Configuration

These options can be stored in a ConfigMap, Ingress or Service definition. A ConfigMap affects the behavior of all routes, an Ingress affects a particular route, and a Service affects all routes for a particular service.

Option ConfigMap Ingress Service
blacklist

Blocks given IP addresses and/or IP address ranges.
 
check

Enables TCP level health checks on pods and attempts a TCP connection periodically.
check-http

Enables HTTP level health checks on pods and sends an HTTP request periodically. The check setting must be true.
check-interval

Sets the interval between health checks when check is enabled.
cookie-persistence

Enables persistent connections between a client and a pod by inserting a cookie into the client’s browser that is used to remember which backend pod they connected to before.
dontlognull

Do not log connections that sends no data, which can happen with monitoring systems.
   
forwarded-for

Adds the X-Forwarded-For HTTP header to requests to capture and relay the client’s source IP address to backend pods.
hard-stop-after

Defines the maximum time allowed to perform a clean soft-stop.
   
http-keep-alive

Enables HTTP Keep-Alive both from the client to HAProxy and from HAProxy to the backend.
   
http-server-close

Disables HTTP Keep-Alive between HAProxy and the backend, while allowing it to stay enabled from the client to HAProxy.
   
ingress.class

Targets an ingress controller by class name for this ingress to use.
   
load-balance

Sets the load-balancing algorithm to use.
log-format

Sets the log format string to use for HTTP traffic.
   
logasap

Logs request and response data as soon as the server returns a complete set of HTTP response headers, instead of waiting for the response to finish sending all data.
   
maxconn

Sets the maximum number of concurrent connections that HAProxy will accept.
   
nbthread

Sets the number of worker threads that the HAProxy process will start. If not set, HAProxy will create a thread for each available processor.
   
path-rewrite

Replaces the entire URL path with the given value.
 
pod-maxconn

Sets the maximum number of concurrent backend connections allowed.
   
proxy-protocol

Enables Proxy Protocol for a comma-delimited list of IP addresses and/or CIDR ranges.
   
rate-limit-period

Sets the period of time over which requests are tracked for a given source IP address.
 
rate-limit-requests

Sets the maximum number of requests that will be accepted from a source IP address during the rate-limit-period.

To track the http requests rate, a stick-table named “Ratelimit-" will be created. Example, If the rate-limit-period is set to 2s the name of the table will be "Ratelimit-2000".
 
rate-limit-size

Sets how many source IP addresses to track, after which older entries are replaced by new entries.
 
request-capture

When you include %hr in the log-format string, which is included in the default log format, it captures custom information in the logs, which you define with this field. For example, you can capture specific cookie values or HTTP header values.
 
request-capture-len

Sets how many characters to allocate for fields captured by request-capture.
 
request-set-header

Sets an HTTP header in the request before it is passed to the backend service.
 
response-set-header

Sets an HTTP header in the response before it is passed to the client.
 
server-ssl

Enables SSL to pods.
set-host

Sets the Host header to send to backend services.
 
server-slots

Sets the number of servers slots that should be provisioned on a backend. If this number is greater than available endpoints/addresses, the remaining slots will be disabled (put on stand by), ready to be used dynamically (no reload). if this number is lower then the remaining endpoints/addresses won’t be used.
   
ssl-certificate

Sets the name of the Kubernetes secret that contains both the TLS key and certificate.
   
ssl-passthrough

Passes SSL/TLS traffic through at Layer 4 directly to the backend service without Layer 7 inspection.
ssl-redirect

Sets whether to redirect traffic from HTTP to HTTPS.
 
ssl-redirect-code

Sets the HTTP status code to use when ssl-redirect is true.
 
syslog-server

Sets one or more Syslog servers where logs should be forwarded. Each server is placed onto its own line. A line supports the following arguments, which are separated by commas
   
timeout-check

Sets an additional check timeout, but only after a connection has been already established.
timeout-client

Set the maximum inactivity time on the client side.
   
timeout-client-fin

Sets the inactivity timeout on the client side for half-closed connections.
   
timeout-connect

Sets the maximum time to wait for a connection attempt to a server to succeed.
   
timeout-http-request

Sets the maximum allowed time to wait for a complete HTTP request.
   
timeout-http-keep-alive

Sets the maximum allowed time to wait for a new HTTP request to appear.
   
timeout-queue

Sets the maximum time to wait in the queue for a connection slot to be free.
   
timeout-server

Sets the maximum inactivity time on the server side.
   
timeout-server-fin

Sets the inactivity timeout on the server side for half-closed connections.
   
timeout-tunnel

Set the maximum inactivity time on the client and server side for tunnels.
   
whitelist

Blocks all IP addresses except the whitelisted ones (annotation value).
 

Next up

Controller