-
Notifications
You must be signed in to change notification settings - Fork 7.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use downstream protocol on inbound clusters #16452
Conversation
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
@rshriram: The following test failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Might be of some use to tackle #16391 |
@@ -601,6 +601,9 @@ func (configgen *ConfigGeneratorImpl) buildInboundClusterForPortOrUDS(pluginPara | |||
localCluster := buildDefaultCluster(pluginParams.Env, clusterName, apiv2.Cluster_STATIC, localityLbEndpoints, | |||
model.TrafficDirectionInbound, pluginParams.Node, nil) | |||
setUpstreamProtocol(localCluster, instance.Endpoint.ServicePort) | |||
// Set the upstream protocol selection based on the downstream protocol. This is for inbound clusters only. | |||
// Use HTTP1.1 or HTTP2, depending on which one is used on the downstream connection. | |||
localCluster.ProtocolSelection = apiv2.Cluster_USE_DOWNSTREAM_PROTOCOL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what happens in this scenario ?
clientProxy - ( h2 upgrade ) ----> serverProxy --(inbound cluster) ---> (http 1.1) application```
It seems that serverProxy will forward the h2 connection to the application which cannot speak h2. we need to guard for that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Envoy does not support h2 upgrades in inbound or in cluster. So we don't have to worry about that problem. Secondly, guarding for this specific condition means we break all the protocol sniffing work where the application does not declare the port type. I think the latter is a much bigger win compared to the former. The former will be solved when envoy gains proper h2 upgrade facility.
This pull request has been automatically marked as stale because it has not had activity in the last 2 weeks. It will be closed in 30 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions! |
Use HTTP1.1 or HTTP2, depending on which one is used on the downstream connection.
Signed-off-by: Shriram Rajagopalan rshriram@tetrate.io