Add configurable listener ALPN protocols to enable downstream http2

Signed-off-by: Laurent Marchaud <laurent@marchaud.com>
numberly · Dec 16, 2022 · 15df88f · 15df88f
1 parent 75a46be
commit 15df88f
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 0 deletions.
diff --git a/cmd/root.go b/cmd/root.go
@@ -47,6 +47,7 @@ type config struct {
 	HttpExtAuthz               envoy.HttpExtAuthz        `json:"httpExtAuthz"`
 	HttpGrpcLogger             envoy.HttpGrpcLogger      `json:"httpGrpcLogger"`
 	DefaultTimeouts            envoy.DefaultTimeouts     `json:"defaultTimeouts"`
+	AlpnProtocols              []string                  `json:"alpnProtocols"`
 }
 
 // Hasher returns node ID as an ID
@@ -108,6 +109,7 @@ func init() {
 	rootCmd.PersistentFlags().Duration("default-route-timeout", 15*time.Second, "Default timeout of the routes")
 	rootCmd.PersistentFlags().Duration("default-cluster-timeout", 30*time.Second, "Default timeout of the cluster")
 	rootCmd.PersistentFlags().Duration("default-per-try-timeout", 5*time.Second, "Default timeout of PerTry")
+	rootCmd.PersistentFlags().StringSlice("alpn-protocols", []string{}, "exposed listener ALPN protocols")
 	viper.BindPFlag("debug", rootCmd.PersistentFlags().Lookup("debug"))
 	viper.BindPFlag("address", rootCmd.PersistentFlags().Lookup("address"))
 	viper.BindPFlag("healthAddress", rootCmd.PersistentFlags().Lookup("health-address"))
@@ -140,6 +142,7 @@ func init() {
 	viper.BindPFlag("defaultTimeouts.Route", rootCmd.PersistentFlags().Lookup("default-route-timeout"))
 	viper.BindPFlag("defaultTimeouts.Cluster", rootCmd.PersistentFlags().Lookup("default-cluster-timeout"))
 	viper.BindPFlag("defaultTimeouts.PerTry", rootCmd.PersistentFlags().Lookup("default-per-try-timeout"))
+	viper.BindPFlag("alpnProtocols", rootCmd.PersistentFlags().Lookup("alpn-protocols"))
 }
 
 func initConfig() {
@@ -242,6 +245,7 @@ func main(*cobra.Command, []string) error {
 		envoy.WithSyncSecrets(c.SyncSecrets),
 		envoy.WithDefaultTimeouts(c.DefaultTimeouts),
 		envoy.WithDefaultRetryOn(viper.GetString("retryOn")),
+		envoy.WithAlpnProtocols(viper.GetStringSlice("alpnProtocols")),
 	)
 	snapshotter := envoy.NewSnapshotter(envoyCache, configurator, aggregator)
 

diff --git a/pkg/envoy/boilerplate.go b/pkg/envoy/boilerplate.go
@@ -265,6 +265,7 @@ func (c *KubernetesConfigurator) makeFilterChain(certificate Certificate, virtua
 
 	tls := &auth.DownstreamTlsContext{}
 	tls.CommonTlsContext = &auth.CommonTlsContext{
+		AlpnProtocols: c.alpnProtocols,
 		TlsCertificates: []*auth.TlsCertificate{
 			{
 				CertificateChain: &core.DataSource{

diff --git a/pkg/envoy/configurator.go b/pkg/envoy/configurator.go
@@ -71,6 +71,7 @@ type KubernetesConfigurator struct {
 	httpGrpcLogger             HttpGrpcLogger
 	defaultTimeouts            DefaultTimeouts
 	defaultRetryOn             string
+	alpnProtocols              []string
 
 	previousConfig  *envoyConfiguration
 	listenerVersion string

diff --git a/pkg/envoy/options.go b/pkg/envoy/options.go
@@ -85,3 +85,10 @@ func WithDefaultRetryOn(defaultRetryOn string) option {
 		c.defaultRetryOn = defaultRetryOn
 	}
 }
+
+// WithAlpnProtocols configures the the exposed listener ALPN protocols
+func WithAlpnProtocols(alpnProtocols []string) option {
+	return func(c *KubernetesConfigurator) {
+		c.alpnProtocols = alpnProtocols
+	}
+}