ingress-nginx
ingress-nginx copied to clipboard
kubernetes
feat: Add support for h2c communications
What this PR does / why we need it:
This PR adds support for h2c protocol. Since it's not possible to enable http2 protocol support on port 80, and h2c is a valid protocol for a number of applications, this creates the requirements for communicating with ingresses over h2c when required (e.g. clear text GRPC)
Types of changes
- [x] New feature (non-breaking change which adds functionality)
Which issue/s this PR fixes
fixes #10429 fixes #10430 fixes #2444 fixes #9493
probably a bunch of others where folks stumble into problems due to GRPC not working with insecure connections
Checklist:
- [x] My change requires a change to the documentation.
- [x] I have updated the documentation accordingly.
- [x] I've read the CONTRIBUTION guide
- [x] All new and existing tests passed.
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: rsafonseca Once this PR has been reviewed and has the lgtm label, please assign rikatz for approval. For more information see the Kubernetes Code Review Process.
The full list of commands accepted by this bot can be found here.
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.
The triage/accepted label can be added by org members by writing /triage accepted in a comment.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
Hi @rsafonseca. Thanks for your PR.
I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
I understand the commands that are listed here.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
Deploy Preview for kubernetes-ingress-nginx canceled.
| Name | Link |
|---|---|
| Latest commit | c0ffcd27e854ae7f060e396ccc21ddc56bc42d47 |
| Latest deploy log | https://app.netlify.com/sites/kubernetes-ingress-nginx/deploys/65b3c1b890f3bc0008138067 |
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
@rsafonseca what about setting the "http2 on" directive on the server block? I am fixing it right now for nginx v1.25, and IIUC this solves the problem
You mean as opposed to setting it on the listen line? I've been working with h2c on ingress with a custom template for a while with no issues :)
Yeah, I'm generating the image with nginx v1.25 and http2 listen directive right now :) once it is ready di you mind testing it?
PR needs rebase.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
Is this no longer the case @rikatz ? https://github.com/kubernetes/ingress-nginx/issues/3938#issuecomment-477412149 Afaik nginx never supported http and h2c on the same port, hence this PR
Answering myself https://hg.nginx.org/nginx/rev/08ef02ad5c54 looks like this is now possible since nginx 1.25.1 :yay: :)
Is this still needed with v1.10.0 upgrading to nginx 1.25 now? If not can you close it @rsafonseca
Would be very interested in how use this feature from nginx 1.25 via ingress nginx helm chart 👏
@rsafonseca: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| pre-ingress-nginx-codegen | c0ffcd27e854ae7f060e396ccc21ddc56bc42d47 | link | true | /test pre-ingress-nginx-codegen |
| pre-ingress-nginx-boilerplate | c0ffcd27e854ae7f060e396ccc21ddc56bc42d47 | link | true | /test pre-ingress-nginx-boilerplate |
| pre-ingress-nginx-lua-test | c0ffcd27e854ae7f060e396ccc21ddc56bc42d47 | link | true | /test pre-ingress-nginx-lua-test |
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.
Any update on merging this?
Or is there a way to tell Ingress NGINX not to use the HTTP/1.1 Upgrade approach in NGINX 1.25?
This no longer needs to be merged after nginx 1.25, since the server now understands both http1.x and http2 on the plaintext port. @jonathonbattista the HTTP Upgrade header is sent by the client, the client just allows the switch because it supports it. If you don't want to upgrade from http1.x to http2, just disable http2 on the client
@rikatz: Closed this PR.
In response to this:
/close
thanks for the update @rsafonseca
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.