osc load-balancer listener create

Creates a listener for a load balancer.

The listener configures a port and protocol for the load balancer to listen on for incoming requests. A load balancer may have zero or more listeners configured.

This operation provisions a new listener by using the configuration that you define in the request object. After the API validates the request and starts the provisioning process, the API returns a response object that contains a unique ID and the status of provisioning the listener.

In the response, the listener provisioning status is ACTIVE, PENDING_CREATE, or ERROR.

If the status is PENDING_CREATE, issue GET /v2/lbaas/listeners/{listener_id} to view the progress of the provisioning operation. When the listener status changes to ACTIVE, the listener is successfully provisioned and is ready for further configuration.

If the API cannot fulfill the request due to insufficient data or data that is not valid, the service returns the HTTP Bad Request (400) response code with information about the failure in the response body. Validation errors require that you correct the error and submit the request again.

Specifying a project_id is deprecated. The listener will inherit the project_id of the parent load balancer.

You can configure all documented features of the listener at creation time by specifying the additional elements or attributes in the request.

To create a listener, the parent load balancer must have an ACTIVE provisioning status.

Usage: osc load-balancer listener create [OPTIONS] --loadbalancer-id <LOADBALANCER_ID> --protocol <PROTOCOL> --protocol-port <PROTOCOL_PORT>

Options:

  • --admin-state-up <ADMIN_STATE_UP> — The administrative state of the resource, which is up (true) or down (false). Default is true

    Possible values: true, false

  • --allowed-cidrs <ALLOWED_CIDRS> — A list of IPv4, IPv6 or mix of both CIDRs. The default is all allowed. When a list of CIDRs is provided, the default switches to deny all.

    New in version 2.12

  • --alpn-protocols <ALPN_PROTOCOLS>

  • --client-authentication <CLIENT_AUTHENTICATION> — The TLS client authentication mode. One of the options NONE, OPTIONAL or MANDATORY.

    New in version 2.8

    Possible values: mandatory, none, optional

  • --client-ca-tls-container-ref <CLIENT_CA_TLS_CONTAINER_REF> — The ref of the key manager service secret containing a PEM format client CA certificate bundle for TERMINATED_HTTPS listeners.

    New in version 2.8

  • --client-crl-container-ref <CLIENT_CRL_CONTAINER_REF> — The URI of the key manager service secret containing a PEM format CA revocation list file for TERMINATED_HTTPS listeners.

    New in version 2.8

  • --connection-limit <CONNECTION_LIMIT> — The maximum number of connections permitted for this listener. Default value is -1 which represents infinite connections or a default value defined by the provider driver

  • --default-pool <JSON> — A pool object

  • --default-pool-id <DEFAULT_POOL_ID> — The ID of the pool used by the listener if no L7 policies match. The pool has some restrictions. See Protocol Combinations (Listener/Pool)

  • --default-tls-container-ref <DEFAULT_TLS_CONTAINER_REF> — The URI of the key manager service secret containing a PKCS12 format certificate/key bundle for TERMINATED_HTTPS listeners. DEPRECATED: A secret container of type “certificate” containing the certificate and key for TERMINATED_HTTPS listeners

  • --description <DESCRIPTION> — A human-readable description for the resource

  • --hsts-include-subdomains <HSTS_INCLUDE_SUBDOMAINS> — Defines whether the includeSubDomains directive should be added to the Strict-Transport-Security HTTP response header. This requires setting the hsts_max_age option as well in order to become effective.

    New in version 2.27

    Possible values: true, false

  • --hsts-max-age <HSTS_MAX_AGE> — The value of the max_age directive for the Strict-Transport-Security HTTP response header. Setting this enables HTTP Strict Transport Security (HSTS) for the TLS-terminated listener.

    New in version 2.27

  • --hsts-preload <HSTS_PRELOAD> — Defines whether the preload directive should be added to the Strict-Transport-Security HTTP response header. This requires setting the hsts_max_age option as well in order to become effective.

    New in version 2.27

    Possible values: true, false

  • --insert-headers <key=value> — A dictionary of optional headers to insert into the request before it is sent to the backend member. See Supported HTTP Header Insertions. Both keys and values are always specified as strings

  • --l7policies <JSON> — A list of L7 policy objects

  • --loadbalancer-id <LOADBALANCER_ID> — The ID of the load balancer

  • --name <NAME> — Human-readable name of the resource

  • --project-id <PROJECT_ID> — The ID of the project owning this resource. (deprecated)

  • --protocol <PROTOCOL> — The protocol for the resource. One of HTTP, HTTPS, SCTP, PROMETHEUS, TCP, TERMINATED_HTTPS, or UDP

    Possible values: http, https, prometheus, sctp, tcp, terminated-https, udp

  • --protocol-port <PROTOCOL_PORT> — The protocol port number for the resource

  • --sni-container-refs <SNI_CONTAINER_REFS> — A list of URIs to the key manager service secrets containing PKCS12 format certificate/key bundles for TERMINATED_HTTPS listeners. (DEPRECATED) Secret containers of type “certificate” containing the certificates and keys for TERMINATED_HTTPS listeners

  • --tags <TAGS>

  • --tenant-id <TENANT_ID>

  • --timeout-client-data <TIMEOUT_CLIENT_DATA> — Frontend client inactivity timeout in milliseconds. Default: 50000.

    New in version 2.1

  • --timeout-member-connect <TIMEOUT_MEMBER_CONNECT> — Backend member connection timeout in milliseconds. Default: 5000.

    New in version 2.1

  • --timeout-member-data <TIMEOUT_MEMBER_DATA> — Backend member inactivity timeout in milliseconds. Default: 50000.

    New in version 2.1

  • --timeout-tcp-inspect <TIMEOUT_TCP_INSPECT> — Time, in milliseconds, to wait for additional TCP packets for content inspection. Default: 0.

    New in version 2.1

  • --tls-ciphers <TLS_CIPHERS>

  • --tls-versions <TLS_VERSIONS>