Description
Is your feature request related to a problem? Please describe.
SSL termination is done at envoy pod, then internal nginx ingress passthrough request to envoy pods by DNS fqdn. Certificate is generated by cert-manager. Cert is used for mTLS authentification. This setup works on Openshift with its HAPROXY passthrough route (as ingress).
And client IP preserving is needed. On VCD X-Forwarded-For works for HTTP virtual service.
For HTTPS virtual service i don't know, you need certificate, but how to manage short lived certificate in VCD certificate library?
If SSL passthrough with annotation disables appProtocol. So LB is created as L4 even service port have appProtocol: http/s
service.beta.kubernetes.io/vcloud-avi-ssl-no-termination: "true"
Describe the solution you'd like
If it solves anything, make upload certificate secret to Certificate library using some annotation
Describe alternatives you've considered
Use "Preserve Client IP" but it is needs AVI stack redeployment and another can of worms :)
Additional context
No response