Configuration reference
Frontend CRD
On this page
Selected version
Frontend CRD Configuration reference
This page applies to:
- HAProxy Kubernetes Ingress Controller 3.2 and newer
The Frontend custom resource extends the Kubernetes API to let you manage settings for the frontend sections that the ingress controller generates. There are three frontends named http, https, and stats.
Install the Frontend custom resource Jump to heading
Info
If you installed the ingress controller with Helm, this CRD is installed and updated automatically. If you installed with kubectl, follow these instructions for installation. Once installed, to perform updates on this CRD see: Update CRDs.
Before you can use the Frontend custom resource, you must install its definition into your Kubernetes cluster.
-
Download the v3-2 Frontend custom resource file.
-
Install the custom resource definition with
kubectl apply:nixkubectl apply -f ingress.v3.haproxy.org_frontends.yamlnixkubectl apply -f ingress.v3.haproxy.org_frontends.yaml -
Verify that the installation worked by listing custom resources defined in your cluster:
nixkubectl get crdnixkubectl get crdoutputtextNAME CREATED ATfrontends.ingress.v3.haproxy.org 2022-01-21T20:00:31ZoutputtextNAME CREATED ATfrontends.ingress.v3.haproxy.org 2022-01-21T20:00:31ZoutputtextNAME CREATED ATfrontends.core.haproxy.org 2022-01-21T20:00:31ZoutputtextNAME CREATED ATfrontends.core.haproxy.org 2022-01-21T20:00:31ZoutputtextNAME CREATED ATfrontends.core.haproxy.org 2022-01-21T20:00:31ZoutputtextNAME CREATED ATfrontends.core.haproxy.org 2022-01-21T20:00:31ZoutputtextNAME CREATED ATfrontends.core.haproxy.org 2022-01-21T20:00:31ZoutputtextNAME CREATED ATfrontends.core.haproxy.org 2022-01-21T20:00:31ZoutputtextNAME CREATED ATfrontends.core.haproxy.org 2022-01-21T20:00:31ZoutputtextNAME CREATED ATfrontends.core.haproxy.org 2022-01-21T20:00:31Z
Use the Frontend custom resource Jump to heading
With a Frontend custom resource, you can customize any of the frontends that the ingress controller manages, which are named http, https, and stats.
-
Create a YAML file that declares a
Frontendresource and add properties to itsspecsection.In the example below, we define a
Frontendcustom resource in thedefaultnamespace. In it, we add binds, an ACL rule, compression, and a setting for accepting invalid HTTP reuests.example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/example-frontend.yamlyamlapiVersion: "ingress.v3.haproxy.org/v3"kind: Frontendmetadata:name: example-frontend-crdnamespace: defaultspec:name: example-frontend-crdaccept_invalid_http_request: enabledbinds:test:address: 127.0.0.1port: 9080name: test-httpcompression:algo-req: identityacl_list:- acl_name: images_urlcriterion: pathvalue: -i -m beg /images/ -
Deploy it to your cluster using
kubectl apply.nixkubectl apply -f example-frontend.yamlnixkubectl apply -f example-frontend.yaml -
Decide which frontends the resource should apply to:
http,https, and/orstats. Usekubectl editto modify thehaproxy-kubernetes-ingressConfigMap.nixkubectl edit configmap haproxy-kubernetes-ingress --namespace haproxy-controllernixkubectl edit configmap haproxy-kubernetes-ingress --namespace haproxy-controllerAdd the keys to the
datasection to use yourFrontendcustom resource on the frontends, then save the file. Each frontend can point to a different custom resource. For each key, specify the namespace and name of the custom resource.yamlapiVersion: v1kind: ConfigMapmetadata:name: haproxy-kubernetes-ingressnamespace: haproxy-controllerdata:cr-frontend-http: default/example-frontend-crdcr-frontend-https: default/example-frontend-crdcr-frontend-stats: default/example-frontend-crdyamlapiVersion: v1kind: ConfigMapmetadata:name: haproxy-kubernetes-ingressnamespace: haproxy-controllerdata:cr-frontend-http: default/example-frontend-crdcr-frontend-https: default/example-frontend-crdcr-frontend-stats: default/example-frontend-crd
Properties
-
CRD version:
3.2 -
API version:
ingress.v3.haproxy.org/v3
accept_invalid_http_request
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
accept_invalid_http_request: String # Allowed values are enabled, disabled
accept_unsafe_violations_in_http_request
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
accept_unsafe_violations_in_http_request: String # Allowed values are enabled, disabled
acl_list
[array]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
acl_list:
- acl_name: String # Allowed pattern: ^[^\s]+$
criterion: String # Allowed pattern: ^[^\s]+$
value: String
backend_switching_rule_list
[array]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
backend_switching_rule_list:
- cond: String # Allowed values are if, unless
cond_test: String
name: String # Allowed pattern: ^[^\s]+$
backlog
[integer]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
backlog: Integer
binds
[object]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
binds:
accept_netscaler_cip: Integer
accept_proxy: Boolean
address: String # Allowed pattern: ^[^\s]+$
allow_0rtt: Boolean
alpn: String # Allowed pattern: ^[^\s]+$
backlog: String
ca_ignore_err: String
ca_sign_file: String
ca_sign_pass: String
ca_verify_file: String
ciphers: String
ciphersuites: String
client_sigalgs: String
crl_file: String
crt_ignore_err: String
crt_list: String
curves: String
default_crt_list: Array of String
defer_accept: Boolean
ecdhe: String
expose_fd_listeners: Boolean
force_sslv3: Boolean
force_strict_sni: String # Allowed values are enabled, disabled
force_tlsv10: Boolean
force_tlsv11: Boolean
force_tlsv12: Boolean
force_tlsv13: Boolean
generate_certificates: Boolean
gid: Integer
group: String
guid_prefix: String # Allowed pattern: ^[A-Za-z0-9-_.:]+$
id: String
idle_ping: Integer Minimum: 0
interface: String
level: String # Allowed values are user, operator, admin
maxconn: Integer
mode: String
mss: String
name: String # Allowed pattern: ^[^\s]+$
namespace: String
nbconn: Integer
nice: Integer
no_alpn: Boolean
no_ca_names: Boolean
no_sslv3: Boolean
no_strict_sni: Boolean
no_tls_tickets: Boolean
no_tlsv10: Boolean
no_tlsv11: Boolean
no_tlsv12: Boolean
no_tlsv13: Boolean
npn: String
port: Integer Minimum: 1 Maximum: 65535
port-range-end: Integer Minimum: 1 Maximum: 65535
prefer_client_ciphers: Boolean
proto: String
quic-cc-algo: String # Allowed values are cubic, newreno, bbr, nocc
quic-force-retry: Boolean
quic-socket: String # Allowed values are connection, listener
quic_cc_algo_burst_size: Integer Minimum: 0 Maximum: 1024
quic_cc_algo_max_window: Integer Minimum: 10 Maximum: 4194304
severity_output: String # Allowed values are none, number, string
sigalgs: String
ssl: Boolean
ssl_cafile: String # Allowed pattern: ^[^\s]+$
ssl_certificate: String # Allowed pattern: ^[^\s]+$
ssl_max_ver: String # Allowed values are SSLv3, TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3
ssl_min_ver: String # Allowed values are SSLv3, TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3
sslv3: String # Allowed values are enabled, disabled
strict_sni: Boolean
tcp_user_timeout: Integer
tfo: Boolean
thread: String
tls_ticket_keys: String
tls_tickets: String # Allowed values are enabled, disabled
tlsv10: String # Allowed values are enabled, disabled
tlsv11: String # Allowed values are enabled, disabled
tlsv12: String # Allowed values are enabled, disabled
tlsv13: String # Allowed values are enabled, disabled
transparent: Boolean
uid: String
user: String
v4v6: Boolean
v6only: Boolean
verify: String # Allowed values are none, optional, required
capture_list
[array]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
capture_list:
- length: Integer
type: String # Allowed values are request, response
clflog
[boolean]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
clflog: Boolean
client_fin_timeout
[integer]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
client_fin_timeout: Integer Minimum: 0
client_timeout
[integer]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
client_timeout: Integer Minimum: 0
clitcpka
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
clitcpka: String # Allowed values are enabled, disabled
clitcpka_cnt
[integer]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
clitcpka_cnt: Integer
clitcpka_idle
[integer]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
clitcpka_idle: Integer
clitcpka_intvl
[integer]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
clitcpka_intvl: Integer
compression
[object]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
compression:
algo-req: String # Allowed values are identity, gzip, deflate, raw-deflate
algorithms: Array of String
algos-res: Array of String
direction: String # Allowed values are request, response, both
minsize_req: Integer
minsize_res: Integer
offload: Boolean
types: Array of String
types-req: Array of String
types-res: Array of String
contstats
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
contstats: String # Allowed values are enabled
default_backend
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
default_backend: String # Allowed pattern: ^[A-Za-z0-9-_.:]+$
description
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
description: String
disable_h2_upgrade
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
disable_h2_upgrade: String # Allowed values are enabled, disabled
disabled
[boolean]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
disabled: Boolean
dontlog_normal
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
dontlog_normal: String # Allowed values are enabled, disabled
dontlognull
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
dontlognull: String # Allowed values are enabled, disabled
email_alert
[object]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
email_alert:
from: String # Allowed pattern: ^\S+@\S+$
level: String # Allowed values are emerg, alert, crit, err, warning, notice, info, debug
mailers: String
myhostname: String
to: String # Allowed pattern: ^\S+@\S+$
enabled
[boolean]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
enabled: Boolean
error_files
[array]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
error_files:
- code: Integer 200400401403404405407408410413425429500501502503504
file: String
error_log_format
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
error_log_format: String
errorfiles_from_http_errors
[array]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
errorfiles_from_http_errors:
- codes: Array of Integer
name: String
errorloc302
[object]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
errorloc302:
code: Integer 200400401403404405407408410413425429500501502503504
url: String
errorloc303
[object]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
errorloc303:
code: Integer 200400401403404405407408410413425429500501502503504
url: String
filter_list
[array]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
filter_list:
- app_name: String # Allowed pattern: ^[^\s]+$
bandwidth_limit_name: String # Allowed pattern: ^[^\s]+$
cache_name: String # Allowed pattern: ^[^\s]+$
default_limit: Integer
default_period: Integer
key: String
limit: Integer
min_size: Integer
spoe_config: String # Allowed pattern: ^[^\s]+$
spoe_engine: String # Allowed pattern: ^[^\s]+$
table: String
trace_hexdump: Boolean
trace_name: String # Allowed pattern: ^[^\s]+$
trace_rnd_forwarding: Boolean
trace_rnd_parsing: Boolean
type: String # Allowed values are bwlim-in, bwlim-out, cache, compression, fcgi-app, spoe, trace
forwardfor
[object]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
forwardfor:
enabled: String # Allowed values are enabled
except: String # Allowed pattern: ^[^\s]+$
header: String # Allowed pattern: ^[^\s]+$
ifnone: Boolean
from
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
from: String # Allowed pattern: ^[A-Za-z0-9-_.:]+$
guid
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
guid: String # Allowed pattern: ^[A-Za-z0-9-_.:]+$
h1_case_adjust_bogus_client
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
h1_case_adjust_bogus_client: String # Allowed values are enabled, disabled
http-buffer-request
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
http-buffer-request: String # Allowed values are enabled, disabled
http-drop-response-trailers
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
http-drop-response-trailers: String # Allowed values are enabled, disabled
http-use-htx
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
http-use-htx: String # Allowed values are enabled, disabled
http_after_response_rule_list
[array]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
http_after_response_rule_list:
- acl_file: String # Allowed pattern: ^[^\s]+$
acl_keyfmt: String # Allowed pattern: ^[^\s]+$
capture_id: Integer
capture_len: Integer
capture_sample: String # Allowed pattern: ^(?:[A-Za-z]+\("([A-Za-z\s]+)"\)|[A-Za-z]+)
cond: String # Allowed values are if, unless
cond_test: String
hdr_format: String
hdr_match: String
hdr_method: String
hdr_name: String
log_level: String # Allowed values are emerg, alert, crit, err, warning, notice, info, debug, silent
map_file: String # Allowed pattern: ^[^\s]+$
map_keyfmt: String # Allowed pattern: ^[^\s]+$
map_valuefmt: String # Allowed pattern: ^[^\s]+$
sc_expr: String
sc_id: Integer
sc_idx: Integer
sc_int: Integer
status: Integer Minimum: 100 Maximum: 999
status_reason: String
strict_mode: String # Allowed values are on, off
type: String # Allowed values are add-header, allow, capture, del-acl, del-header, del-map, replace-header, replace-value, sc-add-gpc, sc-inc-gpc, sc-inc-gpc0, sc-inc-gpc1, sc-set-gpt, sc-set-gpt0, set-header, set-log-level, set-map, set-status, set-var, set-var-fmt, strict-mode, unset-var, do-log
var_expr: String
var_format: String
var_name: String # Allowed pattern: ^[^\s]+$
var_scope: String # Allowed pattern: ^[^\s]+$
http_connection_mode
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
http_connection_mode: String # Allowed values are httpclose, http-server-close, http-keep-alive
http_error_rule_list
[array]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
http_error_rule_list:
return_content: String
return_content_format: String # Allowed values are default-errorfiles, errorfile, errorfiles, file, lf-file, string, lf-string
return_content_type: String
return_hdrs:
- fmt: String
name: String
status: Integer 200400401403404405407408410413425429500501502503504
type: String # Allowed values are status
http_ignore_probes
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
http_ignore_probes: String # Allowed values are enabled, disabled
http_keep_alive_timeout
[integer]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
http_keep_alive_timeout: Integer Minimum: 0
http_no_delay
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
http_no_delay: String # Allowed values are enabled, disabled
http_request_rule_list
[array]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
http_request_rule_list:
- acl_file: String # Allowed pattern: ^[^\s]+$
acl_keyfmt: String # Allowed pattern: ^[^\s]+$
auth_realm: String # Allowed pattern: ^[^\s]+$
bandwidth_limit_limit: String
bandwidth_limit_name: String
bandwidth_limit_period: String
cache_name: String # Allowed pattern: ^[^\s]+$
capture_id: Integer
capture_len: Integer
capture_sample: String # Allowed pattern: ^(?:[A-Za-z]+\("([A-Za-z\s]+)"\)|[A-Za-z]+)
cond: String # Allowed values are if, unless
cond_test: String
deny_status: Integer Minimum: 200 Maximum: 599
expr: String
hdr_format: String
hdr_match: String
hdr_method: String
hdr_name: String
hint_format: String # Allowed pattern: ^[^\s]+$
hint_name: String # Allowed pattern: ^[^\s]+$
log_level: String # Allowed values are emerg, alert, crit, err, warning, notice, info, debug, silent
lua_action: String # Allowed pattern: ^[^\s]+$
lua_params: String
map_file: String # Allowed pattern: ^[^\s]+$
map_keyfmt: String # Allowed pattern: ^[^\s]+$
map_valuefmt: String # Allowed pattern: ^[^\s]+$
mark_value: String # Allowed pattern: ^(0x[0-9A-Fa-f]+|[0-9]+)$
method_fmt: String # Allowed pattern: ^[^\s]+$
nice_value: Integer Minimum: -1024 Maximum: 1024
normalizer: String # Allowed values are fragment-encode, fragment-strip, path-merge-slashes, path-strip-dot, path-strip-dotdot, percent-decode-unreserved, percent-to-uppercase, query-sort-by-name
normalizer_full: Boolean
normalizer_strict: Boolean
path_fmt: String # Allowed pattern: ^[^\s]+$
path_match: String # Allowed pattern: ^[^\s]+$
protocol: String # Allowed values are ipv4, ipv6
query-fmt: String
redir_code: Integer 301302303307308
redir_option: String
redir_type: String # Allowed values are location, prefix, scheme
redir_value: String # Allowed pattern: ^[^\s]+$
resolvers: String
return_content: String
return_content_format: String # Allowed values are default-errorfiles, errorfile, errorfiles, file, lf-file, string, lf-string
return_content_type: String
return_hdrs:
- fmt: String
name: String
return_status_code: Integer Minimum: 200 Maximum: 599
rst_ttl: Integer
sc_expr: String
sc_id: Integer
sc_idx: Integer
sc_int: Integer
service_name: String
spoe_engine: String # Allowed pattern: ^[^\s]+$
spoe_group: String # Allowed pattern: ^[^\s]+$
strict_mode: String # Allowed values are on, off
timeout: String
timeout_type: String # Allowed values are server, tunnel, client
tos_value: String # Allowed pattern: ^(0x[0-9A-Fa-f]+|[0-9]+)$
track_sc_key: String # Allowed pattern: ^[^\s]+$
track_sc_stick_counter: Integer
track_sc_table: String # Allowed pattern: ^[^\s]+$
type: String # Allowed values are add-acl, add-header, allow, auth, cache-use, capture, del-acl, del-header, del-map, deny, disable-l7-retry, do-resolve, early-hint, lua, normalize-uri, pause, redirect, reject, replace-header, replace-path, replace-pathq, replace-uri, replace-value, return, sc-add-gpc, sc-inc-gpc, sc-inc-gpc0, sc-inc-gpc1, sc-set-gpt, sc-set-gpt0, send-spoe-group, set-bc-mark, set-bc-tos, set-dst, set-dst-port, set-fc-mark, set-fc-tos, set-header, set-log-level, set-map, set-mark, set-method, set-nice, set-path, set-pathq, set-priority-class, set-priority-offset, set-query, set-src, set-src-port, set-timeout, set-tos, set-uri, set-var, set-var-fmt, silent-drop, strict-mode, tarpit, track-sc, unset-var, use-service, wait-for-body, wait-for-handshake, set-bandwidth-limit, set-retries, do-log
uri-fmt: String
uri-match: String
var_expr: String
var_format: String
var_name: String # Allowed pattern: ^[^\s]+$
var_scope: String # Allowed pattern: ^[^\s]+$
wait_at_least: Integer
wait_time: Integer Minimum: 0
http_request_timeout
[integer]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
http_request_timeout: Integer Minimum: 0
http_response_rule_list
[array]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
http_response_rule_list:
- acl_file: String # Allowed pattern: ^[^\s]+$
acl_keyfmt: String # Allowed pattern: ^[^\s]+$
bandwidth_limit_limit: String
bandwidth_limit_name: String
bandwidth_limit_period: String
cache_name: String # Allowed pattern: ^[^\s]+$
capture_id: Integer
capture_sample: String # Allowed pattern: ^[^\s]+$
cond: String # Allowed values are if, unless
cond_test: String
deny_status: Integer Minimum: 200 Maximum: 599
expr: String
hdr_format: String
hdr_match: String
hdr_method: String
hdr_name: String
log_level: String # Allowed values are emerg, alert, crit, err, warning, notice, info, debug, silent
lua_action: String # Allowed pattern: ^[^\s]+$
lua_params: String
map_file: String # Allowed pattern: ^[^\s]+$
map_keyfmt: String # Allowed pattern: ^[^\s]+$
map_valuefmt: String # Allowed pattern: ^[^\s]+$
mark_value: String # Allowed pattern: ^(0x[0-9A-Fa-f]+|[0-9]+)$
nice_value: Integer Minimum: -1024 Maximum: 1024
redir_code: Integer 301302303307308
redir_option: String
redir_type: String # Allowed values are location, prefix, scheme
redir_value: String # Allowed pattern: ^[^\s]+$
return_content: String
return_content_format: String # Allowed values are default-errorfiles, errorfile, errorfiles, file, lf-file, string, lf-string
return_content_type: String
return_hdrs:
- fmt: String
name: String
return_status_code: Integer Minimum: 200 Maximum: 599
rst_ttl: Integer
sc_expr: String
sc_id: Integer
sc_idx: Integer
sc_int: Integer
spoe_engine: String # Allowed pattern: ^[^\s]+$
spoe_group: String # Allowed pattern: ^[^\s]+$
status: Integer Minimum: 100 Maximum: 999
status_reason: String
strict_mode: String # Allowed values are on, off
timeout: String
timeout_type: String # Allowed values are server, tunnel, client
tos_value: String # Allowed pattern: ^(0x[0-9A-Fa-f]+|[0-9]+)$
track_sc_key: String # Allowed pattern: ^[^\s]+$
track_sc_stick_counter: Integer
track_sc_table: String # Allowed pattern: ^[^\s]+$
type: String # Allowed values are add-acl, add-header, allow, cache-store, capture, del-acl, del-header, del-map, deny, lua, pause, redirect, replace-header, replace-value, return, sc-add-gpc, sc-inc-gpc, sc-inc-gpc0, sc-inc-gpc1, sc-set-gpt, sc-set-gpt0, send-spoe-group, set-fc-mark, set-fc-tos, set-header, set-log-level, set-map, set-mark, set-nice, set-status, set-timeout, set-tos, set-var, set-var-fmt, silent-drop, strict-mode, track-sc, unset-var, wait-for-body, set-bandwidth-limit, do-log
var_expr: String
var_format: String
var_name: String # Allowed pattern: ^[^\s]+$
var_scope: String # Allowed pattern: ^[^\s]+$
wait_at_least: Integer
wait_time: Integer Minimum: 0
http_restrict_req_hdr_names
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
http_restrict_req_hdr_names: String # Allowed values are preserve, delete, reject
http_use_proxy_header
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
http_use_proxy_header: String # Allowed values are enabled, disabled
httplog
[boolean]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
httplog: Boolean
httpslog
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
httpslog: String # Allowed values are enabled, disabled
id
[integer]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
id: Integer
idle_close_on_response
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
idle_close_on_response: String # Allowed values are enabled, disabled
independent_streams
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
independent_streams: String # Allowed values are enabled, disabled
log_format
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
log_format: String
log_format_sd
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
log_format_sd: String
log_separate_errors
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
log_separate_errors: String # Allowed values are enabled, disabled
log_steps
[array]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
log_steps: Array of String
log_tag
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
log_tag: String # Allowed pattern: ^[A-Za-z0-9-_.:]+$
log_target_list
[array]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
log_target_list:
- address: String # Allowed pattern: ^[^\s]+$
facility: String # Allowed values are kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, auth2, ftp, ntp, audit, alert, cron2, local0, local1, local2, local3, local4, local5, local6, local7
format: String # Allowed values are local, rfc3164, rfc5424, priority, short, timed, iso, raw
global: Boolean
length: Integer
level: String # Allowed values are emerg, alert, crit, err, warning, notice, info, debug
minlevel: String # Allowed values are emerg, alert, crit, err, warning, notice, info, debug
nolog: Boolean
profile: String
sample_range: String
sample_size: Integer
logasap
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
logasap: String # Allowed values are enabled, disabled
maxconn
[integer]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
maxconn: Integer
metadata
[]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
metadata:
mode
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
mode: String # Allowed values are http, tcp
monitor_fail
[object]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
monitor_fail:
cond: String # Allowed values are if, unless
cond_test: String
monitor_uri
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
monitor_uri: String
name
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
name: String # Allowed pattern: ^[A-Za-z0-9-_.:]+$
nolinger
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
nolinger: String # Allowed values are enabled, disabled
originalto
[object]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
originalto:
enabled: String # Allowed values are enabled
except: String # Allowed pattern: ^[^\s]+$
header: String # Allowed pattern: ^[^\s]+$
quic_initial_rule_list
[array]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
quic_initial_rule_list:
- cond: String # Allowed values are if, unless
cond_test: String
type: String # Allowed values are reject, accept, send-retry, dgram-drop
socket_stats
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
socket_stats: String # Allowed values are enabled, disabled
splice_auto
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
splice_auto: String # Allowed values are enabled, disabled
splice_request
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
splice_request: String # Allowed values are enabled, disabled
splice_response
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
splice_response: String # Allowed values are enabled, disabled
ssl_front_use_list
[array]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
ssl_front_use_list:
- allow_0rtt: Boolean
alpn: String
ca_file: String
certificate: String # Allowed pattern: ^[^\s]+$
ciphers: String
ciphersuites: String
client_sigalgs: String
crl_file: String
curves: String
ecdhe: String
issuer: String
key: String
no_alpn: Boolean
no_ca_names: Boolean
npn: String
ocsp: String
ocsp_update: String # Allowed values are enabled, disabled
sctl: String
sigalgs: String
ssl_max_ver: String # Allowed values are SSLv3, TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3
ssl_min_ver: String # Allowed values are SSLv3, TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3
verify: String # Allowed values are none, optional, required
stats_options
[object]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
stats_options:
stats_admin: Boolean
stats_admin_cond: String # Allowed values are if, unless
stats_admin_cond_test: String
stats_auths:
- passwd: String
user: String
stats_enable: Boolean
stats_hide_version: Boolean
stats_http_requests:
- cond: String
cond_test: String
realm: String
type: String # Allowed values are allow, deny, auth
stats_maxconn: Integer Minimum: 1
stats_realm: Boolean
stats_realm_realm: String
stats_refresh_delay: Integer Minimum: 0
stats_show_desc: String
stats_show_legends: Boolean
stats_show_modules: Boolean
stats_show_node_name: String # Allowed pattern: ^[^\s]+$
stats_uri_prefix: String # Allowed pattern: ^[^\s]+$
stick_table
[object]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
stick_table:
expire: Integer Minimum: 0
keylen: Integer
nopurge: Boolean
peers: String # Allowed pattern: ^[^\s]+$
recv_only: Boolean
size: Integer Minimum: 0
srvkey: String # Allowed values are addr, name
store: String # Allowed pattern: ^[^\s]+$
type: String # Allowed values are ip, ipv6, integer, string, binary
write_to: String # Allowed pattern: ^[^\s]+$
tarpit_timeout
[integer]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
tarpit_timeout: Integer Minimum: 0
tcp_request_rule_list
[array]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
tcp_request_rule_list:
- action: String # Allowed values are accept, attach-srv, capture, do-resolve, expect-netscaler-cip, expect-proxy, lua, reject, sc-add-gpc, sc-inc-gpc, sc-inc-gpc0, sc-inc-gpc1, sc-set-gpt, sc-set-gpt0, send-spoe-group, set-bandwidth-limit, set-bc-mark, set-bc-tos, set-dst-port, set-dst, set-fc-mark, set-fc-tos, set-log-level, set-mark, set-nice, set-priority-class, set-priority-offset, set-src, set-src-port, set-tos, set-var, set-var-fmt, silent-drop, switch-mode, track-sc, unset-var, use-service, set-retries, do-log
bandwidth_limit_limit: String
bandwidth_limit_name: String
bandwidth_limit_period: String
capture_len: Integer
capture_sample: String # Allowed pattern: ^(?:[A-Za-z]+\("([A-Za-z\s]+)"\)|[A-Za-z]+)
cond: String # Allowed values are if, unless
cond_test: String
expr: String
gpt_value: String
log_level: String # Allowed values are emerg, alert, crit, err, warning, notice, info, debug, silent
lua_action: String # Allowed pattern: ^[^\s]+$
lua_params: String
mark_value: String # Allowed pattern: ^(0x[0-9A-Fa-f]+|[0-9]+)$
nice_value: Integer Minimum: -1024 Maximum: 1024
resolve_protocol: String # Allowed values are ipv4, ipv6
resolve_resolvers: String
resolve_var: String
rst_ttl: Integer
sc_idx: String
sc_inc_id: String
sc_int: Integer
server_name: String
service_name: String
spoe_engine_name: String
spoe_group_name: String
switch_mode_proto: String
timeout: Integer
tos_value: String # Allowed pattern: ^(0x[0-9A-Fa-f]+|[0-9]+)$
track_key: String
track_stick_counter: Integer
track_table: String
type: String # Allowed values are connection, content, inspect-delay, session
var_format: String
var_name: String # Allowed pattern: ^[^\s]+$
var_scope: String # Allowed pattern: ^[^\s]+$
tcp_smart_accept
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
tcp_smart_accept: String # Allowed values are enabled, disabled
tcpka
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
tcpka: String # Allowed values are enabled, disabled
tcplog
[boolean]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
tcplog: Boolean
unique_id_format
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
unique_id_format: String
unique_id_header
[string]
apiVersion: "ingress.v3.haproxy.org/v3"
kind: Frontend
metadata:
name: example-frontend-crd
namespace: default
spec:
unique_id_header: String
Do you have any suggestions on how we can improve the content of this page?