Configuration reference
Service annotations
On this page
These annotations can be set in a Kubernetes Service object’s metadata.annotations section to change how requests are routed for a particular service.
Service annotations reference Jump to heading
backend-config-snippet Jump to heading
Available since
version 1.5
Values
- One or more valid HAProxy directives
Default
- No default value
Example
yaml
yaml
check Jump to heading
Available since
version 1.4
Values
- true
- false
Default
- true
Example
yaml
yaml
check-http Jump to heading
Available since
version 1.4
Values
- URI to make HTTP requests to, e.g.
/health - URI with method, e.g.
HEAD /health - URI, method and HTTP version, e.g.
HEAD /health HTTP/1.1
Default
- No default value
Example
yaml
yaml
check-interval Jump to heading
Available since
version 1.4
Values
- Integer with time unit suffix (1m = 1 minute, 10s = 10 seconds)
Default
- No default value
Example
yaml
yaml
cookie-persistence Jump to heading
Available since
version 1.4
- This will insert the following cookie configuration in the corresponding backend
cookie <cookie-name> insert indirect nocache dynamicwith<cookie-name>the value of this annotation.
Values
- A name for the cookie
Default
- No default value
Example
yaml
yaml
cookie-persistence-no-dynamic Jump to heading
Available since
version 3.1
- This will insert the following cookie configuration in the corresponding backend
cookie <cokkie-name> indirect nocache insertwith<cookie-name>the value of this annotation. The server line will haveserver <server-name> <server-address> enabled cookie <server-name>
Values
- A name for the cookie
Default
- No default value
Example
yaml
yaml
forwarded-for Jump to heading
Available since
version 1.4
Values
- true
- false
Default
- true
Example
yaml
yaml
load-balance Jump to heading
Available since
version 1.4
Values
- roundrobin
- static-rr
- leastconn
- first
- source
- uri [path-only] [whole] [len num] [depth num]
- url_param name [check_post num]
- hdr[(name)] [use_domain_only]
- random[(draws)]
- rdp-cookie[(name)]
Default
- roundrobin
Example
yaml
yaml
pod-maxconn Jump to heading
Available since
version 1.4
- NB, If multiple HAProxy instances are running, the maxconn will be pod-maxconn number devided by the number of haproxy instances.
Values
- An integer setting the maximum number of concurrent backend connections
Default
- No default value
Example
yaml
yaml
route-acl Jump to heading
Available since
version 1.6
- In order for the service to be handled by the Ingress Controller, it is still mandatory to put it in an ingress rule. Using only
route-aclwon’t be enough. - Note that this annotation is not compatible with an Ingress having multiple paths that will match a request. Without this annotation, the precedence is given first to the longest matching path. But with the annotation, the first use_backend rule in the config that matches the request will be used.
Values
- A string describing an in-line HAProxy ACL.
Default
- No default value
Example
yaml
yaml
scale-server-slots Jump to heading
Available since
version 1.4
- Equivalent old annotations are
servers-incrementandserver-slots
Values
- Integer value indicating the number of backend servers to provision. Defaults to 42.
Default
- 42
Example
yaml
yaml
send-proxy-protocol Jump to heading
Available since
version 1.5
Values
- proxy - Uses PROXY v1
- proxy-v1 - Uses PROXY v1
- proxy-v2 - Uses PROXY v2
- proxy-v2-ssl Uses PROXY v2 with SSL information extension
- proxy-v2-ssl-cn Uses PROXY v2 with SSL and Common Name information extension
Default
- No default value
Example
yaml
yaml
server-ca Jump to heading
Available since
version 1.5
- When used with server-crt resulting configuration provides mutual TLS authentication (mTLS).
- The secret must use ‘tls.crt’ key.
Values
- Secret path following namespace/secretname format.
Default
- No default value
Example
yaml
yaml
server-crt Jump to heading
Available since
version 1.5
- The secret must use ‘tls.key’ and ‘tls.crt’ keys.
- When used with server-ca resulting configuration provides mutual TLS authentication (mTLS).
Values
- Secret path following namespace/secretname format.
Default
- No default value
Example
yaml
yaml
server-proto Jump to heading
Available since
version 1.5
Values
- h2
Default
- No default value
Example
yaml
yaml
server-ssl Jump to heading
Available since
version 1.4
- Enable HTTP/2 support for backend severs.
Values
- true
- false
Default
- false
Example
yaml
yaml
ssl-passthrough Jump to heading
Available since
version 1.4
- Traffic is proxied in TCP mode which makes unavailable a number of the controller annotations (requiring HTTP mode).
- HTTPS frontend is conserved and still listening at port 8444 when previous HTTPS port is moved to SSL Frontend.
Values
- true
- false
Default
- false
Example
yaml
yaml
standalone-backend Jump to heading
Available since
version 1.10
- With this annotation you can create your own separate backend whose configuration won’t be impacted by others ingresses. As a reminder, all ingresses refering to the same service have their configuration inserted in the same backend which can cause some conflict.
Values
- true
- false
Default
- No default value
Example
yaml
yaml
timeout-check Jump to heading
Available since
version 1.4
Values
- An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour)
Default
- No default value
Example
yaml
yaml
timeout-server Jump to heading
Available since
version 1.11
Values
- An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 50s
Default
- 50s
Example
yaml
yaml
Do you have any suggestions on how we can improve the content of this page?