Contents Menu Expand Light mode Dark mode Auto light/dark mode
Documentation Portal
  • 4k
  • 3.8
  • 3.7
  • 3.6 (EOL)
  • 3.5 (EOL)
  • 3.3 (EOL)
Logo
Mirantis Kubernetes Engine
  • Product Overview
  • Reference Architecture
    • Introduction to MKE
    • MKE hardware requirements
    • MKE software requirements
    • Manager nodes
    • Worker nodes
    • Admission controllers
    • Pause containers
    • Volumes
    • Configuration
    • Web UI and CLI
    • Role-based access control
    • MKE limitations
  • Installation Guide
    • Plan the deployment
      • Default install directories
      • Host name strategy
      • MCR considerations
        • default-address-pools
        • docker0
        • docker_gwbridge
        • Docker swarm
        • Kubernetes
        • docker data-root
        • no-new-privileges
        • Device Mapper storage driver
        • Memory metrics reporting
    • Perform pre-deployment configuration
      • Configure networking
        • IP considerations
        • Open ports to incoming traffic
        • Calico networking
        • Enable ESP traffic
        • Avoid firewall conflicts
        • DNS entry in hosts file
      • Preconfigure an SLES installation
      • Verify the timeout settings
      • Configure time synchronization
      • Configure a load balancer
      • Configure IPVS
      • Use an External Certificate Authority
      • Customize named volumes
      • Configure kernel parameters
    • Install the MKE image
    • Obtain the license
    • Install MKE on AWS
      • Prerequisites
      • Install MKE
    • Install MKE on Azure
      • Prerequisites
      • Networking
      • Azure configuration file
      • Guidelines for IPAM configuration
      • Manually provision IP address pools as part of an Azure VM scale set
      • Adjust the IP count value
      • Azure custom roles
    • Install MKE offline
    • Uninstall MKE
    • Deploy Swarm-only mode
      • Swarm-only images
      • Prometheus
  • Operations Guide
    • Access an MKE cluster
      • Access the MKE web UI
      • Download and configure the client bundle
        • Download the client bundle
        • Configure the client bundle
      • Configure kubectl with MKE
    • Administer an MKE cluster
      • Add labels to cluster nodes
        • Apply labels to a node
        • Deploy a service with constraints
        • Add Swarm placement constraints
        • Add or remove a service constraint using the MKE web UI
      • Add SANs to cluster certificates
      • Collect MKE cluster metrics with Prometheus
        • MKE metrics types
        • Metrics labels
        • MKE Metrics exposed by Prometheus
        • Deploy Prometheus on worker nodes
        • Configure external Prometheus to scrape metrics from MKE
      • Configure native Kubernetes role-based access control
        • Create a Kubernetes role
        • Create a Kubernetes role grant
      • MKE audit logging
        • Logging levels
        • Enable MKE audit logging
        • Access audit logs using the docker CLI
        • API endpoints logging constraints
      • Enable MKE telemetry
      • Enable and integrate SAML authentication
        • Configure SAML integration on identity provider
        • Configure SAML integration on MKE
        • SAML security considerations
      • Enable Helm with MKE
      • Integrate SCIM
        • Configure SCIM for MKE
        • Supported SCIM API endpoints
      • Integrate with an LDAP directory
        • MKE integration with LDAP
        • Configure the LDAP integration
      • Manage services node deployment
        • Restrict services deployment to Swarm worker nodes
        • Restrict services deployment to Kubernetes worker nodes
        • Allow services deployment on Kubernetes MKE manager or MSR nodes
      • Run only the images you trust
      • Set user session properties
      • Configure an MKE cluster
        • Use an MKE configuration file
        • Configuration options
      • Scale an MKE cluster
      • Configure KMS plugin for MKE
      • Use a local node network in a swarm
      • Use your own TLS certificates
      • Manage and deploy private images
      • Set the node orchestrator
        • Select the node orchestrator
        • Change the node orchestrator
      • View Kubernetes objects in a namespace
      • Join Nodes
        • Set up high availability
        • Join Linux nodes
        • Join Windows worker nodes
        • Use a load balancer
      • Use two-factor authentication
      • Migrate an MKE cluster to a new OS
    • Authorize role-based access
      • Create organizations, teams, and users
      • Enable LDAP and sync teams and users
      • Define roles with authorized API operations
        • Default roles
        • Create a custom Swarm role
        • Swarm operations roles
      • Use collections and namespaces
        • Swarm collection labels
        • Default and built-in Swarm collections
        • Group and isolate cluster resources
      • Create grants
      • Grant users permission to pull images
      • Reset passwords
      • RBAC tutorials
        • Deploy a simple stateless app with RBAC
        • Isolate volumes to specific teams
        • Isolate nodes
          • Isolate cluster nodes with Swarm
          • Isolate cluster nodes with Kubernetes
        • Set up access control architecture
        • Set up access control architecture with additional security requirements
    • Upgrade an MKE installation
      • Verify your environment
      • Perform the upgrade
      • Troubleshoot the upgrade process
    • Deploy applications with Swarm
      • Deploy a single-service application
      • Deploy a multi-service application
      • Deploy services to a Swarm collection
      • Use secrets in Swarm deployments
      • Interlock
        • Layer 7 routing
        • Optimize Interlock deployments
        • Deploy
          • Deploy a layer 7 routing solution
          • Configure layer 7 routing for production
          • Offline installation considerations
        • Configure
          • Configure layer 7 routing service
            • Configure the Interlock service
            • Configuration file options for layer 7 routing
            • Create a proxy service
          • Configure host mode networking
          • Configure NGINX
          • Tune the proxy service
          • Update Interlock services
        • Routing traffic to services
          • Route traffic to a Swarm service
          • Publish a service as a canary instance
          • Use context or path-based routing
          • Configure a routing mode
            • Routing modes
            • Specify a routing mode
          • Use service labels
          • Configure redirects
          • Service clusters
            • Configure service clusters
            • Deploy services in separate service clusters
            • Remove a service cluster
          • Use persistent sessions
          • Secure services with TLS
            • Proxy-managed TLS
            • Service-managed TLS
          • Use websockets
    • Deploy applications with Kubernetes
      • Use Kubernetes on Windows Server nodes
      • Access Kubernetes resources
      • Deploy a workload to a Kubernetes cluster
        • Deploy a workload using the MKE web UI
        • Deploy a workload using the CLI
      • Use Pod Security Policies
        • Configure Kubernetes access for PSPs
        • Default Pod security policies in MKE
        • Use the unprivileged policy
        • Reenable the privileged PSP for all users
        • PSP examples
      • Use admission controllers for access
      • Create a service account for a Kubernetes app
      • Install an unmanaged CNI plugin
      • Kubernetes network encryption
      • Persistent Kubernetes Storage
        • Use NFS Storage
        • Use Azure Disk Storage
        • Use Azure Files Storage
        • Use AWS EBS Storage
        • Configure iSCSI
        • Use CSI drivers
      • GPU support for Kubernetes workloads
      • Use Istio Ingress for Kubernetes
        • Configure Istio Ingress
        • Use cases
    • Monitor an MKE cluster
    • Troubleshoot an MKE cluster
      • Troubleshoot MKE node states
      • Troubleshoot using logs
      • Troubleshoot cluster configurations
    • Disaster recovery
      • Swarm disaster recovery
        • Recover from losing the quorum
        • Force the swarm to rebalance
      • MKE disaster recovery
      • Back up Swarm
      • Back up MKE
        • Backup considerations
        • Backup procedure
      • Restore Swarm
      • Restore MKE
    • Customer feedback
  • Launchpad
    • System requirements
    • Get started with Launchpad
    • Networking considerations
    • Upgrade components with Launchpad
    • Manage nodes
    • Launchpad CLI reference
    • Launchpad Configuration File
  • Get support

Reference documentation

  • API Reference
  • CLI Reference
    • backup
    • dump-certs
    • example-config
    • id
    • images
    • install
    • port-check-server
    • restore
    • support
    • uninstall-ucp
    • upgrade

Release notes

  • Release Notes
    • 3.4.15
    • 3.4.14
    • 3.4.13
    • 3.4.12
    • 3.4.11
    • 3.4.10
    • 3.4.9
    • 3.4.8
    • 3.4.7
    • 3.4.6
    • 3.4.5
    • 3.4.4
    • 3.4.3 (discontinued)
    • 3.4.2
    • 3.4.1 (discontinued)
    • 3.4.0
    • Deprecation notes
  • Release Compatibility Matrix
    • MKE 3.4 Compatibility Matrix
    • MKE and MSR Browser compatibility
    • MKE, MSR, and MCR Maintenance Lifecycle
  • Release Cadence and Support Lifecycle
  • Open Source Components and Licenses

Configure layer 7 routing service¶

This section describes how to customize layer 7 routing by updating the ucp-interlock service with a new Docker configuration, including configuration options and the procedure for creating a proxy service.

  • Configure the Interlock service
    • Enable Interlock proxy NGINX debugging mode
  • Configuration file options for layer 7 routing
    • Core configuration
    • Extension configuration
    • Proxy configuration
  • Create a proxy service
Next
Configure the Interlock service
Previous
Configure
  • Multi-page view
  • Single-page view

Mirantis Inc. 900 E Hamilton Avenue, Suite 650, Campbell, CA 95008 +1-650-963-9828

© 2005 - 2025 Mirantis, Inc. All rights reserved. "Mirantis" and "FUEL" are registered trademarks of Mirantis, Inc. All other trademarks are the property of their respective owners.