ingress: add websockets configuration #20814
Conversation
|
Commit 8807faf68930634b627b690860b44dfe3fc4da69 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
maintainer-s-little-helper
bot
added
dont-merge/needs-sign-off
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-sign-off
sayboras
added
the
release-note/minor
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-release-note-label
sayboras
added
area/proxy
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-release-note-label
nikhiljha
force-pushed
the
websockets
branch
2 times, most recently
from
6e7e554
to
61b5461
Compare
nikhiljha
force-pushed
the
websockets
branch
3 times, most recently
from
a8e032d
to
cd0f52c
Compare
Some popular web software (e.x. Jupyterhub, Home Assistant) requires websocket support from the ingress. This commit provides an annotation to enable this support in Envoy. It is enabled by default to be in-line with other popular Ingress implementations (Traefik, ingress-nginx). Fixes: cilium#20427 Signed-off-by: Nikhil Jha <hi@nikhiljha.com>
|
I don't think full CI is required, as Ingress related codepath are not covered by jenkins tests. As long as IngressConformance is successful, we can merge this PR. https://github.com/cilium/cilium/runs/7760353023?check_suite_focus=true |
|
/test Job 'Cilium-PR-K8s-1.16-kernel-4.9' failed: Click to show.Test NameFailure OutputIf it is a flake and a GitHub issue doesn't already exist to track it, comment |
sayboras
added
ready-to-merge
|
Thanks for your contribution @nikhiljha. |
maintainer-s-little-helper
bot
moved this from Needs backport from master
to Backport pending to v1.12
in 1.12.1
|
Hi @nikhiljha , would you be interested in submitting a PR to add an agent flag to make this optional? It would be nice to know that it's possible to disable this at runtime in case of any issues arising from the use of websocket support. |
joestringer
added
backport-done/1.12
maintainer-s-little-helper
bot
moved this from Backport pending to v1.12
to Backport done to v1.12
in 1.12.1
|
@joestringer Sure! Although I don't understand what you mean. If you don't add the annotation to your ingress the envoy crd doesn't change from the previous release of Cilium, so you can disable websocket support at runtime simply by removing the annotation. i.e. in this pr, you must explicitly opt in to websocket support, and you can disable it by not doing that |
|
Ah, I see what happened. I didn't update the commit message / PR description after deciding to make it not enabled by default 😓 as was requested in a code review. |
|
👋 I overlooked the commit message as well, I think it's still fine, as we have the history of conversation in this PR. |
|
@nikhiljha Ah okay, I think that should work fine. 👍 |
|
Is there a reason this isn't automatically enabled based on the client's request, instead of having to explicitly configure it in the ingress config? With ingress-nginx for example, it's automatic. Basically, in nginx you can just only add the Upgrade header if the client sends an upgrade header, so then it's "works" regardless, without having to mark anything as "websockets". |
|
So, I was working on this issue #22887 and hopped on this pr to gather more insights. It seems like the changes made by this pr is not fully added in the main branch. Particularly, I can't find the websocket config update code in the current main branch. Are the files reorganized? Can anyone help me regarding the organization, particularly about |
@joestringer requesting your suggestions on this. Thanks. |
description and a
Fixes: #XXXline if the commit addresses a particularGitHub issue.
Some popular web software (e.x. Jupyterhub, Home Assistant) requires websocket support from the ingress. This commit provides an annotation to enable this support in Envoy. It is disabled by default.
Fixes: #20427