Feature request: Expose options for "verify" setting to enable better control over client certificates

[DaveOHenry]

As far as I understand client certificates are always required (for the whole ingress / all routes) when "client-ca" is set in the ingress configmap: https://www.haproxy.com/documentation/kubernetes/latest/configuration/configmap/#client-ca https://github.com/haproxytech/kubernetes-ingress/blob/0b71f11cbcc9e72b885357c84d4cbd5f520b787f/controller/handler/https.go#L116

This also means that it is not possible currently to require client certificates for a certain path, but ignore them for other parts of a site.

see also: https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#5.1-verify

[aldelsa]

Hello @DaveOHenry, which key are you using in the certificate secret? We are trying to use that but we had an error in log pods:

2021/08/31 11:17:55 ERROR   controller.go:208 certificate missing in ingress-haproxy/client-ca.crt
2021/08/31 11:18:05 ERROR   controller.go:208 certificate missing in ingress-haproxy/client-ca.crt

I think that there is a problem for reading the secret correctly. I used client-ca.crt key in the secret but It is not working.

Thanks