-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ingress: add websockets configuration #20814
Conversation
Commit 8807faf68930634b627b690860b44dfe3fc4da69 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your PR, I have below two small comments, let me know if it's making sense.
Will kick off the Ingress Conformance test later.
6e7e554
to
61b5461
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, one small comment on unit tests.
a8e032d
to
cd0f52c
Compare
Some popular web software (e.x. Jupyterhub, Home Assistant) requires websocket support from the ingress. This commit provides an annotation to enable this support in Envoy. It is enabled by default to be in-line with other popular Ingress implementations (Traefik, ingress-nginx). Fixes: cilium#20427 Signed-off-by: Nikhil Jha <hi@nikhiljha.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks and lgtm 💯
I don't think full CI is required, as Ingress related codepath are not covered by jenkins tests. As long as IngressConformance is successful, we can merge this PR. https://github.com/cilium/cilium/runs/7760353023?check_suite_focus=true |
/test Job 'Cilium-PR-K8s-1.16-kernel-4.9' failed: Click to show.Test Name
Failure Output
If it is a flake and a GitHub issue doesn't already exist to track it, comment |
Thanks for your contribution @nikhiljha. |
Hi @nikhiljha , would you be interested in submitting a PR to add an agent flag to make this optional? It would be nice to know that it's possible to disable this at runtime in case of any issues arising from the use of websocket support. |
@joestringer Sure! Although I don't understand what you mean. If you don't add the annotation to your ingress the envoy crd doesn't change from the previous release of Cilium, so you can disable websocket support at runtime simply by removing the annotation. i.e. in this pr, you must explicitly opt in to websocket support, and you can disable it by not doing that |
Ah, I see what happened. I didn't update the commit message / PR description after deciding to make it not enabled by default 😓 as was requested in a code review. |
👋 I overlooked the commit message as well, I think it's still fine, as we have the history of conversation in this PR. |
@nikhiljha Ah okay, I think that should work fine. 👍 |
Is there a reason this isn't automatically enabled based on the client's request, instead of having to explicitly configure it in the ingress config? With ingress-nginx for example, it's automatic. Basically, in nginx you can just only add the Upgrade header if the client sends an upgrade header, so then it's "works" regardless, without having to mark anything as "websockets". |
So, I was working on this issue #22887 and hopped on this pr to gather more insights. It seems like the changes made by this pr is not fully added in the main branch. Particularly, I can't find the websocket config update code in the current main branch. Are the files reorganized? Can anyone help me regarding the organization, particularly about |
@joestringer requesting your suggestions on this. Thanks. |
description and a
Fixes: #XXX
line if the commit addresses a particularGitHub issue.
Some popular web software (e.x. Jupyterhub, Home Assistant) requires websocket support from the ingress. This commit provides an annotation to enable this support in Envoy. It is disabled by default.
Fixes: #20427