-v1. Notes: * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. Clients cannot perform an SSL handshake if there is an incompatible configuration. * You must ensure compatibility between the ciphers configured in the cipher suite and the configured certificates. For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers require ECDSA certificates. * If the cipher configuration is not modified after load balancer creation, the GET operation returns oci-default-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing listeners that predate this feature. * If the cipher configuration was modified using Oracle operations after load balancer creation, the GET operation returns oci-customized-ssl-cipher-suite as the value of this field in the SSL configuration for existing listeners that predate this feature. * The GET operation returns oci-wider-compatible-ssl-cipher-suite-v1 as the value of this field in the SSL configuration for existing backend sets that predate this feature. * If the GET operation on a listener returns oci-customized-ssl-cipher-suite as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource. * The oci-customized-ssl-cipher-suite Oracle reserved cipher suite name is not accepted as valid input for this field. example: example_cipher_suite |
string |
No |
- |
- |
hasSessionResumption |
Whether the load balancer listener should resume an encrypted session by reusing the cryptographic parameters of a previous TLS session, without having to perform a full handshake again. If "true", the service resumes the previous TLS encrypted session. If "false", the service starts a new TLS encrypted session. Enabling session resumption improves performance but provides a lower level of security. Disabling session resumption improves security but reduces performance. Example: true |
boolean |
No |
- |
- |
protocols |
A list of SSL protocols the load balancer must support for HTTPS or SSL connections. The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private. The Load Balancing service supports the following protocols: * TLSv1 * TLSv1.1 * TLSv1.2 * TLSv1.3 If this field is not specified, TLSv1.2 is the default. Warning: All SSL listeners created on a given port must use the same set of SSL protocols. Notes: * The handshake to establish an SSL connection fails if the client supports none of the specified protocols. * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. * For all existing load balancer listeners and backend sets that predate this feature, the GET operation displays a list of SSL protocols currently used by those resources. example: ["TLSv1.1", "TLSv1.2"] |
list[string] |
No |
- |
- |
serverOrderPreference |
When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers. Note: This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This field is ignored when the SSLConfiguration object is associated with a backend set. |
string |
No |
- |
- |
trustedCertificateAuthorityIds |
Ids for OCI certificates service CA or CA bundles for the load balancer to trust. Example: [ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq] |
list[string] |
No |
- |
- |
verifyDepth |
The maximum depth for peer certificate chain verification. Example: 3 |
integer |
No |
- |
- |
verifyPeerCertificate |
Whether the load balancer listener should verify peer certificates. Example: true |
boolean |
No |
- |
- |
Status.pathRouteSets{}
Back to LoadBalancer status
LoadBalancerPathRouteSets defines nested fields for LoadBalancer.PathRouteSets.
| Field |
Description |
Type |
Required |
Default |
Enum |
pathRoutes |
The set of path route rules. |
list[object] |
Yes |
- |
- |
Status.pathRouteSets{}.pathRoutes[]
Back to LoadBalancer status
LoadBalancerPathRouteSetsPathRoute defines nested fields for LoadBalancer.PathRouteSets.PathRoute.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendSetName |
The name of the target backend set for requests where the incoming URI matches the specified path. Example: example_backend_set |
string |
Yes |
- |
- |
path |
The path string to match against the incoming URI path. * Path strings are case-insensitive. * Asterisk (*) wildcards are not supported. * Regular expressions are not supported. Example: /example/video/123 |
string |
Yes |
- |
- |
pathMatchType |
The type of matching to apply to incoming URIs. |
object |
Yes |
- |
- |
Status.pathRouteSets{}.pathRoutes[].pathMatchType
Back to LoadBalancer status
The type of matching to apply to incoming URIs.
| Field |
Description |
Type |
Required |
Default |
Enum |
matchType |
Specifies how the load balancing service compares a PathRoute object's path string against the incoming URI. * EXACT_MATCH - Looks for a path string that exactly matches the incoming URI path. * FORCE_LONGEST_PREFIX_MATCH - Looks for the path string with the best, longest match of the beginning portion of the incoming URI path. * PREFIX_MATCH - Looks for a path string that matches the beginning portion of the incoming URI path. * SUFFIX_MATCH - Looks for a path string that matches the ending portion of the incoming URI path. For a full description of how the system handles matchType in a path route set containing multiple rules, see Managing Request Routing (https://docs.oracle.com/iaas/Content/Balance/Tasks/managingrequest.htm). |
string |
Yes |
- |
- |
Status.routingPolicies{}
Back to LoadBalancer status
LoadBalancerRoutingPolicies defines nested fields for LoadBalancer.RoutingPolicies.
| Field |
Description |
Type |
Required |
Default |
Enum |
conditionLanguageVersion |
The version of the language in which condition of rules are composed. |
string |
No |
- |
- |
name |
The unique name for this list of routing rules. Avoid entering confidential information. Example: example_routing_policy |
string |
No |
- |
- |
rules |
The ordered list of routing rules. |
list[object] |
No |
- |
- |
Status.routingPolicies{}.rules[]
Back to LoadBalancer status
LoadBalancerRoutingPoliciesRule defines nested fields for LoadBalancer.RoutingPolicies.Rule.
| Field |
Description |
Type |
Required |
Default |
Enum |
actions |
A list of actions to be applied when conditions of the routing rule are met. |
list[object] |
No |
- |
- |
condition |
A routing rule to evaluate defined conditions against the incoming HTTP request and perform an action. |
string |
No |
- |
- |
name |
A unique name for the routing policy rule. Avoid entering confidential information. |
string |
No |
- |
- |
Status.routingPolicies{}.rules[].actions[]
Back to LoadBalancer status
LoadBalancerRoutingPoliciesRuleAction defines nested fields for LoadBalancer.RoutingPolicies.Rule.Action.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendSetName |
Name of the backend set the listener will forward the traffic to. Example: backendSetForImages |
string |
No |
- |
- |
jsonData |
- |
string |
No |
- |
- |
name |
- |
string |
No |
- |
- |
Status.ruleSets{}
Back to LoadBalancer status
LoadBalancerRuleSets defines nested fields for LoadBalancer.RuleSets.
| Field |
Description |
Type |
Required |
Default |
Enum |
items |
An array of rules that compose the rule set. |
list[object] |
Yes |
- |
- |
Status.ruleSets{}.items[]
Back to LoadBalancer status
LoadBalancerRuleSetsItem defines nested fields for LoadBalancer.RuleSets.Item.
| Field |
Description |
Type |
Required |
Default |
Enum |
action |
- |
string |
No |
- |
- |
allowedMethods |
The list of HTTP methods allowed for this listener. By default, you can specify only the standard HTTP methods defined in the HTTP Method Registry (http://www.iana.org/assignments/http-methods/http-methods.xhtml). You can also see a list of supported standard HTTP methods in the Load Balancing service documentation at Managing Rule Sets (https://docs.oracle.com/iaas/Content/Balance/Tasks/managingrulesets.htm). Your backend application must be able to handle the methods specified in this list. The list of HTTP methods is extensible. If you need to configure custom HTTP methods, contact My Oracle Support (http://support.oracle.com/) to remove the restriction for your tenancy. Example: ["GET", "PUT", "POST", "PROPFIND"] |
list[string] |
No |
- |
- |
areInvalidCharactersAllowed |
Indicates whether or not invalid characters in client header fields will be allowed. Valid names are composed of English letters, digits, hyphens and underscores. If "true", invalid characters are allowed in the HTTP header. If "false", invalid characters are not allowed in the HTTP header |
boolean |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
defaultMaxConnections |
The maximum number of connections that the any IP can make to a listener unless the IP is mentioned in maxConnections. If no defaultMaxConnections is specified the default is unlimited. |
integer |
No |
- |
- |
description |
A brief description of the access control rule. Avoid entering confidential information. example: 192.168.0.0/16 and 2001:db8::/32 are trusted clients. Whitelist them. |
string |
No |
- |
- |
header |
A header name that conforms to RFC 7230. Example: example_header_name |
string |
No |
- |
- |
httpLargeHeaderSizeInKB |
The maximum size of each buffer used for reading http client request header. This value indicates the maximum size allowed for each buffer. The allowed values for buffer size are 8, 16, 32 and 64. |
integer |
No |
- |
- |
ipMaxConnections |
An array of IPs that have a maxConnection setting different than the default and what that maxConnection setting is |
list[object] |
No |
- |
- |
jsonData |
- |
string |
No |
- |
- |
prefix |
A string to prepend to the header value. The resulting header value must conform to RFC 7230. With the following exceptions: * value cannot contain $ * value cannot contain patterns like {variable_name}. They are reserved for future extensions. Currently, such values are invalid. Example: example_prefix_value |
string |
No |
- |
- |
redirectUri |
LoadBalancerRuleSetsItemRedirectUri defines nested fields for LoadBalancer.RuleSets.Item.RedirectUri. |
object |
No |
- |
- |
responseCode |
The HTTP status code to return when the incoming request is redirected. The status line returned with the code is mapped from the standard HTTP specification. Valid response codes for redirection are: * 301 * 302 * 303 * 307 * 308 The default value is 302 (Found). Example: 301 |
integer |
No |
- |
- |
statusCode |
The HTTP status code to return when the requested HTTP method is not in the list of allowed methods. The associated status line returned with the code is mapped from the standard HTTP specification. The default value is 405 (Method Not Allowed). Example: 403 |
integer |
No |
- |
- |
suffix |
A string to append to the header value. The resulting header value must conform to RFC 7230. With the following exceptions: * value cannot contain $ * value cannot contain patterns like {variable_name}. They are reserved for future extensions. Currently, such values are invalid. Example: example_suffix_value |
string |
No |
- |
- |
value |
A header value that conforms to RFC 7230. With the following exceptions: * value cannot contain $ * value cannot contain patterns like {variable_name}. They are reserved for future extensions. Currently, such values are invalid. Example: example_value |
string |
No |
- |
- |
Status.ruleSets{}.items[].conditions[]
Back to LoadBalancer status
LoadBalancerRuleSetsItemCondition defines nested fields for LoadBalancer.RuleSets.Item.Condition.
| Field |
Description |
Type |
Required |
Default |
Enum |
attributeName |
- |
string |
No |
- |
- |
attributeValue |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the originating VCN that an incoming packet must match. You can use this condition in conjunction with SourceVcnIpAddressCondition. NOTE: If you define this condition for a rule without a SourceVcnIpAddressCondition, this condition matches all incoming traffic in the specified VCN. |
string |
No |
- |
- |
jsonData |
- |
string |
No |
- |
- |
operator |
A string that specifies how to compare the PathMatchCondition object's attributeValue string to the incoming URI. * EXACT_MATCH - The incoming URI path must exactly and completely match the attributeValue string. * FORCE_LONGEST_PREFIX_MATCH - The system looks for the attributeValue string with the best, longest match of the beginning portion of the incoming URI path. * PREFIX_MATCH - The beginning portion of the incoming URI path must exactly match the attributeValue string. * SUFFIX_MATCH - The ending portion of the incoming URI path must exactly match the attributeValue string. |
string |
No |
- |
- |
Status.ruleSets{}.items[].ipMaxConnections[]
Back to LoadBalancer status
LoadBalancerRuleSetsItemIpMaxConnection defines nested fields for LoadBalancer.RuleSets.Item.IpMaxConnection.
| Field |
Description |
Type |
Required |
Default |
Enum |
ipAddresses |
Each element in the list should be valid IPv4 or IPv6 CIDR Block address. Example: '["129.213.176.0/24", "150.136.187.0/24", "2002::1234:abcd:ffff:c0a8:101/64"]' |
list[string] |
Yes |
- |
- |
maxConnections |
The maximum number of simultaneous connections that the specified IPs can make to the Listener. IPs without a maxConnections setting can make either defaultMaxConnections simultaneous connections to a listener or, if no defaultMaxConnections is specified, an unlimited number of simultaneous connections to a listener. |
integer |
Yes |
- |
- |
Status.ruleSets{}.items[].redirectUri
Back to LoadBalancer status
LoadBalancerRuleSetsItemRedirectUri defines nested fields for LoadBalancer.RuleSets.Item.RedirectUri.
| Field |
Description |
Type |
Required |
Default |
Enum |
host |
The valid domain name (hostname) or IP address to use in the redirect URI. When this value is null, not set, or set to {host}, the service preserves the original domain name from the incoming HTTP request URI. All RedirectUri tokens are valid for this property. You can use any token more than once. Curly braces are valid in this property only to surround tokens, such as {host} Examples: * example.com appears as example.com in the redirect URI. * in{host} appears as inexample.com in the redirect URI if example.com is the hostname in the incoming HTTP request URI. * {port}{host} appears as 8081example.com in the redirect URI if example.com is the hostname and the port is 8081 in the incoming HTTP request URI. |
string |
No |
- |
- |
path |
The HTTP URI path to use in the redirect URI. When this value is null, not set, or set to {path}, the service preserves the original path from the incoming HTTP request URI. To omit the path from the redirect URI, set this value to an empty string, "". All RedirectUri tokens are valid for this property. You can use any token more than once. The path string must begin with / if it does not begin with the {path} token. Examples: * /example/video/123 appears as /example/video/123 in the redirect URI. * /example{path} appears as /example/video/123 in the redirect URI if /video/123 is the path in the incoming HTTP request URI. * {path}/123 appears as /example/video/123 in the redirect URI if /example/video is the path in the incoming HTTP request URI. * {path}123 appears as /example/video123 in the redirect URI if /example/video is the path in the incoming HTTP request URI. * /{host}/123 appears as /example.com/123 in the redirect URI if example.com is the hostname in the incoming HTTP request URI. * /{host}/{port} appears as /example.com/123 in the redirect URI if example.com is the hostname and 123 is the port in the incoming HTTP request URI. * /{query} appears as /lang=en in the redirect URI if the query is lang=en in the incoming HTTP request URI. |
string |
No |
- |
- |
port |
The communication port to use in the redirect URI. Valid values include integers from 1 to 65535. When this value is null, the service preserves the original port from the incoming HTTP request URI. Example: 8081 |
integer |
No |
- |
- |
protocol |
The HTTP protocol to use in the redirect URI. When this value is null, not set, or set to {protocol}, the service preserves the original protocol from the incoming HTTP request URI. Allowed values are: * HTTP * HTTPS * {protocol} {protocol} is the only valid token for this property. It can appear only once in the value string. Example: HTTPS |
string |
No |
- |
- |
query |
The query string to use in the redirect URI. When this value is null, not set, or set to {query}, the service preserves the original query parameters from the incoming HTTP request URI. All RedirectUri tokens are valid for this property. You can use any token more than once. If the query string does not begin with the {query} token, it must begin with the question mark (?) character. You can specify multiple query parameters as a single string. Separate each query parameter with an ampersand (&) character. To omit all incoming query parameters from the redirect URI, set this value to an empty string, "". If the specified query string results in a redirect URI ending with ? or &, the last character is truncated. For example, if the incoming URI is http://host.com:8080/documents and the query property value is ?lang=en&{query}, the redirect URI is http://host.com:8080/documents?lang=en. The system truncates the final ampersand (&) because the incoming URI included no value to replace the {query} token. Examples: * lang=en&time_zone=PST appears as lang=en&time_zone=PST in the redirect URI. * {query} appears as lang=en&time_zone=PST in the redirect URI if lang=en&time_zone=PST is the query string in the incoming HTTP request. If the incoming HTTP request has no query parameters, the {query} token renders as an empty string. * lang=en&{query}&time_zone=PST appears as lang=en&country=us&time_zone=PST in the redirect URI if country=us is the query string in the incoming HTTP request. If the incoming HTTP request has no query parameters, this value renders as lang=en&time_zone=PST. * protocol={protocol}&hostname={host} appears as protocol=http&hostname=example.com in the redirect URI if the protocol is HTTP and the hostname is example.com in the incoming HTTP request. * port={port}&hostname={host} appears as port=8080&hostname=example.com in the redirect URI if the port is 8080 and the hostname is example.com in the incoming HTTP request URI. |
string |
No |
- |
- |
Status.shapeDetails
Back to LoadBalancer status
LoadBalancerShapeDetails defines nested fields for LoadBalancer.ShapeDetails.
| Field |
Description |
Type |
Required |
Default |
Enum |
maximumBandwidthInMbps |
Bandwidth in Mbps that determines the maximum bandwidth (ingress plus egress) that the load balancer can achieve. This bandwidth cannot be always guaranteed. For a guaranteed bandwidth use the minimumBandwidthInMbps parameter. The values must be between minimumBandwidthInMbps and 8000 (8Gbps). Example: 1500 |
integer |
Yes |
- |
- |
minimumBandwidthInMbps |
Bandwidth in Mbps that determines the total pre-provisioned bandwidth (ingress plus egress). The values must be between 10 and the maximumBandwidthInMbps. Example: 150 |
integer |
Yes |
- |
- |
Status.sslCipherSuites{}
Back to LoadBalancer status
LoadBalancerSslCipherSuites defines nested fields for LoadBalancer.SslCipherSuites.
| Field |
Description |
Type |
Required |
Default |
Enum |
ciphers |
A list of SSL ciphers the load balancer must support for HTTPS or SSL connections. The following ciphers are valid values for this property: * TLSv1.3 ciphers "TLS_AES_128_GCM_SHA256" "TLS_AES_256_GCM_SHA384" "TLS_CHACHA20_POLY1305_SHA256" "TLS_AES_128_CCM_SHA256" "TLS_AES_128_CCM_8_SHA256" * TLSv1.2 ciphers "AES128-GCM-SHA256" "AES128-SHA256" "AES256-GCM-SHA384" "AES256-SHA256" "DH-DSS-AES128-GCM-SHA256" "DH-DSS-AES128-SHA256" "DH-DSS-AES256-GCM-SHA384" "DH-DSS-AES256-SHA256" "DH-RSA-AES128-GCM-SHA256" "DH-RSA-AES128-SHA256" "DH-RSA-AES256-GCM-SHA384" "DH-RSA-AES256-SHA256" "DHE-DSS-AES128-GCM-SHA256" "DHE-DSS-AES128-SHA256" "DHE-DSS-AES256-GCM-SHA384" "DHE-DSS-AES256-SHA256" "DHE-RSA-AES128-GCM-SHA256" "DHE-RSA-AES128-SHA256" "DHE-RSA-AES256-GCM-SHA384" "DHE-RSA-AES256-SHA256" "ECDH-ECDSA-AES128-GCM-SHA256" "ECDH-ECDSA-AES128-SHA256" "ECDH-ECDSA-AES256-GCM-SHA384" "ECDH-ECDSA-AES256-SHA384" "ECDH-RSA-AES128-GCM-SHA256" "ECDH-RSA-AES128-SHA256" "ECDH-RSA-AES256-GCM-SHA384" "ECDH-RSA-AES256-SHA384" "ECDHE-ECDSA-AES128-GCM-SHA256" "ECDHE-ECDSA-AES128-SHA256" "ECDHE-ECDSA-AES256-GCM-SHA384" "ECDHE-ECDSA-AES256-SHA384" "ECDHE-RSA-AES128-GCM-SHA256" "ECDHE-RSA-AES128-SHA256" "ECDHE-RSA-AES256-GCM-SHA384" "ECDHE-RSA-AES256-SHA384" * TLSv1 ciphers also supported by TLSv1.2 "AES128-SHA" "AES256-SHA" "CAMELLIA128-SHA" "CAMELLIA256-SHA" "DES-CBC3-SHA" "DH-DSS-AES128-SHA" "DH-DSS-AES256-SHA" "DH-DSS-CAMELLIA128-SHA" "DH-DSS-CAMELLIA256-SHA" "DH-DSS-DES-CBC3-SHAv" "DH-DSS-SEED-SHA" "DH-RSA-AES128-SHA" "DH-RSA-AES256-SHA" "DH-RSA-CAMELLIA128-SHA" "DH-RSA-CAMELLIA256-SHA" "DH-RSA-DES-CBC3-SHA" "DH-RSA-SEED-SHA" "DHE-DSS-AES128-SHA" "DHE-DSS-AES256-SHA" "DHE-DSS-CAMELLIA128-SHA" "DHE-DSS-CAMELLIA256-SHA" "DHE-DSS-DES-CBC3-SHA" "DHE-DSS-SEED-SHA" "DHE-RSA-AES128-SHA" "DHE-RSA-AES256-SHA" "DHE-RSA-CAMELLIA128-SHA" "DHE-RSA-CAMELLIA256-SHA" "DHE-RSA-DES-CBC3-SHA" "DHE-RSA-SEED-SHA" "ECDH-ECDSA-AES128-SHA" "ECDH-ECDSA-AES256-SHA" "ECDH-ECDSA-DES-CBC3-SHA" "ECDH-ECDSA-RC4-SHA" "ECDH-RSA-AES128-SHA" "ECDH-RSA-AES256-SHA" "ECDH-RSA-DES-CBC3-SHA" "ECDH-RSA-RC4-SHA" "ECDHE-ECDSA-AES128-SHA" "ECDHE-ECDSA-AES256-SHA" "ECDHE-ECDSA-DES-CBC3-SHA" "ECDHE-ECDSA-RC4-SHA" "ECDHE-RSA-AES128-SHA" "ECDHE-RSA-AES256-SHA" "ECDHE-RSA-DES-CBC3-SHA" "ECDHE-RSA-RC4-SHA" "IDEA-CBC-SHA" "KRB5-DES-CBC3-MD5" "KRB5-DES-CBC3-SHA" "KRB5-IDEA-CBC-MD5" "KRB5-IDEA-CBC-SHA" "KRB5-RC4-MD5" "KRB5-RC4-SHA" "PSK-3DES-EDE-CBC-SHA" "PSK-AES128-CBC-SHA" "PSK-AES256-CBC-SHA" "PSK-RC4-SHA" "RC4-MD5" "RC4-SHA" "SEED-SHA" example: ["ECDHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES128-GCM-SHA256"] |
list[string] |
Yes |
- |
- |
name |
A friendly name for the SSL cipher suite. It must be unique and it cannot be changed. Note: The name of your user-defined cipher suite must not be the same as any of Oracle's predefined or reserved SSL cipher suite names: * oci-default-ssl-cipher-suite-v1 * oci-modern-ssl-cipher-suite-v1 * oci-compatible-ssl-cipher-suite-v1 * oci-wider-compatible-ssl-cipher-suite-v1 * oci-customized-ssl-cipher-suite * oci-default-http2-ssl-cipher-suite-v1 * oci-default-http2-tls-13-ssl-cipher-suite-v1 * oci-default-http2-tls-12-13-ssl-cipher-suite-v1 * oci-tls-13-recommended-ssl-cipher-suite-v1 * oci-tls-12-13-wider-ssl-cipher-suite-v1 * oci-tls-11-12-13-wider-ssl-cipher-suite-v1 example: example_cipher_suite |
string |
Yes |
- |
- |
Status.status
Back to LoadBalancer status
| Field |
Description |
Type |
Required |
Default |
Enum |
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. |
object |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
createdAt |
- |
string (date-time) |
No |
- |
- |
deletedAt |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
ocid |
- |
string |
No |
- |
- |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
requestedAt |
- |
string (date-time) |
No |
- |
- |
updatedAt |
- |
string (date-time) |
No |
- |
- |
Status.status.async
Back to LoadBalancer status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field |
Description |
Type |
Required |
Default |
Enum |
current |
- |
object |
No |
- |
- |
Status.status.async.current
Back to LoadBalancer status
| Field |
Description |
Type |
Required |
Default |
Enum |
message |
- |
string |
No |
- |
- |
normalizedClass |
- |
string |
Yes |
- |
attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- |
number |
No |
- |
- |
phase |
- |
string |
Yes |
- |
create, delete, update |
rawOperationType |
- |
string |
No |
- |
- |
rawStatus |
- |
string |
No |
- |
- |
source |
- |
string |
Yes |
- |
lifecycle, none, workrequest |
updatedAt |
- |
string (date-time) |
Yes |
- |
- |
workRequestId |
- |
string |
No |
- |
- |
Status.status.conditions[]
Back to LoadBalancer status
| Field |
Description |
Type |
Required |
Default |
Enum |
lastTransitionTime |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
status |
- |
string |
Yes |
- |
- |
type |
- |
string |
Yes |
- |
- |
PathRouteSet
PathRouteSet is the Schema for the pathroutesets API.
Plural: pathroutesetsScope: NamespacedAPIVersion: loadbalancer.oracle.com/v1beta1Sample: Sample (config/samples/loadbalancer_v1beta1_pathrouteset.yaml)Packages: Not currently exposed by a customer-visible package.
Spec
PathRouteSetSpec defines the desired state of PathRouteSet.
| Field |
Description |
Type |
Required |
Default |
Enum |
name |
The name for this set of path route rules. It must be unique and it cannot be changed. Avoid entering confidential information. Example: example_path_route_set |
string |
Yes |
- |
- |
pathRoutes |
The set of path route rules. |
list[object] |
Yes |
- |
- |
Spec.pathRoutes[]
Back to PathRouteSet spec
PathRouteSetPathRoute defines nested fields for PathRouteSet.PathRoute.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendSetName |
The name of the target backend set for requests where the incoming URI matches the specified path. Example: example_backend_set |
string |
Yes |
- |
- |
path |
The path string to match against the incoming URI path. * Path strings are case-insensitive. * Asterisk (*) wildcards are not supported. * Regular expressions are not supported. Example: /example/video/123 |
string |
Yes |
- |
- |
pathMatchType |
The type of matching to apply to incoming URIs. |
object |
Yes |
- |
- |
Spec.pathRoutes[].pathMatchType
Back to PathRouteSet spec
The type of matching to apply to incoming URIs.
| Field |
Description |
Type |
Required |
Default |
Enum |
matchType |
Specifies how the load balancing service compares a PathRoute object's path string against the incoming URI. * EXACT_MATCH - Looks for a path string that exactly matches the incoming URI path. * FORCE_LONGEST_PREFIX_MATCH - Looks for the path string with the best, longest match of the beginning portion of the incoming URI path. * PREFIX_MATCH - Looks for a path string that matches the beginning portion of the incoming URI path. * SUFFIX_MATCH - Looks for a path string that matches the ending portion of the incoming URI path. For a full description of how the system handles matchType in a path route set containing multiple rules, see Managing Request Routing (https://docs.oracle.com/iaas/Content/Balance/Tasks/managingrequest.htm). |
string |
Yes |
- |
- |
Status
PathRouteSetStatus defines the observed state of PathRouteSet.
| Field |
Description |
Type |
Required |
Default |
Enum |
name |
The unique name for this set of path route rules. Avoid entering confidential information. Example: example_path_route_set |
string |
No |
- |
- |
pathRoutes |
The set of path route rules. |
list[object] |
No |
- |
- |
status |
- |
object |
Yes |
- |
- |
Status.pathRoutes[]
Back to PathRouteSet status
PathRouteSetPathRoute defines nested fields for PathRouteSet.PathRoute.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendSetName |
The name of the target backend set for requests where the incoming URI matches the specified path. Example: example_backend_set |
string |
Yes |
- |
- |
path |
The path string to match against the incoming URI path. * Path strings are case-insensitive. * Asterisk (*) wildcards are not supported. * Regular expressions are not supported. Example: /example/video/123 |
string |
Yes |
- |
- |
pathMatchType |
The type of matching to apply to incoming URIs. |
object |
Yes |
- |
- |
Status.pathRoutes[].pathMatchType
Back to PathRouteSet status
The type of matching to apply to incoming URIs.
| Field |
Description |
Type |
Required |
Default |
Enum |
matchType |
Specifies how the load balancing service compares a PathRoute object's path string against the incoming URI. * EXACT_MATCH - Looks for a path string that exactly matches the incoming URI path. * FORCE_LONGEST_PREFIX_MATCH - Looks for the path string with the best, longest match of the beginning portion of the incoming URI path. * PREFIX_MATCH - Looks for a path string that matches the beginning portion of the incoming URI path. * SUFFIX_MATCH - Looks for a path string that matches the ending portion of the incoming URI path. For a full description of how the system handles matchType in a path route set containing multiple rules, see Managing Request Routing (https://docs.oracle.com/iaas/Content/Balance/Tasks/managingrequest.htm). |
string |
Yes |
- |
- |
Status.status
Back to PathRouteSet status
| Field |
Description |
Type |
Required |
Default |
Enum |
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. |
object |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
createdAt |
- |
string (date-time) |
No |
- |
- |
deletedAt |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
ocid |
- |
string |
No |
- |
- |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
requestedAt |
- |
string (date-time) |
No |
- |
- |
updatedAt |
- |
string (date-time) |
No |
- |
- |
Status.status.async
Back to PathRouteSet status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field |
Description |
Type |
Required |
Default |
Enum |
current |
- |
object |
No |
- |
- |
Status.status.async.current
Back to PathRouteSet status
| Field |
Description |
Type |
Required |
Default |
Enum |
message |
- |
string |
No |
- |
- |
normalizedClass |
- |
string |
Yes |
- |
attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- |
number |
No |
- |
- |
phase |
- |
string |
Yes |
- |
create, delete, update |
rawOperationType |
- |
string |
No |
- |
- |
rawStatus |
- |
string |
No |
- |
- |
source |
- |
string |
Yes |
- |
lifecycle, none, workrequest |
updatedAt |
- |
string (date-time) |
Yes |
- |
- |
workRequestId |
- |
string |
No |
- |
- |
Status.status.conditions[]
Back to PathRouteSet status
| Field |
Description |
Type |
Required |
Default |
Enum |
lastTransitionTime |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
status |
- |
string |
Yes |
- |
- |
type |
- |
string |
Yes |
- |
- |
RoutingPolicy
RoutingPolicy is the Schema for the routingpolicies API.
Plural: routingpoliciesScope: NamespacedAPIVersion: loadbalancer.oracle.com/v1beta1Sample: Sample (config/samples/loadbalancer_v1beta1_routingpolicy.yaml)Packages: Not currently exposed by a customer-visible package.
Spec
RoutingPolicySpec defines the desired state of RoutingPolicy.
| Field |
Description |
Type |
Required |
Default |
Enum |
conditionLanguageVersion |
The version of the language in which condition of rules are composed. |
string |
Yes |
- |
- |
name |
The name for this list of routing rules. It must be unique and it cannot be changed. Avoid entering confidential information. Example: example_routing_rules |
string |
Yes |
- |
- |
rules |
The list of routing rules. |
list[object] |
Yes |
- |
- |
Spec.rules[]
Back to RoutingPolicy spec
RoutingPolicyRule defines nested fields for RoutingPolicy.Rule.
| Field |
Description |
Type |
Required |
Default |
Enum |
actions |
A list of actions to be applied when conditions of the routing rule are met. |
list[object] |
Yes |
- |
- |
condition |
A routing rule to evaluate defined conditions against the incoming HTTP request and perform an action. |
string |
Yes |
- |
- |
name |
A unique name for the routing policy rule. Avoid entering confidential information. |
string |
Yes |
- |
- |
Spec.rules[].actions[]
Back to RoutingPolicy spec
RoutingPolicyRuleAction defines nested fields for RoutingPolicy.Rule.Action.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendSetName |
Name of the backend set the listener will forward the traffic to. Example: backendSetForImages |
string |
No |
- |
- |
jsonData |
- |
string |
No |
- |
- |
name |
- |
string |
No |
- |
- |
Status
RoutingPolicyStatus defines the observed state of RoutingPolicy.
| Field |
Description |
Type |
Required |
Default |
Enum |
conditionLanguageVersion |
The version of the language in which condition of rules are composed. |
string |
No |
- |
- |
name |
The unique name for this list of routing rules. Avoid entering confidential information. Example: example_routing_policy |
string |
No |
- |
- |
rules |
The ordered list of routing rules. |
list[object] |
No |
- |
- |
status |
- |
object |
Yes |
- |
- |
Status.rules[]
Back to RoutingPolicy status
RoutingPolicyRule defines nested fields for RoutingPolicy.Rule.
| Field |
Description |
Type |
Required |
Default |
Enum |
actions |
A list of actions to be applied when conditions of the routing rule are met. |
list[object] |
Yes |
- |
- |
condition |
A routing rule to evaluate defined conditions against the incoming HTTP request and perform an action. |
string |
Yes |
- |
- |
name |
A unique name for the routing policy rule. Avoid entering confidential information. |
string |
Yes |
- |
- |
Status.rules[].actions[]
Back to RoutingPolicy status
RoutingPolicyRuleAction defines nested fields for RoutingPolicy.Rule.Action.
| Field |
Description |
Type |
Required |
Default |
Enum |
backendSetName |
Name of the backend set the listener will forward the traffic to. Example: backendSetForImages |
string |
No |
- |
- |
jsonData |
- |
string |
No |
- |
- |
name |
- |
string |
No |
- |
- |
Status.status
Back to RoutingPolicy status
| Field |
Description |
Type |
Required |
Default |
Enum |
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. |
object |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
createdAt |
- |
string (date-time) |
No |
- |
- |
deletedAt |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
ocid |
- |
string |
No |
- |
- |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
requestedAt |
- |
string (date-time) |
No |
- |
- |
updatedAt |
- |
string (date-time) |
No |
- |
- |
Status.status.async
Back to RoutingPolicy status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field |
Description |
Type |
Required |
Default |
Enum |
current |
- |
object |
No |
- |
- |
Status.status.async.current
Back to RoutingPolicy status
| Field |
Description |
Type |
Required |
Default |
Enum |
message |
- |
string |
No |
- |
- |
normalizedClass |
- |
string |
Yes |
- |
attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- |
number |
No |
- |
- |
phase |
- |
string |
Yes |
- |
create, delete, update |
rawOperationType |
- |
string |
No |
- |
- |
rawStatus |
- |
string |
No |
- |
- |
source |
- |
string |
Yes |
- |
lifecycle, none, workrequest |
updatedAt |
- |
string (date-time) |
Yes |
- |
- |
workRequestId |
- |
string |
No |
- |
- |
Status.status.conditions[]
Back to RoutingPolicy status
| Field |
Description |
Type |
Required |
Default |
Enum |
lastTransitionTime |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
status |
- |
string |
Yes |
- |
- |
type |
- |
string |
Yes |
- |
- |
RuleSet
RuleSet is the Schema for the rulesets API.
Plural: rulesetsScope: NamespacedAPIVersion: loadbalancer.oracle.com/v1beta1Sample: Sample (config/samples/loadbalancer_v1beta1_ruleset.yaml)Packages: Not currently exposed by a customer-visible package.
Spec
RuleSetSpec defines the desired state of RuleSet.
| Field |
Description |
Type |
Required |
Default |
Enum |
items |
An array of rules that compose the rule set. |
list[object] |
Yes |
- |
- |
name |
The name for this set of rules. It must be unique and it cannot be changed. Avoid entering confidential information. Example: example_rule_set |
string |
Yes |
- |
- |
Spec.items[]
Back to RuleSet spec
RuleSetItem defines nested fields for RuleSet.Item.
| Field |
Description |
Type |
Required |
Default |
Enum |
action |
- |
string |
No |
- |
- |
allowedMethods |
The list of HTTP methods allowed for this listener. By default, you can specify only the standard HTTP methods defined in the HTTP Method Registry (http://www.iana.org/assignments/http-methods/http-methods.xhtml). You can also see a list of supported standard HTTP methods in the Load Balancing service documentation at Managing Rule Sets (https://docs.oracle.com/iaas/Content/Balance/Tasks/managingrulesets.htm). Your backend application must be able to handle the methods specified in this list. The list of HTTP methods is extensible. If you need to configure custom HTTP methods, contact My Oracle Support (http://support.oracle.com/) to remove the restriction for your tenancy. Example: ["GET", "PUT", "POST", "PROPFIND"] |
list[string] |
No |
- |
- |
areInvalidCharactersAllowed |
Indicates whether or not invalid characters in client header fields will be allowed. Valid names are composed of English letters, digits, hyphens and underscores. If "true", invalid characters are allowed in the HTTP header. If "false", invalid characters are not allowed in the HTTP header |
boolean |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
defaultMaxConnections |
The maximum number of connections that the any IP can make to a listener unless the IP is mentioned in maxConnections. If no defaultMaxConnections is specified the default is unlimited. |
integer |
No |
- |
- |
description |
A brief description of the access control rule. Avoid entering confidential information. example: 192.168.0.0/16 and 2001:db8::/32 are trusted clients. Whitelist them. |
string |
No |
- |
- |
header |
A header name that conforms to RFC 7230. Example: example_header_name |
string |
No |
- |
- |
httpLargeHeaderSizeInKB |
The maximum size of each buffer used for reading http client request header. This value indicates the maximum size allowed for each buffer. The allowed values for buffer size are 8, 16, 32 and 64. |
integer |
No |
- |
- |
ipMaxConnections |
An array of IPs that have a maxConnection setting different than the default and what that maxConnection setting is |
list[object] |
No |
- |
- |
jsonData |
- |
string |
No |
- |
- |
prefix |
A string to prepend to the header value. The resulting header value must conform to RFC 7230. With the following exceptions: * value cannot contain $ * value cannot contain patterns like {variable_name}. They are reserved for future extensions. Currently, such values are invalid. Example: example_prefix_value |
string |
No |
- |
- |
redirectUri |
RuleSetItemRedirectUri defines nested fields for RuleSet.Item.RedirectUri. |
object |
No |
- |
- |
responseCode |
The HTTP status code to return when the incoming request is redirected. The status line returned with the code is mapped from the standard HTTP specification. Valid response codes for redirection are: * 301 * 302 * 303 * 307 * 308 The default value is 302 (Found). Example: 301 |
integer |
No |
- |
- |
statusCode |
The HTTP status code to return when the requested HTTP method is not in the list of allowed methods. The associated status line returned with the code is mapped from the standard HTTP specification. The default value is 405 (Method Not Allowed). Example: 403 |
integer |
No |
- |
- |
suffix |
A string to append to the header value. The resulting header value must conform to RFC 7230. With the following exceptions: * value cannot contain $ * value cannot contain patterns like {variable_name}. They are reserved for future extensions. Currently, such values are invalid. Example: example_suffix_value |
string |
No |
- |
- |
value |
A header value that conforms to RFC 7230. With the following exceptions: * value cannot contain $ * value cannot contain patterns like {variable_name}. They are reserved for future extensions. Currently, such values are invalid. Example: example_value |
string |
No |
- |
- |
Spec.items[].conditions[]
Back to RuleSet spec
RuleSetItemCondition defines nested fields for RuleSet.Item.Condition.
| Field |
Description |
Type |
Required |
Default |
Enum |
attributeName |
- |
string |
No |
- |
- |
attributeValue |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the originating VCN that an incoming packet must match. You can use this condition in conjunction with SourceVcnIpAddressCondition. NOTE: If you define this condition for a rule without a SourceVcnIpAddressCondition, this condition matches all incoming traffic in the specified VCN. |
string |
No |
- |
- |
jsonData |
- |
string |
No |
- |
- |
operator |
A string that specifies how to compare the PathMatchCondition object's attributeValue string to the incoming URI. * EXACT_MATCH - The incoming URI path must exactly and completely match the attributeValue string. * FORCE_LONGEST_PREFIX_MATCH - The system looks for the attributeValue string with the best, longest match of the beginning portion of the incoming URI path. * PREFIX_MATCH - The beginning portion of the incoming URI path must exactly match the attributeValue string. * SUFFIX_MATCH - The ending portion of the incoming URI path must exactly match the attributeValue string. |
string |
No |
- |
- |
Spec.items[].ipMaxConnections[]
Back to RuleSet spec
RuleSetItemIpMaxConnection defines nested fields for RuleSet.Item.IpMaxConnection.
| Field |
Description |
Type |
Required |
Default |
Enum |
ipAddresses |
Each element in the list should be valid IPv4 or IPv6 CIDR Block address. Example: '["129.213.176.0/24", "150.136.187.0/24", "2002::1234:abcd:ffff:c0a8:101/64"]' |
list[string] |
Yes |
- |
- |
maxConnections |
The maximum number of simultaneous connections that the specified IPs can make to the Listener. IPs without a maxConnections setting can make either defaultMaxConnections simultaneous connections to a listener or, if no defaultMaxConnections is specified, an unlimited number of simultaneous connections to a listener. |
integer |
Yes |
- |
- |
Spec.items[].redirectUri
Back to RuleSet spec
RuleSetItemRedirectUri defines nested fields for RuleSet.Item.RedirectUri.
| Field |
Description |
Type |
Required |
Default |
Enum |
host |
The valid domain name (hostname) or IP address to use in the redirect URI. When this value is null, not set, or set to {host}, the service preserves the original domain name from the incoming HTTP request URI. All RedirectUri tokens are valid for this property. You can use any token more than once. Curly braces are valid in this property only to surround tokens, such as {host} Examples: * example.com appears as example.com in the redirect URI. * in{host} appears as inexample.com in the redirect URI if example.com is the hostname in the incoming HTTP request URI. * {port}{host} appears as 8081example.com in the redirect URI if example.com is the hostname and the port is 8081 in the incoming HTTP request URI. |
string |
No |
- |
- |
path |
The HTTP URI path to use in the redirect URI. When this value is null, not set, or set to {path}, the service preserves the original path from the incoming HTTP request URI. To omit the path from the redirect URI, set this value to an empty string, "". All RedirectUri tokens are valid for this property. You can use any token more than once. The path string must begin with / if it does not begin with the {path} token. Examples: * /example/video/123 appears as /example/video/123 in the redirect URI. * /example{path} appears as /example/video/123 in the redirect URI if /video/123 is the path in the incoming HTTP request URI. * {path}/123 appears as /example/video/123 in the redirect URI if /example/video is the path in the incoming HTTP request URI. * {path}123 appears as /example/video123 in the redirect URI if /example/video is the path in the incoming HTTP request URI. * /{host}/123 appears as /example.com/123 in the redirect URI if example.com is the hostname in the incoming HTTP request URI. * /{host}/{port} appears as /example.com/123 in the redirect URI if example.com is the hostname and 123 is the port in the incoming HTTP request URI. * /{query} appears as /lang=en in the redirect URI if the query is lang=en in the incoming HTTP request URI. |
string |
No |
- |
- |
port |
The communication port to use in the redirect URI. Valid values include integers from 1 to 65535. When this value is null, the service preserves the original port from the incoming HTTP request URI. Example: 8081 |
integer |
No |
- |
- |
protocol |
The HTTP protocol to use in the redirect URI. When this value is null, not set, or set to {protocol}, the service preserves the original protocol from the incoming HTTP request URI. Allowed values are: * HTTP * HTTPS * {protocol} {protocol} is the only valid token for this property. It can appear only once in the value string. Example: HTTPS |
string |
No |
- |
- |
query |
The query string to use in the redirect URI. When this value is null, not set, or set to {query}, the service preserves the original query parameters from the incoming HTTP request URI. All RedirectUri tokens are valid for this property. You can use any token more than once. If the query string does not begin with the {query} token, it must begin with the question mark (?) character. You can specify multiple query parameters as a single string. Separate each query parameter with an ampersand (&) character. To omit all incoming query parameters from the redirect URI, set this value to an empty string, "". If the specified query string results in a redirect URI ending with ? or &, the last character is truncated. For example, if the incoming URI is http://host.com:8080/documents and the query property value is ?lang=en&{query}, the redirect URI is http://host.com:8080/documents?lang=en. The system truncates the final ampersand (&) because the incoming URI included no value to replace the {query} token. Examples: * lang=en&time_zone=PST appears as lang=en&time_zone=PST in the redirect URI. * {query} appears as lang=en&time_zone=PST in the redirect URI if lang=en&time_zone=PST is the query string in the incoming HTTP request. If the incoming HTTP request has no query parameters, the {query} token renders as an empty string. * lang=en&{query}&time_zone=PST appears as lang=en&country=us&time_zone=PST in the redirect URI if country=us is the query string in the incoming HTTP request. If the incoming HTTP request has no query parameters, this value renders as lang=en&time_zone=PST. * protocol={protocol}&hostname={host} appears as protocol=http&hostname=example.com in the redirect URI if the protocol is HTTP and the hostname is example.com in the incoming HTTP request. * port={port}&hostname={host} appears as port=8080&hostname=example.com in the redirect URI if the port is 8080 and the hostname is example.com in the incoming HTTP request URI. |
string |
No |
- |
- |
Status
RuleSetStatus defines the observed state of RuleSet.
| Field |
Description |
Type |
Required |
Default |
Enum |
items |
An array of rules that compose the rule set. |
list[object] |
No |
- |
- |
name |
The name for this set of rules. It must be unique and it cannot be changed. Avoid entering confidential information. Example: example_rule_set |
string |
No |
- |
- |
status |
- |
object |
Yes |
- |
- |
Status.items[]
Back to RuleSet status
RuleSetItem defines nested fields for RuleSet.Item.
| Field |
Description |
Type |
Required |
Default |
Enum |
action |
- |
string |
No |
- |
- |
allowedMethods |
The list of HTTP methods allowed for this listener. By default, you can specify only the standard HTTP methods defined in the HTTP Method Registry (http://www.iana.org/assignments/http-methods/http-methods.xhtml). You can also see a list of supported standard HTTP methods in the Load Balancing service documentation at Managing Rule Sets (https://docs.oracle.com/iaas/Content/Balance/Tasks/managingrulesets.htm). Your backend application must be able to handle the methods specified in this list. The list of HTTP methods is extensible. If you need to configure custom HTTP methods, contact My Oracle Support (http://support.oracle.com/) to remove the restriction for your tenancy. Example: ["GET", "PUT", "POST", "PROPFIND"] |
list[string] |
No |
- |
- |
areInvalidCharactersAllowed |
Indicates whether or not invalid characters in client header fields will be allowed. Valid names are composed of English letters, digits, hyphens and underscores. If "true", invalid characters are allowed in the HTTP header. If "false", invalid characters are not allowed in the HTTP header |
boolean |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
defaultMaxConnections |
The maximum number of connections that the any IP can make to a listener unless the IP is mentioned in maxConnections. If no defaultMaxConnections is specified the default is unlimited. |
integer |
No |
- |
- |
description |
A brief description of the access control rule. Avoid entering confidential information. example: 192.168.0.0/16 and 2001:db8::/32 are trusted clients. Whitelist them. |
string |
No |
- |
- |
header |
A header name that conforms to RFC 7230. Example: example_header_name |
string |
No |
- |
- |
httpLargeHeaderSizeInKB |
The maximum size of each buffer used for reading http client request header. This value indicates the maximum size allowed for each buffer. The allowed values for buffer size are 8, 16, 32 and 64. |
integer |
No |
- |
- |
ipMaxConnections |
An array of IPs that have a maxConnection setting different than the default and what that maxConnection setting is |
list[object] |
No |
- |
- |
jsonData |
- |
string |
No |
- |
- |
prefix |
A string to prepend to the header value. The resulting header value must conform to RFC 7230. With the following exceptions: * value cannot contain $ * value cannot contain patterns like {variable_name}. They are reserved for future extensions. Currently, such values are invalid. Example: example_prefix_value |
string |
No |
- |
- |
redirectUri |
RuleSetItemRedirectUri defines nested fields for RuleSet.Item.RedirectUri. |
object |
No |
- |
- |
responseCode |
The HTTP status code to return when the incoming request is redirected. The status line returned with the code is mapped from the standard HTTP specification. Valid response codes for redirection are: * 301 * 302 * 303 * 307 * 308 The default value is 302 (Found). Example: 301 |
integer |
No |
- |
- |
statusCode |
The HTTP status code to return when the requested HTTP method is not in the list of allowed methods. The associated status line returned with the code is mapped from the standard HTTP specification. The default value is 405 (Method Not Allowed). Example: 403 |
integer |
No |
- |
- |
suffix |
A string to append to the header value. The resulting header value must conform to RFC 7230. With the following exceptions: * value cannot contain $ * value cannot contain patterns like {variable_name}. They are reserved for future extensions. Currently, such values are invalid. Example: example_suffix_value |
string |
No |
- |
- |
value |
A header value that conforms to RFC 7230. With the following exceptions: * value cannot contain $ * value cannot contain patterns like {variable_name}. They are reserved for future extensions. Currently, such values are invalid. Example: example_value |
string |
No |
- |
- |
Status.items[].conditions[]
Back to RuleSet status
RuleSetItemCondition defines nested fields for RuleSet.Item.Condition.
| Field |
Description |
Type |
Required |
Default |
Enum |
attributeName |
- |
string |
No |
- |
- |
attributeValue |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the originating VCN that an incoming packet must match. You can use this condition in conjunction with SourceVcnIpAddressCondition. NOTE: If you define this condition for a rule without a SourceVcnIpAddressCondition, this condition matches all incoming traffic in the specified VCN. |
string |
No |
- |
- |
jsonData |
- |
string |
No |
- |
- |
operator |
A string that specifies how to compare the PathMatchCondition object's attributeValue string to the incoming URI. * EXACT_MATCH - The incoming URI path must exactly and completely match the attributeValue string. * FORCE_LONGEST_PREFIX_MATCH - The system looks for the attributeValue string with the best, longest match of the beginning portion of the incoming URI path. * PREFIX_MATCH - The beginning portion of the incoming URI path must exactly match the attributeValue string. * SUFFIX_MATCH - The ending portion of the incoming URI path must exactly match the attributeValue string. |
string |
No |
- |
- |
Status.items[].ipMaxConnections[]
Back to RuleSet status
RuleSetItemIpMaxConnection defines nested fields for RuleSet.Item.IpMaxConnection.
| Field |
Description |
Type |
Required |
Default |
Enum |
ipAddresses |
Each element in the list should be valid IPv4 or IPv6 CIDR Block address. Example: '["129.213.176.0/24", "150.136.187.0/24", "2002::1234:abcd:ffff:c0a8:101/64"]' |
list[string] |
Yes |
- |
- |
maxConnections |
The maximum number of simultaneous connections that the specified IPs can make to the Listener. IPs without a maxConnections setting can make either defaultMaxConnections simultaneous connections to a listener or, if no defaultMaxConnections is specified, an unlimited number of simultaneous connections to a listener. |
integer |
Yes |
- |
- |
Status.items[].redirectUri
Back to RuleSet status
RuleSetItemRedirectUri defines nested fields for RuleSet.Item.RedirectUri.
| Field |
Description |
Type |
Required |
Default |
Enum |
host |
The valid domain name (hostname) or IP address to use in the redirect URI. When this value is null, not set, or set to {host}, the service preserves the original domain name from the incoming HTTP request URI. All RedirectUri tokens are valid for this property. You can use any token more than once. Curly braces are valid in this property only to surround tokens, such as {host} Examples: * example.com appears as example.com in the redirect URI. * in{host} appears as inexample.com in the redirect URI if example.com is the hostname in the incoming HTTP request URI. * {port}{host} appears as 8081example.com in the redirect URI if example.com is the hostname and the port is 8081 in the incoming HTTP request URI. |
string |
No |
- |
- |
path |
The HTTP URI path to use in the redirect URI. When this value is null, not set, or set to {path}, the service preserves the original path from the incoming HTTP request URI. To omit the path from the redirect URI, set this value to an empty string, "". All RedirectUri tokens are valid for this property. You can use any token more than once. The path string must begin with / if it does not begin with the {path} token. Examples: * /example/video/123 appears as /example/video/123 in the redirect URI. * /example{path} appears as /example/video/123 in the redirect URI if /video/123 is the path in the incoming HTTP request URI. * {path}/123 appears as /example/video/123 in the redirect URI if /example/video is the path in the incoming HTTP request URI. * {path}123 appears as /example/video123 in the redirect URI if /example/video is the path in the incoming HTTP request URI. * /{host}/123 appears as /example.com/123 in the redirect URI if example.com is the hostname in the incoming HTTP request URI. * /{host}/{port} appears as /example.com/123 in the redirect URI if example.com is the hostname and 123 is the port in the incoming HTTP request URI. * /{query} appears as /lang=en in the redirect URI if the query is lang=en in the incoming HTTP request URI. |
string |
No |
- |
- |
port |
The communication port to use in the redirect URI. Valid values include integers from 1 to 65535. When this value is null, the service preserves the original port from the incoming HTTP request URI. Example: 8081 |
integer |
No |
- |
- |
protocol |
The HTTP protocol to use in the redirect URI. When this value is null, not set, or set to {protocol}, the service preserves the original protocol from the incoming HTTP request URI. Allowed values are: * HTTP * HTTPS * {protocol} {protocol} is the only valid token for this property. It can appear only once in the value string. Example: HTTPS |
string |
No |
- |
- |
query |
The query string to use in the redirect URI. When this value is null, not set, or set to {query}, the service preserves the original query parameters from the incoming HTTP request URI. All RedirectUri tokens are valid for this property. You can use any token more than once. If the query string does not begin with the {query} token, it must begin with the question mark (?) character. You can specify multiple query parameters as a single string. Separate each query parameter with an ampersand (&) character. To omit all incoming query parameters from the redirect URI, set this value to an empty string, "". If the specified query string results in a redirect URI ending with ? or &, the last character is truncated. For example, if the incoming URI is http://host.com:8080/documents and the query property value is ?lang=en&{query}, the redirect URI is http://host.com:8080/documents?lang=en. The system truncates the final ampersand (&) because the incoming URI included no value to replace the {query} token. Examples: * lang=en&time_zone=PST appears as lang=en&time_zone=PST in the redirect URI. * {query} appears as lang=en&time_zone=PST in the redirect URI if lang=en&time_zone=PST is the query string in the incoming HTTP request. If the incoming HTTP request has no query parameters, the {query} token renders as an empty string. * lang=en&{query}&time_zone=PST appears as lang=en&country=us&time_zone=PST in the redirect URI if country=us is the query string in the incoming HTTP request. If the incoming HTTP request has no query parameters, this value renders as lang=en&time_zone=PST. * protocol={protocol}&hostname={host} appears as protocol=http&hostname=example.com in the redirect URI if the protocol is HTTP and the hostname is example.com in the incoming HTTP request. * port={port}&hostname={host} appears as port=8080&hostname=example.com in the redirect URI if the port is 8080 and the hostname is example.com in the incoming HTTP request URI. |
string |
No |
- |
- |
Status.status
Back to RuleSet status
| Field |
Description |
Type |
Required |
Default |
Enum |
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. |
object |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
createdAt |
- |
string (date-time) |
No |
- |
- |
deletedAt |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
ocid |
- |
string |
No |
- |
- |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
requestedAt |
- |
string (date-time) |
No |
- |
- |
updatedAt |
- |
string (date-time) |
No |
- |
- |
Status.status.async
Back to RuleSet status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field |
Description |
Type |
Required |
Default |
Enum |
current |
- |
object |
No |
- |
- |
Status.status.async.current
Back to RuleSet status
| Field |
Description |
Type |
Required |
Default |
Enum |
message |
- |
string |
No |
- |
- |
normalizedClass |
- |
string |
Yes |
- |
attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- |
number |
No |
- |
- |
phase |
- |
string |
Yes |
- |
create, delete, update |
rawOperationType |
- |
string |
No |
- |
- |
rawStatus |
- |
string |
No |
- |
- |
source |
- |
string |
Yes |
- |
lifecycle, none, workrequest |
updatedAt |
- |
string (date-time) |
Yes |
- |
- |
workRequestId |
- |
string |
No |
- |
- |
Status.status.conditions[]
Back to RuleSet status
| Field |
Description |
Type |
Required |
Default |
Enum |
lastTransitionTime |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
status |
- |
string |
Yes |
- |
- |
type |
- |
string |
Yes |
- |
- |
SSLCipherSuite
SSLCipherSuite is the Schema for the sslciphersuites API.
Plural: sslciphersuitesScope: NamespacedAPIVersion: loadbalancer.oracle.com/v1beta1Sample: Sample (config/samples/loadbalancer_v1beta1_sslciphersuite.yaml)Packages: Not currently exposed by a customer-visible package.
Spec
SSLCipherSuiteSpec defines the desired state of SSLCipherSuite.
| Field |
Description |
Type |
Required |
Default |
Enum |
ciphers |
A list of SSL ciphers the load balancer must support for HTTPS or SSL connections. The following ciphers are valid values for this property: * TLSv1.3 ciphers "TLS_AES_128_GCM_SHA256" "TLS_AES_256_GCM_SHA384" "TLS_CHACHA20_POLY1305_SHA256" "TLS_AES_128_CCM_SHA256" "TLS_AES_128_CCM_8_SHA256" * TLSv1.2 ciphers "AES128-GCM-SHA256" "AES128-SHA256" "AES256-GCM-SHA384" "AES256-SHA256" "DH-DSS-AES128-GCM-SHA256" "DH-DSS-AES128-SHA256" "DH-DSS-AES256-GCM-SHA384" "DH-DSS-AES256-SHA256" "DH-RSA-AES128-GCM-SHA256" "DH-RSA-AES128-SHA256" "DH-RSA-AES256-GCM-SHA384" "DH-RSA-AES256-SHA256" "DHE-DSS-AES128-GCM-SHA256" "DHE-DSS-AES128-SHA256" "DHE-DSS-AES256-GCM-SHA384" "DHE-DSS-AES256-SHA256" "DHE-RSA-AES128-GCM-SHA256" "DHE-RSA-AES128-SHA256" "DHE-RSA-AES256-GCM-SHA384" "DHE-RSA-AES256-SHA256" "ECDH-ECDSA-AES128-GCM-SHA256" "ECDH-ECDSA-AES128-SHA256" "ECDH-ECDSA-AES256-GCM-SHA384" "ECDH-ECDSA-AES256-SHA384" "ECDH-RSA-AES128-GCM-SHA256" "ECDH-RSA-AES128-SHA256" "ECDH-RSA-AES256-GCM-SHA384" "ECDH-RSA-AES256-SHA384" "ECDHE-ECDSA-AES128-GCM-SHA256" "ECDHE-ECDSA-AES128-SHA256" "ECDHE-ECDSA-AES256-GCM-SHA384" "ECDHE-ECDSA-AES256-SHA384" "ECDHE-RSA-AES128-GCM-SHA256" "ECDHE-RSA-AES128-SHA256" "ECDHE-RSA-AES256-GCM-SHA384" "ECDHE-RSA-AES256-SHA384" * TLSv1 ciphers also supported by TLSv1.2 "AES128-SHA" "AES256-SHA" "CAMELLIA128-SHA" "CAMELLIA256-SHA" "DES-CBC3-SHA" "DH-DSS-AES128-SHA" "DH-DSS-AES256-SHA" "DH-DSS-CAMELLIA128-SHA" "DH-DSS-CAMELLIA256-SHA" "DH-DSS-DES-CBC3-SHAv" "DH-DSS-SEED-SHA" "DH-RSA-AES128-SHA" "DH-RSA-AES256-SHA" "DH-RSA-CAMELLIA128-SHA" "DH-RSA-CAMELLIA256-SHA" "DH-RSA-DES-CBC3-SHA" "DH-RSA-SEED-SHA" "DHE-DSS-AES128-SHA" "DHE-DSS-AES256-SHA" "DHE-DSS-CAMELLIA128-SHA" "DHE-DSS-CAMELLIA256-SHA" "DHE-DSS-DES-CBC3-SHA" "DHE-DSS-SEED-SHA" "DHE-RSA-AES128-SHA" "DHE-RSA-AES256-SHA" "DHE-RSA-CAMELLIA128-SHA" "DHE-RSA-CAMELLIA256-SHA" "DHE-RSA-DES-CBC3-SHA" "DHE-RSA-SEED-SHA" "ECDH-ECDSA-AES128-SHA" "ECDH-ECDSA-AES256-SHA" "ECDH-ECDSA-DES-CBC3-SHA" "ECDH-ECDSA-RC4-SHA" "ECDH-RSA-AES128-SHA" "ECDH-RSA-AES256-SHA" "ECDH-RSA-DES-CBC3-SHA" "ECDH-RSA-RC4-SHA" "ECDHE-ECDSA-AES128-SHA" "ECDHE-ECDSA-AES256-SHA" "ECDHE-ECDSA-DES-CBC3-SHA" "ECDHE-ECDSA-RC4-SHA" "ECDHE-RSA-AES128-SHA" "ECDHE-RSA-AES256-SHA" "ECDHE-RSA-DES-CBC3-SHA" "ECDHE-RSA-RC4-SHA" "IDEA-CBC-SHA" "KRB5-DES-CBC3-MD5" "KRB5-DES-CBC3-SHA" "KRB5-IDEA-CBC-MD5" "KRB5-IDEA-CBC-SHA" "KRB5-RC4-MD5" "KRB5-RC4-SHA" "PSK-3DES-EDE-CBC-SHA" "PSK-AES128-CBC-SHA" "PSK-AES256-CBC-SHA" "PSK-RC4-SHA" "RC4-MD5" "RC4-SHA" "SEED-SHA" example: ["ECDHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES128-GCM-SHA256"] |
list[string] |
Yes |
- |
- |
name |
A friendly name for the SSL cipher suite. It must be unique and it cannot be changed. Note: The name of your user-defined cipher suite must not be the same as any of Oracle's predefined or reserved SSL cipher suite names: * oci-default-ssl-cipher-suite-v1 * oci-modern-ssl-cipher-suite-v1 * oci-compatible-ssl-cipher-suite-v1 * oci-wider-compatible-ssl-cipher-suite-v1 * oci-customized-ssl-cipher-suite * oci-default-http2-ssl-cipher-suite-v1 * oci-default-http2-tls-13-ssl-cipher-suite-v1 * oci-default-http2-tls-12-13-ssl-cipher-suite-v1 * oci-tls-13-recommended-ssl-cipher-suite-v1 * oci-tls-12-13-wider-ssl-cipher-suite-v1 * oci-tls-11-12-13-wider-ssl-cipher-suite-v1 example: example_cipher_suite |
string |
Yes |
- |
- |
Status
SSLCipherSuiteStatus defines the observed state of SSLCipherSuite.
| Field |
Description |
Type |
Required |
Default |
Enum |
ciphers |
A list of SSL ciphers the load balancer must support for HTTPS or SSL connections. The following ciphers are valid values for this property: * TLSv1.3 ciphers "TLS_AES_128_GCM_SHA256" "TLS_AES_256_GCM_SHA384" "TLS_CHACHA20_POLY1305_SHA256" "TLS_AES_128_CCM_SHA256" "TLS_AES_128_CCM_8_SHA256" * TLSv1.2 ciphers "AES128-GCM-SHA256" "AES128-SHA256" "AES256-GCM-SHA384" "AES256-SHA256" "DH-DSS-AES128-GCM-SHA256" "DH-DSS-AES128-SHA256" "DH-DSS-AES256-GCM-SHA384" "DH-DSS-AES256-SHA256" "DH-RSA-AES128-GCM-SHA256" "DH-RSA-AES128-SHA256" "DH-RSA-AES256-GCM-SHA384" "DH-RSA-AES256-SHA256" "DHE-DSS-AES128-GCM-SHA256" "DHE-DSS-AES128-SHA256" "DHE-DSS-AES256-GCM-SHA384" "DHE-DSS-AES256-SHA256" "DHE-RSA-AES128-GCM-SHA256" "DHE-RSA-AES128-SHA256" "DHE-RSA-AES256-GCM-SHA384" "DHE-RSA-AES256-SHA256" "ECDH-ECDSA-AES128-GCM-SHA256" "ECDH-ECDSA-AES128-SHA256" "ECDH-ECDSA-AES256-GCM-SHA384" "ECDH-ECDSA-AES256-SHA384" "ECDH-RSA-AES128-GCM-SHA256" "ECDH-RSA-AES128-SHA256" "ECDH-RSA-AES256-GCM-SHA384" "ECDH-RSA-AES256-SHA384" "ECDHE-ECDSA-AES128-GCM-SHA256" "ECDHE-ECDSA-AES128-SHA256" "ECDHE-ECDSA-AES256-GCM-SHA384" "ECDHE-ECDSA-AES256-SHA384" "ECDHE-RSA-AES128-GCM-SHA256" "ECDHE-RSA-AES128-SHA256" "ECDHE-RSA-AES256-GCM-SHA384" "ECDHE-RSA-AES256-SHA384" * TLSv1 ciphers also supported by TLSv1.2 "AES128-SHA" "AES256-SHA" "CAMELLIA128-SHA" "CAMELLIA256-SHA" "DES-CBC3-SHA" "DH-DSS-AES128-SHA" "DH-DSS-AES256-SHA" "DH-DSS-CAMELLIA128-SHA" "DH-DSS-CAMELLIA256-SHA" "DH-DSS-DES-CBC3-SHAv" "DH-DSS-SEED-SHA" "DH-RSA-AES128-SHA" "DH-RSA-AES256-SHA" "DH-RSA-CAMELLIA128-SHA" "DH-RSA-CAMELLIA256-SHA" "DH-RSA-DES-CBC3-SHA" "DH-RSA-SEED-SHA" "DHE-DSS-AES128-SHA" "DHE-DSS-AES256-SHA" "DHE-DSS-CAMELLIA128-SHA" "DHE-DSS-CAMELLIA256-SHA" "DHE-DSS-DES-CBC3-SHA" "DHE-DSS-SEED-SHA" "DHE-RSA-AES128-SHA" "DHE-RSA-AES256-SHA" "DHE-RSA-CAMELLIA128-SHA" "DHE-RSA-CAMELLIA256-SHA" "DHE-RSA-DES-CBC3-SHA" "DHE-RSA-SEED-SHA" "ECDH-ECDSA-AES128-SHA" "ECDH-ECDSA-AES256-SHA" "ECDH-ECDSA-DES-CBC3-SHA" "ECDH-ECDSA-RC4-SHA" "ECDH-RSA-AES128-SHA" "ECDH-RSA-AES256-SHA" "ECDH-RSA-DES-CBC3-SHA" "ECDH-RSA-RC4-SHA" "ECDHE-ECDSA-AES128-SHA" "ECDHE-ECDSA-AES256-SHA" "ECDHE-ECDSA-DES-CBC3-SHA" "ECDHE-ECDSA-RC4-SHA" "ECDHE-RSA-AES128-SHA" "ECDHE-RSA-AES256-SHA" "ECDHE-RSA-DES-CBC3-SHA" "ECDHE-RSA-RC4-SHA" "IDEA-CBC-SHA" "KRB5-DES-CBC3-MD5" "KRB5-DES-CBC3-SHA" "KRB5-IDEA-CBC-MD5" "KRB5-IDEA-CBC-SHA" "KRB5-RC4-MD5" "KRB5-RC4-SHA" "PSK-3DES-EDE-CBC-SHA" "PSK-AES128-CBC-SHA" "PSK-AES256-CBC-SHA" "PSK-RC4-SHA" "RC4-MD5" "RC4-SHA" "SEED-SHA" example: ["ECDHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES128-GCM-SHA256"] |
list[string] |
No |
- |
- |
name |
A friendly name for the SSL cipher suite. It must be unique and it cannot be changed. Note: The name of your user-defined cipher suite must not be the same as any of Oracle's predefined or reserved SSL cipher suite names: * oci-default-ssl-cipher-suite-v1 * oci-modern-ssl-cipher-suite-v1 * oci-compatible-ssl-cipher-suite-v1 * oci-wider-compatible-ssl-cipher-suite-v1 * oci-customized-ssl-cipher-suite * oci-default-http2-ssl-cipher-suite-v1 * oci-default-http2-tls-13-ssl-cipher-suite-v1 * oci-default-http2-tls-12-13-ssl-cipher-suite-v1 * oci-tls-13-recommended-ssl-cipher-suite-v1 * oci-tls-12-13-wider-ssl-cipher-suite-v1 * oci-tls-11-12-13-wider-ssl-cipher-suite-v1 example: example_cipher_suite |
string |
No |
- |
- |
status |
- |
object |
Yes |
- |
- |
Status.status
Back to SSLCipherSuite status
| Field |
Description |
Type |
Required |
Default |
Enum |
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. |
object |
No |
- |
- |
conditions |
- |
list[object] |
No |
- |
- |
createdAt |
- |
string (date-time) |
No |
- |
- |
deletedAt |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
ocid |
- |
string |
No |
- |
- |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
requestedAt |
- |
string (date-time) |
No |
- |
- |
updatedAt |
- |
string (date-time) |
No |
- |
- |
Status.status.async
Back to SSLCipherSuite status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field |
Description |
Type |
Required |
Default |
Enum |
current |
- |
object |
No |
- |
- |
Status.status.async.current
Back to SSLCipherSuite status
| Field |
Description |
Type |
Required |
Default |
Enum |
message |
- |
string |
No |
- |
- |
normalizedClass |
- |
string |
Yes |
- |
attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- |
number |
No |
- |
- |
phase |
- |
string |
Yes |
- |
create, delete, update |
rawOperationType |
- |
string |
No |
- |
- |
rawStatus |
- |
string |
No |
- |
- |
source |
- |
string |
Yes |
- |
lifecycle, none, workrequest |
updatedAt |
- |
string (date-time) |
Yes |
- |
- |
workRequestId |
- |
string |
No |
- |
- |
Status.status.conditions[]
Back to SSLCipherSuite status
| Field |
Description |
Type |
Required |
Default |
Enum |
lastTransitionTime |
- |
string (date-time) |
No |
- |
- |
message |
- |
string |
No |
- |
- |
reason |
- |
string |
No |
- |
- |
status |
- |
string |
Yes |
- |
- |
type |
- |
string |
Yes |
- |
- |