Configuration reference

ConfigMap options

These options can be stored in a ConfigMap to change the ingress controller’s global behavior, affecting all Ingress routes.

How to use the ConfigMap Jump to heading

A ConfigMap is created during the installation and you can find it with the kubectl get configmaps command:

nix
kubectl get configmaps --namespace haproxy-controller
nix
kubectl get configmaps --namespace haproxy-controller
output
text
NAME DATA AGE
haproxy-kubernetes-ingress 0 13s
output
text
NAME DATA AGE
haproxy-kubernetes-ingress 0 13s

You can edit the ConfigMap:

nix
kubectl edit configmap haproxy-kubernetes-ingress --namespace haproxy-controller
nix
kubectl edit configmap haproxy-kubernetes-ingress --namespace haproxy-controller

ConfigMap keys reference Jump to heading

The following ConfigMap keys are available:

allow-list Jump to heading

Available since

version 1.11

  • The value is treated as a pattern file (see --configmap-patternfiles) if it starts with patterns/. It should consist of a list of IPs or CIDRs, one per line.

Values

  • Comma-separated list of IP addresses and/or CIDR ranges
  • Path to a pattern file, e.g. pattern/ips

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
allow-list: "192.168.1.0/24, 192.168.2.100"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
allow-list: "192.168.1.0/24, 192.168.2.100"

auth-realm Jump to heading

Available since

version 1.5

Values

  • Realm name

Default

  • Protected Content

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
auth-realm: Admin Area
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
auth-realm: Admin Area

auth-secret Jump to heading

Available since

version 1.5

  • Encrypted passwords are evaluated using the crypt(3) function, so depending on the system’s capabilities, different algorithms are supported.
  • Unencrypted passwords (used with HAProxy insecure-password ) are not accepted.

Values

  • The annotation format is a secret path namespace/secretName. If the namespace is omitted (path is only secretName) then the ingress namespace will be used. For Basic Authentication, the Secret data should contain user credentials in the form of username: encrypted and base-64 encoded password. For example:
bob: JDEkYWJjJEJYQnFwYjlCWmNaaFhMZ2JlZS4wcy8=
bob: JDEkYWJjJEJYQnFwYjlCWmNaaFhMZ2JlZS4wcy8=

Create the Kubernetes Secret resource in the following way:

bash
kubectl create secret generic haproxy-credentials \
--from-literal=bob=$(openssl passwd -1 bobPassword) \
--from-literal=alice=$(openssl passwd -1 alicePassword)
# secret/haproxy-credentials created
bash
kubectl create secret generic haproxy-credentials \
--from-literal=bob=$(openssl passwd -1 bobPassword) \
--from-literal=alice=$(openssl passwd -1 alicePassword)
# secret/haproxy-credentials created

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
auth-type: basic-auth
auth-secret: default/haproxy-credentials
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
auth-type: basic-auth
auth-secret: default/haproxy-credentials

auth-type Jump to heading

Available since

version 1.5

Values

  • basic-auth

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
auth-type: basic-auth
auth-secret: default/haproxy-credentials
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
auth-type: basic-auth
auth-secret: default/haproxy-credentials

backend-config-snippet Jump to heading

Available since

version 1.5

Values

  • One or more valid HAProxy directives

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
backend-config-snippet: |
http-send-name-header x-dst-server
stick-table type string len 32 size 100k expire 30m
stick on req.cook(sessionid)
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
backend-config-snippet: |
http-send-name-header x-dst-server
stick-table type string len 32 size 100k expire 30m
stick on req.cook(sessionid)

blacklist Jump to heading

Available since

version 1.4

  • The value is treated as a pattern file (see --configmap-patternfiles) if it starts with patterns/. It should consist of a list of IPs or CIDRs, one per line.

Values

  • Comma-separated list of IP addresses and/or CIDR ranges
  • Path to a pattern file, e.g. pattern/ips

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
blacklist: "192.168.1.0/24, 192.168.2.100"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
blacklist: "192.168.1.0/24, 192.168.2.100"

check Jump to heading

Available since

version 1.4

Values

  • true
  • false

Default

  • true

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
check: "true"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
check: "true"

check-http Jump to heading

Available since

version 1.4

Values

  • URI to make HTTP requests to, e.g. /health
  • URI with method, e.g. HEAD /health
  • URI, method and HTTP version, e.g. HEAD /health HTTP/1.1

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
check: "true"
check-http: "/health"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
check: "true"
check-http: "/health"

check-interval Jump to heading

Available since

version 1.4

Values

  • Integer with time unit suffix (1m = 1 minute, 10s = 10 seconds)

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
check: "true"
check-interval: "1m"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
check: "true"
check-interval: "1m"

clean-certs Jump to heading

Available since

version 1.6

Values

  • true
  • false

Default

  • true

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
clean-certs: "false"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
clean-certs: "false"

client-ca Jump to heading

Available since

version 1.6

  • NB, ssl-offloading should be enabled for TLS authentication to work.

Values

  • secret path in “namespace/name” format.

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
client-ca: exp/client-ca.crt
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
client-ca: exp/client-ca.crt

client-crt-optional Jump to heading

Available since

version 1.6

  • NB, client-ca should be enabled for certificate verification to work.

Values

  • true
  • false

Default

  • false

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
client-crt-optional: true
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
client-crt-optional: true

client-strict-sni Jump to heading

Available since

version 1.8

Values

  • true
  • false

Default

  • false

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
client-strict-sni: true
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
client-strict-sni: true

Available since

version 1.4

  • This will insert the following cookie configuration in the corresponding backend cookie <cookie-name> insert indirect nocache dynamic with <cookie-name> the value of this annotation.

Values

  • A name for the cookie

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cookie-persistence: "mycookie"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cookie-persistence: "mycookie"

Available since

version 3.1

  • This will insert the following cookie configuration in the corresponding backend cookie <cokkie-name> indirect nocache insert with <cookie-name> the value of this annotation. The server line will have server <server-name> <server-address> enabled cookie <server-name>

Values

  • A name for the cookie

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cookie-persistence-no-dynamic: "mycookie"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cookie-persistence-no-dynamic: "mycookie"

cors-allow-credentials Jump to heading

Available since

version 1.5

Values

  • true
  • false

Default

  • false

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cors-allow-credentials: "true"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cors-allow-credentials: "true"

cors-allow-headers Jump to heading

Available since

version 1.5

Values

  • Wildcard *, allow access for all HTTP headers.
  • A comma-separated list of HTTP headers

Default

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cors-allow-headers: "*"
cors-allow-headers: "X-Custom-Header"
cors-allow-headers: "X-Custom-Header, Upgrade-Insecure-Requests"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cors-allow-headers: "*"
cors-allow-headers: "X-Custom-Header"
cors-allow-headers: "X-Custom-Header, Upgrade-Insecure-Requests"

cors-allow-methods Jump to heading

Available since

version 1.5

Values

  • Wildcard *, allow access for all HTTP methods.
  • A comma-separated list of HTTP methods

Default

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cors-allow-methods: "*"
cors-allow-methods: "GET"
cors-allow-methods: "GET, POST"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cors-allow-methods: "*"
cors-allow-methods: "GET"
cors-allow-methods: "GET, POST"

cors-allow-origin Jump to heading

Available since

version 1.5

  • With “regex” value, it is possible to allow a list of origins. If one of them matches the request Origin header it will be returned to the client.

Values

  • Wildcard *, allow access form any origin.
  • Regex, regex should match an origin (request Origin header) in the format <scheme> "://" <hostname> [ ":" <port> ] if the origin is matched then it will be the value of Access-Control-Allow-Origin.

Default

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cors-allow-origin: "*"
cors-allow-origin: "https://example.com"
cors-allow-origin: "^https://(.+\.)?(example-1\.com|example-2\.com)(:\d{1,5})?$"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cors-allow-origin: "*"
cors-allow-origin: "https://example.com"
cors-allow-origin: "^https://(.+\.)?(example-1\.com|example-2\.com)(:\d{1,5})?$"

cors-enable Jump to heading

Available since

version 1.5

Values

  • true
  • false

Default

  • false

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cors-enable: "true"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cors-enable: "true"

cors-max-age Jump to heading

Available since

version 1.5

Values

Default

  • 5s

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cors-max-age: "1m"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
cors-max-age: "1m"

deny-list Jump to heading

Available since

version 1.11

  • The value is treated as a pattern file (see --configmap-patternfiles) if it starts with patterns/. It should consist of a list of IPs or CIDRs, one per line.

Values

  • Comma-separated list of IP addresses and/or CIDR ranges
  • Path to a pattern file, e.g. pattern/ips

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
deny-list: "192.168.1.0/24, 192.168.2.100"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
deny-list: "192.168.1.0/24, 192.168.2.100"

dontlognull Jump to heading

Available since

version 1.4

Values

  • true
  • false

Default

  • true

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
dontlognull: "true"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
dontlognull: "true"

forwarded-for Jump to heading

Available since

version 1.4

Values

  • true
  • false

Default

  • true

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
forwarded-for: "true"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
forwarded-for: "true"

frontend-config-snippet Jump to heading

Available since

version 1.6

  • Because frontend-config-snippet is inserted in the main http/https frontends it will apply to all traffic. To apply configuration by Ingress, annotations should be privileged.
  • Ingress Controller logic is inserted in the main frontends before any config-snippet configuration so controller configuration will be evaluated first.
  • It is safer to privilege backend-config-snippet when possible to avoid conflicts with controller configuration.

Values

  • One or more valid HAProxy directives

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: frontend-config-snippet: |
unique-id-format %{+X}o\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid
unique-id-header X-Unique-ID
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: frontend-config-snippet: |
unique-id-format %{+X}o\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid
unique-id-header X-Unique-ID

global-config-snippet Jump to heading

Available since

version 1.5

Values

  • One or more valid HAProxy directives

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: global-config-snippet: |
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
ssl-default-bind-ciphers TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20
tune.ssl.default-dh-param 2048
tune.bufsize 32768
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: global-config-snippet: |
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
ssl-default-bind-ciphers TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20
tune.ssl.default-dh-param 2048
tune.bufsize 32768

hard-stop-after Jump to heading

Available since

version 1.4

Values

  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour)

Default

  • 30m

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
hard-stop-after: 30s
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
hard-stop-after: 30s

http-connection-mode Jump to heading

Available since

version 1.8

Values

  • http-keep-alive default - Enables HTTP Keep-Alive both from the client to HAProxy and from HAProxy to the backend.
  • http-server-close - Disables HTTP Keep-Alive between HAProxy and the backend, while allowing it to stay enabled from the client to HAProxy.
  • httpclose - HAProxy will close connections with the server and the client as soon as the request and the response are received

Default

  • http-keep-alive

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
http-connection-mode: "http-server-close"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
http-connection-mode: "http-server-close"

http-keep-alive Jump to heading

Available since

version 1.4

Values

  • true
  • false

Default

  • true

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
http-keep-alive: "true"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
http-keep-alive: "true"

http-server-close Jump to heading

Available since

version 1.4

Values

  • true
  • false

Default

  • false

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
http-server-close: "true"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
http-server-close: "true"

load-balance Jump to heading

Available since

version 1.4

Values

  • roundrobin
  • static-rr
  • leastconn
  • first
  • source
  • uri [path-only] [whole] [len num] [depth num]
  • url_param name [check_post num]
  • hdr[(name)] [use_domain_only]
  • random[(draws)]
  • rdp-cookie[(name)]

Default

  • roundrobin

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
load-balance: "leastconn"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
load-balance: "leastconn"

log-format Jump to heading

Available since

version 1.4

  • Default log-format is: %ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs \"%HM %[var(txn.base)] %HV\" Which will look like this: 10.244.0.1:5793 [10/Apr/2020:10:32:50.132] https~ test-echo1-8080/SRV_TFW8V 0/0/1/2/3 200 653 - - ---- 1/1/0/0/0 0/0 "GET test.k8s.local/ HTTP/2.0

Values

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
log-format: "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs \"%HM %[var(txn.base)] %HV\""
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
log-format: "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs \"%HM %[var(txn.base)] %HV\""

log-format-tcp Jump to heading

Available since

version 1.7

  • Default is option tcplog
  • Applies only to TCP configmap defined by command line option --configmap-tcp-services

Values

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
log-format-tcp: "%{+Q}o %t %s"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
log-format-tcp: "%{+Q}o %t %s"

logasap Jump to heading

Available since

version 1.4

Values

  • true
  • false

Default

  • false

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
logasap: "true"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
logasap: "true"

maxconn Jump to heading

Available since

version 1.4

Values

  • An integer setting the allowed number of concurrent connections

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
maxconn: "2000"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
maxconn: "2000"

nbthread Jump to heading

Available since

version 1.4

Values

  • An integer setting the number of worker threads

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
nbthread: "8"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
nbthread: "8"

path-rewrite Jump to heading

Available since

version 1.4

Values

  • A single path, such as “/”, to turn any path into “/”
  • Two parameters. A regular expression to match and a path to replace it with.
  • Multiline annotation is split into more rewrite rules.

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: path-rewrite: "/" # replace all paths with /
path-rewrite: (.*) /foo\1 # add the prefix /foo... "/bar?q=1" into "/foo/bar?q=1"
path-rewrite: ([^?]*)(\?(.*))? \1/foo\2 # add the suffix /foo ... "/bar?q=1" into "/bar/foo?q=1"
path-rewrite: /foo/(.*) /\1 # strip /foo ... "/foo/bar?q=1" into "/bar?q=1"
# strip /foo ... "/foo/bar?q=1" into "/bar?q=1" and replace "/bar/*" with "/baz/*"
# with multiline (using `|`) annotation
path-rewrite: |
/foo/(.*) /\1
/bar/(.*) /baz/\1
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: path-rewrite: "/" # replace all paths with /
path-rewrite: (.*) /foo\1 # add the prefix /foo... "/bar?q=1" into "/foo/bar?q=1"
path-rewrite: ([^?]*)(\?(.*))? \1/foo\2 # add the suffix /foo ... "/bar?q=1" into "/bar/foo?q=1"
path-rewrite: /foo/(.*) /\1 # strip /foo ... "/foo/bar?q=1" into "/bar?q=1"
# strip /foo ... "/foo/bar?q=1" into "/bar?q=1" and replace "/bar/*" with "/baz/*"
# with multiline (using `|`) annotation
path-rewrite: |
/foo/(.*) /\1
/bar/(.*) /baz/\1

pod-maxconn Jump to heading

Available since

version 1.4

  • NB, If multiple HAProxy instances are running, the maxconn will be pod-maxconn number devided by the number of haproxy instances.

Values

  • An integer setting the maximum number of concurrent backend connections

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
pod-maxconn: 30
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
pod-maxconn: 30

proxy-protocol Jump to heading

Available since

version 1.4

  • Connection will fail with 400 Bad Request if source IP is in annotation list but no Proxy Protocol data is sent.

Values

  • A list of IP addresses and/or CIDR ranges

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
proxy-protocol: "192.168.1.0/24, 192.168.2.100"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
proxy-protocol: "192.168.1.0/24, 192.168.2.100"

quic-alt-svc-max-age Jump to heading

Available since

version 1.11

  • Too high a number can lead to issues. The clients could fail to connect because the services is no more available.

Values

  • number of seconds for cache retention.

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
quic-alt-svc-max-age: "900"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
quic-alt-svc-max-age: "900"

rate-limit-period Jump to heading

Available since

version 1.4

Values

  • Integer with unit of time (1s = 1 second, 1m = 1 minute); Defaults to 1 second

Default

  • 1s

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
rate-limit-period: "1m"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
rate-limit-period: "1m"

rate-limit-requests Jump to heading

Available since

version 1.4

  • If this number is exceeded, HAProxy will deny requests with 403 status code.
  • To track the http requests rate, a stick-table named “Ratelimit-” will be created. For example, if the rate-limit-period is set to 2s, the name of the table will be Ratelimit-2000.

Values

  • An integer representing the maximum number of requests to accept

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
rate-limit-requests: 15
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
rate-limit-requests: 15

rate-limit-size Jump to heading

Available since

version 1.4

  • If this number is exceeded, older entries will be dropped as new ones come

Values

  • An integer defining how many IP addresses to track for rate limiting; Defaults to 100,000

Default

  • 100k

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
rate-limit-size: 1000000
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
rate-limit-size: 1000000

rate-limit-status-code Jump to heading

Available since

version 1.5

Values

  • HTTP status codes; Defaults to 403.

Default

  • 403

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
rate-limit-status-code: "429"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
rate-limit-status-code: "429"

request-capture Jump to heading

Available since

version 1.4

  • Captures samples of the request using sample expression and log them in HAProxy traffic logs.

Values

  • A header value, e.g. hdr(header-name)
  • A cookie value, e.g. cookie(cookie-name)
  • Multiple expressions by using a multiline YAML string

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: # capture a single value
request-capture: cookie(my-cookie)
# capture multiple values
request-capture: |
cookie(my-cookie)
hdr(Host)
hdr(User-Agent)
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: # capture a single value
request-capture: cookie(my-cookie)
# capture multiple values
request-capture: |
cookie(my-cookie)
hdr(Host)
hdr(User-Agent)

request-capture-len Jump to heading

Available since

version 1.4

Values

  • An integer representing the number of characters for captured fields; Defaults to 128

Default

  • 128

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
request-capture: cookie(my-cookie)
request-capture-len: 350
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
request-capture: cookie(my-cookie)
request-capture-len: 350

request-redirect Jump to heading

Available since

version 1.5

  • HTTP redirection code is settable with request-redirect-code annotation.
  • Port alone is not allowed.

Values

  • host
  • host:port

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
request-redirect: example.com
request-redirect: example.com:8888
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
request-redirect: example.com
request-redirect: example.com:8888

request-redirect-code Jump to heading

Available since

version 1.5

Values

  • Integer value.

Default

  • 302

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
request-redirect-code: "303"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
request-redirect-code: "303"

request-set-header Jump to heading

Available since

version 1.4

  • This sets header before HAProxy does any service/backend dispatch. So in the case you want to change the Host header this will impact HAProxy decision on which service/backend to use (based on matching Host against ingress rules). In order to set the Host header after service selection, use set-host annotation.

Values

  • The name of the field, following by its value, e.g. Ingress-ID abcd123
  • Multiple headers can be set using a multiline YAML string

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: # single header
request-set-header: Ingress-ID abcd123
# multiple headers
request-set-header: |
Ingress-ID abcd123
Another-Header 12345
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: # single header
request-set-header: Ingress-ID abcd123
# multiple headers
request-set-header: |
Ingress-ID abcd123
Another-Header 12345

response-set-header Jump to heading

Available since

version 1.4

Values

  • The name of the field, following by its value, e.g. Cache-Control “no-store,no-cache,private”
  • Multiple headers can be set using a multiline YAML string

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: # single header
response-set-header: Cache-Control "no-store,no-cache,private"
# multiple headers
response-set-header: |
Cache-Control "no-store,no-cache,private"
Strict-Transport-Security "max-age=31536000"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: # single header
response-set-header: Cache-Control "no-store,no-cache,private"
# multiple headers
response-set-header: |
Cache-Control "no-store,no-cache,private"
Strict-Transport-Security "max-age=31536000"

scale-server-slots Jump to heading

Available since

version 1.4

  • Equivalent old annotations are servers-increment and server-slots

Values

  • Integer value indicating the number of backend servers to provision. Defaults to 42.

Default

  • 42

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
scale-server-slots: "75"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
scale-server-slots: "75"

send-proxy-protocol Jump to heading

Available since

version 1.5

Values

  • proxy - Uses PROXY v1
  • proxy-v1 - Uses PROXY v1
  • proxy-v2 - Uses PROXY v2
  • proxy-v2-ssl Uses PROXY v2 with SSL information extension
  • proxy-v2-ssl-cn Uses PROXY v2 with SSL and Common Name information extension

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
send-proxy-protocol: proxy-v2
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
send-proxy-protocol: proxy-v2

server-ca Jump to heading

Available since

version 1.5

  • When used with server-crt resulting configuration provides mutual TLS authentication (mTLS).
  • The secret must use ‘tls.crt’ key.

Values

  • Secret path following namespace/secretname format.

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
server-ca: "ns1/ca"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
server-ca: "ns1/ca"

server-crt Jump to heading

Available since

version 1.5

  • The secret must use ‘tls.key’ and ‘tls.crt’ keys.
  • When used with server-ca resulting configuration provides mutual TLS authentication (mTLS).

Values

  • Secret path following namespace/secretname format.

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
server-crt: "ns1/client"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
server-crt: "ns1/client"

server-proto Jump to heading

Available since

version 1.5

Values

  • h2

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
server-proto: "h2"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
server-proto: "h2"

server-ssl Jump to heading

Available since

version 1.4

  • Enable HTTP/2 support for backend severs.

Values

  • true
  • false

Default

  • false

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
server-ssl: "true"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
server-ssl: "true"

set-host Jump to heading

Available since

version 1.4

Values

  • The value of the Host header

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
set-host: "example.local"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
set-host: "example.local"

src-ip-header Jump to heading

Available since

version 1.5

Values

  • any header name

Default

  • null

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
src-ip-header: "True-Client-IP"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
src-ip-header: "True-Client-IP"

ssl-certificate Jump to heading

Available since

version 1.4

  • this replaces default certificate
  • this is used as the certificate for quic binding

Values

  • Name of Kubernetes secret

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
ssl-certificate: "default/tls-secret"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
ssl-certificate: "default/tls-secret"

ssl-passthrough Jump to heading

Available since

version 1.4

  • Traffic is proxied in TCP mode which makes unavailable a number of the controller annotations (requiring HTTP mode).
  • HTTPS frontend is conserved and still listening at port 8444 when previous HTTPS port is moved to SSL Frontend.

Values

  • true
  • false

Default

  • false

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
ssl-passthrough: "true"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
ssl-passthrough: "true"

ssl-redirect Jump to heading

Available since

version 1.4

  • SSL redirection is enabled by default for any ingress resource defined with a TLS section spec.tls[].secretName.
  • Automatic redirects for ingress resources with TLS enabled, can be disabled by setting annotation to “false” in configmap

Values

  • true
  • false

Default

  • false

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
ssl-redirect: "false"
ssl-certificate: "default/tls-secret"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
ssl-redirect: "false"
ssl-certificate: "default/tls-secret"

ssl-redirect-code Jump to heading

Available since

version 1.4

Values

  • 301
  • 302
  • 303

Default

  • 302

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
ssl-redirect: "true"
ssl-certificate: "default/tls-secret"
ssl-redirect-code: "301"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
ssl-redirect: "true"
ssl-certificate: "default/tls-secret"
ssl-redirect-code: "301"

ssl-redirect-port Jump to heading

Available since

version 1.5

  • When setting the HTTPS port value, keep in mind that this is the HTTPS port as seen by the client, not as set on the Ingress Controller. The reason for this distinction lies in the fact that there will probably be some middleware with its own ports mapping between the client and the Ingress Controller. As a consequence, it must be set with a distinct consideration of how the HTTPS port is set on Ingress Controller with the https-bind-port command line option.

Values

  • Integer HTTPS port number

Default

  • 8443

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
ssl-redirect: "true"
ssl-redirect-port: "8443"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
ssl-redirect: "true"
ssl-redirect-port: "8443"

stats-config-snippet Jump to heading

Available since

version 1.6

Values

  • One or more valid HAProxy directives

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: stats-config-snippet: |
stats auth foo:test
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: stats-config-snippet: |
stats auth foo:test

syslog-server Jump to heading

Available since

version 1.4

Values

  • address - Required - IP address where the syslog server is listening.
  • facility - Required - One of the 24 syslog facilities (kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, auth2, ftp, ntp, audit, alert, con2, local0, local1, local2, local3, local4, local5, local6, local7); In general, you will want to use one of the localX values, since the others are registered for specific types of applications.
  • format - Syslog format, one of the following - rfc3164, rfc5424, short, raw. to rfc3164. HAProxy default is rfc3164
  • length - Maximum syslog line length. HAProxy default is 1024.
  • level - Maximum verbosity level to filter outgoing messages; Only messages with a severity at least as important as this level will be sent; Use one of the following (emerg, alert, crit, err, warning, notice, info, debug); Traffic logs are emitted at “info” or higher severity. Haproxy default is to send all messages.
  • minlevel - Minimum verbosity level. Logs emitted with a more severe level than this one will be capped to this level. HAProxy default does not set a minlevel.
  • port - Port number where the syslog server is listening. HAProxy default is 514.

Default

  • address:127.0.0.1, facility: local0, level: notice

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: # a single entry
syslog-server: "address:192.158.1.1, port:514, facility:local0"
# log to stdout
syslog-server: "address:stdout, format: raw, facility:daemon"
# multiple entries
syslog-server: |
address:127.0.0.1, port:514, facility:local0
address:192.168.1.1, port:514, facility:local1
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data: # a single entry
syslog-server: "address:192.158.1.1, port:514, facility:local0"
# log to stdout
syslog-server: "address:stdout, format: raw, facility:daemon"
# multiple entries
syslog-server: |
address:127.0.0.1, port:514, facility:local0
address:192.168.1.1, port:514, facility:local1

timeout-check Jump to heading

Available since

version 1.4

Values

  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour)

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-check: 5s
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-check: 5s

timeout-client Jump to heading

Available since

version 1.4

Values

  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 50s

Default

  • 50s

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-client: 5s
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-client: 5s

timeout-client-fin Jump to heading

Available since

version 1.4

Values

  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour)

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-client-fin: 5s
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-client-fin: 5s

timeout-connect Jump to heading

Available since

version 1.4

Values

  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 5s

Default

  • 5s

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-connect: 5s
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-connect: 5s

timeout-http-keep-alive Jump to heading

Available since

version 1.4

Values

  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 1m

Default

  • 1m

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-http-keep-alive: 5s
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-http-keep-alive: 5s

timeout-http-request Jump to heading

Available since

version 1.4

Values

  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 5s

Default

  • 5s

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-http-request: 5s
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-http-request: 5s

timeout-queue Jump to heading

Available since

version 1.4

Values

  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 5s

Default

  • 5s

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-queue: 5s
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-queue: 5s

timeout-server Jump to heading

Available since

version 1.11

Values

  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 50s

Default

  • 50s

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-server: 5s
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-server: 5s

timeout-server-fin Jump to heading

Available since

version 1.4

Values

  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour)

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-server-fin: 5s
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-server-fin: 5s

timeout-tunnel Jump to heading

Available since

version 1.4

Values

  • An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 1h

Default

  • 1h

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-tunnel: 30m
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
timeout-tunnel: 30m

tls-alpn Jump to heading

Available since

version 1.7

  • To disable HTTP/2 over https, simply use a value like “http/1.1” for this annotation

Values

  • Comma-separated list of protocol names to advertise as supported on top of ALPN

Default

  • h2,http/1.1

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
tls-alpn: http/1.1
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
tls-alpn: http/1.1

whitelist Jump to heading

Available since

version 1.4

  • The value is treated as a pattern file (see --configmap-patternfiles) if it starts with patterns/. It should consist of a list of IPs or CIDRs, one per line.

Values

  • Comma-separated list of IP addresses and/or CIDR ranges
  • Path to a pattern file, e.g. pattern/ips

Default

  • No default value

Example

yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
whitelist: "192.168.1.0/24, 192.168.2.100"
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
whitelist: "192.168.1.0/24, 192.168.2.100"

Do you have any suggestions on how we can improve the content of this page?