Configuration reference
Global CRD
On this page
Selected version
Global CRD Configuration reference
When you define a Global custom resource, you can tune the overall behavior of HAProxy Unified Gateway. Fields you set here are process-level and include connection limits, TLS options, and other tunables that apply to all gateways and routes. To associate a Global custom resource with your HAProxy Unified Gateway installation, you’ll reference it in the HugConf custom resource.
Use the Global custom resource Jump to heading
With the Global custom resource, you can tune process-level options. To use it:
-
Create a file named
global.yamland add to it a Global custom resource definition. In this example:- We define a Global custom resource named
example-global. We’ll create it in thehaproxy-unified-gatewaynamespace, though you can specify a differentnamespace. - We set
merge_strategytooverride. We’ll explain more about this property later in the section Merge Strategy. For this simple example, the behavior is the same for either merge strategy. - Under
spec, we setcpu_policytoperformance. This is a process-level tunable that instructs the load balancer to organize its operations on your hardware to maximize utilization of your CPU cores.
global.yamlyamlapiVersion: gate.v3.haproxy.org/v3kind: Globalmetadata:name: example-globalnamespace: haproxy-unified-gatewayspec:merge_strategy: overridecpu_policy: performanceglobal.yamlyamlapiVersion: gate.v3.haproxy.org/v3kind: Globalmetadata:name: example-globalnamespace: haproxy-unified-gatewayspec:merge_strategy: overridecpu_policy: performance - We define a Global custom resource named
-
Use
kubectl applyto create the Global custom resource:nixkubectl apply -f global.yamlnixkubectl apply -f global.yaml -
Update the
HugConfresource to reference the Global custom resource viaglobalRef. The controller will pick up the changes, apply the configuration, and reload the load balancer automatically with:nixkubectl edit hugconf -n haproxy-unified-gatewaynixkubectl edit hugconf -n haproxy-unified-gatewayAdd a section named
globalRefunderspecthat contains the name of the Global custom resource and the namespace in which it resides. In this example, the Global custom resource is namedexample-globaland resides in thehaproxy-unified-gatewaynamespace:yamlapiVersion: gate.v3.haproxy.org/v3kind: HugConfmetadata:name: hugconfnamespace: haproxy-unified-gatewayspec:globalRef:name: example-globalnamespace: haproxy-unified-gatewaylogging:defaultLevel: InfoyamlapiVersion: gate.v3.haproxy.org/v3kind: HugConfmetadata:name: hugconfnamespace: haproxy-unified-gatewayspec:globalRef:name: example-globalnamespace: haproxy-unified-gatewaylogging:defaultLevel: InfoSave and exit the editor. The controller will pick up the changes, apply the configuration, and reload the load balancer automatically.
-
Optional: Verify your configuration changes by viewing the load balancer configuration. For example:
nixkubectl exec -n haproxy-unified-gateway $(kubectl get pods -A \| awk '/haproxy-unified-gateway/ && !/default/ && /Running/' \| awk 'NR==1{print $2}') -- cat /usr/local/hug/haproxy.cfgnixkubectl exec -n haproxy-unified-gateway $(kubectl get pods -A \| awk '/haproxy-unified-gateway/ && !/default/ && /Running/' \| awk 'NR==1{print $2}') -- cat /usr/local/hug/haproxy.cfgThe option
cpu-policy performanceshould now appear in theglobalsection of the load balancer configuration.
Merge strategy Jump to heading
The load balancer settings are generated by combining the following:
- HAProxy Unified Gateway global defaults
- Settings you define via Global CRD
- Controller-enforced settings that you can’t override
The global defaults are applied first, followed by the settings you defined via Global CRD, and finally, the controller-enforced settings are applied. The settings you defined via Global CRD are applied according to the merge_strategy you specify in the CR definition. You can set it to either:
append; settings that are lists won’t be replaced by the list you definedoverride; settings that are lists will be completed replaced by the list you defined
Tip
As of version 1.0 of HAProxy Unified Gateway, append only has a real effect for changes to the log_target_list in the CR definition. Overriding this list means that only those that you specify in your list will be included, and this default entry won’t be included:
haproxy
haproxy
Define mulitple HAProxy Runtime API sockets Jump to heading
As for HAProxy Runtime API sockets, you can define multiple sockets, but the socket managed by the controller will always appear first in the list, and you can’t override it. This is the socket the controller uses to communicate with the load balancer (/var/run/haproxy-runtime-api.sock). To add additional sockets to the list, you’ll need to set merge_strategy to append. For example:
global.yamlyaml
global.yamlyaml
Troubleshooting Jump to heading
Find solutions to problems you may encounter when using the Global CRD.
-
You encounter the following error message:
The Global "global" is invalid: spec.merge_strategy: Required value.- Confirm you’ve set merge_strategy in your custom resource definition.
-
No changes are made or the custom resource doesn’t take effect.
- Ensure you’ve referenced your Global CR in the HugConf CR and specified the correct namespace.
Global
-
CRD version:
1.0 -
API version:
gate.v3.haproxy.org/v3
chroot
[string]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
chroot: String # Allowed pattern: ^[^\s]+$
close_spread_time
[integer]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
close_spread_time: Integer # Minimum: 0
cluster_secret
[string]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
cluster_secret: String
cpu_maps
[array]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
cpu_maps:
- cpu_set: String
process: String
cpu_policy
[string]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
cpu_policy: String # Allowed values are none, efficiency, first-usable-node, group-by-2-ccx, group-by-2-clusters, group-by-3-ccx, group-by-3-clusters, group-by-4-ccx, group-by-4-cluster, group-by-ccx, group-by-cluster, performance, resource
cpu_set
[array]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
cpu_set:
- directive: String # Allowed values are reset, drop-cpu, only-cpu, drop-node, only-node, drop-cluster, only-cluster, drop-core, only-core, drop-thread, only-thread
set: String
debug_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
debug_options:
anonkey: Integer # Minimum: 0, Maximum: 4294967295
quiet: Boolean
stress_level: Integer # Minimum: 0, Maximum: 9
zero_warning: Boolean
description
[string]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
description: String
device_atlas_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
device_atlas_options:
json_file: String
log_level: String
properties_cookie: String
separator: String
dns_accept_family
[string]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
dns_accept_family: String # Allowed pattern: ^[^\s]+$
environment_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
environment_options:
presetenv:
- name: String
value: String
resetenv: String
setenv:
- name: String
value: String
unsetenv: String
expose_deprecated_directives
[boolean]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
expose_deprecated_directives: Boolean
expose_experimental_directives
[boolean]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
expose_experimental_directives: Boolean
external_check
[boolean]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
external_check: Boolean
fifty_one_degrees_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
fifty_one_degrees_options:
cache_size: Integer
data_file: String
property_name_list: String
property_separator: String
force_cfg_parser_pause
[integer]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
force_cfg_parser_pause: Integer # Minimum: 0
gid
[integer]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
gid: Integer
grace
[integer]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
grace: Integer # Minimum: 0
group
[string]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
group: String # Allowed pattern: ^[^\s]+$
h1_accept_payload_with_any_method
[boolean]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
h1_accept_payload_with_any_method: Boolean
h1_case_adjust
[array]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
h1_case_adjust:
- from: String
to: String
h1_case_adjust_file
[string]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
h1_case_adjust_file: String
h1_do_not_close_on_insecure_transfer_encoding
[boolean]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
h1_do_not_close_on_insecure_transfer_encoding: Boolean
h2_workaround_bogus_websocket_clients
[boolean]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
h2_workaround_bogus_websocket_clients: Boolean
hard_stop_after
[integer]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
hard_stop_after: Integer # Minimum: 0
harden
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
harden:
reject_privileged_ports:
quic: String # Allowed values are enabled, disabled
tcp: String # Allowed values are enabled, disabled
http_client_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
http_client_options:
resolvers_disabled: String # Allowed values are enabled, disabled
resolvers_id: String
resolvers_prefer: String # Allowed values are ipv4, ipv6
retries: Integer
ssl_ca_file: String
ssl_verify: String # Allowed values are , none, required
timeout_connect: Integer # Minimum: 0
http_err_codes
[array]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
http_err_codes:
- value: String # Allowed pattern: ^[a-zA-Z0-9 +\-,]+$
http_fail_codes
[array]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
http_fail_codes:
- value: String # Allowed pattern: ^[a-zA-Z0-9 +\-,]+$
insecure_fork_wanted
[boolean]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
insecure_fork_wanted: Boolean
insecure_setuid_wanted
[boolean]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
insecure_setuid_wanted: Boolean
limited_quic
[boolean]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
limited_quic: Boolean
log_send_hostname
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
log_send_hostname:
enabled: String # Allowed values are enabled, disabled
param: String # Allowed pattern: ^[^\s]+$
log_target_list
[array]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
log_target_list:
- address: String # Allowed pattern: ^[^\s]+$
facility: String # Allowed values are kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, auth2, ftp, ntp, audit, alert, cron2, local0, local1, local2, local3, local4, local5, local6, local7
format: String # Allowed values are local, rfc3164, rfc5424, priority, short, timed, iso, raw
global: Boolean
length: Integer
level: String # Allowed values are emerg, alert, crit, err, warning, notice, info, debug
minlevel: String # Allowed values are emerg, alert, crit, err, warning, notice, info, debug
nolog: Boolean
profile: String
sample_range: String
sample_size: Integer
lua_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
lua_options:
loads:
- file: String # Allowed pattern: ^[^\s]+$
prepend_path:
- path: String # Allowed pattern: ^[^\s]+$
type: String # Allowed values are path, cpath
merge_strategy
[string]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
merge_strategy: String # Allowed values are override, append
mworker_max_reloads
[integer]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
mworker_max_reloads: Integer # Minimum: 0
nbthread
[integer]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
nbthread: Integer
no_quic
[boolean]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
no_quic: Boolean
node
[string]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
node: String
numa_cpu_mapping
[string]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
numa_cpu_mapping: String # Allowed values are enabled, disabled
ocsp_update_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
ocsp_update_options:
disable: Boolean
httpproxy:
address: String # Allowed pattern: ^[^\s]+$
port: Integer # Minimum: 1, Maximum: 65535
maxdelay: Integer
mindelay: Integer
mode: String # Allowed values are enabled, disabled
performance_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
performance_options:
busy_polling: Boolean
fd_hard_limit: Integer
max_spread_checks: Integer # Minimum: 0
maxcompcpuusage: Integer
maxcomprate: Integer
maxconn: Integer
maxconnrate: Integer
maxpipes: Integer
maxsessrate: Integer
maxzlibmem: Integer
noepoll: Boolean
noevports: Boolean
nogetaddrinfo: Boolean
nokqueue: Boolean
nopoll: Boolean
noreuseport: Boolean
nosplice: Boolean
profiling_memory: String # Allowed values are enabled, disabled
profiling_tasks: String # Allowed values are auto, enabled, disabled
server_state_base: String # Allowed pattern: ^[^\s]+$
server_state_file: String # Allowed pattern: ^[^\s]+$
spread_checks: Integer
thread_hard_limit: Integer
pp2_never_send_local
[boolean]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
pp2_never_send_local: Boolean
prealloc_fd
[boolean]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
prealloc_fd: Boolean
runtime_apis
[array]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
runtime_apis:
- accept_netscaler_cip: Integer
accept_proxy: Boolean
address: String # Allowed pattern: ^[^\s]+$
allow_0rtt: Boolean
alpn: String # Allowed pattern: ^[^\s]+$
backlog: String
ca_ignore_err: String
ca_sign_file: String
ca_sign_pass: String
ca_verify_file: String
ciphers: String
ciphersuites: String
client_sigalgs: String
crl_file: String
crt_ignore_err: String
crt_list: String
curves: String
default_crt_list: [ String ]
defer_accept: Boolean
ecdhe: String
expose_fd_listeners: Boolean
force_sslv3: Boolean
force_strict_sni: String # Allowed values are enabled, disabled
force_tlsv10: Boolean
force_tlsv11: Boolean
force_tlsv12: Boolean
force_tlsv13: Boolean
generate_certificates: Boolean
gid: Integer
group: String
guid_prefix: String # Allowed pattern: ^[A-Za-z0-9-_.:]+$
id: String
idle_ping: Integer # Minimum: 0
interface: String
level: String # Allowed values are user, operator, admin
maxconn: Integer
mode: String
mss: String
name: String # Allowed pattern: ^[^\s]+$
namespace: String
nbconn: Integer
nice: Integer
no_alpn: Boolean
no_ca_names: Boolean
no_sslv3: Boolean
no_strict_sni: Boolean
no_tls_tickets: Boolean
no_tlsv10: Boolean
no_tlsv11: Boolean
no_tlsv12: Boolean
no_tlsv13: Boolean
npn: String
prefer_client_ciphers: Boolean
proto: String
quic-cc-algo: String # Allowed values are cubic, newreno, bbr, nocc
quic-force-retry: Boolean
quic-socket: String # Allowed values are connection, listener
quic_cc_algo_burst_size: Integer # Minimum: 0, Maximum: 1024
quic_cc_algo_max_window: Integer # Minimum: 10, Maximum: 4194304
severity_output: String # Allowed values are none, number, string
sigalgs: String
ssl: Boolean
ssl_cafile: String # Allowed pattern: ^[^\s]+$
ssl_certificate: String # Allowed pattern: ^[^\s]+$
ssl_max_ver: String # Allowed values are SSLv3, TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3
ssl_min_ver: String # Allowed values are SSLv3, TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3
sslv3: String # Allowed values are enabled, disabled
strict_sni: Boolean
tcp_user_timeout: Integer
tfo: Boolean
thread: String
tls_ticket_keys: String
tls_tickets: String # Allowed values are enabled, disabled
tlsv10: String # Allowed values are enabled, disabled
tlsv11: String # Allowed values are enabled, disabled
tlsv12: String # Allowed values are enabled, disabled
tlsv13: String # Allowed values are enabled, disabled
transparent: Boolean
uid: String
user: String
v4v6: Boolean
v6only: Boolean
verify: String # Allowed values are none, optional, required
set_dumpable
[boolean]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
set_dumpable: Boolean
set_var
[array]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
set_var:
- expr: String
name: String
set_var_fmt
[array]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
set_var_fmt:
- format: String
name: String
setcap
[string]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
setcap: String # Allowed pattern: ^[^\s]+$
ssl_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
ssl_options:
acme_scheduler: String # Allowed values are auto, off
ca_base: String
crt_base: String
default_bind_ciphers: String
default_bind_ciphersuites: String
default_bind_client_sigalgs: String
default_bind_curves: String
default_bind_options: String
default_bind_sigalgs: String
default_server_ciphers: String
default_server_ciphersuites: String
default_server_client_sigalgs: String
default_server_curves: String
default_server_options: String
default_server_sigalgs: String
dh_param_file: String
engines:
- algorithms: String
name: String
issuers_chain_path: String
load_extra_files: String
maxsslconn: Integer
maxsslrate: Integer
mode_async: String # Allowed values are enabled, disabled
propquery: String
provider: String
provider_path: String
security_level: Integer # Minimum: 0, Maximum: 5
server_verify: String # Allowed values are none, required
skip_self_issued_ca: Boolean
stats_file
[string]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
stats_file: String
stats_maxconn
[integer]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
stats_maxconn: Integer
strict_limits
[boolean]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
strict_limits: Boolean
thread_group_lines
[array]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
thread_group_lines:
- group: String
num_or_range: String
thread_groups
[integer]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
thread_groups: Integer
tune_buffer_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
tune_buffer_options:
buffers_limit: Integer
buffers_reserve: Integer # Minimum: 2
bufsize: Integer
bufsize_small: Integer # Minimum: 1
pipesize: Integer
rcvbuf_backend: Integer
rcvbuf_client: Integer
rcvbuf_frontend: Integer
rcvbuf_server: Integer
recv_enough: Integer
sndbuf_backend: Integer
sndbuf_client: Integer
sndbuf_frontend: Integer
sndbuf_server: Integer
tune_lua_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
tune_lua_options:
burst_timeout: Integer # Minimum: 0
forced_yield: Integer
log_loggers: String # Allowed values are enabled, disabled
log_stderr: String # Allowed values are auto, enabled, disabled
maxmem: Integer
service_timeout: Integer # Minimum: 0
session_timeout: Integer # Minimum: 0
task_timeout: Integer # Minimum: 0
tune_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
tune_options:
applet_zero_copy_forwarding: String # Allowed values are enabled, disabled
comp_maxlevel: Integer
disable_fast_forward: Boolean
disable_zero_copy_forwarding: Boolean
epoll_mask_events: [ String ]
events_max_events_at_once: Integer # Minimum: 1, Maximum: 10000
fail_alloc: Boolean
fd_edge_triggered: String # Allowed values are enabled, disabled
glitches_kill_cpu_usage: Integer # Minimum: 0, Maximum: 100
h1_zero_copy_fwd_recv: String # Allowed values are enabled, disabled
h1_zero_copy_fwd_send: String # Allowed values are enabled, disabled
h2_be_glitches_threshold: Integer
h2_be_initial_window_size: Integer
h2_be_max_concurrent_streams: Integer
h2_be_rxbuf: Integer
h2_fe_glitches_threshold: Integer
h2_fe_initial_window_size: Integer
h2_fe_max_concurrent_streams: Integer
h2_fe_max_total_streams: Integer
h2_fe_rxbuf: Integer
h2_header_table_size: Integer # Maximum: 65535
h2_initial_window_size: Integer
h2_max_concurrent_streams: Integer
h2_max_frame_size: Integer
h2_zero_copy_fwd_send: String # Allowed values are enabled, disabled
http_cookielen: Integer
http_logurilen: Integer
http_maxhdr: Integer # Minimum: 1, Maximum: 32767
idle_pool_shared: String # Allowed values are enabled, disabled
idletimer: Integer # Minimum: 0, Maximum: 65535
listener_default_shards: String # Allowed values are by-process, by-thread, by-group
listener_multi_queue: String # Allowed values are enabled, disabled
max_checks_per_thread: Integer
max_rules_at_once: Integer # Minimum: 0
maxaccept: Integer
maxpollevents: Integer
maxrewrite: Integer
memory_hot_size: Integer
notsent_lowat_client: Integer
notsent_lowat_server: Integer
pattern_cache_size: Integer
peers_max_updates_at_once: Integer
pool_high_fd_ratio: Integer
pool_low_fd_ratio: Integer
pt_zero_copy_forwarding: String # Allowed values are enabled, disabled
renice_runtime: Integer # Minimum: -20, Maximum: 19
renice_startup: Integer # Minimum: -20, Maximum: 19
ring_queues: Integer
runqueue_depth: Integer
sched_low_latency: String # Allowed values are enabled, disabled
stick_counters: Integer
takeover_other_tg_connections: String # Allowed values are none, restricted, full
tune_quic_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
tune_quic_options:
frontend_conn_tx_buffers_limit: Integer
frontend_max_idle_timeout: Integer # Minimum: 0
frontend_max_streams_bidi: Integer
frontend_max_tx_memory: Integer
max_frame_loss: Integer
reorder_ratio: Integer # Minimum: 0, Maximum: 100
retry_threshold: Integer
socket_owner: String # Allowed values are listener, connection
zero_copy_fwd_send: String # Allowed values are enabled, disabled
tune_ssl_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
tune_ssl_options:
cachesize: Integer
capture_buffer_size: Integer
ctx_cache_size: Integer
default_dh_param: Integer
force_private_cache: Boolean
keylog: String # Allowed values are enabled, disabled
lifetime: Integer # Minimum: 0
maxrecord: Integer
ocsp_update_max_delay: Integer
ocsp_update_min_delay: Integer
tune_vars_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
tune_vars_options:
global_max_size: Integer
proc_max_size: Integer
reqres_max_size: Integer
sess_max_size: Integer
txn_max_size: Integer
tune_zlib_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
tune_zlib_options:
memlevel: Integer # Minimum: 1, Maximum: 9
windowsize: Integer # Minimum: 8, Maximum: 15
uid
[integer]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
uid: Integer
ulimit_n
[integer]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
ulimit_n: Integer
user
[string]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
user: String # Allowed pattern: ^[^\s]+$
warn_blocked_traffic_after
[integer]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
warn_blocked_traffic_after: Integer # Minimum: 1
wurfl_options
[object]
apiVersion: "gate.v3.haproxy.org/v3"
kind: Global
metadata:
name: example-global
namespace: default
spec:
wurfl_options:
cache_size: Integer
data_file: String
information_list: String
information_list_separator: String
patch_file: String