[wtarreau]

Strange that you see no option for client certs because that has been supported from day one. In addition we even support SNI-based client auth even with wildcard certs. Same for TLS versions and cipher suites.

Further, just look at https://istlsfastyet.com/ and you'll see that haproxy, H2O and nghttpx are the only 3 implementations checking everything (and haproxy was the one inventing dynamic record sizing).

So it seems your opinion on haproxy's TLS support is not that spread!

[zeeZ]

I know haproxy itself supports that and have used those features with static configuration, but does the k8s ingress controller out of the box?

[wtarreau]

I don't know as I have no use for it. Just check the article, it presents some of the things done with the ingress controller, it should answer some of your questions I guess.

[bedis9]

Yes, it does. We'll blog about those use cases during the summer.