For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nikoolayy1's avatar
Nov 07, 2025
Solved

How can k8s CIS CRD VirtualServer reference existing APM Access profile?

Hey Everyone,

 

How can k8s Container Ingress Services (CIS) CRD VirtualServer reference existing APM Acess profile?

 

 I know that this is in as3 ( https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/3.32/declarations/access-related.html ) but I don't see such options in the virtualserver ( https://clouddocs.f5.com/containers/latest/userguide/crd/virtualserver.html  ) or policy ( https://clouddocs.f5.com/containers/latest/userguide/crd/virtualserver.html  ) crd and I don't want to use old way with config maps.

 

 

Edit:

 

A not great workaround I found is attaching an access profile by using an irule (APM access-profile can be assigned from iRule only) as the F5 CRD supports attaching configured existing irules.

 

 

apiVersion: "cis.f5.com/v1"
kind: VirtualServer
metadata:
  name: vs-test
  namespace: xxxx
  labels:
    f5cr: "true"
spec:
  virtualServerAddress: "xxxx"
  virtualServerHTTPPort: xxx
  snat: auto
  iRules:
  - "/Common/test-irule"
  pools:
  - monitor:
      interval: 10
      recv: ""
      send: "GET /"
      timeout: 31
      type: http
    path: /
    service: XXX
    servicePort: 80

3 Replies