ConfigMap Options

These options can be stored in a ConfigMap to change the ingress controller's global behavior, affecting all Ingress routes.

A ConfigMap is created during the installation and you can find it with the kubectl get configmaps command.

$ kubectl get configmaps

NAME                         DATA   AGE
haproxy-kubernetes-ingress   0      13s

You can overwrite it by applying your own ConfigMap resource with the same name:

$ kubectl apply -f my-configmap.yaml

blacklist

Blocks given IP addresses and/or IP address ranges.

Values
  • Comma-separated list of IP addresses and/or CIDR ranges

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  blacklist: "192.168.1.0/24, 192.168.2.100"

check

Enables TCP level health checks on pods and attempts a TCP connection periodically.

Values
  • true (default)

  • false

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  check: "true"

check-http

Enables HTTP level health checks on pods and sends an HTTP request periodically. The check setting must be true.

Values
  • URI to make HTTP requests to, e.g. /health

  • URI with method, e.g. HEAD /health

  • URI, method and HTTP version, e.g. HEAD /health HTTP/1.1

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  check: "true"
  check-http: "/health"

check-interval

Sets the interval between health checks when check is enabled.

Values
  • Integer with time unit suffix (1m = 1 minute, 10s = 10 seconds)

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  check: "true"
  check-interval: "1m"

dontlognull

Do not log connections that sends no data, which can happen with monitoring systems.

Values
  • true (default)

  • false

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  dontlognull: "true"

forwarded-for

Adds the X-Forwarded-For HTTP header to requests to capture and relay the client's source IP address to backend pods.

Values
  • true (default)

  • false

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  forwarded-for: "true"

http-keep-alive

Enables HTTP Keep-Alive both from the client to HAProxy and from HAProxy to the backend.

Values
  • true (default)

  • false

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  http-keep-alive: "true"

http-server-close

Disables HTTP Keep-Alive between HAProxy and the backend, while allowing it to stay enabled from the client to HAProxy.

Values
  • true

  • false (default)

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  http-server-close: "true"

load-balance

Sets the load-balancing algorithm to use.

Values
  • roundrobin (default)

  • static-rr

  • leastconn

  • first

  • source

  • uri

  • url_param

  • hdr([name])

  • random

  • random([draws])

  • rdp-cookie

  • rdp-cookie([name])

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
    load-balance: "leastconn"

log-format

Sets the log format string to use for HTTP traffic.

Values

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  log-format: "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs \"%HM %[var(txn.base)] %HV\""

logasap

Logs request and response data as soon as the server returns a complete set of HTTP response headers, instead of waiting for the response to finish sending all data.

Values
  • true

  • false (default)

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  logasap: "true"

maxconn

Sets the maximum number of concurrent connections that HAProxy will accept.

Values
  • An integer setting the allowed number of concurrent connections

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  maxconn: "2000"

nbthread

Sets the number of worker threads that the HAProxy process will start. If not set, HAProxy will create a thread for each available processor.

Values
  • An integer setting the number of worker threads

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  nbthread: "8"

proxy-protocol

Enables Proxy Protocol for a comma-delimited list of IP addresses and/or CIDR ranges.

Values
  • A list of IP addresses and/or CIDR ranges

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  proxy-protocol: "192.168.1.0/24, 192.168.2.100"

rate-limit-period

Sets the period of time over which requests are tracked for a given source IP address.

Values
  • Integer with unit of time (1s = 1 second, 1m = 1 minute); Defaults to 1 second

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  rate-limit-period: "1m"

rate-limit-requests

Sets the maximum number of requests that will be accepted from a source IP address during the rate-limit-period.

Values
  • An integer representing the maximum number of requests to accept

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  rate-limit-requests: 15

rate-limit-size

Sets how many source IP addresses to track, after which older entries are replaced by new entries.

Values
  • An integer defining how many IP addresses to track for rate limiting; Defaults to 100,000

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  rate-limit-size: 1000000

request-capture

When you include %hr in the log-format string, which is included in the default log format, it captures custom information in the logs, which you define with this field. For example, you can capture specific cookie values or HTTP header values.

Values
  • A header value, e.g. hrd(header-name)

  • A cookie value, e.g. cookie(cookie-name)

  • Multiple expressions by using a multiline YAML string

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  # capturing a single value
  request-capture: cookie(my-cookie)

  # capturing multiple values
  request-capture: |-
    cookie(my-cookie)
    hdr(Host)
    hdr(User-Agent)

request-capture-len

Sets how many characters to allocate for fields captured by request-capture.

Values
  • An integer representing the number of characters for captured fields; Defaults to 128

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  request-capture: cookie(my-cookie)
  request-capture-len: 350

request-set-header

Sets an HTTP header in the request before it is passed to the backend service.

Values
  • The name of the field, following by its value, e.g. Ingress-ID abcd123

  • Multiple headers can be set using a multiline YAML string

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  # single header
  request-set-header: Ingress-ID abcd123

  # Multiple headers
  request-set-header: |-
    Ingress-ID abcd123
    Another-Header 12345

response-set-header

Sets an HTTP header in the response before it is passed to the client.

Values
  • The name of the field, following by its value, e.g. Cache-Control "no-store,no-cache,private"

  • Multiple headers can be set using a multiline YAML string

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  # single header
  response-set-header: Cache-Control "no-store,no-cache,private"

  # Multiple headers
  response-set-header: |-
    Cache-Control "no-store,no-cache,private"
    Strict-Transport-Security "max-age=31536000"

server-ssl

Enables SSL to pods.

Values
  • true

  • false (default)

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  server-ssl: "true"

servers-increment

Sets the number of disabled servers to add to the backend in order for the controller to insert new pods dynamically without a reload. When the ingress controller creates new pods and there are not enough disabled servers standing by, it adds X new disabled servers, where X is specified here.

Values
  • Integer value indicating the number of disabled servers to add. Defaults to 42.

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  servers-increment: 75

ssl-certificate

Sets the name of the Kubernetes secret that contains both the TLS key and certificate.

Values
  • Name of Kubernetes secret

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  ssl-certificate: "default/tls-secret"

ssl-passthrough

Passes SSL/TLS traffic through at Layer 4 directly to the backend service without Layer 7 inspection.

Values
  • true

  • false (default)

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  ssl-passthrough: "true"

ssl-redirect

Sets whether to redirect traffic from HTTP to HTTPS. By default, this is activated when ssl-certificate is set.

Values
  • true

  • false (default)

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  ssl-redirect: "false"
  ssl-certificate: "default/tls-secret"

ssl-redirect-code

Sets the HTTP status code to use when ssl-redirect is true.

Values
  • 301

  • 302 (default)

  • 303

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  ssl-redirect: "true"
  ssl-certificate: "default/tls-secret"
  ssl-redirect-code: "301"

syslog-server

Sets one or more Syslog servers where logs should be forwarded. Each server is placed onto its own line. A line supports the following arguments, which are separated by commas:

Values
  • address - IP address where the syslog server is listening; Required; Defaults to 127.0.0.1.

  • facility - One of the 24 syslog facilities (kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, auth2, ftp, ntp, audit, alert, con2, local0, local1, local2, local3, local4, local5, local6, local7); In general, you will want to use one of the localX values, since the others are registered for specific types of applications; Required; Defaults to local0.

  • format - Syslog format, one of the following - rfc3164, rfc5424, short, raw; Defaults to rfc3164.

  • length - Maximum syslog line length; Defaults to 1024.

  • level - Maximum verbosity level to filter outgoing messages; Only messages with a severity at least as important as this level will be sent; Use one of the following - emerg, alert, crit, err, warning, notice, info, debug; Defaults to 'notice'.

  • minlevel - Minimum verbosity level. Logs emitted with a more severe level than this one will be capped to this level.

  • port - Port number where the syslog server is listening; Defaults to 514.

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  # a single entry
  syslog-server: address:192.158.1.1, port:514, facility:local0

  # log to stdout
  syslog-server: address:stdout, format: raw, facility:daemon

  # multiple entries
  syslog-server: |-
    address:127.0.0.1, port:514, facility:local0
    address:192.168.1.1, port:514, facility:local1

timeout-check

Sets an additional check timeout, but only after a connection has been already established.

Values
  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour)

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  timeout-check: 5s

timeout-client

Set the maximum inactivity time on the client side.

Values
  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 50s

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  timeout-client: 5s

timeout-client-fin

Sets the inactivity timeout on the client side for half-closed connections.

Values
  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour)

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  timeout-client-fin: 5s

timeout-connect

Sets the maximum time to wait for a connection attempt to a server to succeed.

Values
  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 5s

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  timeout-connect: 5s

timeout-http-request

Sets the maximum allowed time to wait for a complete HTTP request.

Values
  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 5s

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  timeout-http-request: 5s

timeout-http-keep-alive

Sets the maximum allowed time to wait for a new HTTP request to appear.

Values
  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 1m

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  timeout-http-keep-alive: 5s

timeout-queue

Sets the maximum time to wait in the queue for a connection slot to be free.

Values
  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 5s

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  timeout-queue: 5s

timeout-server

Sets the maximum inactivity time on the server side.

Values
  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 50s

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  timeout-server: 5s

timeout-server-fin

Sets the inactivity timeout on the server side for half-closed connections.

Values
  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour)

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  timeout-server-fin: 5s

timeout-tunnel

Set the maximum inactivity time on the client and server side for tunnels.

Values
  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 1h

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  timeout-tunnel: 30m

whitelist

Sets a list of IP addresses or CIDRs to exclude from deny rules, such as rate limiting.

Values
  • Comma-separated list of IP addresses and/or CIDR ranges

Example

apiVersion: v1
  kind: ConfigMap
  metadata:
  name: haproxy-kubernetes-ingress
  namespace: default
data:
  whitelist: "192.168.1.0/24, 192.168.2.100"

Next up

Ingress