we have some services that only support HTTP 1.1 and some GRPC services that are on HTTP2. We always use HTTPS in frontend , and terminate it at ingress controller (ssl-pass through is false); as we don't want to have the overhead of configuring in every deployment/pod. On testing I see that when HTTTPS is on frontend, HaProxy selects H2 /HTTP2 by default and sends it to the backend; irrespective of whether the backend can support it or not. Is there any annotation or setting in the Ingress level to tell HAProxy to terminate H2 /HTTPS 2 in frontend and forward to backedn as HTTP1.1 for those server that does not support HTTP2 and as H2 (current behaviour) for those servers that support HTTP2 . Here is a diagram to illustrate the test setup haproxy test setup
