You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/nw-route-specific-annotations.adoc
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,6 +35,8 @@ Note: Using this annotation provides basic protection against distributed denial
35
35
|`haproxy.router.openshift.io/rate-limit-connections.rate-tcp`| Limits the rate at which a client with the same source IP address can make TCP connections. It accepts a numeric value. +
36
36
Note: Using this annotation provides basic protection against distributed denial-of-service (DDoS) attacks. |
37
37
|`haproxy.router.openshift.io/timeout` | Sets a server-side timeout for the route. (TimeUnits) | `ROUTER_DEFAULT_SERVER_TIMEOUT`
38
+
|`haproxy.router.openshift.io/timeout-tunnel` | This timeout applies to a tunnel connection, for example, WebSocket over cleartext, edge, reencrypt, or passthrough routes. With cleartext, edge, or reencrypt route types, this annotation is applied as a timeout tunnel with the existing timeout value. For the passthrough route types, the annotation takes precedence over any existing timeout value set. | `ROUTER_DEFAULT_TUNNEL_TIMEOUT`
39
+
|`ingresses.config/cluster ingress.operator.openshift.io/hard-stop-after` | You can set either an IngressController or the ingress config . This annotation redeploys the router and configures the HA proxy to emit the haproxy `hard-stop-after` global option, which defines the maximum time allowed to perform a clean soft-stop. | `ROUTER_HARD_STOP_AFTER`
38
40
|`router.openshift.io/haproxy.health.check.interval`| Sets the interval for the back-end health checks. (TimeUnits) | `ROUTER_BACKEND_CHECK_INTERVAL`
39
41
|`haproxy.router.openshift.io/ip_whitelist`
40
42
| Sets a whitelist for the route. The whitelist is a space-separated list of IP addresses and CIDR ranges for the approved source addresses. Requests from IP addresses that are not in the whitelist are dropped.
@@ -87,7 +89,7 @@ The regular expression is: [1-9][0-9]*(`us`\|`ms`\|`s`\|`m`\|`h`\|`d`).
87
89
| `ROUTER_DEFAULT_TUNNEL_TIMEOUT` | `1h` | Length of time for TCP or WebSocket connections to remain open. This timeout period resets whenever HAProxy reloads.
88
90
| `ROUTER_SLOWLORIS_HTTP_KEEPALIVE` | `300s` | Set the maximum time to wait for a new HTTP request to appear. If this is set too low, it can cause problems with browsers and applications not expecting a small `keepalive` value.
89
91
90
-
Some effective timeout values can be the sum of certain variables, rather than the specific expected timeout. For example, `ROUTER_SLOWLORIS_HTTP_KEEPALIVE` adjusts `timeout http-keep-alive`. It is set to `300s` by default, but HAProxy also waits on `tcp-request inspect-delay`, which is set to `5s`. In this case, the overall timeout would be `300s` plus `5s`.
92
+
Some effective timeout values can be the sum of certain variables, rather than the specific expected timeout. For example, `ROUTER_SLOWLORIS_HTTP_KEEPALIVE` adjusts `timeout http-keep-alive`. It is set to `300s` by default, but HAProxy also waits on `tcp-request inspect-delay`, which is set to `5s`. In this case, the overall timeout would be `300s` plus `5s`.
91
93
| `ROUTER_SLOWLORIS_TIMEOUT` | `10s` | Length of time the transmission of an HTTP request can take.
92
94
| `RELOAD_INTERVAL` | `5s` | Allows the minimum frequency for the router to reload and accept new changes.
93
95
| `ROUTER_METRICS_HAPROXY_TIMEOUT` | `5s` | Timeout for the gathering of HAProxy metrics.
0 commit comments