Package v1alpha1 contains API Schema definitions for the config v1alpha1 API group
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name | Pattern: ^[^\s]+$ |
|
criterion string |
Criterion is the name of a sample fetch method, or one of its ACL specific declinations. |
Pattern: ^[^\s]+$ |
|
values string array |
Values are of the type supported by the criterion. |
Backend is the Schema for the backend API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
config.haproxy.com/v1alpha1 |
||
kind string |
Backend |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec BackendSpec |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of a specific backend | ||
regexMapping RegexBackendMapping |
Mapping of multiple backends |
BackendSpec defines the desired state of Backend
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
mode string |
Mode can be either 'tcp' or 'http'. In TCP mode it is a layer 4 proxy. In HTTP mode it is a layer 7 proxy. | http | Enum: [http tcp] |
httpResponse HTTPResponseRules |
HTTPResponse rules define a set of rules which apply to layer 7 processing. | Optional: {} |
|
httpRequest HTTPRequestRules |
HTTPRequest rules define a set of rules which apply to layer 7 processing. | Optional: {} |
|
tcpRequest TCPRequestRule array |
TCPRequest rules perform an action on an incoming connection depending on a layer 4 condition. | Optional: {} |
|
acl ACL array |
ACL (Access Control Lists) provides a flexible solution to perform content switching and generally to take decisions based on content extracted from the request, the response or any environmental status |
Optional: {} |
|
timeouts object (keys:string, values:Duration) |
Timeouts: check, connect, http-keep-alive, http-request, queue, server, tunnel. The timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit. More info: https://cbonte.github.io/haproxy-dconv/2.6/configuration.html |
Optional: {} |
|
errorFiles ErrorFile array |
ErrorFiles custom error files to be used | Optional: {} |
|
forwardFor Forwardfor |
Forwardfor enable insertion of the X-Forwarded-For header to requests sent to servers | Optional: {} |
|
httpPretendKeepalive boolean |
HTTPPretendKeepalive will keep the connection alive. It is recommended not to enable this option by default. | Optional: {} |
|
httpLog boolean |
HTTPLog enables HTTP log format which is the most complete and the best suited for HTTP proxies. It provides the same level of information as the TCP format with additional features which are specific to the HTTP protocol. |
Optional: {} |
|
tcpLog boolean |
TCPLog enables advanced logging of TCP connections with session state and timers. By default, the log output format is very poor, as it only contains the source and destination addresses, and the instance name. |
Optional: {} |
|
checkTimeout Duration |
CheckTimeout sets an additional check timeout, but only after a connection has been already established. |
Optional: {} |
|
servers Server array |
Servers defines the backend servers and its configuration. | ||
serverTemplates ServerTemplate array |
ServerTemplates defines the backend server templates and its configuration. | ||
balance Balance |
Balance defines the load balancing algorithm to be used in a backend. | Optional: {} |
|
hostRegex string |
HostRegex specifies a regular expression used for backend switching rules. | Optional: {} |
|
hostCertificate CertificateListElement |
HostCertificate specifies a certificate for that host used in the crt-list of a frontend | Optional: {} |
|
redispatch boolean |
Redispatch enable or disable session redistribution in case of connection failure | Optional: {} |
|
hashType HashType |
HashType specifies a method to use for mapping hashes to servers | Optional: {} |
|
cookie Cookie |
Cookie enables cookie-based persistence in a backend. | Optional: {} |
|
httpchk HTTPChk |
HTTPChk Enables HTTP protocol to check on the servers health | Optional: {} |
|
tcpCheck boolean |
TCPCheck Perform health checks using tcp-check send/expect sequences | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditionType string |
ConditionType specifies the type of the condition matching ('if' or 'unless') | Enum: [if unless] Optional: {} |
|
condition string |
Condition is a condition composed of ACLs. | Optional: {} |
|
backend BackendReference |
Backend reference used to resolve the backend name. |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
algorithm string |
Algorithm is the algorithm used to select a server when doing load balancing. This only applies when no persistence information is available, or when a connection is redispatched to another server. | Enum: [roundrobin static-rr leastconn first source uri hdr random rdp-cookie] |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
mode string |
Mode can be either 'tcp' or 'http'. In TCP mode it is a layer 4 proxy. In HTTP mode it is a layer 7 proxy. | http | Enum: [http tcp] |
httpResponse HTTPResponseRules |
HTTPResponse rules define a set of rules which apply to layer 7 processing. | Optional: {} |
|
httpRequest HTTPRequestRules |
HTTPRequest rules define a set of rules which apply to layer 7 processing. | Optional: {} |
|
tcpRequest TCPRequestRule array |
TCPRequest rules perform an action on an incoming connection depending on a layer 4 condition. | Optional: {} |
|
acl ACL array |
ACL (Access Control Lists) provides a flexible solution to perform content switching and generally to take decisions based on content extracted from the request, the response or any environmental status |
Optional: {} |
|
timeouts object (keys:string, values:Duration) |
Timeouts: check, connect, http-keep-alive, http-request, queue, server, tunnel. The timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit. More info: https://cbonte.github.io/haproxy-dconv/2.6/configuration.html |
Optional: {} |
|
errorFiles ErrorFile array |
ErrorFiles custom error files to be used | Optional: {} |
|
forwardFor Forwardfor |
Forwardfor enable insertion of the X-Forwarded-For header to requests sent to servers | Optional: {} |
|
httpPretendKeepalive boolean |
HTTPPretendKeepalive will keep the connection alive. It is recommended not to enable this option by default. | Optional: {} |
|
httpLog boolean |
HTTPLog enables HTTP log format which is the most complete and the best suited for HTTP proxies. It provides the same level of information as the TCP format with additional features which are specific to the HTTP protocol. |
Optional: {} |
|
tcpLog boolean |
TCPLog enables advanced logging of TCP connections with session state and timers. By default, the log output format is very poor, as it only contains the source and destination addresses, and the instance name. |
Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name for these sockets, which will be reported on the stats page. | ||
address string |
Address can be a host name, an IPv4 address, an IPv6 address, or '*' (is equal to the special address "0.0.0.0"). | Pattern: ^[^\s]+$ Optional: {} |
|
port integer |
Port | Maximum: 65535 Minimum: 1 |
|
portRangeEnd integer |
PortRangeEnd if set it must be greater than Port | Maximum: 65535 Minimum: 1 Optional: {} |
|
transparent boolean |
Transparent is an optional keyword which is supported only on certain Linux kernels. It indicates that the addresses will be bound even if they do not belong to the local machine, and that packets targeting any of these addresses will be intercepted just as if the addresses were locally configured. This normally requires that IP forwarding is enabled. Caution! do not use this with the default address '*', as it would redirect any traffic for the specified port. |
Optional: {} |
|
ssl SSL |
SSL configures OpenSSL | Optional: {} |
|
hidden boolean |
Hidden hides the bind and prevent exposing the Bind in services or routes | Optional: {} |
|
acceptProxy boolean |
AcceptProxy enforces the use of the PROXY protocol over any connection accepted by any of the sockets declared on the same line. |
Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
certificate SSLCertificate |
Certificate that will be presented to clients who provide a valid TLSServerNameIndication field matching the SNIFilter. |
||
sniFilter string |
SNIFilter specifies the filter for the SSL Certificate. Wildcards are supported in the SNIFilter. Negative filter are also supported. | ||
alpn string array |
Alpn enables the TLS ALPN extension and advertises the specified protocol list as supported on top of ALPN. |
Optional: {} |
|
ocsp boolean |
Ocsp Enable OCSP stapling for a specific certificate | Optional: {} |
|
ocsp_file OcspFile |
OcspFile you can save the OCSP response to a file so that HAProxy loads it during startup. | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
Enable enables health checks on a server. If not set, no health checking is performed, and the server is always considered available. |
||
inter Duration |
Inter sets the interval between two consecutive health checks. If left unspecified, the delay defaults to 2000 ms. | Optional: {} |
|
rise integer |
Rise specifies the number of consecutive successful health checks after a server will be considered as operational. This value defaults to 2 if unspecified. |
Optional: {} |
|
fall integer |
Fall specifies the number of consecutive unsuccessful health checks after a server will be considered as dead. This value defaults to 3 if unspecified. |
Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the cookie which will be monitored, modified or inserted in order to bring persistence. | ||
mode CookieMode |
Mode could be 'rewrite', 'insert', 'prefix'. Select one. | Optional: {} |
|
indirect boolean |
Indirect no cookie will be emitted to a client which already has a valid one for the server which has processed the request. |
Optional: {} |
|
noCache boolean |
NoCache recommended in conjunction with the insert mode when there is a cache between the client and HAProx |
Optional: {} |
|
postOnly boolean |
PostOnly ensures that cookie insertion will only be performed on responses to POST requests. | Optional: {} |
|
preserve boolean |
Preserve only be used with "insert" and/or "indirect". It allows the server to emit the persistence cookie itself. |
Optional: {} |
|
httpOnly boolean |
HTTPOnly add an "HttpOnly" cookie attribute when a cookie is inserted. It doesn't share the cookie with non-HTTP components. |
Optional: {} |
|
secure boolean |
Secure add a "Secure" cookie attribute when a cookie is inserted. The user agent never emits this cookie over non-secure channels. The cookie will be presented only over SSL/TLS connections. |
Optional: {} |
|
dynamic boolean |
Dynamic activates dynamic cookies, when used, a session cookie is dynamically created for each server, based on the IP and port of the server, and a secret key. |
Optional: {} |
|
domain string array |
Domain specify the domain at which a cookie is inserted. You can specify several domain names by invoking this option multiple times. |
Optional: {} |
|
maxIdle integer |
MaxIdle cookies are ignored after some idle time. | Optional: {} |
|
maxLife integer |
MaxLife cookies are ignored after some life time. | Optional: {} |
|
attribute string array |
Attribute add an extra attribute when a cookie is inserted. | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
rewrite boolean |
Rewrite the cookie will be provided by the server. | ||
insert boolean |
Insert cookie will have to be inserted by haproxy in server responses. | ||
prefix boolean |
Prefix is needed in some specific environments where the client does not support more than one single cookie and the application already needs it. |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditionType string |
ConditionType specifies the type of the condition matching ('if' or 'unless') | Enum: [if unless] Optional: {} |
|
condition string |
Condition is a condition composed of ACLs. | Optional: {} |
|
enabled boolean |
Enabled enables deny http request | ||
denyStatus integer |
DenyStatus is the HTTP status code. | Maximum: 599 Minimum: 200 Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
code integer |
Code is the HTTP status code. | Enum: [200 400 401 403 404 405 407 408 410 413 425 429 500 501 502 503 504] |
|
file StaticHTTPFile |
File designates a file containing the full HTTP response. |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
configMapKeyRef ConfigMapKeySelector |
ConfigMapKeyRef selects a key of a ConfigMap. | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
|||
except string |
Pattern: ^[^\s]+$ | ||
header string |
Pattern: ^[^\s]+$ | ||
ifnone boolean |
Frontend is the Schema for the frontends API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
config.haproxy.com/v1alpha1 |
||
kind string |
Frontend |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec FrontendSpec |
FrontendSpec defines the desired state of Frontend
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
mode string |
Mode can be either 'tcp' or 'http'. In TCP mode it is a layer 4 proxy. In HTTP mode it is a layer 7 proxy. | http | Enum: [http tcp] |
httpResponse HTTPResponseRules |
HTTPResponse rules define a set of rules which apply to layer 7 processing. | Optional: {} |
|
httpRequest HTTPRequestRules |
HTTPRequest rules define a set of rules which apply to layer 7 processing. | Optional: {} |
|
tcpRequest TCPRequestRule array |
TCPRequest rules perform an action on an incoming connection depending on a layer 4 condition. | Optional: {} |
|
acl ACL array |
ACL (Access Control Lists) provides a flexible solution to perform content switching and generally to take decisions based on content extracted from the request, the response or any environmental status |
Optional: {} |
|
timeouts object (keys:string, values:Duration) |
Timeouts: check, connect, http-keep-alive, http-request, queue, server, tunnel. The timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit. More info: https://cbonte.github.io/haproxy-dconv/2.6/configuration.html |
Optional: {} |
|
errorFiles ErrorFile array |
ErrorFiles custom error files to be used | Optional: {} |
|
forwardFor Forwardfor |
Forwardfor enable insertion of the X-Forwarded-For header to requests sent to servers | Optional: {} |
|
httpPretendKeepalive boolean |
HTTPPretendKeepalive will keep the connection alive. It is recommended not to enable this option by default. | Optional: {} |
|
httpLog boolean |
HTTPLog enables HTTP log format which is the most complete and the best suited for HTTP proxies. It provides the same level of information as the TCP format with additional features which are specific to the HTTP protocol. |
Optional: {} |
|
tcpLog boolean |
TCPLog enables advanced logging of TCP connections with session state and timers. By default, the log output format is very poor, as it only contains the source and destination addresses, and the instance name. |
Optional: {} |
|
binds Bind array |
Binds defines the frontend listening addresses, ports and its configuration. | MinItems: 1 |
|
backendSwitching BackendSwitchingRule array |
BackendSwitching rules specify the specific backend used if/unless an ACL-based condition is matched. | Optional: {} |
|
defaultBackend LocalObjectReference |
DefaultBackend to use when no 'use_backend' rule has been matched. |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
uri string |
URI | ||
method string |
Method http method Enum: [HEAD PUT POST GET TRACE PATCH DELETE CONNECT OPTIONS] |
Enum: [HEAD PUT POST GET TRACE PATCH DELETE CONNECT OPTIONS] Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditionType string |
ConditionType specifies the type of the condition matching ('if' or 'unless') | Enum: [if unless] Optional: {} |
|
condition string |
Condition is a condition composed of ACLs. | Optional: {} |
|
name string |
Name specifies the header name | ||
method string |
Method is the matching applied on the header name | Enum: [str beg end sub reg] Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditionType string |
ConditionType specifies the type of the condition matching ('if' or 'unless') | Enum: [if unless] Optional: {} |
|
condition string |
Condition is a condition composed of ACLs. | Optional: {} |
|
name string |
Name specifies the header name | ||
value HTTPHeaderValue |
Value specifies the header value |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
env EnvVar |
Env variable with the header value | ||
str string |
Str with the header value | ||
format string |
Format specifies the format of the header value (implicit default is '%s') |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditionType string |
ConditionType specifies the type of the condition matching ('if' or 'unless') | Enum: [if unless] Optional: {} |
|
condition string |
Condition is a condition composed of ACLs. | Optional: {} |
|
format string |
Value specifies the path value |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
setHeader HTTPHeaderRule array |
SetHeader sets HTTP header fields | ||
setPath HTTPPathRule array |
SetPath sets request path | ||
addHeader HTTPHeaderRule array |
AddHeader appends HTTP header fields | ||
delHeader HTTPDeleteHeaderRule array |
DelHeader removes all HTTP header fields | ||
redirect Redirect array |
Redirect performs an HTTP redirection based on a redirect rule. | Optional: {} |
|
replacePath ReplacePath array |
ReplacePath matches the value of the path using a regex and completely replaces it with the specified format. The replacement does not modify the scheme, the authority and the query-string. |
Optional: {} |
|
deny Deny array |
Deny stops the evaluation of the rules and immediately rejects the request and emits an HTTP 403 error. Optionally the status code specified as an argument to deny_status. |
Optional: {} |
|
return HTTPReturn |
Return stops the evaluation of the rules and immediately returns a response. |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
setHeader HTTPHeaderRule array |
SetHeader sets HTTP header fields |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
content HTTPReturnContent |
Content is a full HTTP response specifying the errorfile to use, or the response payload specifying the file or the string to use. |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
type string |
Type specifies the content-type of the HTTP response. | ||
format string |
ContentFormat defines the format of the Content. Can be one an errorfile or a string. | Enum: [default-errorfile errorfile errorfiles file lf-file string lf-string] |
|
value string |
Value specifying the file or the string to use. |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
method string |
Enum: [map-based consistent] Optional: {} |
||
function string |
Enum: [sdbm djb2 wt6 crc32] Optional: {} |
||
modifier string |
Enum: [avalanche] Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
nx Duration |
Nx defines interval between two successive name resolution when the last answer was nx. | ||
obsolete Duration |
Obsolete defines interval between two successive name resolution when the last answer was obsolete. | ||
other Duration |
Other defines interval between two successive name resolution when the last answer was other. | ||
refused Duration |
Refused defines interval between two successive name resolution when the last answer was nx. | ||
timeout Duration |
Timeout defines interval between two successive name resolution when the last answer was timeout. | ||
valid Duration |
Valid defines interval between two successive name resolution when the last answer was valid. |
Listen is the Schema for the frontends API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
config.haproxy.com/v1alpha1 |
||
kind string |
Listen |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec ListenSpec |
ListenSpec defines the desired state of Listen
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
mode string |
Mode can be either 'tcp' or 'http'. In TCP mode it is a layer 4 proxy. In HTTP mode it is a layer 7 proxy. | http | Enum: [http tcp] |
httpResponse HTTPResponseRules |
HTTPResponse rules define a set of rules which apply to layer 7 processing. | Optional: {} |
|
httpRequest HTTPRequestRules |
HTTPRequest rules define a set of rules which apply to layer 7 processing. | Optional: {} |
|
tcpRequest TCPRequestRule array |
TCPRequest rules perform an action on an incoming connection depending on a layer 4 condition. | Optional: {} |
|
acl ACL array |
ACL (Access Control Lists) provides a flexible solution to perform content switching and generally to take decisions based on content extracted from the request, the response or any environmental status |
Optional: {} |
|
timeouts object (keys:string, values:Duration) |
Timeouts: check, connect, http-keep-alive, http-request, queue, server, tunnel. The timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit. More info: https://cbonte.github.io/haproxy-dconv/2.6/configuration.html |
Optional: {} |
|
errorFiles ErrorFile array |
ErrorFiles custom error files to be used | Optional: {} |
|
forwardFor Forwardfor |
Forwardfor enable insertion of the X-Forwarded-For header to requests sent to servers | Optional: {} |
|
httpPretendKeepalive boolean |
HTTPPretendKeepalive will keep the connection alive. It is recommended not to enable this option by default. | Optional: {} |
|
httpLog boolean |
HTTPLog enables HTTP log format which is the most complete and the best suited for HTTP proxies. It provides the same level of information as the TCP format with additional features which are specific to the HTTP protocol. |
Optional: {} |
|
tcpLog boolean |
TCPLog enables advanced logging of TCP connections with session state and timers. By default, the log output format is very poor, as it only contains the source and destination addresses, and the instance name. |
Optional: {} |
|
binds Bind array |
Binds defines the frontend listening addresses, ports and its configuration. | MinItems: 1 |
|
servers Server array |
Servers defines the backend servers and its configuration. | Optional: {} |
|
serverTemplates ServerTemplate array |
ServerTemplates defines the backend server templates and its configuration. | Optional: {} |
|
checkTimeout Duration |
CheckTimeout sets an additional check timeout, but only after a connection has been already established. |
Optional: {} |
|
balance Balance |
Balance defines the load balancing algorithm to be used in a backend. | Optional: {} |
|
redispatch boolean |
Redispatch enable or disable session redistribution in case of connection failure | Optional: {} |
|
hashType HashType |
HashType Specify a method to use for mapping hashes to servers | Optional: {} |
|
cookie Cookie |
Cookie enables cookie-based persistence in a backend. | Optional: {} |
|
hostCertificate CertificateListElement |
HostCertificate specifies a certificate for that host used in the crt-list of a frontend | Optional: {} |
|
httpCheck HTTPChk |
HTTPCheck Enables HTTP protocol to check on the servers health | Optional: {} |
|
tcpCheck boolean |
TCPCheck Perform health checks using tcp-check send/expect sequences | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name specifies a unique name of the nameserver. | Pattern: ^[A-Za-z0-9-_.:]+$ |
|
address string |
Address | Pattern: ^[^\s]+$ |
|
port integer |
Port | Maximum: 65535 Minimum: 1 |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name | ||
value string |
Value |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
v1 boolean |
V1 parameter enforces use of the PROXY protocol version 1. | Optional: {} |
|
v2 ProxyProtocolV2 |
V2 parameter enforces use of the PROXY protocol version 2. | Optional: {} |
|
v2SSL boolean |
V2SSL parameter add the SSL information extension of the PROXY protocol to the PROXY protocol header. | Optional: {} |
|
v2SSLCN boolean |
V2SSLCN parameter add the SSL information extension of the PROXY protocol to the PROXY protocol header and he SSL information extension along with the Common Name from the subject of the client certificate (if any), is added to the PROXY protocol header. |
Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
Enabled enables the PROXY protocol version 2. | Optional: {} |
|
options ProxyProtocolV2Options |
Options is a list of options to add to the PROXY protocol header. | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
ssl boolean |
Ssl is equivalent to use V2SSL. | Optional: {} |
|
certCn boolean |
CertCn is equivalent to use V2SSLCN. | Optional: {} |
|
sslCipher boolean |
SslCipher is the name of the used cipher. | Optional: {} |
|
certSig boolean |
CertSig is the signature algorithm of the used certificate. | Optional: {} |
|
certKey boolean |
CertKey is the key algorithm of the used certificate. | Optional: {} |
|
authority boolean |
Authority is the host name value passed by the client (only SNI from a TLS) | Optional: {} |
|
crc32C boolean |
Crc32c is the checksum of the PROXYv2 header. | Optional: {} |
|
uniqueID boolean |
UniqueId sends a unique ID generated using the frontend's "unique-id-format" within the PROXYv2 header. This unique-id is primarily meant for "mode tcp". It can lead to unexpected results in "mode http". |
Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditionType string |
ConditionType specifies the type of the condition matching ('if' or 'unless') | Enum: [if unless] Optional: {} |
|
condition string |
Condition is a condition composed of ACLs. | Optional: {} |
|
code integer |
Code indicates which type of HTTP redirection is desired. | Enum: [301 302 303 307 308] Optional: {} |
|
type RedirectType |
Type selects a mode and value to redirect | Optional: {} |
|
value string |
Value to redirect | Optional: {} |
|
option RedirectOption |
Value to redirect | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name | Optional: {} |
|
value string |
Value | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
dropQuery boolean |
DropQuery removes the query string from the original URL when performing the concatenation. | Optional: {} |
|
appendSlash boolean |
AppendSlash adds a / character at the end of the URL. | Optional: {} |
|
SetCookie RedirectCookie |
SetCookie adds header to the redirection. It will be added with NAME (and optionally "=value") | Optional: {} |
|
ClearCookie RedirectCookie |
ClearCookie is to instruct the browser to delete the cookie. It will be added with NAME (and optionally "="). To add "=" type any string in the value field |
Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
location boolean |
Location replaces the entire location of a URL. | Optional: {} |
|
insert boolean |
Prefix adds a prefix to the URL's location. | Optional: {} |
|
prefix boolean |
Scheme redirects to a different scheme. | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name to identify the mapping | ||
parameter string |
Parameter which will be used for the mapping (default: base) | base | |
selector LabelSelector |
LabelSelector to select multiple backends |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditionType string |
ConditionType specifies the type of the condition matching ('if' or 'unless') | Enum: [if unless] Optional: {} |
|
condition string |
Condition is a condition composed of ACLs. | Optional: {} |
|
matchRegex string |
MatchRegex is a string pattern used to identify the paths that need to be replaced. | ||
replaceFmt string |
ReplaceFmt defines the format string used to replace the values that match the pattern. |
Resolver is the Schema for the Resolver API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
config.haproxy.com/v1alpha1 |
||
kind string |
Resolver |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec ResolverSpec |
ResolverSpec defines the desired state of Resolver
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
nameservers Nameserver array |
Nameservers used to configure a nameservers. | ||
acceptedPayloadSize integer |
AcceptedPayloadSize defines the maximum payload size accepted by HAProxy and announced to all the name servers configured in this resolver. |
Maximum: 8192 Minimum: 512 Optional: {} |
|
parseResolvConf boolean |
ParseResolvConf if true, adds all nameservers found in /etc/resolv.conf to this resolvers nameservers list. | Optional: {} |
|
resolveRetries integer |
ResolveRetries defines the number of queries to send to resolve a server name before giving up. Default value: 3 | Minimum: 1 Optional: {} |
|
hold Hold |
Hold defines the period during which the last name resolution should be kept based on the last resolution status. | Optional: {} |
|
timeouts Timeouts |
Timeouts defines timeouts related to name resolution. | Optional: {} |
Appears in:
- BackendSwitchingRule
- Deny
- HTTPDeleteHeaderRule
- HTTPHeaderRule
- HTTPPathRule
- Redirect
- ReplacePath
- TCPRequestRule
| Field | Description | Default | Validation |
|---|---|---|---|
conditionType string |
ConditionType specifies the type of the condition matching ('if' or 'unless') | Enum: [if unless] Optional: {} |
|
condition string |
Condition is a condition composed of ACLs. | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
Enabled enables SSL deciphering on connections instantiated from this listener. A certificate is necessary. All contents in the buffers will appear in clear text, so that ACLs and HTTP processing will only have access to deciphered contents. SSLv3 is disabled per default, set MinVersion to SSLv3 to enable it. |
||
minVersion string |
MinVersion enforces use of the specified version or upper on SSL connections instantiated from this listener. |
Enum: [SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3] Optional: {} |
|
verify string |
Verify is only available when support for OpenSSL was built in. If set to 'none', client certificate is not requested. This is the default. In other cases, a client certificate is requested. If the client does not provide a certificate after the request and if 'Verify' is set to 'required', then the handshake is aborted, while it would have succeeded if set to 'optional'. The verification of the certificate provided by the client using CAs from CACertificate. On verify failure the handshake abortes, regardless of the 'verify' option. |
Enum: [none optional required] Optional: {} |
|
caCertificate SSLCertificate |
CACertificate configures the CACertificate used for the Server or Bind client certificate | Optional: {} |
|
certificate SSLCertificate |
Certificate configures a PEM based Certificate file containing both the required certificates and any associated private keys. |
Optional: {} |
|
sni string |
SNI parameter evaluates the sample fetch expression, converts it to a string and uses the result as the host name sent in the SNI TLS extension to the server. |
Optional: {} |
|
alpn string array |
Alpn enables the TLS ALPN extension and advertises the specified protocol list as supported on top of ALPN. |
Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
|||
value string |
|||
valueFrom SSLCertificateValueFrom array |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
configMapKeyRef ConfigMapKeySelector |
ConfigMapKeyRef selects a key of a ConfigMap | Optional: {} |
|
secretKeyRef SecretKeySelector |
SecretKeyRef selects a key of a secret in the pod namespace | Optional: {} |
|
secretKeyExternalRef SecretKeySelectorExternal |
SecretKeyExternalRef selects a key of a secret in a specific namespace | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
ssl SSL |
SSL configures OpenSSL | Optional: {} |
|
weight integer |
Weight parameter is used to adjust the server weight relative to other servers. All servers will receive a load proportional to their weight relative to the sum of all weights. |
Maximum: 256 Minimum: 0 |
|
check Check |
Check configures the health checks of the server. | Optional: {} |
|
initAddr string |
InitAddr indicates in what order the server address should be resolved upon startup if it uses an FQDN. Attempts are made to resolve the address by applying in turn each of the methods mentioned in the comma-delimited list. The first method which succeeds is used. |
Optional: {} |
|
resolvers LocalObjectReference |
Resolvers points to an existing resolvers to resolve current server hostname. | Optional: {} |
|
sendProxy boolean |
SendProxy enforces use of the PROXY protocol over any connection established to this server. The PROXY protocol informs the other end about the layer 3/4 addresses of the incoming connection, so that it can know the client address or the public address it accessed to, whatever the upper layer protocol. |
Optional: {} |
|
SendProxyV2 ProxyProtocol |
SendProxyV2 preparing new update. | ||
verifyHost string |
VerifyHost is only available when support for OpenSSL was built in, and only takes effect if pec.ssl.verify' is set to 'required'. This directive sets a default static hostname to check the server certificate against when no SNI was used to connect to the server. |
Optional: {} |
|
sni string |
SNI This option allows you to specify the SNI to be used when connecting to the backend over SSL | Optional: {} |
|
checkSNI string |
CheckSNI This option allows you to specify the SNI to be used when doing health checks over SSL | Optional: {} |
|
cookie boolean |
Cookie sets the cookie value assigned to the server. | Optional: {} |
|
resolvePrefer string |
When DNS resolution is enabled for a server and multiple IP addresses from different families are returned, HAProxy will prefer using an IP address from the ipv4 or ipv6. |
Optional: {} |
|
name string |
Name of the server. | ||
address string |
Address can be a host name, an IPv4 address, an IPv6 address. | Pattern: ^[^\s]+$ |
|
port integer |
Port | Maximum: 65535 Minimum: 1 |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
ssl SSL |
SSL configures OpenSSL | Optional: {} |
|
weight integer |
Weight parameter is used to adjust the server weight relative to other servers. All servers will receive a load proportional to their weight relative to the sum of all weights. |
Maximum: 256 Minimum: 0 |
|
check Check |
Check configures the health checks of the server. | Optional: {} |
|
initAddr string |
InitAddr indicates in what order the server address should be resolved upon startup if it uses an FQDN. Attempts are made to resolve the address by applying in turn each of the methods mentioned in the comma-delimited list. The first method which succeeds is used. |
Optional: {} |
|
resolvers LocalObjectReference |
Resolvers points to an existing resolvers to resolve current server hostname. | Optional: {} |
|
sendProxy boolean |
SendProxy enforces use of the PROXY protocol over any connection established to this server. The PROXY protocol informs the other end about the layer 3/4 addresses of the incoming connection, so that it can know the client address or the public address it accessed to, whatever the upper layer protocol. |
Optional: {} |
|
SendProxyV2 ProxyProtocol |
SendProxyV2 preparing new update. | ||
verifyHost string |
VerifyHost is only available when support for OpenSSL was built in, and only takes effect if pec.ssl.verify' is set to 'required'. This directive sets a default static hostname to check the server certificate against when no SNI was used to connect to the server. |
Optional: {} |
|
sni string |
SNI This option allows you to specify the SNI to be used when connecting to the backend over SSL | Optional: {} |
|
checkSNI string |
CheckSNI This option allows you to specify the SNI to be used when doing health checks over SSL | Optional: {} |
|
cookie boolean |
Cookie sets the cookie value assigned to the server. | Optional: {} |
|
resolvePrefer string |
When DNS resolution is enabled for a server and multiple IP addresses from different families are returned, HAProxy will prefer using an IP address from the ipv4 or ipv6. |
Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
ssl SSL |
SSL configures OpenSSL | Optional: {} |
|
weight integer |
Weight parameter is used to adjust the server weight relative to other servers. All servers will receive a load proportional to their weight relative to the sum of all weights. |
Maximum: 256 Minimum: 0 |
|
check Check |
Check configures the health checks of the server. | Optional: {} |
|
initAddr string |
InitAddr indicates in what order the server address should be resolved upon startup if it uses an FQDN. Attempts are made to resolve the address by applying in turn each of the methods mentioned in the comma-delimited list. The first method which succeeds is used. |
Optional: {} |
|
resolvers LocalObjectReference |
Resolvers points to an existing resolvers to resolve current server hostname. | Optional: {} |
|
sendProxy boolean |
SendProxy enforces use of the PROXY protocol over any connection established to this server. The PROXY protocol informs the other end about the layer 3/4 addresses of the incoming connection, so that it can know the client address or the public address it accessed to, whatever the upper layer protocol. |
Optional: {} |
|
SendProxyV2 ProxyProtocol |
SendProxyV2 preparing new update. | ||
verifyHost string |
VerifyHost is only available when support for OpenSSL was built in, and only takes effect if pec.ssl.verify' is set to 'required'. This directive sets a default static hostname to check the server certificate against when no SNI was used to connect to the server. |
Optional: {} |
|
sni string |
SNI This option allows you to specify the SNI to be used when connecting to the backend over SSL | Optional: {} |
|
checkSNI string |
CheckSNI This option allows you to specify the SNI to be used when doing health checks over SSL | Optional: {} |
|
cookie boolean |
Cookie sets the cookie value assigned to the server. | Optional: {} |
|
resolvePrefer string |
When DNS resolution is enabled for a server and multiple IP addresses from different families are returned, HAProxy will prefer using an IP address from the ipv4 or ipv6. |
Optional: {} |
|
prefix string |
Prefix for the server names to be built. | Pattern: ^[^\s]+$ |
|
numMin integer |
NumMin is the min number of servers as server name suffixes this template initializes. | Optional: {} |
|
num integer |
Num is the max number of servers as server name suffixes this template initializes. | ||
fqdn string |
FQDN for all the servers this template initializes. | ||
port integer |
Port | Maximum: 65535 Minimum: 1 |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
|||
value string |
|||
valueFrom ErrorFileValueFrom |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditionType string |
ConditionType specifies the type of the condition matching ('if' or 'unless') | Enum: [if unless] Optional: {} |
|
condition string |
Condition is a condition composed of ACLs. | Optional: {} |
|
type string |
Type specifies the type of the tcp-request rule. | Enum: [connection content inspect-delay session] |
|
action string |
Action defines the action to perform if the condition applies. | Enum: [accept capture do-resolve expect-netscaler-cip expect-proxy reject sc-inc-gpc0 sc-inc-gpc1 sc-set-gpt0 send-spoe-group set-dst-port set-dst set-priority set-src set-var silent-drop track-sc0 track-sc1 track-sc2 unset-var use-service lua] Optional: {} |
|
timeout Duration |
Timeout sets timeout for the action | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
resolve Duration |
Resolve time to trigger name resolutions when no other time applied. Default value: 1s | Optional: {} |
|
retry Duration |
Retry time between two DNS queries, when no valid response have been received. Default value: 1s | Optional: {} |
Package v1alpha1 contains API Schema definitions for the proxy v1alpha1 API group
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
global GlobalConfiguration |
Global contains the global HAProxy configuration settings | ||
defaults DefaultsConfiguration |
Defaults presets settings for all frontend, backend and listen | ||
selector LabelSelector |
LabelSelector to select other configuration objects of the config.haproxy.com API |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
mode string |
Mode can be either 'tcp' or 'http'. In tcp mode it is a layer 4 proxy. In http mode it is a layer 7 proxy. | http | Enum: [http tcp] |
errorFiles ErrorFile array |
ErrorFiles custom error files to be used | Optional: {} |
|
timeouts object (keys:string, values:Duration) |
Timeouts: check, client, client-fin, connect, http-keep-alive, http-request, queue, server, server-fin, tunnel. The timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit. More info: https://cbonte.github.io/haproxy-dconv/2.6/configuration.html |
{ client:5s connect:5s server:10s } | |
logging DefaultsLoggingConfiguration |
Logging is used to configure default logging for all proxies. | Optional: {} |
|
additionalParameters string |
AdditionalParameters can be used to specify any further configuration statements which are not covered in this section explicitly. | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
Enabled will enable logs for all proxies | ||
httpLog boolean |
HTTPLog enables HTTP log format which is the most complete and the best suited for HTTP proxies. It provides the same level of information as the TCP format with additional features which are specific to the HTTP protocol. |
Optional: {} |
|
tcpLog boolean |
TCPLog enables advanced logging of TCP connections with session state and timers. By default, the log output format is very poor, as it only contains the source and destination addresses, and the instance name. |
Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
reload boolean |
Reload enables auto-reload of the configuration using sockets. Requires an image that supports this feature. | false | |
statsTimeout Duration |
StatsTimeout sets the timeout on the stats socket. Default is set to 10 seconds. | Optional: {} |
|
logging GlobalLoggingConfiguration |
Logging is used to enable and configure logging in the global section of the HAProxy configuration. | Optional: {} |
|
additionalParameters string |
AdditionalParameters can be used to specify any further configuration statements which are not covered in this section explicitly. | Optional: {} |
|
additionalCertificates SSLCertificate array |
AdditionalCertificates can be used to include global ssl certificates which can bes used in any listen | Optional: {} |
|
maxconn integer |
Maxconn sets the maximum per-process number of concurrent connections. Proxies will stop accepting connections when this limit is reached. | Optional: {} |
|
nbthread integer |
Nbthread this setting is only available when support for threads was built in. It makes HAProxy run on specified number of threads. | Optional: {} |
|
tune GlobalTuneOptions |
TuneOptions sets the global tune options. | Optional: {} |
|
ssl GlobalSSL |
GlobalSSL sets the global SSL options. | Optional: {} |
|
hardStopAfter Duration |
HardStopAfter is the maximum time the instance will remain alive when a soft-stop is received. | Optional: {} |
|
ocsp GlobalOCSPConfiguration |
Ocsp is used to enable stapling at the global level for all certificates in the configuration. | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
Enabled will toggle the creation of a global syslog server. | ||
address string |
Address can be a filesystem path to a UNIX domain socket or a remote syslog target (IPv4/IPv6 address optionally followed by a colon and a UDP port). | /var/lib/rsyslog/rsyslog.sock | Pattern: ^[^\s]+$ |
facility string |
Facility must be one of the 24 standard syslog facilities. | local0 | Enum: [kern user mail daemon auth syslog lpr news uucp cron auth2 ftp ntp audit alert cron2 local0 local1 local2 local3 local4 local5 local6 local7] |
level string |
Level can be specified to filter outgoing messages. By default, all messages are sent. | Enum: [emerg alert crit err warning notice info debug] Optional: {} |
|
format string |
Format is the log format used when generating syslog messages. | Enum: [rfc3164 rfc5424 short raw] Optional: {} |
|
sendHostname boolean |
SendHostname sets the hostname field in the syslog header. Generally used if one is not relaying logs through an intermediate syslog server. |
Optional: {} |
|
hostname string |
Hostname specifies a value for the syslog hostname header, otherwise uses the hostname of the system. | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
mode boolean |
Mode Enable automatic OCSP response update when set to 'on', disable it otherwise. Its value defaults to 'off'. |
Optional: {} |
|
maxDelay integer |
MaxDelay sets the maximum interval between two automatic updates of the same OCSP response. This time is expressed in seconds and defaults to 3600 (1 hour). |
Optional: {} |
|
minDelay integer |
MinDelay sets the minimum interval between two automatic updates of the same OCSP response. This time is expressed in seconds and defaults to 300 (5 minutes). |
Optional: {} |
|
httpproxy OcspUpdateOptionsHttpproxy |
HttpProxy Allow to use an HTTP proxy for the OCSP updates. This only works with HTTP, HTTPS is not supported. This option will allow the OCSP updater to send absolute URI in the request to the proxy. |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
defaultBindCiphers string array |
DefaultBindCiphers sets the list of cipher algorithms ("cipher suite") that are negotiated during the SSL/TLS handshake up to TLSv1.2 for all binds which do not explicitly define theirs. |
Optional: {} |
|
defaultBindCipherSuites string array |
DefaultBindCipherSuites sets the default list of cipher algorithms ("cipher suite") that are negotiated during the TLSv1.3 handshake for all binds which do not explicitly define theirs. |
Optional: {} |
|
defaultBindOptions GlobalSSLDefaultBindOptions |
DefaultBindOptions sets default ssl-options to force on all binds. | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
minVersion string |
MinVersion enforces use of the specified version or upper on SSL connections instantiated from this listener. |
Enum: [SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3] Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
cacheSize integer |
CacheSize sets the size of the global SSL session cache, in a number of blocks. A block is large enough to contain an encoded session without peer certificate. An encoded session with peer certificate is stored in multiple blocks depending on the size of the peer certificate. The default value may be forced at build time, otherwise defaults to 20000. Setting this value to 0 disables the SSL session cache. |
Optional: {} |
|
keylog string |
Keylog activates the logging of the TLS keys. It should be used with care as it will consume more memory per SSL session and could decrease performances. This is disabled by default. |
Optional: {} |
|
lifetime Duration |
Lifetime sets how long a cached SSL session may remain valid. This time defaults to 5 min. It is important to understand that it does not guarantee that sessions will last that long, because if the cache is full, the longest idle sessions will be purged despite their configured lifetime. |
Optional: {} |
|
forcePrivateCache boolean |
ForcePrivateCache disables SSL session cache sharing between all processes. It should normally not be used since it will force many renegotiations due to clients hitting a random process. |
Optional: {} |
|
maxRecord integer |
MaxRecord sets the maximum amount of bytes passed to SSL_write() at a time. Default value 0 means there is no limit. Over SSL/TLS, the client can decipher the data only once it has received a full record. |
Optional: {} |
|
defaultDHParam integer |
DefaultDHParam sets the maximum size of the Diffie-Hellman parameters used for generating the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange. The final size will try to match the size of the server's RSA (or DSA) key (e.g, a 2048 bits temporary DH key for a 2048 bits RSA key), but will not exceed this maximum value. Default value if 2048. |
Optional: {} |
|
ctxCacheSize integer |
CtxCacheSize sets the size of the cache used to store generated certificates to entries. This is an LRU cache. Because generating an SSL certificate dynamically is expensive, they are cached. The default cache size is set to 1000 entries. |
Optional: {} |
|
captureBufferSize integer |
CaptureBufferSize sets the maximum size of the buffer used for capturing client hello cipher list, extensions list, elliptic curves list and elliptic curve point formats. If the value is 0 (default value) the capture is disabled, otherwise a buffer is allocated for each SSL/TLS connection. |
Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
maxrewrite integer |
Maxrewrite sets the reserved buffer space to this size in bytes. The reserved space is used for header rewriting or appending. The first reads on sockets will never fill more than bufsize-maxrewrite. |
Optional: {} |
|
buffers_limit integer |
BuffersLimit Sets a hard limit on the number of buffers which may be allocated per process. The default value is zero which means unlimited. The limit will automatically be re-adjusted to satisfy the reserved buffers for emergency situations so that the user doesn't have to perform complicated calculations. |
Optional: {} |
|
bufsize integer |
Bufsize sets the buffer size to this size (in bytes). Lower values allow more sessions to coexist in the same amount of RAM, and higher values allow some applications with very large cookies to work. |
Optional: {} |
|
buffers_reserve integer |
BuffersReserve Sets the number of per-thread buffers which are pre-allocated and reserved for use only during memory shortage conditions resulting in failed memory allocations. The minimum value is 2 and the default is 4. |
Optional: {} |
|
ssl GlobalSSLTuneOptions |
SSL sets the SSL tune options. | Optional: {} |
Instance is the Schema for the instances API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
proxy.haproxy.com/v1alpha1 |
||
kind string |
Instance |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec InstanceSpec |
InstanceSpec defines the desired state of Instance
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
replicas integer |
Replicas is the desired number of replicas of the HAProxy Instance. | 1 | |
network Network |
Network contains the configuration of Route, Services and other network related configuration. | ||
configuration Configuration |
Configuration is used to bootstrap the global and defaults section of the HAProxy configuration. | ||
rolloutOnConfigChange boolean |
RolloutOnConfigChange enable rollout on config changes | Optional: {} |
|
image string |
Image specifies the HaProxy image including th tag. | haproxy:latest | |
resources ResourceRequirements |
Resources defines the resource requirements for the HAProxy pods. | Optional: {} |
|
sidecars Container array |
Sidecars additional sidecar containers | Optional: {} |
|
serviceAccountName string |
ServiceAccountName is the name of the ServiceAccount to use to run this Instance. | Optional: {} |
|
imagePullSecrets LocalObjectReference array |
ImagePullSecrets is an optional list of secret names in the same namespace to use for pulling any of the images used. | Optional: {} |
|
allowPrivilegedPorts boolean |
AllowPrivilegedPorts allows to bind sockets with port numbers less than 1024. | Optional: {} |
|
placement Placement |
Placement define how the instance's pods should be scheduled. | Optional: {} |
|
imagePullPolicy PullPolicy |
ImagePullPolicy one of Always, Never, IfNotPresent. | Optional: {} |
|
metrics Metrics |
Metrics defines the metrics endpoint and scraping configuration. | Optional: {} |
|
labels object (keys:string, values:string) |
Labels additional labels for the ha-proxy pods | Optional: {} |
|
env object (keys:string, values:string) |
Env additional environment variables | Optional: {} |
|
readinessProbe Probe |
ReadinessProbe the readiness probe for the main container | Optional: {} |
|
livenessProbe Probe |
LivenessProbe the liveness probe for the main container | Optional: {} |
|
podDisruptionBudget PodDisruptionBudget |
PodDisruptionBudget defines pod disruptions options | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
Enabled will enable metrics globally for Instance. | ||
address string |
Address to bind the metrics endpoint (default: '0.0.0.0'). | 0.0.0.0 | Optional: {} |
port integer |
Port specifies the port used for metrics. | ||
relabelings RelabelConfig array |
RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config |
Optional: {} |
|
interval Duration |
Interval at which metrics should be scraped If not specified Prometheus' global scrape interval is used. |
Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
hostNetwork boolean |
HostNetwork will enable the usage of host network. | ||
hostIPs object (keys:string, values:string) |
HostIPs defines an environment variable BIND_ADDRESS in the instance based on the provided host to IP mapping | ||
route RouteSpec |
Route defines the desired state for OpenShift Routes. | ||
service ServiceSpec |
Service defines the desired state for a Service. |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
address string |
Address can be a host name, an IPv4 address or an IPv6 address | Pattern: ^[^\s]+$ Optional: {} |
|
port integer |
Port |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
nodeSelector object (keys:string, values:string) |
NodeSelector is a selector which must be true for the pod to fit on a node. | Optional: {} |
|
topologySpreadConstraints TopologySpreadConstraint array |
TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. |
Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
minAvailable IntOrString |
An eviction is allowed if at least “minAvailable“ pods selected by “selector” will still be available after the eviction | Optional: {} |
|
maxUnavailable IntOrString |
An eviction is allowed if at most “maxUnavailable“ pods selected by “selector” are unavailable after the eviction | Optional: {} |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
Enabled will toggle the creation of OpenShift Routes. | ||
tls TLSConfig |
TLS provides the ability to configure certificates and termination for the route. |
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
Enabled will toggle the creation of a Service. | ||
type ServiceType |
Type will define the Service Type. | ClusterIP | Enum: [ClusterIP NodePort LoadBalancer] Optional: {} |
annotations object (keys:string, values:string) |
Annotations to be added to Service. | Optional: {} |