0

we have some services that only support HTTP 1.1 and some GRPC services that are on HTTP2. We always use HTTPS in frontend , and terminate it at ingress controller (ssl-pass through is false); as we don't want to have the overhead of configuring in every deployment/pod. On testing I see that when HTTTPS is on frontend, HaProxy selects H2 /HTTP2 by default and sends it to the backend; irrespective of whether the backend can support it or not. Is there any annotation or setting in the Ingress level to tell HAProxy to terminate H2 /HTTPS 2 in frontend and forward to backedn as HTTP1.1 for those server that does not support HTTP2 and as H2 (current behaviour) for those servers that support HTTP2 . Here is a diagram to illustrate the test setup haproxy test setup

enter image description here

Alex Punnen
  • 5,287
  • 3
  • 59
  • 71
  • have you enabled ssl on the backend? https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation#server-proto – Aleksandar Apr 15 '21 at 23:11
  • this is working now; documented here https://gist.github.com/alexcpn/a2b9c65097da7ae718daa38643f33825 (SSL is terminated in frontend) – Alex Punnen Apr 16 '21 at 07:39
  • 1
    I guess I did some setting wrong or some env related problem in the original question; I cleared up the cluster and retried and it worked – Alex Punnen Apr 16 '21 at 07:40

0 Answers0