openshift · ShaunaDiaz · Aug 14, 2025 · Aug 12, 2025
diff --git a/modules/microshift-ingress-controller-config.adoc b/modules/microshift-ingress-controller-config.adoc
@@ -7,7 +7,13 @@
 [id="microshift-ingress-control-config_{context}"]
 = Configuring ingress control in {microshift-short}
 
-You can use detailed ingress control settings by updating the {microshift-short} service configuration file.
+You can use detailed ingress control settings by updating the {microshift-short} service configuration file or using a configuration snippet.
+
+[IMPORTANT]
+====
+* A `config.yaml` configuration file takes precedence over built-in settings. The `config.yaml` file is read every time the {microshift-short} service starts.
+* Configuration snippet YAMLs take precedence over both built-in settings and the `config.yaml` configuration file.
+====
 
 .Prerequisites
 
@@ -20,18 +26,8 @@ You can use detailed ingress control settings by updating the {microshift-short}
 . Apply ingress control settings in one of the two following ways:
 
 .. Update the {microshift-short} `config.yaml` configuration file by making a copy of the provided `config.yaml.default` file in the `/etc/microshift/` directory, naming it `config.yaml` and keeping it in the source directory.
-+
-[IMPORTANT]
-====
-After you create the `config.yaml`, the configuration file takes precedence over built-in settings. The `config.yaml` file is read every time the {microshift-short} service starts.
-====
 
 .. Use a configuration snippet to apply the ingress control settings you want. To do this, create a configuration snippet YAML file and put it in the `/etc/microshift/config.d/` configuration directory.
-+
-[IMPORTANT]
-====
-Configuration snippet YAMLs take precedence over both built-in settings and the `config.yaml` configuration file.
-====
 
 . Replace the default values in the `ingress` section of the {microshift-short} YAML with your valid values, or create a configuration snippet file with the sections you need.
 +
@@ -111,8 +107,8 @@ ingress:
 When configured, this field must contain a valid expression or the {microshift-short} service fails. At least one pattern must match a client certificate's distinguished name; otherwise, the ingress controller rejects the certificate and denies the connection.
 ====
 
-|`clientTLS.ClientCA`
-|Specifies a required config map that is in the `openshift-ingress` namespace. Required to enable client TLS. The config map must contain a certificate authority (CA) bundle.
+|`clientTLS.clientCA`
+|Specifies a required config map that is in the `openshift-ingress` namespace. Required to enable client TLS. The config map must contain a certificate authority (CA) bundle named `ca-bundle.pem` or the deployment of the default router fails.
 
 |`clientTLS.ClientCA.name`
 |The `metadata.name` of the config map referenced in the `clientTLS.ClientCA` value.
@@ -147,7 +143,6 @@ When configured, this field must contain a valid expression or the {microshift-s
 * When the policy is set to `Respond`, the ingress controller sends an HTTP `400` or `408` response, logs the connection if access logging is enabled, and counts the connection in the appropriate metrics.
 
 * When the policy is set to `Ignore`, the `http-ignore-probes` parameter is added to the `HAproxy` process configuration. After this parameter is added, the ingress controller closes the connection without sending a response, then either logs the connection or incrementing metrics.
-//Q: are the incrementing metrics in this case config'd by the admin, or are they automatic to our config?
 
 |`logEmptyRequests`
 |Specifies connections for which no request is received and logged. `Log` and `Ignore` are valid values. Empty requests typically come from load-balancer health probes or preconnects and can often be safely ignored. However, these requests can also be caused by network errors and port scans. Therefore, setting this field to `Ignore` can impede detection or diagnosis of network problems and detecting intrusion attempts. The default value is `Log`.