Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TT-423] Fix gRPC proxy and add h2c proxying support #3142

Merged
merged 24 commits into from
Oct 19, 2020
Merged

[TT-423] Fix gRPC proxy and add h2c proxying support #3142

merged 24 commits into from
Oct 19, 2020

Conversation

joshblakeley
Copy link
Member

@joshblakeley joshblakeley commented Jun 11, 2020
edited
Loading

Description

This draft enables optional H2C support, both in the server and in the reverse proxy.

Related Issue

https://github.com/TykTechnologies/product/issues/334

Motivation and Context

When Tyk is proxying gRPC it may be the case that those services are not secure. Currently only HTTP/2 over TLS is supported by Tyk.

In service meshes such as Istio the gRPC service will not be secured in any way as the security in the mesh is offloaded to Envoy. When proxying service to service calls in this scenario it will be over HTTP/2 cleartext (h2c)

This draft enables us to support this in scenarios when needed by wrapping the server handler for the API in the h2c helper handler provided by Go https://godoc.org/golang.org/x/net/http2/h2c

For the upstream request when a h2c request is required the underlying Transport is swapped out for a http2 transport that will allow http calls.

How This Has Been Tested

Unit test and example client and server code to test will be provided.

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist

  • Make sure you are requesting to pull a topic/feature/bugfix branch (right side). If pulling from your own
    fork, don't request your master!
  • Make sure you are making a pull request against the master branch (left side). Also, you should start
    your branch off our latest master.
  • My change requires a change to the documentation.
    • If you've changed APIs, describe what needs to be updated in the documentation.
    • If new config option added, ensure that it can be set via ENV variable
  • I have updated the documentation accordingly.
  • Modules and vendor dependencies have been updated; run go mod tidy && go mod vendor
  • When updating library version must provide reason/explanation for this update.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • Check your code additions will not fail linting checks:
    • go fmt -s
    • go vet

@gernest gernest changed the title Add h2c support to proxying [TT-423] Fix gRPC proxy and add h2c proxying support Sep 28, 2020
@gernest gernest requested review from sredxny and tbuchaillot October 2, 2020 13:57
@gernest gernest marked this pull request as ready for review October 2, 2020 13:58
@buger
Copy link
Member

buger commented Oct 19, 2020

You can use command-line tools from this repo to test it out: https://github.com/thrawn01/h2c-golang-example

@joshblakeley
Copy link
Member Author

Also https://github.com/fullstorydev/grpcurl

@buger
Copy link
Member

buger commented Oct 19, 2020

Additionally, you can use this tool to validate if h2c service proxied though Tyk is still valid https://github.com/summerwind/h2spec

h2spec -p 8888 http2

@sredxny
Copy link
Contributor

sredxny commented Oct 19, 2020
edited
Loading

Also was added the property proxy.enable_h2c at API Level, so, we can control h2c enabling now at whole GW level as well as API level. Also updated the documentation to reflect this change

Note that after this changes are merged then we need to update the vendor in Dashboard as well as in sink, the reason behind this is:

  • In dashboard: because we load the apis from dashboard api, if dashboard doesn't know anything about this new field then it will be always false
  • In sink: to replicate the value across all different nodes

@matiasinsaurralde matiasinsaurralde merged commit 4959491 into master Oct 19, 2020
@matiasinsaurralde matiasinsaurralde deleted the h2c branch October 19, 2020 22:17
@matiasinsaurralde
Copy link
Contributor

/release to release-3-lts

@tykbot
Copy link

tykbot bot commented Oct 20, 2020

Working on it! Note that it can take a few minutes.

tykbot bot pushed a commit that referenced this pull request Oct 20, 2020
@joshblakeley
[TT-423] Fix gRPC proxy and add h2c proxying support (#3142)
85d33f7 
Co-authored-by: gernest <geofreyernest@live.com>
Co-authored-by: sredny buitrago <sredny.buitrago@gmail.com>
(cherry picked from commit 4959491)
@tykbot
Copy link

tykbot bot commented Oct 20, 2020

@matiasinsaurralde Succesfully merged 4959491e55a8d4e5dd1b995d35c9a7f60c31afb3 to release-3-lts branch.

@matiasinsaurralde
Copy link
Contributor

/release to release-3.1

@tykbot
Copy link

tykbot bot commented Oct 20, 2020

Working on it! Note that it can take a few minutes.

@tykbot
Copy link

tykbot bot commented Oct 20, 2020

@matiasinsaurralde Seems like there is conflict and it require manual merge.

matiasinsaurralde pushed a commit that referenced this pull request Oct 20, 2020
@joshblakeley @gernest
@sredxny @matiasinsaurralde
[TT-423] Fix gRPC proxy and add h2c proxying support (#3142)
f2567e9 
Co-authored-by: gernest <geofreyernest@live.com>
Co-authored-by: sredny buitrago <sredny.buitrago@gmail.com>
@matiasinsaurralde
Copy link
Contributor

Merged into release-3.1 (f2567e9) and release-3-lts (85d33f7).

matiasinsaurralde pushed a commit that referenced this pull request Jan 22, 2021
@joshblakeley @matiasinsaurralde
[TT-423] Fix gRPC proxy and add h2c proxying support (#3142)
f581988 
Co-authored-by: gernest <geofreyernest@live.com>
Co-authored-by: sredny buitrago <sredny.buitrago@gmail.com>
(cherry picked from commit 4959491)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matiasinsaurralde matiasinsaurralde matiasinsaurralde approved these changes

@sredxny sredxny sredxny approved these changes

@tbuchaillot tbuchaillot Awaiting requested review from tbuchaillot

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@joshblakeley @buger @sredxny @matiasinsaurralde @gernest