After some testing and fiddling around, I don't think it's worth the
hassle. Not only was ingress-nginx much less stable since integrating
the crowdsec bouncer plugin, but also just providing some questionable
log parsers etc, mainly focusing on bruteforce attacks for passwords,
which is useless when everything goes to SSO anyway.

Finally there were some other technical faux pas, like hardcoded
passwords on the integrated dashboard (which is also mostly useless),
expired GPG keys on the Fedora repository and finally a lack of bouncer
modules on current Fedora releases, depsite the docs claiming otherwise.
And given the issues date back to march, it doesn't seem to be a
something that will be resolved any time soon.

I guess my biggest critique is that the whole "fail2ban of the modern
area" limits itself to IP addresses only. No additional metadata to
block or mitigate attacks or identify attackers. Relying on IP addresses
only in 2023 is not on time. The whole being distributed with the lapi
server, is nice, but not enough to make this acceptable.

This patch adds a haproxy deployment to the cluster, which allows to
mimic the haproxy setup outside the cluster. Making sure that traffic is
automatically redirected and works around the limitations of ingress
nginx, of limiting proxy protocol to a boolean for either all traffic or
for none.

This reverts commit 342a9382.

This patch tries to figure out, why the proxy-protocol isn't supported
properly yet.