global # Drop resource limit checks to mitigate https://issues.redhat.com/browse/OCPBUGS-21803 in HAProxy 2.6. no strict-limits maxconn 50000 nbthread 4 daemon ca-base /etc/ssl crt-base /etc/ssl # TODO: Check if we can get reload to be faster by saving server state. # server-state-file /var/lib/haproxy/run/haproxy.state stats socket /var/lib/haproxy/run/haproxy.sock mode 600 level admin expose-fd listeners stats timeout 2m # Increase the default request size to be comparable to modern cloud load balancers (ALB: 64kb), affects # total memory use when large numbers of connections are open. # In OCP 4.8, this value is adjustable via the IngressController API. # Cluster administrators are still encouraged to use the default values provided below. tune.maxrewrite 8192 tune.bufsize 32768 # Configure the TLS versions we support ssl-default-bind-options ssl-min-ver TLSv1.2 # The default cipher suite can be selected from the three sets recommended by https://wiki.mozilla.org/Security/Server_Side_TLS, # or the user can provide one using the ROUTER_CIPHERS environment variable. # By default when a cipher set is not provided, intermediate is used. # user provided list of ciphers (Colon separated list as seen above) # the env default is not used here since we can't get here with empty ROUTER_CIPHERS tune.ssl.default-dh-param 2048 ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 defaults maxconn 50000 # To configure custom default errors, you can either uncomment the # line below (server ... 127.0.0.1:8080) and point it to your custom # backend service or alternatively, you can send a custom 503 or 404 error. # # server openshift_backend 127.0.0.1:8080 errorfile 503 /var/lib/haproxy/conf/error-page-503.http errorfile 404 /var/lib/haproxy/conf/error-page-404.http timeout connect 5s timeout client 30s timeout client-fin 1s timeout server 30s timeout server-fin 1s timeout http-request 10s timeout http-keep-alive 300s # Long timeout for WebSocket connections. timeout tunnel 1h frontend public bind :80 accept-proxy mode http tcp-request inspect-delay 5s tcp-request content accept if HTTP monitor-uri /_______internal_router_healthz # Mitigate CVE-2023-40225 (Proxy forwards malformed empty Content-Length headers) http-request deny if { hdr_len(content-length) 0 } # Strip off Proxy headers to prevent HTTpoxy (https://httpoxy.org/) http-request del-header Proxy # DNS labels are case insensitive (RFC 4343), we need to convert the hostname into lowercase # before matching, or any requests containing uppercase characters will never match. http-request set-header Host %[req.hdr(Host),lower] # check if we need to redirect/force using https. acl secure_redirect base,map_reg_int(/var/lib/haproxy/conf/os_route_http_redirect.map) -m bool redirect scheme https if secure_redirect use_backend %[base,map_reg(/var/lib/haproxy/conf/os_http_be.map)] default_backend openshift_default # public ssl accepts all connections and isn't checking certificates yet certificates to use will be # determined by the next backend in the chain which may be an app backend (passthrough termination) or a backend # that terminates encryption in this router (edge) frontend public_ssl bind :443 accept-proxy tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } # if the connection is SNI and the route is a passthrough don't use the termination backend, just use the tcp backend # for the SNI case, we also need to compare it in case-insensitive mode (by converting it to lowercase) as RFC 4343 says acl sni req.ssl_sni -m found acl sni_passthrough req.ssl_sni,lower,map_reg(/var/lib/haproxy/conf/os_sni_passthrough.map) -m found use_backend %[req.ssl_sni,lower,map_reg(/var/lib/haproxy/conf/os_tcp_be.map)] if sni sni_passthrough # if the route is SNI and NOT passthrough enter the termination flow use_backend be_sni if sni # non SNI requests should enter a default termination backend rather than the custom cert SNI backend since it # will not be able to match a cert to an SNI host default_backend be_no_sni ########################################################################## # TLS SNI # # When using SNI we can terminate encryption with custom certificates. # Certs will be stored in a directory and will be matched with the SNI host header # which must exist in the CN of the certificate. Certificates must be concatenated # as a single file (handled by the plugin writer) per the haproxy documentation. # # Finally, check re-encryption settings and re-encrypt or just pass along the unencrypted # traffic ########################################################################## backend be_sni server fe_sni unix@/var/lib/haproxy/run/haproxy-sni.sock weight 1 send-proxy frontend fe_sni # terminate ssl on edge bind unix@/var/lib/haproxy/run/haproxy-sni.sock ssl crt /var/lib/haproxy/router/certs/default.pem crt-list /var/lib/haproxy/conf/cert_config.map accept-proxy no-alpn mode http # Mitigate CVE-2023-40225 (Proxy forwards malformed empty Content-Length headers) http-request deny if { hdr_len(content-length) 0 } # Strip off Proxy headers to prevent HTTpoxy (https://httpoxy.org/) http-request del-header Proxy # DNS labels are case insensitive (RFC 4343), we need to convert the hostname into lowercase # before matching, or any requests containing uppercase characters will never match. http-request set-header Host %[req.hdr(Host),lower] # map to backend # Search from most specific to general path (host case). # Note: If no match, haproxy uses the default_backend, no other # use_backend directives below this will be processed. use_backend %[base,map_reg(/var/lib/haproxy/conf/os_edge_reencrypt_be.map)] default_backend openshift_default ########################################################################## # END TLS SNI ########################################################################## ########################################################################## # TLS NO SNI # # When we don't have SNI the only thing we can try to do is terminate the encryption # using our wild card certificate. Once that is complete we can either re-encrypt # the traffic or pass it on to the backends ########################################################################## # backend for when sni does not exist, or ssl term needs to happen on the edge backend be_no_sni server fe_no_sni unix@/var/lib/haproxy/run/haproxy-no-sni.sock weight 1 send-proxy frontend fe_no_sni # terminate ssl on edge bind unix@/var/lib/haproxy/run/haproxy-no-sni.sock ssl crt /var/lib/haproxy/router/certs/default.pem accept-proxy no-alpn mode http # Mitigate CVE-2023-40225 (Proxy forwards malformed empty Content-Length headers) http-request deny if { hdr_len(content-length) 0 } # Strip off Proxy headers to prevent HTTpoxy (https://httpoxy.org/) http-request del-header Proxy # DNS labels are case insensitive (RFC 4343), we need to convert the hostname into lowercase # before matching, or any requests containing uppercase characters will never match. http-request set-header Host %[req.hdr(Host),lower] # map to backend # Search from most specific to general path (host case). # Note: If no match, haproxy uses the default_backend, no other # use_backend directives below this will be processed. use_backend %[base,map_reg(/var/lib/haproxy/conf/os_edge_reencrypt_be.map)] default_backend openshift_default ########################################################################## # END TLS NO SNI ########################################################################## backend openshift_default mode http option forwardfor #option http-keep-alive option http-pretend-keepalive ##-------------- app level backends ---------------- # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-lightgbm mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie d20e4c263054b1144dbbbada3466a3ac insert indirect nocache httponly secure attr SameSite=None server pod:isvc-lightgbm-predictor-78c8d484d6-hrnjg:isvc-lightgbm-predictor:isvc-lightgbm-predictor:10.134.0.34:8080 10.134.0.34:8080 cookie 365548c4ea5903d529767e774f07cbc4 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-lightgbm-runtime mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 2da2448748c436ed3dc8cb93c69833e3 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-lightgbm-runtime-predictor-64984c7cb-jwfk4:isvc-lightgbm-runtime-predictor:isvc-lightgbm-runtime-predictor:10.134.0.35:8080 10.134.0.35:8080 cookie cefa19591fa9b8852f3068f259a6ee11 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-lightgbm-v2-kserve mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 1711f8ed3dca8aac9a34be826868889b insert indirect nocache httponly secure attr SameSite=None server pod:isvc-lightgbm-v2-kserve-predictor-68fc4f5b49-q4wtp:isvc-lightgbm-v2-kserve-predictor:isvc-lightgbm-v2-kserve-predictor:10.134.0.37:8080 10.134.0.37:8080 cookie 5c10a5b1dafdcea3bbcd16efc21a8f20 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-lightgbm-v2-runtime mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 3f87deb237f5e9be85904eac7ce4025e insert indirect nocache httponly secure attr SameSite=None server pod:isvc-lightgbm-v2-runtime-predictor-8d44c64dc-d5l4v:isvc-lightgbm-v2-runtime-predictor:isvc-lightgbm-v2-runtime-predictor:10.134.0.36:8080 10.134.0.36:8080 cookie ed4673102af30ec0763f789ab631e0d9 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-logger mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 5d639e039e7ccf23fb43282e6c1a1e0e insert indirect nocache httponly secure attr SameSite=None server pod:isvc-logger-predictor-7fc456f8b8-qzxjk:isvc-logger-predictor:isvc-logger-predictor:10.132.0.29:9081 10.132.0.29:9081 cookie 8b72cb3a8d14c55f4bfdd071a4163898 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-mlflow-v2-runtime mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 901c052abbd25ac11052cf87dd7f6dea insert indirect nocache httponly secure attr SameSite=None server pod:isvc-mlflow-v2-runtime-predictor-5497fc5f68-m4c55:isvc-mlflow-v2-runtime-predictor:isvc-mlflow-v2-runtime-predictor:10.134.0.38:8080 10.134.0.38:8080 cookie 4063ff91613fc0e6d0df34ea00740234 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-paddle mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 835ea38b5381f490b916a08ba631bc52 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-paddle-predictor-7dddcb4bd4-z562j:isvc-paddle-predictor:isvc-paddle-predictor:10.132.0.31:8080 10.132.0.31:8080 cookie 2b4923de032afcb9442ed08e3db10d9e weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-paddle-runtime mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 8b91553bb7eafaed6499c2c001e3ba67 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-paddle-runtime-predictor-86b49c4466-65rhw:isvc-paddle-runtime-predictor:isvc-paddle-runtime-predictor:10.132.0.32:8080 10.132.0.32:8080 cookie 72df28a205091b9b914891b4fb664069 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-paddle-v2-kserve mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 7a6182527d4e0dce423b549aba264d0a insert indirect nocache httponly secure attr SameSite=None server pod:isvc-paddle-v2-kserve-predictor-7c6bd76f7b-fp452:isvc-paddle-v2-kserve-predictor:isvc-paddle-v2-kserve-predictor:10.132.0.33:8080 10.132.0.33:8080 cookie 3e5af7c0bb916fcf3c8d5eaae8461514 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-pmml mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie cf0df47062ec0b053a80a1e4c12f8313 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-pmml-predictor-5584ffd8c9-zvfhk:isvc-pmml-predictor:isvc-pmml-predictor:10.134.0.39:8080 10.134.0.39:8080 cookie 97643011bc0f59a6895fa945c409c0a8 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-pmml-runtime mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 75fda9c67f97f32452f399ccf7ab8368 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-pmml-runtime-predictor-7576f6b69f-7dqpk:isvc-pmml-runtime-predictor:isvc-pmml-runtime-predictor:10.134.0.40:8080 10.134.0.40:8080 cookie ad215a8ebc6747fa0d8ea28c3003cd79 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-pmml-v2-kserve mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 1aafe7c5008db3f2557539f2c47d2a9c insert indirect nocache httponly secure attr SameSite=None server pod:isvc-pmml-v2-kserve-predictor-75b87ff64c-p9vtl:isvc-pmml-v2-kserve-predictor:isvc-pmml-v2-kserve-predictor:10.132.0.34:8080 10.132.0.34:8080 cookie 3401a0b7a8c49002a41eec5af38977aa weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-predictive-lightgbm mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 0148bd2885a4ca3da7ad0e2fa1c53b8d insert indirect nocache httponly secure attr SameSite=None server pod:isvc-predictive-lightgbm-predictor-669896799c-54xhl:isvc-predictive-lightgbm-predictor:isvc-predictive-lightgbm-predictor:10.134.0.42:8080 10.134.0.42:8080 cookie 0283113beca1560960c50bf3327648ef weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-predictive-lightgbm-v2 mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 34b311c0ed58105d111ff5c045ee3962 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-predictive-lightgbm-v2-predictor-65df45cf79-g4bjp:isvc-predictive-lightgbm-v2-predictor:isvc-predictive-lightgbm-v2-predictor:10.133.0.20:8080 10.133.0.20:8080 cookie 4ef82b10b59c792d0620639f947e84ba weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-predictive-sklearn mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 3cc381d846536e957895a163dd21ab47 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-predictive-sklearn-predictor-85bccb8945-5ppfc:isvc-predictive-sklearn-predictor:isvc-predictive-sklearn-predictor:10.134.0.41:8080 10.134.0.41:8080 cookie 86a094876423b6290fc476ace6bbe52d weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-predictive-sklearn-v2 mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 468a621ab879d69b25373f3303978f56 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-predictive-sklearn-v2-predictor-6fd9c49f4f-fm9rb:isvc-predictive-sklearn-v2-predictor:isvc-predictive-sklearn-v2-predictor:10.132.0.39:8080 10.132.0.39:8080 cookie 3ca0248916fb8f0d86b750548bbe0ffd weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-predictive-xgboost mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 9cbda39cb99cec6d539685f708d24a29 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-predictive-xgboost-predictor-794b54b9b4-xw6q7:isvc-predictive-xgboost-predictor:isvc-predictive-xgboost-predictor:10.132.0.38:8080 10.132.0.38:8080 cookie eb97cb1129af67bb17a8df4dac99c6d9 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-predictive-xgboost-v2 mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 9e8e24e3e87fcb2ab54607f41fffcad5 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-predictive-xgboost-v2-predictor-67fd65d6cb-k984b:isvc-predictive-xgboost-v2-predictor:isvc-predictive-xgboost-v2-predictor:10.133.0.19:8080 10.133.0.19:8080 cookie 26bc803f8be4909c77c25a060b21a747 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-sklearn mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 3bc272ebb27d41283e5515cfcb8b5b06 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-sklearn-predictor-66fb7c44cc-gzszm:isvc-sklearn-predictor:isvc-sklearn-predictor:10.132.0.40:8080 10.132.0.40:8080 cookie 03df0d59d99757d223f288f6b325433b weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-sklearn-batcher mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 36e01a36a41c592298007951f142bfdd insert indirect nocache httponly secure attr SameSite=None server pod:isvc-sklearn-batcher-predictor-6d5844b6c5-2pp6r:isvc-sklearn-batcher-predictor:isvc-sklearn-batcher-predictor:10.132.0.27:9081 10.132.0.27:9081 cookie 08b9d210ffbb6afd7203846bdceb2a08 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-sklearn-batcher-custom mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 54cb073ca38d8bb85d40d468afeeb6af insert indirect nocache httponly secure attr SameSite=None server pod:isvc-sklearn-batcher-custom-predictor-848df975bd-s4p84:isvc-sklearn-batcher-custom-predictor:http:10.132.0.28:9081 10.132.0.28:9081 cookie 93b90430145e9f978db6dfcd0e181125 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-sklearn-runtime mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie f466ff6625fc3d58b2644f88c4d88c4c insert indirect nocache httponly secure attr SameSite=None server pod:isvc-sklearn-runtime-predictor-cf744c55f-54m8x:isvc-sklearn-runtime-predictor:isvc-sklearn-runtime-predictor:10.132.0.41:8080 10.132.0.41:8080 cookie c11f5757b94573f38b47fe586c08a755 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-sklearn-s3 mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie af365ceb44e2d27da83719f61385b091 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-sklearn-s3-predictor-669df85bbb-v2gs7:isvc-sklearn-s3-predictor:isvc-sklearn-s3-predictor:10.133.0.29:8080 10.133.0.29:8080 cookie ebfec9a60b0c59c250b47bd6a8340266 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-sklearn-v2 mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie c84adc3caf06d67589ece908f49d7865 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-sklearn-v2-predictor-58bbfc4c57-mfbvj:isvc-sklearn-v2-predictor:isvc-sklearn-v2-predictor:10.133.0.21:8080 10.133.0.21:8080 cookie 767de49bfe313ffe822e5c3934c153f3 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-sklearn-v2-mixed mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie e0a49579ab0adb51af4c0e3ffea94008 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-sklearn-v2-mixed-predictor-7969454ff4-s8d8j:isvc-sklearn-v2-mixed-predictor:isvc-sklearn-v2-mixed-predictor:10.133.0.22:8080 10.133.0.22:8080 cookie 9ce0e94fa0f5bd92e26533f098ffa56e weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-sklearn-v2-runtime mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 96062abe2d6144c94b423e69c98c9195 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-sklearn-v2-runtime-predictor-7dd9b85c64-4qjt2:isvc-sklearn-v2-runtime-predictor:isvc-sklearn-v2-runtime-predictor:10.134.0.44:8080 10.134.0.44:8080 cookie 469351d2bc3fe3f454e2682ed459e73c weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-tensorflow mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie f379c9890d451285e4ef15a5b1527400 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-tensorflow-predictor-88f6f6cb7-9v5tr:isvc-tensorflow-predictor:isvc-tensorflow-predictor:10.133.0.23:8080 10.133.0.23:8080 cookie 2732fd933b98d2565136c7e363cd2094 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-tensorflow-runtime mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 926ffcae04c637e460fc96e4a464a0b1 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-tensorflow-runtime-predictor-854bdff69c-25n58:isvc-tensorflow-runtime-predictor:isvc-tensorflow-runtime-predictor:10.133.0.24:8080 10.133.0.24:8080 cookie 386fef7981942e1024e34bee3a2855b3 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-triton mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 9e1b5b38d95e0980b5164fb3852c0e81 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-triton-predictor-85f9f46646-qbbq6:isvc-triton-predictor:isvc-triton-predictor:10.133.0.25:8080 10.133.0.25:8080 cookie 32cd55256e1cc9e24ca16a4ae5e9be2e weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-xgboost mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 16b73c95dbb835f222339c22b7322c9b insert indirect nocache httponly secure attr SameSite=None server pod:isvc-xgboost-predictor-6dbc9d6d47-wzbfb:isvc-xgboost-predictor:isvc-xgboost-predictor:10.133.0.26:8080 10.133.0.26:8080 cookie 4ff528fe5b3b5983b3b0cddb9265c703 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-xgboost-runtime mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 04d0485a8120cfe83261d454d4944f1f insert indirect nocache httponly secure attr SameSite=None server pod:isvc-xgboost-runtime-predictor-687c7765c9-mw2j2:isvc-xgboost-runtime-predictor:isvc-xgboost-runtime-predictor:10.133.0.27:8080 10.133.0.27:8080 cookie a2fd1f972abd0e58a52405c00e96d9dd weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-xgboost-v2 mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie f511a5eedbe77e2d93a28657fded12bd insert indirect nocache httponly secure attr SameSite=None server pod:isvc-xgboost-v2-predictor-5db5686f9f-55j7w:isvc-xgboost-v2-predictor:isvc-xgboost-v2-predictor:10.133.0.28:8080 10.133.0.28:8080 cookie 3778523be1451e613c64ede2da8ea32f weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-xgboost-v2-mlserver mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 8556725e8ffd22fc9a68a85ffc23efcc insert indirect nocache httponly secure attr SameSite=None server pod:isvc-xgboost-v2-mlserver-predictor-58b7db6668-h8q77:isvc-xgboost-v2-mlserver-predictor:isvc-xgboost-v2-mlserver-predictor:10.134.0.45:8080 10.134.0.45:8080 cookie 27653e4b70ba56bd9b3fa96cbbd1046c weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:isvc-xgboost-v2-runtime mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie ad35b3c1cb0c7f12032f1580415b71d6 insert indirect nocache httponly secure attr SameSite=None server pod:isvc-xgboost-v2-runtime-predictor-b5d6966c7-87qdg:isvc-xgboost-v2-runtime-predictor:isvc-xgboost-v2-runtime-predictor:10.134.0.47:8080 10.134.0.47:8080 cookie 996e67d46e6a5340cac5f1e7ce125d09 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:message-dumper mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 0495263ee65d1ca8beaaa3f8b0c90911 insert indirect nocache httponly secure attr SameSite=None server pod:message-dumper-predictor-7f66cccfb6-wc8z9:message-dumper-predictor:message-dumper-predictor:10.133.0.18:8080 10.133.0.18:8080 cookie 247fb74c848688828399a3f1302d20e0 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:sklearn-v2-mlserver mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 096297da071243ca6ffd30ab1980cfc6 insert indirect nocache httponly secure attr SameSite=None server pod:sklearn-v2-mlserver-predictor-695d5f5568-fvc2w:sklearn-v2-mlserver-predictor:sklearn-v2-mlserver-predictor:10.134.0.43:8080 10.134.0.43:8080 cookie ab220d1cdce2cf44a6f70341c90544fd weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:kserve-ci-e2e-test:xgboost-v2-mlserver mode http option redispatch option forwardfor balance random timeout server 30s timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie a8e248f850496ec7c8512acc240914cb insert indirect nocache httponly secure attr SameSite=None server pod:xgboost-v2-mlserver-predictor-c58d48f-f64lm:xgboost-v2-mlserver-predictor:xgboost-v2-mlserver-predictor:10.134.0.46:8080 10.134.0.46:8080 cookie fe286058a111ab38ba4e5dc9f129d687 weight 1 # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_secure:openshift-console:console mode http option redispatch option forwardfor balance random timeout server 5m timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 1e2670d92730b515ce3a1bb65da45062 insert indirect nocache httponly secure attr SameSite=None server pod:console-66488bc844-rqprq:console:https:10.134.0.33:8443 10.134.0.33:8443 cookie 352eaca25e39891dc256c4982cd4b89f weight 1 ssl verifyhost console.openshift-console.svc verify required ca-file /var/run/configmaps/service-ca/service-ca.crt # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_edge_http:openshift-console:downloads mode http option redispatch option forwardfor balance random timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie a663438294fbd72a8e16964e97c8ecde insert indirect nocache httponly secure attr SameSite=None server pod:downloads-586b57c7b4-4pm8j:downloads:http:10.134.0.14:8080 10.134.0.14:8080 cookie a3aa0d23418635430702d937afd32709 weight 1 # Secure backend, pass through backend be_tcp:openshift-ingress-canary:canary balance roundrobin hash-type consistent timeout check 5000ms server pod:ingress-canary-xfnx6:ingress-canary:8443-tcp:10.132.0.7:8443 10.132.0.7:8443 weight 1 check inter 5000ms server pod:ingress-canary-lwxz6:ingress-canary:8443-tcp:10.133.0.10:8443 10.133.0.10:8443 weight 1 check inter 5000ms server pod:ingress-canary-8kc47:ingress-canary:8443-tcp:10.134.0.6:8443 10.134.0.6:8443 weight 1 check inter 5000ms # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_secure:openshift-monitoring:alertmanager-main mode http option redispatch option forwardfor balance random timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 4e2f052a85d89824d1855ef94e095b2b insert indirect nocache httponly secure attr SameSite=None server pod:alertmanager-main-0:alertmanager-main:web:10.132.0.19:9095 10.132.0.19:9095 cookie 70d1a037bd2fec0a8800b47dc82f38eb weight 1 ssl verifyhost alertmanager-main.openshift-monitoring.svc verify required ca-file /var/run/configmaps/service-ca/service-ca.crt # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_secure:openshift-monitoring:prometheus-k8s mode http option redispatch option forwardfor balance random timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 97f6663f1252f61343f526ad937cfc1a insert indirect nocache httponly secure attr SameSite=None server pod:prometheus-k8s-0:prometheus-k8s:web:10.132.0.22:9091 10.132.0.22:9091 cookie 9158118cc826ba7b4f40ee8c29b4ea72 weight 1 ssl verifyhost prometheus-k8s.openshift-monitoring.svc verify required ca-file /var/run/configmaps/service-ca/service-ca.crt # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_secure:openshift-monitoring:prometheus-k8s-federate mode http option redispatch option forwardfor balance random timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 55cbf826fb5b0c929ec0c03819d877e5 insert indirect nocache httponly secure attr SameSite=None server pod:prometheus-k8s-0:prometheus-k8s:web:10.132.0.22:9091 10.132.0.22:9091 cookie 9158118cc826ba7b4f40ee8c29b4ea72 weight 1 ssl verifyhost prometheus-k8s.openshift-monitoring.svc verify required ca-file /var/run/configmaps/service-ca/service-ca.crt # Plain http backend or backend with TLS terminated at the edge or a # secure backend with re-encryption. backend be_secure:openshift-monitoring:thanos-querier mode http option redispatch option forwardfor balance random timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie ee4d5f50aeaffc63a5a5fc30a3072a27 insert indirect nocache httponly secure attr SameSite=None server pod:thanos-querier-78df5754bd-ngrn7:thanos-querier:web:10.132.0.20:9091 10.132.0.20:9091 cookie 50ad760264e4ab6c4241e6adb4c68c8a weight 1 ssl verifyhost thanos-querier.openshift-monitoring.svc verify required ca-file /var/run/configmaps/service-ca/service-ca.crt