Configuration reference
Service annotations
These annotations can be set in a Kubernetes Service object’s metadata.annotations
section to change how requests are routed for a particular service.
Service annotations reference Jump to heading
backend-config-snippet Jump to heading
Available since
version 1.5
Values
- One or more valid HAProxy directives
Default
- No default value
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/backend-config-snippet: |http-send-name-header x-dst-serverstick-table type string len 32 size 100k expire 30mstick on req.cook(sessionid)
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/backend-config-snippet: |http-send-name-header x-dst-serverstick-table type string len 32 size 100k expire 30mstick on req.cook(sessionid)
check Jump to heading
Available since
version 1.4
Values
- true
- false
Default
- true
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/check: "true"
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/check: "true"
check-http Jump to heading
Available since
version 1.4
Values
- URI to make HTTP requests to, e.g.
/health
- URI with method, e.g.
HEAD /health
- URI, method and HTTP version, e.g.
HEAD /health HTTP/1.1
Default
- No default value
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/check: "true"haproxy.org/check-http: "/health"
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/check: "true"haproxy.org/check-http: "/health"
check-interval Jump to heading
Available since
version 1.4
Values
- Integer with time unit suffix (1m = 1 minute, 10s = 10 seconds)
Default
- No default value
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/check: "true"haproxy.org/check-interval: "1m"
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/check: "true"haproxy.org/check-interval: "1m"
cookie-persistence Jump to heading
Available since
version 1.4
- This will insert the following cookie configuration in the corresponding backend
cookie <cookie-name> insert indirect nocache dynamic
with<cookie-name>
the value of this annotation.
Values
- A name for the cookie
Default
- No default value
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/cookie-persistence: "mycookie"
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/cookie-persistence: "mycookie"
cookie-persistence-no-dynamic Jump to heading
Available since
version 3.1
- This will insert the following cookie configuration in the corresponding backend
cookie <cokkie-name> indirect nocache insert
with<cookie-name>
the value of this annotation. The server line will haveserver <server-name> <server-address> enabled cookie <server-name>
Values
- A name for the cookie
Default
- No default value
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/cookie-persistence-no-dynamic: "mycookie"
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/cookie-persistence-no-dynamic: "mycookie"
forwarded-for Jump to heading
Available since
version 1.4
Values
- true
- false
Default
- true
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/forwarded-for: "true"
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/forwarded-for: "true"
load-balance Jump to heading
Available since
version 1.4
Values
- roundrobin
- static-rr
- leastconn
- first
- source
- uri [path-only] [whole] [len num] [depth num]
- url_param name [check_post num]
- hdr[(name)] [use_domain_only]
- random[(draws)]
- rdp-cookie[(name)]
Default
- roundrobin
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/load-balance: "leastconn"
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/load-balance: "leastconn"
pod-maxconn Jump to heading
Available since
version 1.4
- NB, If multiple HAProxy instances are running, the maxconn will be pod-maxconn number devided by the number of haproxy instances.
Values
- An integer setting the maximum number of concurrent backend connections
Default
- No default value
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/pod-maxconn: 30
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/pod-maxconn: 30
route-acl Jump to heading
Available since
version 1.6
- In order for the service to be handled by the Ingress Controller, it is still mandatory to put it in an ingress rule. Using only
route-acl
won’t be enough. - Note that this annotation is not compatible with an Ingress having multiple paths that will match a request. Without this annotation, the precedence is given first to the longest matching path. But with the annotation, the first use_backend rule in the config that matches the request will be used.
Values
- A string describing an in-line HAProxy ACL.
Default
- No default value
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/route-acl: cookie(staging) -m found
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/route-acl: cookie(staging) -m found
scale-server-slots Jump to heading
Available since
version 1.4
- Equivalent old annotations are
servers-increment
andserver-slots
Values
- Integer value indicating the number of backend servers to provision. Defaults to 42.
Default
- 42
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/scale-server-slots: "75"
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/scale-server-slots: "75"
send-proxy-protocol Jump to heading
Available since
version 1.5
Values
- proxy - Uses PROXY v1
- proxy-v1 - Uses PROXY v1
- proxy-v2 - Uses PROXY v2
- proxy-v2-ssl Uses PROXY v2 with SSL information extension
- proxy-v2-ssl-cn Uses PROXY v2 with SSL and Common Name information extension
Default
- No default value
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/send-proxy-protocol: proxy-v2
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/send-proxy-protocol: proxy-v2
server-ca Jump to heading
Available since
version 1.5
- When used with server-crt resulting configuration provides mutual TLS authentication (mTLS).
- The secret must use ‘tls.crt’ key.
Values
- Secret path following namespace/secretname format.
Default
- No default value
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/server-ca: "ns1/ca"
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/server-ca: "ns1/ca"
server-crt Jump to heading
Available since
version 1.5
- The secret must use ‘tls.key’ and ‘tls.crt’ keys.
- When used with server-ca resulting configuration provides mutual TLS authentication (mTLS).
Values
- Secret path following namespace/secretname format.
Default
- No default value
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/server-crt: "ns1/client"
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/server-crt: "ns1/client"
server-proto Jump to heading
Available since
version 1.5
Values
- h2
Default
- No default value
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/server-proto: "h2"
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/server-proto: "h2"
server-ssl Jump to heading
Available since
version 1.4
- Enable HTTP/2 support for backend severs.
Values
- true
- false
Default
- false
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/server-ssl: "true"
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/server-ssl: "true"
ssl-passthrough Jump to heading
Available since
version 1.4
- Traffic is proxied in TCP mode which makes unavailable a number of the controller annotations (requiring HTTP mode).
- HTTPS frontend is conserved and still listening at port 8444 when previous HTTPS port is moved to SSL Frontend.
Values
- true
- false
Default
- false
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/ssl-passthrough: "true"
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/ssl-passthrough: "true"
standalone-backend Jump to heading
Available since
version 1.10
- With this annotation you can create your own separate backend whose configuration won’t be impacted by others ingresses. As a reminder, all ingresses refering to the same service have their configuration inserted in the same backend which can cause some conflict.
Values
- true
- false
Default
- No default value
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/standalone-backend: "true"
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/standalone-backend: "true"
timeout-check Jump to heading
Available since
version 1.4
Values
- An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour)
Default
- No default value
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/timeout-check: 5s
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/timeout-check: 5s
timeout-server Jump to heading
Available since
version 1.11
Values
- An integer with a unit of time (1 second = 1s, 1 minute = 1m, 1h = 1 hour); Defaults to 50s
Default
- 50s
Example
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/timeout-server: 5s
yaml
apiVersion: v1kind: Servicemetadata:labels:run: webname: webannotations:haproxy.org/timeout-server: 5s
Do you have any suggestions on how we can improve the content of this page?