-
Notifications
You must be signed in to change notification settings - Fork 667
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gateway API with websocket #5241
Comments
Hey @s-bauer! Thanks for opening your first issue. We appreciate your contribution and welcome you to our community! We are glad to have you here and to have your input on Contour. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace |
Hey @s-bauer, unfortunately right now we don't have a way to enable websockets via Gateway API. This is being discussed upstream in Gateway API in kubernetes-sigs/gateway-api#205 and https://gateway-api.sigs.k8s.io/geps/gep-1282/. In the interim, I can see a few possibilities:
The first is definitely tempting from an ease-of-implementation perspective, but I think the second would be a bit more robust to potential future changes to the API spec. Interested in others' thoughts here as well. |
Thanks for the quick reply! Would it be an option to add it as an annotation to the HTTPRoute as a workaround? That way users could still selectively turn it on for specific routes. At the same time, I don't see a reason for websockets to be disabled in the first place, so enabling them globally for gateway api sounds good as well. Anyway, I myself migrated to the "classic" deployment model of Contour to be able to use websockets. Gateway API sounds great in the beginning, but it's simply not ready for actual usage yet. Hopefully this will change in the near future. |
We, and Gateway API in general, have really tried to stay away from using annotations on Gateway API resources to avoid going down the rabbit-hole that Ingress ended up in with lots of custom annotations. I think we would really prefer not to do this here, despite its expediency.
So we'll just need to decide (a) do we add a knob to disable this; and (b) is it on by default or off by default |
My $0.02 would also be to enable the websocket handshake by default, possibly with a flag to disable the handshake. I'll admit that I don't have a perfect mental model of how the handshake works, but my simple model suggests that even if envoy is configured with If so, it seems like the main risk of enabling Historical notesFor those sleuthing, the discussion in envoyproxy/envoy#319 (comment) referenced by #600 is probably no longer relevant, as that version of websocket support in envoy was retired in envoyproxy/envoy#4745 in favor of the rework done in envoyproxy/envoy#3301. For those not interested in the minutae; the TL;DR is that the initial websocket implementation expected exactly the websocket handshake and then did a TCP forward to the upstream, bypassing all HTTP filters. Alyssa's rewrite incorporates the upgrade into the HTTP filter chain, allowing for things like timeouts to apply to websockets the same way they do to other requests. Ironically, Alyssa's work appears to have occurred almost contemporaneously with the discussion in #600 (within about 45 days of each other). |
FWIW, defaulting to websockets and
httpoption and host-rewrite are currently unimplemented, but could probably be implemented fairly soon if it would move |
Using the provisioner and a Contour merges definitions from both |
Closes #5241. Signed-off-by: Steve Kriss <krisss@vmware.com>
What question do you have?:
When using the Kubernetes Gateway API, I don't see any obvious option to enable websocket support for contour. This is fairly annoying as I'd need to switch to the "traditional" deployment mode just for that. Is there any way to get websockets working while using the Gateway API?
The text was updated successfully, but these errors were encountered: