Hi,

We previously used NGINX and recently migrated to HAProxy.
We are using an Ingress object with ssl-passthrough enabled.
Our goal is to able curl the IP address using the default rule of the Ingress object which keep it ssl-passthrough.
Ingress rule has default entry without host

curl -k -v https://<ip_address>

curl with IP without SNI results

• nginx used the default rule with ssl-passthrough
• haproxy seems to terminate ssl and use default backend 404

Here is our current Ingress configuration:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
 annotations:
 haproxy.ingress.kubernetes.io/send-proxy-protocol: proxy-v1
 haproxy.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
 ingressClassName: haproxy
 rules:
 - http:
 paths:
 - path: /
 pathType: Prefix
 backend:
 service:
 name: test-gateway
 port:
 number: 4433
 - host: example.com
 http:
 paths:
 - path: /
 pathType: Prefix
 backend:
 service:
 name: test-gateway
 port:
 number: 4433

The HAProxy ingress controller logs :

ingress-haproxy-ingress-controller: https~ mi-ingress-controller_svc_default-local-service_http/SRV_1 0/0/0/1/1 404 135 - - ---- 2/1/0/0/0 0/0 "GET xxx.xxx.xxx.xxx/ HTTP/2.0"

This suggests that TLS is being terminated and the default backend is used instead of ssl-passthrough to test-gateway service.
This configuration worked with NGINX.
How can we use HAProxy ingress controller, Ingress object that accept ssl-passthrough for SNI and non SNI requests?

Thanks