New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gateway-api: ALPN support #32486
base: main
Are you sure you want to change the base?
gateway-api: ALPN support #32486
Conversation
fd33e4e
to
8717da9
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One comment as per below, the rest seems reasonable to me. Thanks for your help.
b395999
to
be516f6
Compare
This feature is hidden behind `enable-gateway-api-alpn` flag on the operator gwapi cell. The implementation will change envoy listener configuration to expose ALPN suggesting both HTTP/2 and HTTP/1.1. Fixes: cilium#30794 Signed-off-by: Rauan Mayemir <[email protected]>
`enable-gateway-api-alpn` flag is false by default, setting it explicitly will enable ALPN support alongside appProtocol. Signed-off-by: Rauan Mayemir <[email protected]>
be516f6
to
b293cd5
Compare
The code itself looks good, but I think we should spend some time thinking about what this means for users. Could you walk through some scenarios for me? What happens when:
Bascially, what I'm trying to think of here are situations where we should call out in the docs how this could break people before they enable it. |
@youngnick enabling ALPN doesn't change anything for connections explicitly specifying their protocols, it only plays if client asks for available ALPN protocols (i.e initiates negotiation). With ALPN exposed, you can exec curl commands with either of It could have broken clients if I negotiated http1.1, but my backend only serves http2. (I think this would have been the case with cilium anyway) We can call out in the docs that if you enable ALPN, it will also enable appProtocol, so if one's upstream is serving HTTP2, they should specify |
If their backend is only serving HTTP2 and they don't specify (unless they're using GRPCRoute which will force HTTP2 on the upstream whether you have appProtocol or not)
Nothing will break. |
Here, I was talking about hypothetical protocol negotiating scenario. ALPN doesn't change much for this case, because what breaks the traffic flow is enabling appProtocol, not ALPN. |
@youngnick Anything else we need for this to go in? |
This feature is hidden behind
enable-gateway-api-alpn
flag on the operator gwapi cell.The implementation will change envoy listener configuration to expose ALPN suggesting both HTTP/2 and HTTP/1.1.
Fixes: #30794