Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add http/2 support to API server #5149

Merged
merged 1 commit into from Mar 1, 2022
Merged

Add http/2 support to API server #5149

merged 1 commit into from Mar 1, 2022

Conversation

kmadac
Copy link
Contributor

@kmadac kmadac commented Feb 22, 2022
edited

fix issue #5148

Signed-off-by: Kamil Madac kamil.madac@gmail.com

Proposed Changes

There are projects which communicates with kube api server via http/2 protocol only, like https://github.com/gardener/dashboard
But such projects are not working with k3s, because k3s does not have http/2 enabled unlike minikube or original kube-apiserver. This change enables http/2 on k3s-server to be on par with other k8s distributions.

Types of Changes

Enhancement

Verification

kubectl run tmp-shell --rm -i --tty --image nicolaka/netshoot -- /bin/bash
bash-5.1# curl --http2-prior-knowledge -sSk "https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/" -v
*   Trying 10.43.0.1:443...
* Connected to 10.43.0.1 (10.43.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: O=k3s; CN=k3s
*  start date: Feb 22 08:49:36 2022 GMT
*  expire date: Feb 22 08:49:36 2023 GMT
*  issuer: CN=k3s-server-ca@1645519776
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fce8bed8a90)
> GET / HTTP/2
> Host: 10.43.0.1
> user-agent: curl/7.80.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 401 
< audit-id: 03bc7352-7234-411c-9cb3-d76b01f5be9d
< cache-control: no-cache, private
< content-type: application/json
< content-length: 157
< date: Tue, 22 Feb 2022 14:36:17 GMT
< 
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "Unauthorized",
  "reason": "Unauthorized",
  "code": 401
* Connection #0 to host 10.43.0.1 left intact
}

We can see that http/2 is used and k3s api returned valid json.

Linked Issues

#5148

User-Facing Change

NONE

Further Comments

@kmadac
Add http/2 support to API server
ee59c6c 
fix issue k3s-io#5148

Signed-off-by: Kamil Madac <kamil.madac@gmail.com>
@kmadac kmadac requested a review from a team as a code owner February 22, 2022 14:38
@brandond
Copy link
Contributor

Thanks for the contribution!

@dereknola dereknola merged commit 3332484 into k3s-io:master Mar 1, 2022
@cguertin14 cguertin14 mentioned this pull request Apr 9, 2022
Merged
@everflux everflux mentioned this pull request Jun 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brandond brandond brandond approved these changes

@briandowns briandowns briandowns approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@kmadac @brandond @briandowns @dereknola