Fix proxy protocol support for Kube access flow (#29268)

This PR allows enabling/disabling the support for proxy protocol in Kubernetes access flow.

lib/kube/proxy/server.go

@@ -90,6 +90,8 @@ type TLSServerConfig struct {
 	CloudLabels labels.Importer
 	// IngressReporter reports new and active connections.
 	IngressReporter *ingress.Reporter
+	// EnableProxyProtocol enables proxy protocol support
+	EnableProxyProtocol bool
 }
 
 // CheckAndSetDefaults checks and sets default values
@@ -242,7 +244,7 @@ func (t *TLSServer) Serve(listener net.Listener) error {
 		Context:             t.Context,
 		Listener:            listener,
 		Clock:               t.Clock,
-		EnableProxyProtocol: true,
+		EnableProxyProtocol: t.EnableProxyProtocol,
 		ID:                  t.Component,
 		// Increases deadline until the agent receives the first byte to 10s.
 		// It's required to accommodate setups with high latency and where the time

lib/service/service.go

@@ -3817,13 +3817,14 @@ func (process *TeleportProcess) initProxyEndpoint(conn *Connector) error {
 				LockWatcher:                   lockWatcher,
 				CheckImpersonationPermissions: cfg.Kube.CheckImpersonationPermissions,
 			},
-			TLS:             tlsConfig,
-			LimiterConfig:   cfg.Proxy.Limiter,
-			AccessPoint:     accessPoint,
-			GetRotation:     process.getRotation,
-			OnHeartbeat:     process.onHeartbeat(component),
-			Log:             log,
-			IngressReporter: ingressReporter,
+			TLS:                 tlsConfig,
+			LimiterConfig:       cfg.Proxy.Limiter,
+			AccessPoint:         accessPoint,
+			GetRotation:         process.getRotation,
+			OnHeartbeat:         process.onHeartbeat(component),
+			Log:                 log,
+			IngressReporter:     ingressReporter,
+			EnableProxyProtocol: cfg.Proxy.EnableProxyProtocol,
 		})
 		if err != nil {
 			return trace.Wrap(err)