Skip to content

Commit

Permalink
DOC: documentation for quic protocol
Browse files Browse the repository at this point in the history
  • Loading branch information
ivanmatmati committed Feb 15, 2024
1 parent 67f3666 commit 1811282
Show file tree
Hide file tree
Showing 3 changed files with 102 additions and 0 deletions.
30 changes: 30 additions & 0 deletions documentation/annotations.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ This is autogenerated from [doc.yaml](doc.yaml). Description can be found in [ge
| [path-rewrite](#path-rewrite) | string | | |:large_blue_circle:|:large_blue_circle:|:white_circle:|
| [pod-maxconn](#maximum-concurrent-backend-connections) | number | | |:large_blue_circle:|:large_blue_circle:|:large_blue_circle:|
| [proxy-protocol](#proxy-protocol) | IPs or CIDRs | | |:large_blue_circle:|:white_circle:|:white_circle:|
| [quic-alt-svc-max-age](#quic-alt-svc-max-age) :construction:(dev) | number | | ssl-certificate |:large_blue_circle:|:white_circle:|:white_circle:|
| [rate-limit-period](#rate-limit) | [time](#time) | "1s" | |:large_blue_circle:|:large_blue_circle:|:white_circle:|
| [rate-limit-status-code](#rate-limit) | string | "403" | |:large_blue_circle:|:large_blue_circle:|:white_circle:|
| [rate-limit-requests](#rate-limit) | number | | |:large_blue_circle:|:large_blue_circle:|:white_circle:|
Expand Down Expand Up @@ -1174,6 +1175,33 @@ proxy-protocol: "192.168.1.0/24, 192.168.2.100"

***

#### Quic Alt Svc Max Age

##### `quic-alt-svc-max-age`


> :construction: this is only available from next version, currently available in dev build

Sets the max age in seconds for the alt-svc header as defined by the standard.

Available on: `configmap`

:information_source: Too high a number can lead to issues. The clients could fail to connect because the services is no more available.

Possible values:

- number of seconds for cache retention.

Example:

```yaml
quic-alt-svc-max-age: "900"
```

<p align='right'><a href='#available-annotations'>:arrow_up_small: back to top</a></p>

***

#### Rate Limit

##### `rate-limit-period`
Expand Down Expand Up @@ -1648,6 +1676,8 @@ client-strict-sni: true

:information_source: this replaces default certificate

:information_source: this is used as the certificate for quic binding

Possible values:

- Name of Kubernetes secret
Expand Down
44 changes: 44 additions & 0 deletions documentation/controller.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ Image can be run with arguments:
| [`--disable-service-external-name`](#--disable-service-external-name) | `false` |
| [`--channel-size`](#--channel-size) | `600` |
| [`--disable-config-snippets`](#--disable-config-snippets) :construction:(dev) | |
| [`--disable-quic`](#--disable-quic) :construction:(dev) | `false` |
| [`--quick-announce-port`](#--quick-announce-port) :construction:(dev) | |


### `--configmap`
Expand Down Expand Up @@ -744,3 +746,45 @@ Example:

***

### `--disable-quic`


> :construction: this is only available from next version, currently available in dev build
option to disable the quic binding used by default if a certificate is provided throug ssl-certificate annotation. Please be aware that the quic implementation is activated with the "limited-quic" global option. Please refer to the documentation for details.

Possible values:


Example:

```yaml
args:
- --disable-quic
```
<p align='right'><a href='#haproxy-kubernetes-ingress-controller'>:arrow_up_small: back to top</a></p>
***
### `--quick-announce-port`


> :construction: this is only available from next version, currently available in dev build

adjust the port in the alt-svc header to redirect to the exposed port in case it differs from the quic binding port.

Possible values:


Example:

```yaml
args:
- --quick-announce-port=10443
```

<p align='right'><a href='#haproxy-kubernetes-ingress-controller'>:arrow_up_small: back to top</a></p>

***

28 changes: 28 additions & 0 deletions documentation/doc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -370,6 +370,19 @@ image_arguments:
- If 'all' is present then all (backend, frontend, global) config snippets are disabled.
version_min: "1.11"
example: --disable-config-snippets=backend,frontend
- argument: --disable-quic
description: option to disable the quic binding used by default if a certificate is provided throug ssl-certificate annotation. Please be aware that the quic implementation is activated with the "limited-quic" global option. Please refer to the documentation for details.
default: false
version_min: "1.11"
example: |-
args:
- --disable-quic
- argument: --quick-announce-port
description: adjust the port in the alt-svc header to redirect to the exposed port in case it differs from the quic binding port.
version_min: "1.11"
example: |-
args:
- --quick-announce-port=10443
groups:
config-snippet:
header: |-
Expand Down Expand Up @@ -1151,6 +1164,20 @@ annotations:
- configmap
version_min: "1.4"
example: ['proxy-protocol: "192.168.1.0/24, 192.168.2.100"']
- title: quic-alt-svc-max-age
type: number
dependencies: "ssl-certificate"
default: ""
description:
- Sets the max age in seconds for the alt-svc header as defined by the standard.
tip:
- Too high a number can lead to issues. The clients could fail to connect because the services is no more available.
values:
- number of seconds for cache retention.
applies_to:
- configmap
version_min: "1.11"
example: ['quic-alt-svc-max-age: "900"']
- title: rate-limit-period
type: "[time](#time)"
group: rate-limit
Expand Down Expand Up @@ -1534,6 +1561,7 @@ annotations:
- Sets the name of the Kubernetes secret that contains both the TLS key and certificate.
tip:
- this replaces default certificate
- this is used as the certificate for quic binding
values:
- Name of Kubernetes secret
applies_to:
Expand Down

0 comments on commit 1811282

Please sign in to comment.