Hi Joao, I do have a question for you about your ingress controller design and the "chained" frontends, summarized below: * The first frontend is on tcp mode binding :443, inspecting sni and doing a triage; There is also a ssl-passthrough config - from the triage frontend straight to a tcp backend. * The second frontend is binding a unix socket with ca-file (tls authentication); * The last frontend is binding another unix socket, doing ssl-offload but without ca-file.
What feature is missing in HAProxy to allow switching these 3 frontends into a single one? I understand that the ability to do ssl deciphering and ssl passthrough on a single bind line is one of them. Is there anything else we could improve? I wonder if crt-list would be useful in your case: https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.1-crt-list Baptiste >
