HAProxy is often as a network proxy to implement the Ingress API in Kubernetes and OpenShift. By terminating TCP connections the TCP information about the client (in particular the source IP address and port) are hidden from the broker (it sees HAProxy's IP). This means that the broker can't really use the source IP address in a meaningful way. E.g. in ACLs, or audit logging.

HAProxy can be configured to propagate this information to a server which supports its PROXY protocol (defined here). It essentially sends its own message at the start of a TCP or TLS connection. It would be useful if the broker gained support for this protocol.

Envoy also supports the PROXY protocol