Startup arguments

You can customize the HAProxy Kubernetes Ingress Controller by passing these arguments at startup. These affect the lifetime of the process.

--configmap

Sets the ConfigMap object that defines global settings for the ingress controller. An empty ConfigMap is deployed by default and you can see its name by calling kubectl get configmaps. You can either override the default ConfigMap with your own object that uses the same name, or you can set this argument to point to a different ConfigMap. See the ConfigMap Options to learn which values you can store in the ConfigMap.

Values

• The name of the ConfigMap that contains global settings. Defaults to default/haproxy-configmap

--configmap-tcp-services

Sets the ConfigMap that contains mappings for TCP services to proxy through the ingress controller. This ConfigMap contains mappings like this:

apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp
  namespace: haproxy-controller
data:
  3306:                    # Port where the frontend is going to listen to.
    mysql-ns/mysql:3306    # Kubernetes service in the format NS/ServiceName:ServicePort
  389:
    ldap-ns/ldap:389:ssl   # ssl option will enable ssl offloading for target service.
  6379:
    redis-ns/redis:6379

• Ports of TCP services should be exposed on the controller’s Kubernetes service

Values

• The name of the ConfigMap that contains mappings for TCP services

--default-backend-service

The name of the Kubernetes service to send requests to when no Ingress rules match. By default, it uses the builtin HTTP backend.

Values

• The name of the backend service

--pprof

enable pprof endpoint, if default-backend-port is not used 6060 will be used

Values

• this is boolean flag

--default-ssl-certificate

The name of a TLS Secret that contains the certificate to use for SSL/TLS traffic. This can be overridden with the ssl-certificate setting.

Values

• The name of the TLS Secret

--ingress.class

A name to assign to the ingress controller so that Ingress objects can target it apart from other running ingress controllers.

• In kubernetes 1.18+, a new IngressClass resource can be referenced by Ingress objects to target an Ingress Controller. More details can be found in the IngressClass doc entry.

Values

• The name of the ingress class

Helm

helm install intranet haproxytech/kubernetes-ingress \
  --set controller.ingressClass=haproxy

--namespace-blacklist

Namespaces that the ingress controller should not monitor for changes to pods and services.

Values

• The namespace to exclude from monitoring; You can specify this argument multiple times

Helm

helm install haproxy haproxytech/kubernetes-ingress \
  --set-string "controller.extraArgs={--namespace-blacklist=foo}"

--namespace-whitelist

Namespaces that the ingress controller should monitor for changes to pods and service.

Values

• The namespace to monitor; You can specify this argument multiple times

Helm

helm install haproxy haproxytech/kubernetes-ingress \
  --set-string "controller.extraArgs={--namespace-whitelist=foo}"

--publish-service

Copies the ingress controller’s IP address to the ‘Address’ field in all Ingress objects that the controller manages. This is useful for tools like external-dns, which use this information to create DNS records.

Values

• Name of the ingress controller’s service, e.g. default/kubernetes-ingress

--sync-period

The interval at which the controller syncs its configuration with updated Kubernetes objects.

Values

• An integer with unit of time (1s = 1 second, 1m = 1 minute, 1h = 1 hour); Defaults to 5s

Helm

helm install haproxy haproxytech/kubernetes-ingress \
  --set-string "controller.extraArgs={--sync-period=10s}"

--log

The level of logging to perform; Defaults to info

Values

• error

• warning

• info (default)

• debug

• trace

Helm

helm install haproxy haproxytech/kubernetes-ingress \
  --set controller.logging.level=debug

Next up