fix: support GRPC with Gateway's HTTP listener #5128
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
This adds support for GRPC over HTTP (without TLS). The only supported version of the HTTP protocol is currently HTTP/2 for GRPC. GRPC without encryption is much less popular but supported.
For Kong Gateway, the HTTP listener must have the
http2
option enabled (configured with env varPROXY_LISTEN
) to support GRPC. By default it is only enabled for HTTPS, but not for HTTP. Currently, Kong Gateway 3.5 doesn't offer simultaneous support of HTTP/1.1 and HTTP/2 without TLS on a single TCP socket (PROXY_LISTEN='0.0.0.0:80 http2'
) for the listener is set. A client has to connect with HTTP/2 from the start which breaks all other HTTP-related tests (the same would be with users set-ups). Thus it is tested on an isolated instance of Kong Gateway. There is a separate issue for documenting the required setting and its implication in Kong docs - #5134 for the feature introduced in this PR.For HTTPS both HTTP/1 and HTTP/2 work as expected with
http2
on a single socket, because the mechanism of protocol negation during TLS handshake (TLS-ALPN) is used as described in RFC 7540 Section 3.3, hence havingPROXY_LISTEN='0.0.0.0:8443 http2 ssl'
as default is sensible.Which issue this PR fixes:
Fixes #4273
Special notes for your reviewer:
Opportunistically, all integration tests related to GRPC support have been moved to the
isolated
since we intend to migrate all tests someday. See #4823.PR Readiness Checklist:
Complete these before marking the PR as
ready to review
:CHANGELOG.md
release notes have been updated to reflect any significant (and particularly user-facing) changes introduced by this PR