LiteSpeed Ingress Controller Arguments¶
The LiteSpeed Ingress Controller arguments are specified in Helm with the extraArgs list or if you are creating or modifying your own .yaml files in spec/template/spec/containers/args. In YAML files, an initial leading dash is required for repeating parameters and the second double leading dash is required for all controller arguments. When using Helm extraArgs do not use leading dashes, and do use commas to separate parameters.
You can see the currently active parameters by running (for a given POD_NAME) by examining the value of Containers.Args to /ls-k8s-up.sh.
$ kubectl describe pod POD_NAME
The default Helm parameters (with https enabled) would display:
Args:
/ls-k8s-up.sh
--v=2
--allow-internal-ip=true
--healthz-port=11972
--lslb-debug=false
--lslb-enable-ocsp-stapling=false
--lslb-http-port=80
--lslb-https-port=443
Most times these parameters are rarely changed except when requested by LiteSpeed Technical Support.
These parameters are changed within Helm using the --set extraArgs parameter. For example, if you wished to change the default-tls-secret to one created by a cert-manager with the namespace sandbox and the secret name root-secret you would specify in the helm install:
helm install ls-k8s-webadc ls-k8s-webadc/ls-k8s-webadc -n NAMESPACE --set extraArgs="{default-tls-secret=sandbox/root-secret}"
| Name | Description | Value |
|---|---|---|
--allow-internal-ip | Allows the use address of type NodeInternalIP when fetching the external IP address. This is the workaround for the cluster configuration where NodeExternalIP or NodeLegacyHostIP is not assigned or cannot be used. | false |
--config-service-port | The port to expose for configuration if you wish to enable it. Set to 0 to not expose the configuration; when non-zero should be set to 7090 in most cases. | 0 |
--config-service-target-port | The port to be used internally for configuration within the pod. | 7090 |
--default-tls-secret | Name of the Secret that contains TLS server certificate and secret key to enable TLS by default. For those client connections which are not TLS encrypted, they are redirected to https URI permanently. | NAMESPACE/ls-k8s-webadc.com |
--deferred-shutdown-period | How long the controller waits before actually starting shutting down when it receives shutdown signal. Specified as a Kubernetes duration. | 0 (immediate) |
--endpoint-slices | Get endpoints from EndpointSlice resource instead of Endpoints resource. | false |
--gateway-class | GatewayClass which this controller is responsible for. | lslbd |
--healthz-port | Port for healthz endpoint. Can be any open port. | 11972 |
--ingress-class | The IngressClass this controller is responsible for. | lslbd |
--ingress-class-controller | The name of IngressClass controller for this controller. This is the value specified in IngressClass.spec.controller. | litespeedtech.com/lslbd |
--lslb-cache-store-path | Specifies the directory in the container to hold cached images. This directory must be mounted and pre-created. | Default location |
--lslb-config-map-prefix | Specify namespace/name of the prefix to be used to store modified configuration files as ConfigMaps from the load balancer's configuration directories. | lslb using the pod's namespace |
--lslb-debug | Set to true if you want LSLB tracing enabled on startup. | false |
--lslb-dir | The directory in the Docker image where the LiteSpeed Web ADC is installed, the default of /usr/local/lslb is the default ADC directory. | /usr/local/lslb |
--lslb-enable-ocsp-stapling | Enable OCSP stapling on ADC server. | false |
--lslb-http-port | Port to listen to for HTTP (non-TLS) requests. Specifying 0 disables HTTP port. | 80 |
--lslb-https-port | Port to listen to for HTTPS (TLS) requests. Specifying 0 disables HTTPS port. | 443 |
--lslb-license-secret | The required secret to be used to identify the LS WebADC license file(s). | NAMESPACE/ls-k8s-webadc |
--lslb-max-conn | Sent in the ZCUP command, lets you manually set it. Set for all servers if set here. | 1000 |
--lslb-priority | Sent in the ZCUP command, only useful when the strategy is Fail-over, min value 0, default 100, max value 255. Set for all servers if set here. | 100 |
--lslb-replace-conf | Lets you modify any parameters in the default lslbd_config.xml file. Specify each parameter, in parens, (title=value). For example (useIpInProxyHeader=1)(showVersionNumber=1). | none |
--lslb-wait-timeout | Number of seconds to wait for lslb to start listening for ZeroConf events. | 10 |
--lslb-zeroconf-password | The password to be used to access zero conf. The default is zero and changing it is documented in ZeroConf. | zero |
--lslb-zeroconf-port | The port to be used to access zero conf in LiteSpeed Web ADC. | 7099 |
--lslb-zeroconf-user | The user to be used to access zero conf. Changing it is documented in ZeroConf. | zero |
--profiling | Enable profiling at the health port. It exposes /debug/pprof/ endpoint. | true |
--publish-service | Specify namespace/name of Service whose hostnames/IP addresses are set in Ingress resource instead of addresses of Ingress controller Pods. Takes the form namespace/name. | NAMESPACE/ls-k8s-webadc |
--reload-burst | Reload burst that can exceed reload-rate. | 1 |
--reload-rate | Rate (QPS) of reloading LiteSpeed WebADC configuration to deal with frequent backend updates in a single batch. | 1.0 |
--run-before-lb | A single line set of UNIX commands which are run before the load balancer is started. Can be used to apply floating IPs or similar commands. | none |
--v | Sets info logging. --v=4 is the most verbose. | 2 |
--update-status | Update the load-balancer status of Ingress objects this controller satisfies. Requires publish-service to be specified. | true |
--watch-namespace | The namespace to watch for Ingress events. | All namespaces |
Load Balancing Controller Arguments¶
There are additional LiteSpeed Kubernetes Ingress Controller arguments which are specific to modifying the operation of the load balancer specifically. Most noteworthy are the --lslb-affinity and --lslb-strategy arguments but all of the following are important in modifying the load balancing of the controller. Note that they are specifically designed to give you the features available in the Load Balancer configuration, Clusters tab.
| Name | Description | Value |
|---|---|---|
--lslb-affinity | Set to false for no affinity (stateless) or true for affinity (stateful). | true |
--lslb-insert-cookie | If specified, this is the name of a cookie to be inserted in the stream. | Do not insert cookie |
--lslb-config-map-prefix | Configuration files are stored as configMaps with the default prefix: lslb. The format for this value is namespace/prefix. Any watched files get saved with configMaps with the specified prefix and each directory from the $SERVER_ROOT. | lslb |
--lslb-ex-bitmap | A bit map of all of the fields that can be used in identifying a session. As a bitmap, add up all of the values you select. 1: IP address, 2: Basic authentication, 4: Query string, 8: Cookies, 16: SSL session, 32: JVM route, 64: URL path parameter. | 127 (all) |
--lslb-forward-by-header | An additional header to be added to all proxy requests made to the backend server. Typically X-Forwarded-By. | none |
--lslb-forward-ip-header | An additional header to be added to all proxy requests made to the backend server. This header will use either the visiting IP or the value set in the X-Forwarded-For header as its value, depending on the value set for Use Client IP in Header. | none |
--lslb-ping-interval | Number of seconds between pings. Defaults to 10. 0 disables pings. | 10 |
--lslb-ping-path | The ping path to use if pinging. | / |
--lslb-ping-smart-factor | How much to multiply ping-interval by between idle pings. 0 disables (default), 1 uses ping interval, 2 doubles ping interval, etc. A non-zero value detects traffic and suppresses pings if already busy. | 0 |
--lslb-session-id | The session ID string used to extract the session ID from the cookie, query string and URL path parameter. | JSESSIONID |
--lslb-sess-timeout | The number of seconds before a session is timed out. | 600 |
--lslb-show-backend | If turned on, there will be a response header added with the x-lsadc-backend title and a value which is a concatenation of the cluster name and the backend IP and port. | false |
--lslb-strategy | A number representing the load balancing strategy: 0 = Least-load, 1 = Round-robin, 2 = Least-session, 3 = Faster-response, 4 = Failover | 0 (least-load) |
Metrics Specific Arguments¶
The following are additional LiteSpeed Ingress Controller Arguments used specifically to generate and use Prometheus-specific metrics using the built-in exporter.
| Name | Description | Value |
|---|---|---|
--enable-metrics | Whether the built-in Prometheus exporter is activated. Enable by setting to true. | false |
--install-prometheus | Whether Prometheus should be installed on this pod. Enable by setting to true. | false |
--metrics-evaluation-interval | How often Prometheus should evaluate the data (in time format). | 1m |
--metrics-scrape-interval | Specify how often Prometheus should scrape the .rtreport file (in time format). | 1m |
--metrics-service-port | The port to be used to access metrics, if enabled. 0 does not expose it outside the pod. | 0 |
--metrics-service-target-port | The port to be used to access metrics, within the pod, if enabled. This is the reserved port and is rarely changed. | 9936 |
--prometheus-port | The port that will be exported to use Prometheus, if installed. | 9090 |
--prometheus-remote-password | The prometheus remote_write password. Often your Grafana Prometheus Metrics API Key. | none |
--prometheus-remote-url | The prometheus remote_write url. Often your Grafana Prometheus Metrics service. | none |
--prometheus-remote-user | The prometheus remote_write username. Often your Grafana Prometheus Metrics username (a number). | none |
--prometheus-target-port | The port that will be used within the pod for Prometheus, if installed. | 9091 |
Last update: October 19, 2023