Allow serving http2 over port 80 with a configmap setting or annotation #10429
Comments
stabai
added
the
kind/feature
k8s-ci-robot
added
the
needs-triage
|
This issue is currently awaiting triage. If Ingress contributors determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Yes, it would help to be able to server HTTP2 over port 80. But on one hand the implementation of breaking changes like this is not a great direction to take for any ingress-controller. Maybe you can research if any other ingress-controller has this feature. That info will be added clarity. Secondly, I don't think there are resources to even design HTTP2 and HTTP1 over plaintext port 80. Not even sure how gRPC is practical on over plaintext or insecure with port 80 because I am not a developer. |
|
NGINX is the only place I've seen this requirement of using TLS with gRPC (which is why it was so surprising to me). Every other place I've used gRPC before works just fine over both plaintext and secure transport (just like http 1.1 does). Also, while I agree that making this a breaking change would be really bad, I don't see how adding a new annotation or configmap that allowed changing the behavior would be a breaking change? Is it just not possible for those things to alter the NGINX config in this way? Would a custom template be the right place for a user to alter this behavior? |
|
I will defer to other folks on that. Thanks. |
|
This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach |
github-actions
bot
added
lifecycle/frozen
|
Hi, just a headsup. on nginx v1.25 the http2 handler changes places, so it will be enabled by server{} directive and not on the listen directive. It should solve this |
|
@rikatz now that v1.25 is out. How would this be supported? What config do we need to change? |
Problem
Using the normal config, http2 traffic (such as gRPC) is only ever served over https contexts. This causes issues with local development, where using a self-signed cert is possible, but will require extra work and also generate lots of security warnings.
See this StackOverflow question for more details.
Proposed solution
We enable gRPC traffic using an annotation:
It would be great if there were another annotation that allowed serving http2 traffic over port 80. For example:
Alternatively, the configmap might be a more appropriate place for this:
If neither of these are feasible, it would at least be good to document this fact in the gRPC example page along with any potential workarounds.
The text was updated successfully, but these errors were encountered: