You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| adcCredentialSecret | Mandatory | N/A | The secret key to log on to the Netscaler VPX or MPX. For information on how to create the secret keys, see [Prerequisites](#prerequistes). |
297
297
| nsIP | Mandatory | N/A | The IP address of the Netscaler device. For details, see [Prerequisites](#prerequistes). |
description: "Ingress class, if not specified then all NetScaler ingress controllers in the cluster will process the resource otherwise only the controller with that ingress class will process this resource"
43
+
type: string
44
+
maxLength: 127
45
+
services:
46
+
type: array
47
+
description: 'Name of the services for which the icap policy needs to be bound'
48
+
items:
49
+
type: string
50
+
icap-servers:
51
+
type: object
52
+
description: "ICAP service for the ICAP server that will be part of the load balancing setup. The service that you add provides the ICAP connection between the NetScaler appliance and load balancing virtual servers."
53
+
properties:
54
+
servers:
55
+
type: array
56
+
items:
57
+
type: object
58
+
properties:
59
+
ip:
60
+
type: string
61
+
description: 'IP of the ICAP Server'
62
+
format: ipv4
63
+
port:
64
+
type: integer
65
+
description: 'Port number of the ICAP Server.'
66
+
minimum: 1
67
+
maximum: 65535
68
+
required:
69
+
- ip
70
+
- port
71
+
server-type:
72
+
type: string
73
+
description: 'Type of ICAP Server.'
74
+
enum: ['TCP', 'SSL_TCP']
75
+
default: 'SSL_TCP'
76
+
server_host_cert:
77
+
description: |+
78
+
'Name of the SSL certificate to be used with ICAP server.
79
+
This certificate is mandatory for server-type SSL_TCP'
80
+
type: object
81
+
properties:
82
+
tls_secret:
83
+
type: string
84
+
description: 'Name of the Kubernetes Secret of type tls referring to Certificate'
85
+
pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
86
+
preconfigured:
87
+
type: string
88
+
maxLength: 63
89
+
description: |+
90
+
'Preconfigured SSL certkey name on NetScaler with the
91
+
certificate and key already added on NetScaler'
92
+
oneOf:
93
+
- required: [tls_secret]
94
+
- required: [preconfigured]
95
+
required:
96
+
- servers
97
+
icap:
98
+
type: array
99
+
items:
100
+
type: object
101
+
properties:
102
+
preconfigured-profile:
103
+
description: 'Names of the preconfigured ICAP profile.'
104
+
type: string
105
+
maxLength: 127
106
+
direction:
107
+
description: 'ICAP Mode of operation. It is a mandatory argument while creating an icapprofile.'
108
+
type: string
109
+
enum: ['REQUEST','RESPONSE']
110
+
profile:
111
+
type: object
112
+
description: 'ICAP profile(s) of the NetScaler.'
113
+
properties:
114
+
preview:
115
+
description: 'Enable or Disable preview header with ICAP request. This feature allows an ICAP server to see the beginning of a transaction, then decide if it wants to opt-out of the transaction early instead of receiving the remainder of the request message.'
116
+
type: string
117
+
enum: ["ENABLED", "DISABLED"]
118
+
preview-length:
119
+
description: 'Value of Preview Header field. NetScaler uses the minimum of this set value and the preview size received on OPTIONS'
120
+
type: integer
121
+
minimum: 0
122
+
maximum: 4294967294
123
+
uri:
124
+
description: 'URI representing icap service. It is a mandatory argument while creating an icapprofile.'
125
+
type: string
126
+
maxLength: 511
127
+
host-header:
128
+
description: 'ICAP Host Header.'
129
+
type: string
130
+
maxLength: 255
131
+
user-agent-header:
132
+
description: 'ICAP User Agent Header'
133
+
type: string
134
+
maxLength: 255
135
+
query-params:
136
+
description: 'Query parameters to be included with ICAP request URI. Entered values should be in arg=value format. For more than one parameters, add & separated values. e.g.: arg1=val1&arg2=val2'
137
+
type: string
138
+
maxLength: 511
139
+
connection-keep-alive:
140
+
description: 'Enable or Disable sending Allow: 204 header in ICAP request.'
141
+
type: string
142
+
enum: ["ENABLED", "DISABLED"]
143
+
insert-icap-headers:
144
+
description: 'Insert custom ICAP headers in the ICAP request to send to ICAP server. The headers can be static or can be dynamically constructed using PI Policy Expression. For example, to send static user agent and Client''s IP address, the expression can be specified as "User-Agent: NS-ICAP-Client/V1.0r0-Client-IP: "+CLIENT.IP.SRC+"r0. The NetScaler does not check the validity of the specified header name-value. You must manually validate the specified header syntax.'
145
+
type: string
146
+
maxLength: 8191
147
+
insert-http-request:
148
+
description: 'Exact HTTP request, in the form of an expression, which the NetScaler encapsulates and sends to the ICAP server. If you set this parameter, the ICAP request is sent using only this header. This can be used when the HTTP header is not available to send or ICAP server only needs part of the incoming HTTP request. The request expression is constrained by the feature for which it is used. The NetScaler does not check the validity of this request. You must manually validate the request.'
149
+
type: string
150
+
maxLength: 8191
151
+
req-timeout:
152
+
description: 'Time, in seconds, within which the remote server should respond to the ICAP-request. If the Netscaler does not receive full response with this time, the specified request timeout action is performed. Zero value disables this timeout functionality.'
153
+
type: integer
154
+
minimum: 0
155
+
maximum: 86400
156
+
req-timeout-action:
157
+
description: 'Name of the action to perform if the Vserver/Server representing the remote service does not respond with any response within the timeout value configured. The Supported actions are * BYPASS - This Ignores the remote server response and sends the request/response to Client/Server. * If the ICAP response with Encapsulated headers is not received within the request-timeout value configured, this Ignores the remote ICAP server response and sends the Full request/response to Server/Client'
158
+
type: string
159
+
enum: ['BYPASS', 'DROP', 'RESET']
160
+
log-action:
161
+
description: 'Name of the audit message action which would be evaluated on receiving the ICAP response to emit the logs'
162
+
type: string
163
+
maxLength: 127
164
+
required:
165
+
- uri
166
+
content-inspection-criteria:
167
+
description: 'Expression that the policy uses to determine whether to execute the specified action.'
168
+
type: string
169
+
maxLength: 1499
170
+
default-action:
171
+
description: 'Action to perform if the result of policy evaluation is undefined (UNDEF). An UNDEF event indicates an internal error condition. Only the above built-in actions can be used'
172
+
type: string
173
+
maxLength: 127
174
+
log-action:
175
+
description: 'Name of the messagelog action to use for requests that match this policy.'
176
+
type: string
177
+
maxLength: 127
178
+
goto-priority-expression:
179
+
description: 'Expression or other value specifying the next policy to be evaluated if the current policy evaluates to TRUE.Specify one of the following values:* NEXT - Evaluate the policy with the next higher priority number.* END - End policy evaluation.Default value of goto-priority-expression: END'
180
+
type: string
181
+
operation:
182
+
description: 'Type of operation this action is going to perform. following actions are available to configure: * ICAP - forward the incoming request or response to an ICAP server for modification. * INLINEINSPECTION - forward the incoming or outgoing packets to IPS server for Intrusion Prevention. * MIRROR - Forwards cloned packets for Intrusion Detection. * NOINSPECTION - This does not forward incoming and outgoing packets to the Inspection device. * NSTRACE - capture current and further incoming packets on this transaction.'
description: 'Name of the action to perform if the Vserver representing the remote service is not UP. This is not supported for NOINSPECTION Type. The Supported actions are: * RESET - Reset the client connection by closing it. The client program, such as a browser, will handle this and may inform the user. The client may then resend the request if desired. * DROP - Drop the request without sending a response to the user. * CONTINUE - It bypasses the ContentIsnpection and Continues/resumes the Traffic-Flow to Client/Server.'
0 commit comments