You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/nw-route-specific-annotations.adoc
+4-3
Original file line number
Diff line number
Diff line change
@@ -19,7 +19,7 @@ To create a whitelist with multiple source IPs or subnets, use a space-delimited
19
19
[cols="3*", options="header"]
20
20
|===
21
21
|Variable | Description | Environment variable used as default
22
-
|`haproxy.router.openshift.io/balance`| Sets the load-balancing algorithm. Available options are `random`, `source`, `roundrobin`, and `leastconn`. The default value is `source` for TLS passthrough routes. For all other routes, the default is `random`. |`ROUTER_TCP_BALANCE_SCHEME` for passthrough routes. Otherwise, use `ROUTER_LOAD_BALANCE_ALGORITHM`.
22
+
|`haproxy.router.openshift.io/balance`| Sets the load-balancing algorithm. Available options are `random`, `source`, `roundrobin`[^1^], and `leastconn`. The default value is `source` for TLS passthrough routes. For all other routes, the default is `random`. |`ROUTER_TCP_BALANCE_SCHEME` for passthrough routes. Otherwise, use `ROUTER_LOAD_BALANCE_ALGORITHM`.
23
23
|`haproxy.router.openshift.io/disable_cookies`| Disables the use of cookies to track related connections. If set to `'true'` or `'TRUE'`, the balance algorithm is used to choose which back-end serves connections for each incoming HTTP request. |
24
24
|`router.openshift.io/cookie_name`| Specifies an optional cookie to use for
25
25
this route. The name must consist of any combination of upper and lower case letters, digits, "_",
@@ -41,7 +41,7 @@ Note: Using this annotation provides basic protection against denial-of-service
41
41
|`haproxy.router.openshift.io/ip_whitelist`
42
42
| Sets an allowlist for the route. The allowlist is a space-separated list of IP addresses and CIDR ranges for the approved source addresses. Requests from IP addresses that are not in the allowlist are dropped.
43
43
44
-
The maximum number of IP addresses and CIDR ranges directly visible in the `haproxy.config` file is 61. [^1^] |
44
+
The maximum number of IP addresses and CIDR ranges directly visible in the `haproxy.config` file is 61. [^2^] |
45
45
46
46
|`haproxy.router.openshift.io/hsts_header` | Sets a Strict-Transport-Security header for the edge terminated or re-encrypt route. |
47
47
|`haproxy.router.openshift.io/rewrite-target` | Sets the rewrite path of the request on the backend. |
@@ -68,7 +68,8 @@ This value is applicable to re-encrypt and edge routes only. For more informatio
68
68
|===
69
69
[.small]
70
70
--
71
-
1. If the number of IP addresses and CIDR ranges in an allowlist exceeds 61, they are written into a separate file that is then referenced from `haproxy.config`. This file is stored in the `var/lib/haproxy/router/whitelists` folder.
71
+
1. By default, the router reloads every 5 s which resets the balancing connection across pods from the beginning. As a result, the `roundrobin` state is not preserved across reloads. This algorithm works best when pods have nearly identical computing capabilites and storage capacity. If your application or service has continuously changing endpoints, for example, due to the use of a CI/CD pipeline, uneven balancing can result. In this case, use a different algorithm.
72
+
2. If the number of IP addresses and CIDR ranges in an allowlist exceeds 61, they are written into a separate file that is then referenced from the `haproxy.config` file. This file is stored in the `/var/lib/haproxy/router/allowlists` folder.
0 commit comments