Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[HTTP Option support] Deprecate httpProtocol: "Disabled" in config-network #417

Open
nak3 opened this issue May 25, 2021 · 12 comments
Open

[HTTP Option support] Deprecate httpProtocol: "Disabled" in config-network #417

nak3 opened this issue May 25, 2021 · 12 comments
Labels
lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.

Comments

@nak3
Copy link
Contributor

nak3 commented May 25, 2021

As per design doc https://docs.google.com/document/d/1yVOGo-j1hI7oCpuWVIi5iBJwX1wKbOzWaV0QNJxCbaY/edit#

Note that we will not support Disabled at least in the beginning because it may break HTTP01 challenge of auto TLS feature.

It has a plan to make "Disabled" unsupported.

Also, Disable should be possible by stop exposing :80.
@github-actions
Copy link

This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen. Mark the issue as
fresh by adding the comment /remove-lifecycle stale.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 24, 2021
@nak3 nak3 removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 24, 2021
nak3 added a commit to nak3/networking that referenced this issue Oct 13, 2021
@nak3
Deprecate httpProtocol: "Disabled" in config-network
c6ff88a 
Part of knative#417
@nak3 nak3 mentioned this issue Oct 13, 2021
Merged
nak3 added a commit to nak3/networking that referenced this issue Oct 13, 2021
@nak3
Deprecate httpProtocol: "Disabled" in config-network
3971e13 
Part of knative#417
knative-prow-robot pushed a commit that referenced this issue Oct 15, 2021
@nak3
Deprecate httpProtocol: "Disabled" in config-network (#528)
0c6b765 
Part of #417
@dprotaso
Copy link
Member

dprotaso commented Nov 5, 2021

Curious - rather than deprecating it can we figure out a solution/workaround for http-01 challenges?

ie. looking at https://letsencrypt.org/docs/challenge-types/#http-01-challenge could we just allow HTTP for URLs of the form? http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN>

@dprotaso
Copy link
Member

dprotaso commented Nov 5, 2021

I guess http-01 is still supported with redirects

Our implementation of the HTTP-01 challenge follows redirects, up to 10 redirects deep. It only accepts redirects to “http:” or “https:”, and only to ports 80 or 443. It does not accept redirects to IP addresses.

@nak3
Copy link
Contributor Author

nak3 commented Nov 5, 2021

@ZhiminXiang ^ Do you have any thoughts?

@nak3 nak3 mentioned this issue Dec 22, 2021
Closed
@github-actions
Copy link

github-actions bot commented Feb 4, 2022

This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen. Mark the issue as
fresh by adding the comment /remove-lifecycle stale.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 4, 2022
@dprotaso
Copy link
Member

dprotaso commented Feb 4, 2022

bump @ZhiminXiang since he's back

cc @carlisia

@ZhiminXiang
Copy link

We will still support "Redirect" and "Enabled". So HTTP01 challenge will work for those two scenarios.

For "Disabled", technically we can support it with only allowing http01 challenge URL (at least for Istio).

But from KIngress API's perspective, I am concerned that

  1. Allowing HTTP01 challenge URL when HTTP is "Disabled" is implicit and a bit confusing for client to be aware.
  2. I am not sure if the all of the downstream KIngress implementations support allowlisting HTTP01 URL or not.
  3. I am not sure if this behavior aligns with k8s Gateway API.

Is there any reason why we want to support "Disabled"?

@github-actions github-actions bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 5, 2022
@nak3 nak3 mentioned this issue Feb 16, 2022
Closed
@nak3 nak3 added this to the v1.3.0 milestone Feb 21, 2022
@nak3 nak3 modified the milestones: v1.3.0, v1.4.0 Mar 9, 2022
@nak3
Copy link
Contributor Author

nak3 commented Mar 31, 2022

@dprotaso @carlisia @ZhiminXiang Is there any update on this?
(Either support or non-support for Disabled is fine me.)

@almottier
Copy link

Any update on this 🙏 ?

@github-actions
Copy link

This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen. Mark the issue as
fresh by adding the comment /remove-lifecycle stale.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 27, 2022
@nak3 nak3 reopened this Oct 11, 2022
@github-actions github-actions bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 12, 2022
@github-actions
Copy link

This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen. Mark the issue as
fresh by adding the comment /remove-lifecycle stale.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 11, 2023
@dprotaso dprotaso reopened this Apr 28, 2023
@dprotaso
Copy link
Member

We should sort this out

/lifecycle frozen

@knative-prow knative-prow bot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Apr 28, 2023
@dprotaso dprotaso removed this from the v1.4.0 milestone Sep 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dprotaso @nak3 @ZhiminXiang @almottier