openshift · jmanthei · Apr 3, 2026 · ocpdocs-vale-bot · Apr 3, 2026 · ocpdocs-vale-bot
diff --git a/modules/configuring-haproxy-hard-stop-after.adoc b/modules/configuring-haproxy-hard-stop-after.adoc
@@ -0,0 +1,45 @@
+// Module included in the following assemblies:
+// * scalability_and_performance/optimization/routing-optimization.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="configuring-haproxy-hard-stop-after_{context}"]
+= Configuring HAProxy hard-stop-after for router reloads
+
+[role="_abstract"]
+During a router reload, HAProxy performs a soft stop: the previous process keeps serving existing connections until they close. The HAProxy global option `hard-stop-after` sets the maximum time allowed for that graceful shutdown before remaining connections are forced closed. Setting this limit can reduce accumulation of old HAProxy processes when reloads are frequent and some connections stay open for a long time.
+
+The Ingress Operator configures this option when you set the `ingress.operator.openshift.io/hard-stop-after` annotation on an `IngressController` or on the cluster `Ingress` configuration (`ingresses.config/cluster`). The value is a duration in HAProxy time format (for example, `30m` or `1h`). If the annotation is present on both resources, the value on the `IngressController` takes precedence.
+
+This setting is not the same as `spec.tuningOptions.tunnelTimeout` on the `IngressController`, which limits how long an idle tunnel connection (including WebSockets) remains open during normal operation.
+
+[NOTE]
+====
+If you set `idleConnectionTerminationPolicy` to `Deferred` on the `IngressController`, idle connections can remain open across reloads, which may increase the number of HAProxy processes in the router pod. In environments with frequent reloads, consider setting `ingress.operator.openshift.io/hard-stop-after` to avoid exhausting resources.
+====
+
+.Procedure
+
+* To set `hard-stop-after` on a specific Ingress Controller, run the `oc annotate` command:
++
+[source,terminal]
+----
+$ oc -n openshift-ingress-operator annotate ingresscontrollers/<ingresscontroller_name> ingress.operator.openshift.io/hard-stop-after=<duration> <1>
+----
++
+<1> Replace `<ingresscontroller_name>` with the name of your Ingress Controller. Replace `<duration>` with a valid HAProxy time value, for example `1h`.
+
+* To set the same annotation for the entire cluster by using the cluster `Ingress` configuration, run the `oc annotate` command:
++
+[source,terminal]
+----
+$ oc annotate ingresses.config/cluster ingress.operator.openshift.io/hard-stop-after=<duration> <1>
+----
++
+<1> Replace `<duration>` with a valid HAProxy time value, for example `1h`.
+
+* To remove the annotation from an Ingress Controller and stop setting `hard-stop-after` in HAProxy, run the `oc annotate` command with a trailing `-` on the annotation name:
++
+[source,terminal]
+----
+$ oc -n openshift-ingress-operator annotate ingresscontrollers/<ingresscontroller_name> ingress.operator.openshift.io/hard-stop-after-
+----
diff --git a/scalability_and_performance/optimization/routing-optimization.adoc b/scalability_and_performance/optimization/routing-optimization.adoc
@@ -26,3 +26,5 @@ include::modules/baseline-router-performance.adoc[leveloffset=+1]
 include::modules/ingress-liveness-readiness-startup-probes.adoc[leveloffset=+1]
 
 include::modules/configuring-haproxy-interval.adoc[leveloffset=+1]
+
+include::modules/configuring-haproxy-hard-stop-after.adoc[leveloffset=+1]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -26,3 +26,5 @@ include::modules/baseline-router-performance.adoc[leveloffset=+1]
		include::modules/ingress-liveness-readiness-startup-probes.adoc[leveloffset=+1]

		include::modules/configuring-haproxy-interval.adoc[leveloffset=+1]

		include::modules/configuring-haproxy-hard-stop-after.adoc[leveloffset=+1]