api icon indicating copy to clipboard operation
api copied to clipboard

Published 20 hours ago verified publisher icon istio

Add AlpnProtocols to Gateway API

Open liuxu623 opened this issue 2 years ago • 6 comments

Fix https://github.com/istio/istio/issues/13578 https://github.com/istio/istio/issues/14708 https://github.com/istio/istio/issues/25081

Allow to config alpnProtocols in ServerTLSSettings like

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: mygateway
spec:
  selector:
    istio: ingressgateway # use istio default ingress gateway
  servers:
  - port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: SIMPLE
      credentialName: httpbin-credential # must be the same as secret
      alpnProtocols:
      - h2
      - http/1.1
    hosts:
    - httpbin.example.com

liuxu623 avatar Oct 27 '21 10:10 liuxu623

🤔 🐛 You appear to be fixing a bug in Go code, yet your PR doesn't include updates to any test files. Did you forget to add a test?

Courtesy of your friendly test nag.

istio-policy-bot avatar Oct 27 '21 10:10 istio-policy-bot

😊 Welcome @liuxu623! This is either your first contribution to the Istio api repo, or it's been awhile since you've been here.

You can learn more about the Istio working groups, code of conduct, and contributing guidelines by referring to Contributing to Istio.

Thanks for contributing!

Courtesy of your friendly welcome wagon.

istio-policy-bot avatar Oct 27 '21 10:10 istio-policy-bot

Hi @liuxu623. Thanks for your PR.

I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

istio-testing avatar Oct 27 '21 10:10 istio-testing

@liuxu623: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

istio-testing avatar Mar 16 '22 22:03 istio-testing

Any progress on this? @liuxu623

zengyuxing007 avatar May 30 '22 03:05 zengyuxing007

It seems that the gateway-api consensus is to not represent HTTP3 as a distinct protocol: https://github.com/kubernetes-sigs/gateway-api/issues/687. Istio’s experimental support for HTTP3 is also aligned with this state: https://github.com/istio/istio/wiki/Experimental-QUIC-and-HTTP-3-support-in-Istio-gateways.

Considering these updates, the proposal by @albertlockett to use the new alpn_protocols to override ALPN settings only for non-QUIC/ISITO_MUTUAL sounds reasonable. @liuxu623, @mandarjog - WDYT?

guydc avatar Aug 17 '23 21:08 guydc

🚧 This issue or pull request has been closed due to not having had activity from an Istio team member since 2022-05-30. If you feel this issue or pull request deserves attention, please reopen the issue. Please see this wiki page for more information. Thank you for your contributions.

Created by the issue and PR lifecycle manager.

istio-policy-bot avatar May 15 '24 23:05 istio-policy-bot