KEDA HTTP Add-on
Getting Started
Concepts
User Guide
Operations
Reference

Configure the Interceptor Latest

Timeout, connection, and scaling configuration for the interceptor proxy

Suggest a change

The interceptor is the reverse proxy that sits in front of your application. This page covers infrastructure-level settings configured via Helm values and environment variables.

Timeouts

Global timeouts apply to all routes and serve as cluster-wide defaults. Application developers can override these values per route on the InterceptorRoute — see Configure Timeouts.

Set global defaults via Helm values:

helm install http-add-on kedacore/keda-add-ons-http \
  --namespace keda \
  --set interceptor.requestTimeout=30s \
  --set interceptor.responseHeaderTimeout=15s \
  --set interceptor.readinessTimeout=20s
TimeoutHelm valueEnv varDefault
Requestinterceptor.requestTimeoutKEDA_HTTP_REQUEST_TIMEOUT0s (disabled — no total deadline)
Response headerinterceptor.responseHeaderTimeoutKEDA_HTTP_RESPONSE_HEADER_TIMEOUT300s
Readinessinterceptor.readinessTimeoutKEDA_HTTP_READINESS_TIMEOUT0s (disabled — readiness wait is bounded by the request timeout)
Connectinterceptor.tcpConnectTimeoutKEDA_HTTP_CONNECT_TIMEOUT500ms

Cold-start response header

The interceptor adds an X-KEDA-HTTP-Cold-Start response header to indicate whether a cold start occurred. This header is enabled by default. To disable it:

helm upgrade http-add-on kedacore/keda-add-ons-http \
  --namespace keda \
  --set interceptor.extraEnvs.KEDA_HTTP_ENABLE_COLD_START_HEADER=false

Connection tuning

Configure the interceptor’s connection pool for backend services:

Helm valueEnv varDefaultDescription
interceptor.maxIdleConnsKEDA_HTTP_MAX_IDLE_CONNS1000Maximum idle connections across all backend services. Increase this if you proxy to many backends.
interceptor.maxIdleConnsPerHostKEDA_HTTP_MAX_IDLE_CONNS_PER_HOST200Maximum idle connections per backend. Increase this if you observe frequent connection establishments under load.

Graceful shutdown

During rolling updates, scale-downs, or node drains, the interceptor drains in-flight requests instead of terminating them immediately. When an interceptor pod is deleted, Kubernetes triggers EndpointSlice removal and sends SIGTERM in parallel. The interceptor’s shutdown sequence on SIGTERM is:

  1. The readiness probe returns 503, signaling the pod is no longer ready to receive traffic (e.g. for external load balancers that health-check the pod directly).
  2. The interceptor keeps serving for shutdownDelay, allowing endpoint removal to propagate to all nodes.
  3. The proxy listener closes and the interceptor waits up to drainTimeout for in-flight requests (including WebSocket connections) to complete.
  4. Infrastructure components (admin server, metrics, routing table) shut down and the pod exits.
Helm valueEnv varDefaultDescription
interceptor.shutdownDelayKEDA_HTTP_SHUTDOWN_DELAY5sTime between SIGTERM and closing the proxy listener. Increase this if clients still hit the pod after SIGTERM.
interceptor.drainTimeoutKEDA_HTTP_DRAIN_TIMEOUT30sMaximum time to wait for in-flight requests to complete. 0 waits indefinitely.
interceptor.terminationGracePeriodSeconds45Time Kubernetes waits before sending SIGKILL.

Ensure terminationGracePeriodSeconds is at least shutdownDelay + drainTimeout to avoid SIGKILL before drain completes.

helm upgrade http-add-on kedacore/keda-add-ons-http \
  --namespace keda \
  --set interceptor.shutdownDelay=10s \
  --set interceptor.drainTimeout=120s \
  --set interceptor.terminationGracePeriodSeconds=135

Interceptor scaling

The interceptor itself is auto-scaled by KEDA via a ScaledObject created by the Helm chart. Configure the interceptor’s scaling bounds:

Helm valueDefaultDescription
interceptor.replicas.min3Minimum interceptor replicas.
interceptor.replicas.max50Maximum interceptor replicas.
helm upgrade http-add-on kedacore/keda-add-ons-http \
  --namespace keda \
  --set interceptor.replicas.min=<your-min> \
  --set interceptor.replicas.max=<your-max>

What’s Next