Configuration reference

Global CRD

On this page

Selected version

Available since

version 1.7

The Global custom resource extends the Kubernetes API to let you manage process-level options for the ingress controller.

Install the Global custom resource Jump to heading

Before you can use the Global custom resource, you must install its definition into your Kubernetes cluster.

  1. Download the v1-9 Global custom resource filev1-8 Global custom resource filev1-7 Global custom resource file.

  2. Install the custom resource definition with kubectl apply:

    Community ingress controller

    bash
    kubectl apply -f globals.core.haproxy.org.yaml
    bash
    kubectl apply -f globals.core.haproxy.org.yaml
    bash
    kubectl apply -f global.yaml
    bash
    kubectl apply -f global.yaml
    bash
    kubectl apply -f global.yaml
    bash
    kubectl apply -f global.yaml

  3. Verify that the installation worked by listing custom resources defined in your cluster:

    bash
    kubectl get crd
    bash
    kubectl get crd
    output
    bash
    NAME                        CREATED AT
    globals.core.haproxy.org    2022-06-01T16:56:57Z
    output
    bash
    NAME                        CREATED AT
    globals.core.haproxy.org    2022-06-01T16:56:57Z

Use the Global custom resource Jump to heading

With the Global custom resource, you can tune process-level options for the ingress controller. To use it:

  1. Create a YAML file that declares a Global resource and add properties to its spec.config section.

    In the example below, the maxconn property limits how many concurrent TCP connections the ingress controller will accept.

    example-global.yaml
    yaml
       apiVersion: "core.haproxy.org/v1alpha2"
       kind: Global
       metadata:
       name: example-global
       namespace: default
       spec:
       config:
          maxconn: 60000
    example-global.yaml
    yaml
       apiVersion: "core.haproxy.org/v1alpha2"
       kind: Global
       metadata:
       name: example-global
       namespace: default
       spec:
       config:
          maxconn: 60000
    example-global.yaml
    yaml
       apiVersion: "core.haproxy.org/v1alpha1"
       kind: Global
       metadata:
       name: example-global
       namespace: default
       spec:
       config:
          maxconn: 60000
    example-global.yaml
    yaml
       apiVersion: "core.haproxy.org/v1alpha1"
       kind: Global
       metadata:
       name: example-global
       namespace: default
       spec:
       config:
          maxconn: 60000
    example-global.yaml
    yaml
       apiVersion: "core.haproxy.org/v1alpha1"
       kind: Global
       metadata:
       name: example-global
       namespace: default
       spec:
       config:
          maxconn: 60000
    example-global.yaml
    yaml
       apiVersion: "core.haproxy.org/v1alpha1"
       kind: Global
       metadata:
       name: example-global
       namespace: default
       spec:
       config:
          maxconn: 60000

  2. Deploy it to your cluster using kubectl apply.

    bash
    kubectl apply -f example-global.yaml
    bash
    kubectl apply -f example-global.yaml

  3. Create a new ConfigMap with the name haproxy-kubernetes-ingress to override the one that ships with the ingress controller. Add the cr-global key to the data section to implement the global properties.

    example-configmap.yaml
    yaml
       apiVersion: v1
       kind: ConfigMap
       metadata:
          name: haproxy-kubernetes-ingress
          namespace: haproxy-controller
       data:
          cr-global: default/example-global
    example-configmap.yaml
    yaml
       apiVersion: v1
       kind: ConfigMap
       metadata:
          name: haproxy-kubernetes-ingress
          namespace: haproxy-controller
       data:
          cr-global: default/example-global

  4. Update the ConfigMap in your cluster by using kubectl apply.

    bash
       kubectl apply -f  example-configmap.yaml
    bash
       kubectl apply -f  example-configmap.yaml

Global custom resource reference Jump to heading

  • CRD version:
  • API version:

busy_polling

Type: boolean

ca_base

Type: string

chroot

Type: string
Constraints
  • Must match pattern: ^[^\s]+$

cpu_maps

Type: array
Required properties
  • process
  • cpu_set
Child properties
  • cpu_set (*string*)
  • process (*string*)

crt_base

Type: string

daemon

Type: string
Values
  • enabled
  • disabled

external_check

Type: boolean

gid

Type: integer

group

Type: string
Constraints
  • Must match pattern: ^[^\s]+$

h1_case_adjust

Type: array
Required properties
  • from
  • to
Child properties
  • from (*string*)
  • to (*string*)

h1_case_adjust_file

Type: string

hard_stop_after

Type: integer

localpeer

Type: string
Constraints
  • Must match pattern: ^[^\s]+$

log_send_hostname

Type: object
Child properties
  • enabled string
    • Values
    • enabled
    • disabled
  • param string
    • Constraints
    • Must match pattern: ^[^\s]+$

lua_loads

Type: array
Required properties
  • file
Child properties
  • file (*string*)

lua_prepend_path

Type: array
Required properties
  • path
Child properties
  • path (*string*)
  • type (*string*) Values
    • path
    • cpath

master-worker

Type: boolean

max_spread_checks

Type: integer

maxcompcpuusage

Type: integer

maxcomprate

Type: integer

maxconn

Type: integer

maxconnrate

Type: integer

maxpipes

Type: integer

maxsessrate

Type: integer

maxsslconn

Type: integer

maxsslrate

Type: integer

maxzlibmem

Type: integer

nbproc

Type: integer

nbthread

Type: integer

noepoll

Type: boolean

noevports

Type: boolean

nogetaddrinfo

Type: boolean

nokqueue

Type: boolean

nopoll

Type: boolean

noreuseport

Type: boolean

nosplice

Type: boolean

pidfile

Type: string

profiling_tasks

Type: string
Values
  • auto
  • on
  • off

runtime_apis

Type: array
Required properties
  • address
Child properties
  • address (*string*)
  • mode (*string*)
  • level (*string*) Values
    • user
    • operator
    • admin
  • process (*string*)
  • exposeFdListeners (*boolean*)

server_state_base

Type: string
Constraints
  • Must match pattern: ^[^\s]+$

server_state_file

Type: string
Constraints
  • Must match pattern: ^[^\s]+$

spread_checks

Type: integer

ssl_default_bind_ciphers

Type: string

ssl_default_bind_ciphersuites

Type: string

ssl_default_bind_options

Type: string

ssl_default_server_ciphers

Type: string

ssl_default_server_ciphersuites

Type: string

ssl_default_server_options

Type: string

ssl_mode_async

Type: string
Values
  • enabled
  • disabled

stats_timeout

Type: integer

tune_options

Type: object
Child properties
  • buffers_limit integer
  • buffers_reserve integer
  • bufsize integer
  • comp_maxlevel integer
  • fail_alloc boolean
  • h2_header_table_size integer
  • h2_initial_window_size integer
  • h2_max_concurrent_streams integer
  • h2_max_frame_size integer
  • http_cookielen integer
  • http_logurilen integer
  • http_maxhdr integer
  • idle_pool_shared string
    • Values
    • enabled
    • disabled
  • idletimer integer
  • listener_multi_queue string
    • Values
    • enabled
    • disabled
  • lua_forced_yield integer
  • lua_maxmem boolean
  • lua_service_timeout integer
  • lua_session_timeout integer
  • lua_task_timeout integer
  • maxaccept integer
  • maxpollevents integer
  • maxrewrite integer
  • pattern_cache_size integer
  • pipesize integer
  • pool_high_fd_ratio integer
  • pool_low_fd_ratio integer
  • rcvbuf_client integer
  • rcvbuf_server integer
  • recv_enough integer
  • runqueue_depth integer
  • sched_low_latency string
    • Values
    • enabled
    • disabled
  • sndbuf_client integer
  • sndbuf_server integer
  • ssl_cachesize integer
  • ssl_capture_buffer_size integer
  • ssl_ctx_cache_size integer
  • ssl_default_dh_param integer
  • ssl_force_private_cache boolean
  • ssl_keylog string
    • Values
    • enabled
    • disabled
  • ssl_lifetime integer
  • ssl_maxrecord integer
  • vars_global_max_size integer
  • vars_proc_max_size integer
  • vars_reqres_max_size integer
  • vars_sess_max_size integer
  • vars_txn_max_size integer
  • zlib_memlevel integer
  • zlib_windowsize integer

tune_ssl_default_dh_param

Type: integer

uid

Type: integer

user

Type: string
Constraints
  • Must match pattern: ^[^\s]+$

chroot

Type: string
Constraints
  • Must match pattern: ^[^\s]+$

group

Type: string
Constraints
  • Must match pattern: ^[^\s]+$

hard_stop_after

Type: integer

user

Type: string
Constraints
  • Must match pattern: ^[^\s]+$

daemon

Type: string
Values
  • enabled
  • disabled

nbproc

Type: integer

nbthread

Type: integer

master-worker

Type: boolean

external_check

Type: boolean

pidfile

Type: string

maxconn

Type: integer

server_state_base

Type: string
Constraints
  • Must match pattern: ^[^\s]+$

tune_ssl_default_dh_param

Type: integer

ssl_default_bind_options

Type: string

ssl_default_bind_ciphers

Type: string

ssl_default_bind_ciphersuites

Type: string

ssl_default_server_options

Type: string

ssl_default_server_ciphers

Type: string

ssl_default_server_ciphersuites

Type: string

ssl_mode_async

Type: string
Values
  • enabled
  • disabled

cpu_maps

Type: array
Required properties
  • process
  • cpu_set
Child properties
  • process (*string*)
  • cpu_set (*string*)

runtime_apis

Type: array
Required properties
  • address
Child properties
  • address (*string*)
  • mode (*string*)
  • level (*string*) Values
    • user
    • operator
    • admin
  • process (*string*)
  • exposeFdListeners (*boolean*)

stats_timeout

Type: integer

lua_loads

Type: array
Required properties
  • file
Child properties
  • file (*string*)

log_send_hostname

Type: object
Child properties
  • enabled string
    • Values
    • enabled
    • disabled
  • param string
    • Constraints
    • Must match pattern: ^[^\s]+$

chroot

Type: string
Constraints
  • Must match pattern: ^[^\s]+$

group

Type: string
Constraints
  • Must match pattern: ^[^\s]+$

hard_stop_after

Type: integer

user

Type: string
Constraints
  • Must match pattern: ^[^\s]+$

daemon

Type: string
Values
  • enabled
  • disabled

nbproc

Type: integer

nbthread

Type: integer

master-worker

Type: boolean

external_check

Type: boolean

pidfile

Type: string

maxconn

Type: integer

server_state_base

Type: string
Constraints
  • Must match pattern: ^[^\s]+$

tune_ssl_default_dh_param

Type: integer

ssl_default_bind_options

Type: string

ssl_default_bind_ciphers

Type: string

ssl_default_bind_ciphersuites

Type: string

ssl_default_server_options

Type: string

ssl_default_server_ciphers

Type: string

ssl_default_server_ciphersuites

Type: string

ssl_mode_async

Type: string
Values
  • enabled
  • disabled

cpu_maps

Type: array
Required properties
  • process
  • cpu_set
Child properties
  • process (*string*)
  • cpu_set (*string*)

runtime_apis

Type: array
Required properties
  • address
Child properties
  • address (*string*)
  • mode (*string*)
  • level (*string*) Values
    • user
    • operator
    • admin
  • process (*string*)
  • exposeFdListeners (*boolean*)

stats_timeout

Type: integer

lua_loads

Type: array
Required properties
  • file
Child properties
  • file (*string*)

log_send_hostname

Type: object
Child properties
  • enabled string
    • Values
    • enabled
    • disabled
  • param string
    • Constraints
    • Must match pattern: ^[^\s]+$

If this page was useful, please, Leave the feedback.

Previous page Defaults CRD Next page Ingress annotations
© 2023 HAProxy Technologies, LLC. All Rights Reserved
Manage Cookie Preferences