Haproxy problem with https

Help!
1

Hi,

I have an issue with Haproxy Ingress Controller v.3.2.6. After many tries installing from helm and Rancher can’t make it work over https.
I add my default certificate and config everything but ingress work only over http nut not https.

Trying curl on http return me respond but not https.

My args from deployment:

        - '--default-ssl-certificate=haproxy-controller/tls-dev'
        - '--configmap=haproxy-controller/haproxy'
        - '--http-bind-port=8080'
        - '--https-bind-port=443'
        - '--quic-bind-port=443'
        - '--quic-announce-port=443'
        - '--ingress.class=haproxy'
        - '--publish-service=haproxy-controller/haproxy'
        - '--log=info'
        - '--prometheus'
        - '--pprof'

also try with default

        - '--default-ssl-certificate=haproxy-controller/tls-dev'
        - '--configmap=haproxy-controller/haproxy'
        - '--http-bind-port=8080'
        - '--https-bind-port=8443'
        - '--quic-bind-port=443'
        - '--quic-announce-port=443'
        - '--ingress.class=haproxy'
        - '--publish-service=haproxy-controller/haproxy'
        - '--log=info'
        - '--prometheus'
        - '--pprof'

Service config:

apiVersion: v1
kind: Service
metadata:
name: haproxy
annotations:
labels:
namespace: haproxy-controller
spec:
selector:
app.kubernetes.io/instance: haproxy
app.kubernetes.io/name: haproxy
allocateLoadBalancerNodePorts: false
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:

  • IPv4
    ipFamilyPolicy: SingleStack
    ports:
  • appProtocol: http
    name: http
    nodePort: 31811
    port: 80
    protocol: TCP
    targetPort: http
  • appProtocol: https
    name: https
    nodePort: 32141
    port: 443
    protocol: TCP
    targetPort: https
  • appProtocol: https
    name: quic
    nodePort: 32141
    port: 443
    protocol: UDP
    targetPort: quic
  • name: stat
    nodePort: 31192
    port: 1024
    protocol: TCP
    targetPort: stat
  • name: admin
    nodePort: 30239
    port: 6060
    protocol: TCP
    targetPort: admin

What interesting from inside cluster its working very well.
After reaserch and use svc from community edition its start working:

apiVersion: v1
kind: Service
metadata:
annotations:
labels:
name: kubernetes-ingress
namespace: haproxy-controller
spec:
allocateLoadBalancerNodePorts: true
ipFamilies:

  • IPv4
    ipFamilyPolicy: SingleStack
    ports:
  • name: http-80
    nodePort: 31356
    port: 80
    protocol: TCP
    targetPort: http
  • name: https-443
    nodePort: 30604
    port: 443
    protocol: TCP
    targetPort: https
    selector:
    app.kubernetes.io/instance: kubernetes-ingress
    app.kubernetes.io/name: kubernetes-ingress
    sessionAffinity: None
    type: LoadBalancer