gateway-api: ALPN support #32486
gateway-api: ALPN support #32486
Conversation
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
github-actions
bot
added
the
kind/community-contribution
rauanmayemir
force-pushed
the
feature/gwapi-alpn
branch
from
fd33e4e
to
8717da9
Compare
sayboras
added
release-note/minor
maintainer-s-little-helper
bot
removed
dont-merge/needs-release-note-label
|
/test |
rauanmayemir
force-pushed
the
feature/gwapi-alpn
branch
2 times, most recently
from
be516f6
to
b293cd5
Compare
|
The code itself looks good, but I think we should spend some time thinking about what this means for users. Could you walk through some scenarios for me? What happens when:
Bascially, what I'm trying to think of here are situations where we should call out in the docs how this could break people before they enable it. |
|
@youngnick enabling ALPN doesn't change anything for connections explicitly specifying their protocols, it only plays if client asks for available ALPN protocols (i.e initiates negotiation). With ALPN exposed, you can exec curl commands with either of It could have broken clients if I negotiated http1.1, but my backend only serves http2. (I think this would have been the case with cilium anyway) We can call out in the docs that if you enable ALPN, it will also enable appProtocol, so if one's upstream is serving HTTP2, they should specify |
If their backend is only serving HTTP2 and they don't specify (unless they're using GRPCRoute which will force HTTP2 on the upstream whether you have appProtocol or not)
Nothing will break. |
Here, I was talking about hypothetical protocol negotiating scenario. ALPN doesn't change much for this case, because what breaks the traffic flow is enabling appProtocol, not ALPN. |
|
@youngnick Anything else we need for this to go in? |
|
/test |
There was a problem hiding this comment.
I think the code is great, but we need to clarify the requirements and behavior a bit more. Any chance you'd be up to write a small tutorial demonstrating how the feature would work? If not, I think we at least need a similar change to what I've asked for below.
| @@ -812,6 +812,8 @@ gatewayAPI: | |||
| enableProxyProtocol: false | |||
| # -- Enable Backend Protocol selection support (GEP-1911) for Gateway API via appProtocol. | |||
| enableAppProtocol: false | |||
| # -- Enable ALPN for Gateway API. | |||
There was a problem hiding this comment.
| # -- Enable ALPN for Gateway API. | |
| # -- Enable ALPN for all listeners configured with Gateway API. ALPN will attempt HTTP/2, then HTTP 1.1. Note that this will also enable `appProtocol` support, and services that wish to use HTTP/2 will need to indicate that via their `appProtocol`. |
Maybe just to make this one hundred percent clear? Ideally, we would add a tutorial to Documentation/network/servicemesh/gateway-api/ as well walking through what's required.
There was a problem hiding this comment.
Can we leave the documentation part for a different PR? I would like to actually run this in my env before writing any tutorials. 😅
Will add the detailed description for the helm values.
This feature is hidden behind `enable-gateway-api-alpn` flag on the operator gwapi cell. The implementation will change envoy listener configuration to expose ALPN suggesting both HTTP/2 and HTTP/1.1. Fixes: cilium#30794 Signed-off-by: Rauan Mayemir <rauan@mayemir.io>
`enable-gateway-api-alpn` flag is false by default, setting it explicitly will enable ALPN support alongside appProtocol. Signed-off-by: Rauan Mayemir <rauan@mayemir.io>
rauanmayemir
force-pushed
the
feature/gwapi-alpn
branch
from
b293cd5
to
449bb6b
Compare
This feature is hidden behind
enable-gateway-api-alpnflag on the operator gwapi cell.The implementation will change envoy listener configuration to expose ALPN suggesting both HTTP/2 and HTTP/1.1.
Fixes: #30794