DOC: documentation for quic protocol

ivanmatmati · ivanmatmati · commit 181128209f7f · 2024-02-15T10:07:39.000+01:00
diff --git a/documentation/annotations.md b/documentation/annotations.md
@@ -52,6 +52,7 @@ This is autogenerated from [doc.yaml](doc.yaml). Description can be found in [ge
 | [path-rewrite](#path-rewrite) | string |  |  |:large_blue_circle:|:large_blue_circle:|:white_circle:|
 | [pod-maxconn](#maximum-concurrent-backend-connections) | number |  |  |:large_blue_circle:|:large_blue_circle:|:large_blue_circle:|
 | [proxy-protocol](#proxy-protocol) | IPs or CIDRs |  |  |:large_blue_circle:|:white_circle:|:white_circle:|
+| [quic-alt-svc-max-age](#quic-alt-svc-max-age) :construction:(dev) | number |  | ssl-certificate |:large_blue_circle:|:white_circle:|:white_circle:|
 | [rate-limit-period](#rate-limit) | [time](#time) | "1s" |  |:large_blue_circle:|:large_blue_circle:|:white_circle:|
 | [rate-limit-status-code](#rate-limit) | string | "403" |  |:large_blue_circle:|:large_blue_circle:|:white_circle:|
 | [rate-limit-requests](#rate-limit) | number |  |  |:large_blue_circle:|:large_blue_circle:|:white_circle:|
@@ -1174,6 +1175,33 @@ proxy-protocol: "192.168.1.0/24, 192.168.2.100"
 
 ***
 
+#### Quic Alt Svc Max Age
+
+##### `quic-alt-svc-max-age`
+
+
+  > :construction: this is only available from next version, currently available in dev build
+
+  Sets the max age in seconds for the alt-svc header as defined by the standard.
+
+  Available on:  `configmap`
+
+  :information_source: Too high a number can lead to issues. The clients could fail to connect because the services is no more available.
+
+Possible values:
+
+- number of seconds for cache retention.
+
+Example:
+
+```yaml
+quic-alt-svc-max-age: "900"
+```
+
+<p align='right'><a href='#available-annotations'>:arrow_up_small: back to top</a></p>
+
+***
+
 #### Rate Limit
 
 ##### `rate-limit-period`
@@ -1648,6 +1676,8 @@ client-strict-sni: true
 
   :information_source: this replaces default certificate
 
+  :information_source: this is used as the certificate for quic binding
+
 Possible values:
 
 - Name of Kubernetes secret
diff --git a/documentation/controller.md b/documentation/controller.md
@@ -42,6 +42,8 @@ Image can be run with arguments:
 | [`--disable-service-external-name`](#--disable-service-external-name) | `false` |
 | [`--channel-size`](#--channel-size) | `600` |
 | [`--disable-config-snippets`](#--disable-config-snippets) :construction:(dev) |  |
+| [`--disable-quic`](#--disable-quic) :construction:(dev) | `false` |
+| [`--quick-announce-port`](#--quick-announce-port) :construction:(dev) |  |
 
 
 ### `--configmap`
@@ -744,3 +746,45 @@ Example:
 
 ***
 
+### `--disable-quic`
+
+
+  > :construction: this is only available from next version, currently available in dev build
+
+  option to disable the quic binding used by default if a certificate is provided throug ssl-certificate annotation. Please be aware that the quic implementation is activated with the "limited-quic" global option. Please refer to the documentation for details.
+
+Possible values:
+
+
+Example:
+
+```yaml
+args:
+  - --disable-quic
+```
+
+<p align='right'><a href='#haproxy-kubernetes-ingress-controller'>:arrow_up_small: back to top</a></p>
+
+***
+
+### `--quick-announce-port`
+
+
+  > :construction: this is only available from next version, currently available in dev build
+
+  adjust the port in the alt-svc header to redirect to the exposed port in case it differs from the quic binding port.
+
+Possible values:
+
+
+Example:
+
+```yaml
+args:
+  - --quick-announce-port=10443    
+```
+
+<p align='right'><a href='#haproxy-kubernetes-ingress-controller'>:arrow_up_small: back to top</a></p>
+
+***
+
diff --git a/documentation/doc.yaml b/documentation/doc.yaml
@@ -370,6 +370,19 @@ image_arguments:
       - If 'all' is present then all (backend, frontend, global) config snippets are disabled.
     version_min: "1.11"
     example: --disable-config-snippets=backend,frontend
+  - argument: --disable-quic
+    description: option to disable the quic binding used by default if a certificate is provided throug ssl-certificate annotation. Please be aware that the quic implementation is activated with the "limited-quic" global option. Please refer to the documentation for details.
+    default: false
+    version_min: "1.11"
+    example: |-
+      args:
+        - --disable-quic
+  - argument: --quick-announce-port
+    description: adjust the port in the alt-svc header to redirect to the exposed port in case it differs from the quic binding port.
+    version_min: "1.11"
+    example: |-
+      args:
+        - --quick-announce-port=10443    
 groups:
   config-snippet:
     header: |-
@@ -1151,6 +1164,20 @@ annotations:
       - configmap
     version_min: "1.4"
     example: ['proxy-protocol: "192.168.1.0/24, 192.168.2.100"']
+  - title: quic-alt-svc-max-age
+    type: number
+    dependencies: "ssl-certificate"
+    default: ""
+    description:
+      - Sets the max age in seconds for the alt-svc header as defined by the standard.
+    tip:
+      - Too high a number can lead to issues. The clients could fail to connect because the services is no more available.
+    values:
+      - number of seconds for cache retention.
+    applies_to:
+      - configmap
+    version_min: "1.11"
+    example: ['quic-alt-svc-max-age: "900"']    
   - title: rate-limit-period
     type: "[time](#time)"
     group: rate-limit
@@ -1534,6 +1561,7 @@ annotations:
       - Sets the name of the Kubernetes secret that contains both the TLS key and certificate.
     tip:
       - this replaces default certificate
+      - this is used as the certificate for quic binding
     values:
       - Name of Kubernetes secret
     applies_to:
