pecameron
diff --git a/‎architecture/core_concepts/routes.adoc
Lines changed: 116 additions & 52 deletions b/‎architecture/core_concepts/routes.adoc
Lines changed: 116 additions & 52 deletions
@@ -197,14 +197,14 @@ from other connections, or turn off stickiness entirely.
 
 By default, sticky sessions for passthrough routes are implemented using the
 `source` xref:load-balancing[load balancing strategy]. The default can be
-changed for all passthrough routes by using the `*ROUTER_TCP_BALANCE_SCHEME*`
+changed for all passthrough routes by using the `ROUTER_TCP_BALANCE_SCHEME`
 xref:env-variables[environment variable], and for individual routes by using the
 `*haproxy.router.openshift.io/balance*` xref:route-specific-annotations[route
 specific annotation].
 
 Other types of routes use the `leastconn` xref:load-balancing[load balancing
 strategy] by default, which can be changed by using the
-`*ROUTER_LOAD_BALANCE_ALGORITHM*` xref:env-variables[environment variable]. It
+`ROUTER_LOAD_BALANCE_ALGORITHM` xref:env-variables[environment variable]. It
 can be changed for individual routes by using the
 `*haproxy.router.openshift.io/balance*` xref:route-specific-annotations[route
 specific annotation].
@@ -261,53 +261,53 @@ $ oc set env dc/router ROUTER_SYSLOG_ADDRESS=127.0.0.1 ROUTER_LOG_LEVEL=debug
 [cols="2,2,6", options="header"]
 |===
 |Variable | Default | Description
-|`*DEFAULT_CERTIFICATE*` |  | The contents of a default certificate to use for routes that don't expose a TLS server cert; in PEM format.
-|`*DEFAULT_CERTIFICATE_DIR*` |  | A path to a directory that contains a file named *_tls.crt_*. If *_tls.crt_* is not a PEM file which also contains a private key, it is first combined with a file named tls.key in the same directory. The PEM-format contents are then used as the default certificate. Only used if `DEFAULT_CERTIFICATE` or `DEFAULT_CERTIFICATE_PATH` are not specified.
-|`*DEFAULT_CERTIFICATE_PATH*` |  | A path to default certificate to use for routes that don't expose a TLS server cert; in PEM format. Only used if `DEFAULT_CERTIFICATE` is not specified.
-|`*EXTENDED_VALIDATION*` | `true` | If `true`, the router confirms that the certificate is structurally correct. It does not verify the certificate against any CA. Set `false` to turn off the tests.
-|`*NAMESPACE_LABELS*` |  | A label selector to apply to namespaces to watch, empty means all.
-|`*PROJECT_LABELS*` |  | A label selector to apply to projects to watch, emtpy means all.
-|`*RELOAD_SCRIPT*` |  | The path to the reload script to use to reload the router.
-|`*ROUTER_ALLOWED_DOMAINS*` | | A comma-separated list of domains that the host name in a route can only be part of. Any subdomain in the domain can be used. Option `ROUTER_DENIED_DOMAINS` overrides any values given in this option. If set, everything outside of the allowed domains will be rejected.
-|`*ROUTER_BACKEND_CHECK_INTERVAL*` | 5000ms | Length of time between subsequent "liveness" checks on backends. xref:time-units[(TimeUnits)]
-|`*ROUTER_COMPRESSION_MIME*` | "text/html text/plain text/css" | A space separated list of mime types to compress.
-|`*ROUTER_DEFAULT_CLIENT_TIMEOUT*`| 30s | Length of time within which a client has to acknowledge or send data. xref:time-units[(TimeUnits)]
-|`*ROUTER_DEFAULT_CONNECT_TIMEOUT*`| 5s | The maximum connect time. xref:time-units[(TimeUnits)]
-|`*ROUTER_DEFAULT_SERVER_TIMEOUT*`| 30s | Length of time within which a server has to acknowledge or send data. xref:time-units[(TimeUnits)]
-|`*ROUTER_DEFAULT_TUNNEL_TIMEOUT*` | 1h | Length of time till which TCP or WebSocket connections will remain open. If you have websockets/tcp
+|`DEFAULT_CERTIFICATE` |  | The contents of a default certificate to use for routes that don't expose a TLS server cert; in PEM format.
+|`DEFAULT_CERTIFICATE_DIR` |  | A path to a directory that contains a file named *_tls.crt_*. If *_tls.crt_* is not a PEM file which also contains a private key, it is first combined with a file named tls.key in the same directory. The PEM-format contents are then used as the default certificate. Only used if `DEFAULT_CERTIFICATE` or `DEFAULT_CERTIFICATE_PATH` are not specified.
+|`DEFAULT_CERTIFICATE_PATH` |  | A path to default certificate to use for routes that don't expose a TLS server cert; in PEM format. Only used if `DEFAULT_CERTIFICATE` is not specified.
+|`EXTENDED_VALIDATION` | `true` | If `true`, the router confirms that the certificate is structurally correct. It does not verify the certificate against any CA. Set `false` to turn off the tests.
+|`NAMESPACE_LABELS` |  | A label selector to apply to namespaces to watch, empty means all.
+|`PROJECT_LABELS` |  | A label selector to apply to projects to watch, emtpy means all.
+|`RELOAD_SCRIPT` |  | The path to the reload script to use to reload the router.
+|`ROUTER_ALLOWED_DOMAINS` | | A comma-separated list of domains that the host name in a route can only be part of. Any subdomain in the domain can be used. Option `ROUTER_DENIED_DOMAINS` overrides any values given in this option. If set, everything outside of the allowed domains will be rejected.
+|`ROUTER_BACKEND_CHECK_INTERVAL` | 5000ms | Length of time between subsequent "liveness" checks on backends. xref:time-units[(TimeUnits)]
+|`ROUTER_COMPRESSION_MIME` | "text/html text/plain text/css" | A space separated list of mime types to compress.
+|`ROUTER_DEFAULT_CLIENT_TIMEOUT`| 30s | Length of time within which a client has to acknowledge or send data. xref:time-units[(TimeUnits)]
+|`ROUTER_DEFAULT_CONNECT_TIMEOUT`| 5s | The maximum connect time. xref:time-units[(TimeUnits)]
+|`ROUTER_DEFAULT_SERVER_TIMEOUT`| 30s | Length of time within which a server has to acknowledge or send data. xref:time-units[(TimeUnits)]
+|`ROUTER_DEFAULT_TUNNEL_TIMEOUT` | 1h | Length of time till which TCP or WebSocket connections will remain open. If you have websockets/tcp
 connections (and any time HAProxy is reloaded), the old HAProxy processes
 will "linger" around for that period. xref:time-units[(TimeUnits)]
-|`*ROUTER_DENIED_DOMAINS*` | | A comma-separated list of domains that the host name in a route can not be part of. No subdomain in the domain can be used either. Overrides option `ROUTER_ALLOWED_DOMAINS`.
-|`*ROUTER_ENABLE_COMPRESSION*`| | If `true` or `TRUE`, compress responses when possible.
-|`*ROUTER_LOG_LEVEL*` | warning | The log level to send to the syslog server.
-|`*ROUTER_MAX_CONNECTIONS*`| 20000 | Maximum number of concurrent connections.
-|`*ROUTER_OVERRIDE_HOSTNAME*`|  | If set `true`, override the spec.host value for a route with the template in `ROUTER_SUBDOMAIN`.
-|`*ROUTER_SERVICE_HTTPS_PORT*` | 443 | Port to listen for HTTPS requests.
-|`*ROUTER_SERVICE_HTTP_PORT*` | 80 | Port to listen for HTTP requests.
-|`*ROUTER_SERVICE_NAME*` | public | The name that the router identifies itself in the in route status.
-|`*ROUTER_CANONICAL_HOSTNAME*` | | The (optional) host name of the router shown in the in route status.
-|`*ROUTER_SERVICE_NAMESPACE*` |  | The namespace the router identifies itself in the in route status. Required if `ROUTER_SERVICE_NAME` is used.
-|`*ROUTER_SERVICE_NO_SNI_PORT*` | 10443 | Internal port for some front-end to back-end communication (see note below).
-|`*ROUTER_SERVICE_SNI_PORT*` | 10444 | Internal port for some front-end to back-end communication (see note below).
-| `*ROUTER_SLOWLORIS_HTTP_KEEPALIVE*`| 300s | Set the maximum time to wait for a new HTTP request to appear. If this is set too low, it can confuse browsers and applications not expecting a small `keepalive` value. xref:time-units[(TimeUnits)]
-|`*ROUTER_SLOWLORIS_TIMEOUT*` | 10s | Length of time the transmission of an HTTP request can take. xref:time-units[(TimeUnits)]
-|`*ROUTER_SUBDOMAIN*`|  | The template that should be used to generate the host name for a route without spec.host (e.g. ${name}-${namespace}.myapps.mycompany.com).
-|`*ROUTER_SYSLOG_ADDRESS*` |  | Address to send log messages. Disabled if empty.
-|`*ROUTER_SYSLOG_FORMAT*` | | If set, override the default log format used by underlying router implementation. Its value should conform with underlying router implementation's specification.
-|`*ROUTER_TCP_BALANCE_SCHEME*` | source | xref:load-balancing[Load-balancing strategy] for multiple endpoints for pass-through routes. Available options are `source`, `roundrobin`, or `leastconn`.
-|`*ROUTER_LOAD_BALANCE_ALGORITHM*` | leastconn | xref:load-balancing[Load-balancing strategy] for routes with multiple endpoints. Available options are `source`, `roundrobin`, and `leastconn`.
+|`ROUTER_DENIED_DOMAINS` | | A comma-separated list of domains that the host name in a route can not be part of. No subdomain in the domain can be used either. Overrides option `ROUTER_ALLOWED_DOMAINS`.
+|`ROUTER_ENABLE_COMPRESSION`| | If `true` or `TRUE`, compress responses when possible.
+|`ROUTER_LOG_LEVEL` | warning | The log level to send to the syslog server.
+|`ROUTER_MAX_CONNECTIONS`| 20000 | Maximum number of concurrent connections.
+|`ROUTER_OVERRIDE_HOSTNAME`|  | If set `true`, override the spec.host value for a route with the template in `ROUTER_SUBDOMAIN`.
+|`ROUTER_SERVICE_HTTPS_PORT` | 443 | Port to listen for HTTPS requests.
+|`ROUTER_SERVICE_HTTP_PORT` | 80 | Port to listen for HTTP requests.
+|`ROUTER_SERVICE_NAME` | public | The name that the router identifies itself in the in route status.
+|`ROUTER_CANONICAL_HOSTNAME` | | The (optional) host name of the router shown in the in route status.
+|`ROUTER_SERVICE_NAMESPACE` |  | The namespace the router identifies itself in the in route status. Required if `ROUTER_SERVICE_NAME` is used.
+|`ROUTER_SERVICE_NO_SNI_PORT` | 10443 | Internal port for some front-end to back-end communication (see note below).
+|`ROUTER_SERVICE_SNI_PORT` | 10444 | Internal port for some front-end to back-end communication (see note below).
+|`ROUTER_SLOWLORIS_HTTP_KEEPALIVE`| 300s | Set the maximum time to wait for a new HTTP request to appear. If this is set too low, it can confuse browsers and applications not expecting a small `keepalive` value. xref:time-units[(TimeUnits)]
+|`ROUTER_SLOWLORIS_TIMEOUT` | 10s | Length of time the transmission of an HTTP request can take. xref:time-units[(TimeUnits)]
+|`ROUTER_SUBDOMAIN`|  | The template that should be used to generate the host name for a route without spec.host (e.g. ${name}-${namespace}.myapps.mycompany.com).
+|`ROUTER_SYSLOG_ADDRESS` |  | Address to send log messages. Disabled if empty.
+|`ROUTER_SYSLOG_FORMAT` | | If set, override the default log format used by underlying router implementation. Its value should conform with underlying router implementation's specification.
+|`ROUTER_TCP_BALANCE_SCHEME` | source | xref:load-balancing[Load-balancing strategy] for multiple endpoints for pass-through routes. Available options are `source`, `roundrobin`, or `leastconn`.
+|`ROUTER_LOAD_BALANCE_ALGORITHM` | leastconn | xref:load-balancing[Load-balancing strategy] for routes with multiple endpoints. Available options are `source`, `roundrobin`, and `leastconn`.
 //|`*ROUTE_FIELDS*` |  | A field selector to apply to routes to watch, empty means all. (FUTURE: it does not have complete support we need in upstream/k8s.)
-|`*ROUTE_LABELS*` |  | A label selector to apply to the routes to watch, empty means all.
-|`*STATS_PASSWORD*` |  | The password needed to access router stats (if the router implementation supports it).
-|`*STATS_PORT*` |  | Port to expose statistics on (if the router implementation supports it).  If not set, stats are not exposed.
-|`*STATS_USERNAME*` |  | The user name needed to access router stats (if the router implementation supports it).
-|`*TEMPLATE_FILE*` | `/var/lib/haproxy/conf/custom/` `haproxy-config-custom.template` | The path to the HAProxy template file (in the container image).
-|`*RELOAD_INTERVAL*` | 12s | The minimum frequency the router is allowed to reload to accept new changes. xref:time-units[(TimeUnits)]
-|`*ROUTER_USE_PROXY_PROTOCOL*`|  | When set to `true` or `TRUE`, HAProxy expects incoming connections to use the `PROXY` protocol on port 80 or port 443. The source IP address can pass through a load balancer if the load balancer supports the protocol, for example Amazon ELB.
-|`*ROUTER_ALLOW_WILDCARD_ROUTES*`|  |  When set to `true` or `TRUE`, any routes with a wildcard policy of `Subdomain` that pass the router admission checks will be serviced by the HAProxy router.
-|`*ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK*` |  | Set to `true` to relax the namespace ownership policy.
-|`*ROUTER_STRICT_SNI*` |  | xref:strict-sni[strict-sni]
-|`*ROUTER_CIPHERS*` | intermediate  | Specify the set of xref:ciphers[ciphers] supported by bind.
+|`ROUTE_LABELS` |  | A label selector to apply to the routes to watch, empty means all.
+|`STATS_PASSWORD` |  | The password needed to access router stats (if the router implementation supports it).
+|`STATS_PORT` |  | Port to expose statistics on (if the router implementation supports it).  If not set, stats are not exposed.
+|`STATS_USERNAME` |  | The user name needed to access router stats (if the router implementation supports it).
+|`TEMPLATE_FILE` | `/var/lib/haproxy/conf/custom/` `haproxy-config-custom.template` | The path to the HAProxy template file (in the container image).
+|`RELOAD_INTERVAL` | 12s | The minimum frequency the router is allowed to reload to accept new changes. xref:time-units[(TimeUnits)]
+|`ROUTER_USE_PROXY_PROTOCOL`|  | When set to `true` or `TRUE`, HAProxy expects incoming connections to use the `PROXY` protocol on port 80 or port 443. The source IP address can pass through a load balancer if the load balancer supports the protocol, for example Amazon ELB.
+|`ROUTER_ALLOW_WILDCARD_ROUTES`|  |  When set to `true` or `TRUE`, any routes with a wildcard policy of `Subdomain` that pass the router admission checks will be serviced by the HAProxy router.
+|`ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK` |  | Set to `true` to relax the namespace ownership policy.
+|`ROUTER_STRICT_SNI` |  | xref:strict-sni[strict-sni]
+|`ROUTER_CIPHERS` | intermediate  | Specify the set of xref:ciphers[ciphers] supported by bind.
 |===
 
 [NOTE]
@@ -353,11 +353,11 @@ number of running servers changing, many clients will be
 directed to different servers. This algorithm is generally
 used with xref:routes-sticky-sessions[passthrough routes].
 
-The `*ROUTER_TCP_BALANCE_SCHEME*` environment variable sets the default
-for passthorugh routes.  The `*ROUTER_LOAD_BALANCE_ALGORITHM*` environment
-variable sets the default strategy for the router for the remaining routes.
+The `ROUTER_TCP_BALANCE_SCHEME` xref:env-variables[environment variable] sets the default
+strategy for passthorugh routes.  The `ROUTER_LOAD_BALANCE_ALGORITHM` xref:env-variables[environment
+variable] sets the default strategy for the router for the remaining routes.
 A xref:route-specific-annotations[route specific annotation],
-`*haproxy.router.openshift.io/balance*` may be use to control specific routes.
+`*haproxy.router.openshift.io/balance*`, may be used to control specific routes.
 
 [[strict-sni]]
 == HAProxy Strict SNI
@@ -897,6 +897,70 @@ criteria, it will replace the existing route based on the above mentioned
 resolution order (oldest route wins).
 ====
 
+[[alternateBackends]]
+== Alternate Backends and Weights
+
+A route is usually associated with one service through the `to:` token with `kind: Service`.
+All of the requests to the route are handled by endpoints in the service based on the
+xref:load-balancing[load balancing strategy].
+
+It is possible to have as many as 4 services supporting the route. The portion of 
+requests that are handled by each service is governed by the service `weight`.
+
+The first service is entered using the `to:` token as before, and up to three additional
+services can be entered using the `alternateBackend:` token. Each service must be
+`kind: Service` which is the default.
+
+Each service can have a `weight` associated with it. The portion of requests handled 
+by the service is `weight` / `sum_of_all_weights`. When a service has more than one 
+endpoint, the service's weight is distributed among the endpoints with each endpoint
+getting at least 1. If the service `weight` is 0 each endpoint will get 0.
+
+The `weight` must be in the range 0-256. The default is 1.
+When the `weight` is 0 no requests are passd to the service. If all services have
+`weight` 0, requests are returned with a 503 error. 
+
+When using `alternateBackends` also use the `roundrobin` xref:load-balancing[load balancing strategy]
+to ensure requests are distributed as expected to the services based on `weight`.
+`roundrobin` can be set for a route using a xref:route-specific-annotations[route annotation],
+or for the router in general using an xref:env-variables[environment variable].
+
+Here is an example of using alternate backends for
+xref:../../dev_guide/deployments/advanced_deployment_strategies.adoc#advanced-deployment-a-b-deployment[a/b deployments].
+
+.A Route with alternateBackends and weights:
+====
+
+[source,yaml]
+----
+apiVersion: v1
+kind: Route
+metadata:
+  name: route-alternate-service
+  annotations:
+    haproxy.router.openshift.io/balance: roundrobin  <1>
+spec:
+  host: www.example.com
+  to:
+    kind: Service
+    name: service-name  <2>
+    weight: 20          <4>
+  alternateBackends:
+  - kind: Service
+    name: service-name2 <3>
+    weight: 10          <4>
+    kind: Service
+    name: service-name3 <3>
+    weight: 10          <4>
+----
+
+<1> This route uses `roundrobin` xref:load-balancing[load balancing strategy]
+<2> The first service name is `service-name` which may have 0 or more pods
+<3> The alternateBackend services may also have 0 or more pods
+<4> The total `weight` is 40. `service-name` will get 20/40 or 1/2 of the requests,
+`service-name2` and `service-name3` will each get 1/4 of the requests.
+====
+
 
 [[route-specific-annotations]]
 == Route-specific Annotations
@@ -1045,8 +1109,8 @@ the host names in a route using the `ROUTER_DENIED_DOMAINS` and
 [cols="2"]
 |===
 
-|`*ROUTER_DENIED_DOMAINS*` | Domains listed are not allowed in any indicated routes.
-|`*ROUTER_ALLOWED_DOMAINS*` | Only the domains listed are allowed in any indicated routes.
+|`ROUTER_DENIED_DOMAINS` | Domains listed are not allowed in any indicated routes.
+|`ROUTER_ALLOWED_DOMAINS` | Only the domains listed are allowed in any indicated routes.
 
 |===