I'd like to request that this use case becomes supported. At work, we are running a cluster behind a massive HTTP load balancer, so we have no real reason to support TLS in our microservices and ingresses. The load balancer takes care of that.

I can't really say that I like what happened in the original issue #97330...

@lol768 is another user that has this specific use case in mind.

Now, because this use case was not accommodated in the past, I now have to introduce a really frankensteinian network setup into my namespace.

----- BEGIN EDIT 1 -----
The reason why I've even introduced HTTP/2 support into my microservices is because there are clear advantages of HTTP/2 over HTTP/1.1 in the use case of the project I work for, that have to do with efficiency and performance.

----- END EDIT 1 -----

I now have to make sure that every web service has a second listening port where it only emits HTTP/1.1 so that Kubernetes will be able to issue probes into it. And to make this port a probe-only port that doesn't get exposed outside, I need to make sure that my ingresses will never expose it, or anyone from the team never dares to expose it. And to make sure that the probe-only port doesn't leak any sensitive data, I have to make sure that it returns only some kind of generic HTTP response to the probes.

At this point you're probably thinking why won't I just get a TCP probe to knock on the port where we serve HTTP/2. This will work of course, but it's naive. It misses the point. If this was a TCP service that doesn't serve HTTP, it would make perfect sense, but it isn't. HTTP is not just TCP 80 or 8080 or what have you, but it's a probe with extra context - the return is expected to be a HTTP response, so that we know the microservice isn't just merely accepting connections, it's also sending coherent responses.

I hope this is explanation enough and that its merits are reasonable.