Service Object Annotations
- Last Updated: July 29, 2025
- 1 minute read
- LoadMaster
- LoadMaster GA
- Documentation
The following table lists all the annotations that can be used within the Kubernetes YAML configuration file to define various Virtual Service attributes. All of these attributes can be used within Service objects in the YAML file, regardless of whether you are using Ingress Mode or Service Mode. The table below lists the annotation name, the corresponding LoadMaster Application Programming Interface (API) parameter name, a short description, and the parameter type/valid values. This is not an exhaustive list. Refer to the RESTful API documentation for further details including settings and other details about each annotation.
Here is an example of a YAML file:
apiVersion: v1 kind: Service metadata: name: <Name> labels: kempLB: Enabled annotations: "vsid": "<VirtualServiceID>" spec: type: ClusterIP ports: - port: <VirtualServicePort> selector: app: <ApplicationSelector>
The format of the key pair is parameter: value.
|
Kubernetes Annotation Name |
API Parameter Name |
Description |
Parameter type/Valid values |
|---|---|---|---|
| addvia | AddVia | Specific headers to be added to HTTP requests. |
|
| alertthresh | AlertThreshold | Web Application Firewall (WAF): This is the threshold of incidents per hour before sending an alert. |
|
| allowhttp2 | AllowHTTP2 | Enable/disable HTTP2 for this Virtual Service. SSL Acceleration must be enabled before HTTP2 can be enabled. |
|
| altaddress | AltAddress | The alternate address for a Virtual Service. | String |
| cache | Cache | Enable/disable the caching of URLs. |
|
| cachepercent | CachePercent | Maximum percentage of cache space permitted for a Virtual Service. | Integer |
| certfile | CertFile | A list of certificate identifiers (strings) separated by spaces. | Strings (separated by spaces) |
| checkhost | CheckHost | Host name for Real Server health checks for a Virtual Service. | String |
| checkport | CheckPort | Port number for Real Server health checks for a Virtual Service. | Integer |
| checktype | CheckType | Set the Health Check method (for example, ICMP, TCP, and so on). |
|
| checkurl | CheckUrl | URL for Real Server health checks for a Virtual Service. | The maximum character length for the CheckUrl parameter value is 126 characters. |
| checkuse1.1 | CheckUse1.1 | Enable/disable using HTTP 1.1 for health checks for a Virtual Service. |
|
| checkcodes | CheckCodes | A space-separated list of HTTP status codes that should be treated as successful when received from the Real Server. | 300-599 |
| checkheaders | CheckHeaders | Specify up to four additional headers/ fields which will be sent with each health check request. Separate the pairs with a pipe, for example; Host:xyc|UserAgent :prq. | |
| checkpattern | CheckPattern | When the checktype is set to http or https - this corresponds to the Reply 200 Pattern in the WUI. This parameter only applies when the HTTP Method is set to GET or POST. When the checktype is set to bdata: Specify the hexadecimal string which will be searched for in the response. Specify an empty value to unset checkpattern. | |
| checkpostdata | CheckPostData | This parameter is only relevant if the HTTP Method is set to POST. When using the POST method, up to 2047 characters of POST data can be sent to the server. | Supports up to 2047 characters |
| ciphers | Ciphers | A list of cipher names to be used for a Virtual Service separated by colons (:). | Supported cipher names (separated by colons) |
| cipherset | CipherSet | The cipher set name to be used for a Virtual Service. |
|
| clientcert | ClientCert | Enable client certificates for a Virtual Service. |
|
| compress | Compress | Enable/disable file compression for a Virtual Service. |
|
| copyhdrfrom | CopyHdrFrom | Name of the source header field to copy into a new header field before forwarding request to Real Servers. | String |
| copyhdrto | CopyHdrTo | Name of the header field into which the header data from copyhdrfrom is to be copied. | String |
| defaultgw | DefaultGW | IP address of the default gateway for a Virtual Service. If the defaultgw is not set for a Virtual Service, the global Default Gateway value is used. | IP address |
| enable | Enable | Activate/deactivate a Virtual Service. |
|
| enhealthchecks | EnhancedHealthChecks | Enable/disable the rsminimum parameter. If disabled, only one Real Server being available marks the Virtual Service "up". |
|
| errorcode | ErrorCode | An HTTP error code to return if no Real Servers are available. | Error code number |
| errorurl | ErrorUrl | A redirect URL to be returned if no Real Servers are available. | URL |
| espenabled | EspEnabled | Enable/disable Edge Security Pack (ESP) features (for example, Single Sign On). |
|
| extraports | ExtraPorts | Additional listening ports for the Virtual Service. | 3-65530 |
| followvsid | FollowVSID | Enable/disable port following. 0 is disabled; to enable, set to the Virtual Service ID of the Virtual Service to follow. Virtual Service IDs 1 and 2 cannot be used. | Virtual Service ID |
| forcel7 | ForceL7 | Enable/disable using the Layer 7 engine even if the Virtual Service traffic is Layer 4. |
|
| idletime | Idletime | The length of time (in seconds) that a Virtual Service connection may remain idle before it is closed. 0 means use the conntimeout value. | 0-86400 |
| inauthmode | InputAuthMode | The client authentication mode to be used. |
|
| locbindaddr | LocalBindAddrs | A space-separated list of IP addresses to use as alternate source addresses when scaling over 64K connections is enabled. | Space-separated list of IP addresses |
| machlen | MatchLen | Number of bytes to search in server responses when using binary health checks. |
0-8000 |
| multiconnect | MultiConnect | Enable/disable multiplexing of multiple client requests over a single Real Server connection. |
|
| needhostname | NeedHostName | When enabled, the host name must be included in a client request or the connection is dropped. |
|
| non_local | non_local | Enable non-local Real Servers. Transparency must be disabled on the relevant Virtual Services. |
|
| ocspverify | OCSPVerify | Enable/disable OCSP verification of client certificates for a Virtual Service. |
|
| outauthmode | OutputAuthMode | Specify the Real Server authentication mode to be used. |
|
| persist | Persist | The type of persistence (stickiness) to use for a Virtual Service. |
|
| perstout | PersistTimeout | The length of time (in seconds) after the last connection that the LoadMaster will remember the persistence information. | 0-604800 seconds (7 days) |
| portfollow | PortFollow | Deprecated. Use followvsid instead. | Deprecated |
| preprec | PreProcPrecedence | The name of an existing Content Matching Rule whose place in the execution order you want to modify. | Specify the name of the existing rule whose position you wish to change. This parameter relates to Content Matching Rules only. |
| preprecpos | PreProcPrecedencePos | An integer specifying the execution order of the Content Matching Rule whose name is given by the value of preprec. | This parameter, in conjunction with the PreProcPrecedence parameter, is used to change the position of the rule in a sequence of rules. For example a position of 2 means the rule will be checked second. This parameter relates to the Content Matching Rules only. |
| qos | QoS | Sets a Type of Service (ToS) value in the IP header of packets outbound from a Virtual Service. |
|
| querytag | QueryTag | The query tag to be matched if the persist type is set to query-hash. | String |
| reqprec | RequestPrecedence | The name of an existing Request Rule whose place in the execution order you want to modify. | This parameter should be used in conjunction with RequestPrecedencePos. This parameter is used to specify the name of the existing request rule whose position you wish to change. |
| reqprecpos | RequestPrecedencePos | An integer specifying the execution order of the Request Rule whose name is given by the value of reqprec. | This parameter, in conjunction with the RequestPrecedence parameter, is used to change the position of the rule in a sequence of rules. For example a position of 2 means the rule will be checked second. |
| reqrules | RequestRules | Returns the list of request rules that are assigned to the Virtual Service. | List of request rules |
| respprec | ResponsePrecedence | The name of an existing Response Rule whose place in the execution order you want to modify. | This parameter should be used in conjunction with ResponsePrecedencePos. This parameter is used to specify the name of the existing response rule whose position you wish to change. |
| resprecpos | ResponsePrecedencePos | An integer specifying the execution order of the Response Rule whose name is given by the value of respprec. | This parameter, in conjunction with the ResponsePrecedence parameter, is used to change the position of the rule in a sequence of rules. For example, a position of 2 means the rule will be checked second. |
| resprules | ResponseRules | Returns the list of response rules that are assigned to the Virtual Service. | List of response rules |
| rsminimum | RsMinimum | The minimum number of Real Servers required to be available for the Virtual Service to be considered up. The rsminimum parameter cannot be set initially because the Real Server is not added yet. When a Real Server has been added, the rsminimum parameter can be set. | 1 to the number of Real Servers configured |
| rsnihostname | ReverseSNIHostname | The SNI Hostname to use when connecting to Real Servers. | Hostname |
| shed | Schedule | The scheduling or load balancing method for a Virtual Service. |
|
| sechdropt | SecurityHeaderOptions | Add the Strict-Transport-Security header to all LoadMaster-generated messages (ESP and error messages). |
|
| serverinit | ServerInit | Permit local connections to the Real Server before any client connections have been received for the Virtual Service. |
|
| sslaccel | SSLAcceleration | Enables/disables SSL acceleration (decryption) for incoming Virtual Service traffic. |
|
| sslreencrypt | SSLReencrypt | Enables/disables SSL encryption on connections to Real Servers. |
|
| sslreverse | SSLReverse | Enabling this parameter means that the data from the LoadMaster to the Real Server is re-encrypted. This is only relevant for Virtual Services with the Service Type set to Generic. |
|
| sslrewrite | SSLRewrite | Enable/disable rewriting of location URLs when a redirect is being used. |
|
| standbyaddr | StandbyAddr | The IP address of the Sorry server that is to be used when no Real Servers are available. | IP address |
| standbyport | StandbyPort | The port number of the Sorry server. | Port number |
| starttlsmode | StartTLSMode | Set the mode used for HTTP/HTTPS and STARTTLS type Virtual Services. | 0 - HTTP/HTTPS (the Service
Type needs to be set to HTTP/HTTPS for this to work). The Virtual Service Type must be set to STARTTLS for the remaining values to be set:
|
| subnetorig | SubnetOriginating | Enable/disable using LoadMaster's subnet IP address as the source IP for traffic originating from a Real Server on a subnet configured on the system. |
|
| tlstype | TLSType | Specifies the SSL/TLS versions supported by a Virtual Service. | The protocols can be enabled and disabled using a bitmask value. Refer to the RESTful API documentation to find out what number corresponds to which settings. |
| transparent | Transparent | Enable/Disable transparency on a Virtual Service. |
|
| useforsnatt | UseforSnatt | Enable/disable use of the Virtual Service IP address as the source address for outbound packets from Real Servers. |
|
| verify | Verify | WAF: Enable/disable intrusion detection and behavior. | Verify is a bitmask. Refer to the RESTful API documentation to find out the valid values. |
| vsip | VSAddress | The IP Address of the Virtual Service. | IP address |
| vsname | NickName | The name of the Virtual Service. |
In addition to the usual alphanumeric characters, the following "special" characters can be used as part of the Service Name: . @ - _ |
| vsport | Protocol | The port number of the Virtual Service. | Port number |
| vstype | VStype | The type of the Virtual Service. |
|