Skip to content

LiteSpeed Ingress Controller Arguments

The LiteSpeed Ingress Controller arguments are specified in Helm with the extraArgs list or if you are creating or modifying your own .yaml files in spec/template/spec/containers/args. In YAML files, an initial leading dash is required for repeating parameters and the second double leading dash is required for all controller arguments. When using Helm extraArgs do not use leading dashes, and do use commas to separate parameters.

You can see the currently active parameters by running (for a given POD_NAME) by examining the value of Containers.Args to /ls-k8s-up.sh.

$ kubectl describe pod POD_NAME

The default Helm parameters (with https enabled) would display:

    Args:
      /ls-k8s-up.sh
      --v=2
      --allow-internal-ip=true
      --healthz-port=11972
      --lslb-debug=false
      --lslb-enable-ocsp-stapling=false
      --lslb-http-port=80
      --lslb-https-port=443

Most times these parameters are rarely changed except when requested by LiteSpeed Technical Support.

These parameters are changed within Helm using the --set extraArgs parameter. For example, if you wished to change the default-tls-secret to one created by a cert-manager with the namespace sandbox and the secret name root-secret you would specify in the helm install:

helm install ls-k8s-webadc ls-k8s-webadc/ls-k8s-webadc -n NAMESPACE --set extraArgs="{default-tls-secret=sandbox/root-secret}"
Name Description Value
--allow-internal-ip Allows the use address of type NodeInternalIP when fetching the external IP address. This is the workaround for the cluster configuration where NodeExternalIP or NodeLegacyHostIP is not assigned or cannot be used. false
--config-service-port The port to expose for configuration if you wish to enable it. Set to 0 to not expose the configuration; when non-zero should be set to 7090 in most cases. 0
--config-service-target-port The port to be used internally for configuration within the pod. 7090
--default-tls-secret Name of the Secret that contains TLS server certificate and secret key to enable TLS by default. For those client connections which are not TLS encrypted, they are redirected to https URI permanently. NAMESPACE/ls-k8s-webadc.com
--deferred-shutdown-period How long the controller waits before actually starting shutting down when it receives shutdown signal. Specified as a Kubernetes duration. 0 (immediate)
--endpoint-slices Get endpoints from EndpointSlice resource instead of Endpoints resource. false
--healthz-port Port for healthz endpoint. Can be any open port. 11972
--ingress-class-controller The name of IngressClass controller for this controller. This is the value specified in IngressClass.spec.controller. litespeedtech.com/lslbd
--lslb-cache-store-path Specifies the directory in the container to hold cached images. This directory must be mounted and pre-created. Default location
--lslb-config-map-prefix Specify namespace/name of the prefix to be used to store modified configuration files as ConfigMaps from the load balancer's configuration directories. lslb using the pod's namespace
--lslb-debug Set to true if you want LSLB tracing enabled on startup. false
--lslb-dir The directory in the Docker image where the LiteSpeed Web ADC is installed, the default of /usr/local/lslb is the default ADC directory. /usr/local/lslb
--lslb-enable-ocsp-stapling Enable OCSP stapling on ADC server. false
--lslb-http-port Port to listen to for HTTP (non-TLS) requests. Specifying 0 disables HTTP port. 80
--lslb-https-port Port to listen to for HTTPS (TLS) requests. Specifying 0 disables HTTPS port. 443
--lslb-license-secret The required secret to be used to identify the LS WebADC license file(s). NAMESPACE/ls-k8s-webadc
--lslb-max-conn Sent in the ZCUP command, lets you manually set it. Set for all servers if set here. 1000
--lslb-priority Sent in the ZCUP command, only useful when the strategy is Fail-over, min value 0, default 100, max value 255. Set for all servers if set here. 100
--lslb-replace-conf Lets you modify any parameters in the default lslbd_config.xml file. Specify each parameter, in parens, (title=value). For example (useIpInProxyHeader=1)(showVersionNumber=1). none
--lslb-wait-timeout Number of seconds to wait for lslb to start listening for ZeroConf events. 10
--lslb-zeroconf-password The password to be used to access zero conf. The default is zero and changing it is documented in ZeroConf. zero
--lslb-zeroconf-port The port to be used to access zero conf in LiteSpeed Web ADC. 7099
--lslb-zeroconf-user The user to be used to access zero conf. Changing it is documented in ZeroConf. zero
--profiling Enable profiling at the health port. It exposes /debug/pprof/ endpoint. true
--publish-service Specify namespace/name of Service whose hostnames/IP addresses are set in Ingress resource instead of addresses of Ingress controller Pods. Takes the form namespace/name. NAMESPACE/ls-k8s-webadc
--reload-burst Reload burst that can exceed reload-rate. 1
--reload-rate Rate (QPS) of reloading LiteSpeed WebADC configuration to deal with frequent backend updates in a single batch. 1.0
--run-before-lb A single line set of UNIX commands which are run before the load balancer is started. Can be used to apply floating IPs or similar commands. none
--v Sets info logging. --v=4 is the most verbose. 2
--update-status Update the load-balancer status of Ingress objects this controller satisfies. Requires publish-service to be specified. true
--watch-namespace The namespace to watch for Ingress events. All namespaces

Load Balancing Controller Arguments

There are additional LiteSpeed Kubernetes Ingress Controller arguments which are specific to modifying the operation of the load balancer specifically. Most noteworthy are the --lslb-affinity and --lslb-strategy arguments but all of the following are important in modifying the load balancing of the controller. Note that they are specifically designed to give you the features available in the Load Balancer configuration, Clusters tab.

Name Description Value
--lslb-affinity Set to false for no affinity (stateless) or true for affinity (stateful). true
--lslb-insert-cookie If specified, this is the name of a cookie to be inserted in the stream. Do not insert cookie
--lslb-config-map-prefix Configuration files are stored as configMaps with the default prefix: lslb. The format for this value is namespace/prefix. Any watched files get saved with configMaps with the specified prefix and each directory from the $SERVER_ROOT. lslb
--lslb-ex-bitmap A bit map of all of the fields that can be used in identifying a session. As a bitmap, add up all of the values you select. 1: IP address, 2: Basic authentication, 4: Query string, 8: Cookies, 16: SSL session, 32: JVM route, 64: URL path parameter. 127 (all)
--lslb-forward-by-header An additional header to be added to all proxy requests made to the backend server. Typically X-Forwarded-By. none
--lslb-forward-ip-header An additional header to be added to all proxy requests made to the backend server. This header will use either the visiting IP or the value set in the X-Forwarded-For header as its value, depending on the value set for Use Client IP in Header. none
--lslb-ping-interval Number of seconds between pings. Defaults to 10. 0 disables pings. 10
--lslb-ping-path The ping path to use if pinging. /
--lslb-ping-smart-factor How much to multiply ping-interval by between idle pings. 0 disables (default), 1 uses ping interval, 2 doubles ping interval, etc. A non-zero value detects traffic and suppresses pings if already busy. 0
--lslb-session-id The session ID string used to extract the session ID from the cookie, query string and URL path parameter. JSESSIONID
--lslb-sess-timeout The number of seconds before a session is timed out. 600
--lslb-show-backend If turned on, there will be a response header added with the x-lsadc-backend title and a value which is a concatenation of the cluster name and the backend IP and port. false
--lslb-strategy A number representing the load balancing strategy: 0 = Least-load, 1 = Round-robin, 2 = Least-session, 3 = Faster-response, 4 = Failover 0 (least-load)

Metrics Specific Arguments

The following are additional LiteSpeed Ingress Controller Arguments used specifically to generate and use Prometheus-specific metrics using the built-in exporter.

Name Description Value
--enable-metrics Whether the built-in Prometheus exporter is activated. Enable by setting to true. false
--install-prometheus Whether Prometheus should be installed on this pod. Enable by setting to true. false
--metrics-evaluation-interval How often Prometheus should evaluate the data (in time format). 1m
--metrics-scrape-interval Specify how often Prometheus should scrape the .rtreport file (in time format). 1m
--metrics-service-port The port to be used to access metrics, if enabled. 0 does not expose it outside the pod. 0
--metrics-service-target-port The port to be used to access metrics, within the pod, if enabled. This is the reserved port and is rarely changed. 9936
--prometheus-port The port that will be exported to use Prometheus, if installed. 9090
--prometheus-remote-password The prometheus remote_write password. Often your Grafana Prometheus Metrics API Key. none
--prometheus-remote-url The prometheus remote_write url. Often your Grafana Prometheus Metrics service. none
--prometheus-remote-user The prometheus remote_write username. Often your Grafana Prometheus Metrics username (a number). none
--prometheus-target-port The port that will be used within the pod for Prometheus, if installed. 9091

Last update: June 21, 2022