ConfigMap#
ConfigMap resources allow you to configure the behavior of Angie. For example, you can set the number of worker processes or configure the access log format.
Using ConfigMap#
Our installation instructions with manifests deploy an empty ConfigMap, while the default installation manifests specify it in the ANIC command-line arguments. However, if you configured the manifests to use ConfigMap, be sure to specify the ConfigMap resource to use via the command-line arguments for ANIC.
-
Create a ConfigMap file named
angie-config.yaml
and set values that make sense for your environment:kind: ConfigMap apiVersion: v1 metadata: name: angie-config namespace: angie-ingress data: proxy-connect-timeout: 10s proxy-read-timeout: 10s client-max-body-size: 2m
See the section Summary of ConfigMap Keys for information about available ConfigMap keys (such as
proxy-connect-timeout
in this example). -
Create a new (or update an existing) ConfigMap resource:
kubectl apply -f angie-config.yaml
The configuration for Angie will be updated.
ConfigMap and Ingress Annotations#
Annotations allow you to configure advanced features of Angie and change its behavior.
ConfigMap is applied globally, meaning it affects every Ingress resource. In contrast, annotations are always applied only to their respective Ingress resource. Annotations allow you to override some ConfigMap keys. For example, the angie.software/proxy-connect-timeout
annotation overrides the configuration key proxy-connect-timeout
.
Overriding ConfigMap for a Specific Ingress Resource Using Annotations#
You can apply different ConfigMap configurations to Ingress resources depending on the namespace specified in the configuration. The annotation angie.software/configmap
allows you to specify a specific ConfigMap for configuring the Ingress resource. The specified ConfigMap will take precedence over the global one. If both the global and specified ConfigMaps are the same, the specified one will be applied.
To apply a specific ConfigMap to an Ingress resource:
-
Create a ConfigMap specifying the desired namespace.
For example:
kind: ConfigMap apiVersion: v1 metadata: name: echoserver-new-config namespace: echoserver-new data: server-snippets: | location /echoserver-new-snippet { return 302 /echo-test-2; }
-
Specify the annotation
angie.software/configmap
in the Ingress resource to which you want to apply this ConfigMap.For example:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: angie.software/configmap: "echoserver-new/echoserver-new-config" name: echoserver-new namespace: echoserver-new spec: ingressClassName: angie rules: - host: test-new.example.com http: paths: - backend: service: name: echoserver-new port: number: 8077 pathType: ImplementationSpecific
In this example, the annotation
angie.software/configmap
points to the use of the configuration from the ConfigMapechoserver-new-config
. This means that the directives described inserver-snippets
from this ConfigMap will be applied to the requests handled by this Ingress.
See also the documentation on advanced configuration using annotations.
ConfigMap and VirtualServer, VirtualServerRoute Resources#
ConfigMap affects all VirtualServer and VirtualServerRoute resources. However, the fields of these resources allow overriding some ConfigMap keys. For example, the connect-timeout
field of the upstream server takes precedence over the ConfigMap key proxy-connect-timeout
.
See the documentation on VirtualServer and VirtualServerRoute Resources.
Summary of ConfigMap Keys#
Note
For all parameters of type boolean
, the valid value pairs are true
/false
, t
/f
, on
/off
, and 1
/0
. Case does not matter.
General Configuration#
ConfigMap Key |
Description |
Default |
Example |
---|---|---|---|
|
Sets the value for the directives proxy_connect_timeout and grpc_connect_timeout. |
|
|
|
Sets the value for the directives proxy_read_timeout and grpc_read_timeout. |
|
|
|
Sets the value for the directives proxy_send_timeout and grpc_send_timeout. |
|
|
|
Sets the value for the directive client_max_body_size. |
|
|
|
Enables or disables response buffering from the proxied server. |
|
|
|
Sets the value for the directive proxy_buffers. |
Depends on the platform. |
|
|
Sets the value for the directives proxy_buffer_size and grpc_buffer_size. |
Depends on the platform. |
|
|
Sets the value for the directive proxy_max_temp_file_size. |
|
|
|
Sets the value for the directive set_real_ip_from. |
N/A |
|
|
Sets the value for the directive real_ip_header. |
|
|
|
Enables or disables the directive real_ip_recursive. |
|
|
|
Configures the directive
return on the default server, which handles client requests if none of the Ingress or VirtualServer resource backends match. The default value configures Angie to return a 404 error page. You can configure a fixed response or a redirect. For example, the value |
|
|
|
Enables or disables the directive server_tokens. |
|
|
|
Sets the value for the directive worker_processes. |
|
|
|
Sets the value for the directive worker_rlimit_nofile. |
N/A |
|
|
Sets the value for the directive worker_connections. |
|
|
|
Sets the value for the directive worker_cpu_affinity. |
N/A |
|
|
Sets the value for the directive worker_shutdown_timeout. |
N/A |
|
|
Sets the value for the directive server_names_hash_bucket_size. |
|
|
|
Sets the value for the directive server_names_hash_max_size. |
|
|
|
Sets the value for the directive map_hash_bucket_size. |
|
|
|
Sets the value for the directive map_hash_max_size. |
|
|
|
Sets the value for the addresses resolver. |
N/A |
|
|
Enables IPv6 resolution in the resolver. |
|
|
|
Sets the value for resolver_timeout for name resolution. |
|
|
|
Sets the value for the directive keepalive_timeout. |
|
|
|
Sets the value for the directive keepalive_requests. |
|
|
|
Sets the value for the directive variables_hash_bucket_size. |
|
|
|
Sets the value for the directive variables-hash-max-size. |
|
Logging#
ConfigMap Key |
Description |
Default |
Example |
---|---|---|---|
|
Sets the global error log level for Angie. |
|
|
|
Disables the access log. |
|
|
|
Disables the access log for the default server. If the access log is disabled globally ( |
|
|
|
Sets a customizable log format for HTTP and HTTPS traffic. For convenience, you can define the log format over multiple lines (lines are separated by the |
||
|
Sets the escape characters for log format variables. Supported values: |
|
|
|
Sets a customizable log format for TCP, UDP, and TLS stream traffic. For convenience, you can define the log format over multiple lines (lines are separated by the |
||
|
Sets the escape characters for stream log format variables. Supported values: |
|
Manipulating URIs and Request Headers#
ConfigMap Key |
Description |
Default |
Example |
---|---|---|---|
|
Sets the value for one or more directives proxy_hide_header. |
N/A |
|
|
Sets the value for one or more directives proxy_pass_header. |
N/A |
|
Authentication, SSL, TLS#
ConfigMap Key |
Description |
Default |
Example |
---|---|---|---|
|
Sets a 301 redirect rule based on the value of the |
|
|
|
Sets an unconditional 301 redirect rule for all incoming HTTP traffic, requiring that incoming traffic be over HTTPS. |
|
|
|
Enables HTTP Strict Transport Security (HSTS) mode: the HSTS header is added to responses from proxied servers. The |
|
|
|
Sets the value for the |
|
|
|
Adds the |
|
|
|
Enables HSTS based on the value of the Note To manage the redirect from HTTP to HTTPS, configure the annotation |
|
|
|
Sets the value for the directive ssl_protocols. |
|
|
|
Enables or disables the directive ssl_prefer_server_ciphers. |
|
|
|
Sets the value for the directive ssl_ciphers. |
|
|
|
Sets the contents of the |
N/A |
Listeners#
ConfigMap Key |
Description |
Default |
Example |
---|---|---|---|
|
Enables HTTP/2 on servers with SSL enabled. |
|
|
|
Enables the proxy protocol for incoming connections. |
|
Backend Services (Upstreams)#
ConfigMap Key |
Description |
Default |
Example |
---|---|---|---|
|
Sets the load balancing method. To use the round-robin method, specify |
|
|
|
Sets the value for the
max_fails
parameter of the |
|
|
|
Sets the size of the zone of shared memory for upstreams. |
||
|
Sets the value for the
fail_timeout
parameter of the |
|
|
|
Sets the value for the directive
keepalive. Note: if the value is greater than 0, the generated configuration will include |
|
Snippets and Custom Templates#
ConfigMap Key |
Description |
Default |
Example |
---|---|---|---|
|
Sets a custom snippet in the main context. |
N/A |
|
|
Sets a custom snippet in the HTTP context. |
N/A |
|
|
Sets a custom snippet in the location context. |
N/A |
|
|
Sets a custom snippet in the server context. |
N/A |
|
|
Sets a custom snippet in the stream context. |
N/A |
|
|
Sets the main configuration template for Angie. |
By default, the template is read from a file in the container. |
|
|
Sets the configuration template for Angie for the Ingress resource. |
By default, the template is read from a file in the container. |
|
|
Sets the configuration template for Angie for the VirtualServer resource. |
By default, the template is read from a file in the container. |