Support SNI and non SNI with ingress object and ssl-passthrough #740
Description
Hi,
We previously used NGINX and recently migrated to HAProxy.
We are using an Ingress object with ssl-passthrough enabled.
Our goal is to able curl the IP address using the default rule of the Ingress object which keep it ssl-passthrough.
Ingress rule has default entry without host
curl -k -v https://<ip_address>curl with IP without SNI results
- nginx used the default rule with ssl-passthrough
- haproxy seems to terminate ssl and use default backend 404
Here is our current Ingress configuration:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
haproxy.ingress.kubernetes.io/send-proxy-protocol: proxy-v1
haproxy.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
ingressClassName: haproxy
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: test-gateway
port:
number: 4433
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: test-gateway
port:
number: 4433The HAProxy ingress controller logs :
ingress-haproxy-ingress-controller: https~ mi-ingress-controller_svc_default-local-service_http/SRV_1 0/0/0/1/1 404 135 - - ---- 2/1/0/0/0 0/0 "GET xxx.xxx.xxx.xxx/ HTTP/2.0"
This suggests that TLS is being terminated and the default backend is used instead of ssl-passthrough to test-gateway service.
This configuration worked with NGINX.
How can we use HAProxy ingress controller, Ingress object that accept ssl-passthrough for SNI and non SNI requests?
Thanks