-
Notifications
You must be signed in to change notification settings - Fork 40k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Option to enable http2 on client connections. #25280
Conversation
Of note, our servers already have http2 enabled b/c of golang 1.6. |
@kubernetes/sig-api-machinery |
I'm probably fine with this PR as soon as tests are passing. |
Moved the godep change into this PR, b/c the vendoring change forced me to redo it anyway. |
@@ -67,6 +70,9 @@ func SetTransportDefaults(t *http.Transport) *http.Transport { | |||
if t.TLSHandshakeTimeout == 0 { | |||
t.TLSHandshakeTimeout = defaultTransport.TLSHandshakeTimeout | |||
} | |||
if err := http2.ConfigureTransport(t); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm confused. Doesn't 1.6.2 support http2 seamlessly? Why do we have to do this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The servers are enabled by default, but not the clients.
exact reference: golang/go#14950
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tests we're run against 1.6.2 and can be reproduced independently.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep. And if you check the duped one golang/go#14391, the fix made it in to 1.6.2. So do we have to do this even with 1.6.2?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry. Didn't see your last comment. According to the CL, would it be simpler to default ExpectContinueTimeout
to 0: https://go-review.googlesource.com/#/c/22035/2/src/net/http/transport.go ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand how a custom CA affects or is affected by http2. What am I missing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In almost every client config we create in cluster (anything in a pod) the
config will have a custom CA, which will trigger a custom TLSClientConfig,
which would prevent http2 from being enabled by default.
On Mon, May 9, 2016 at 1:23 PM, krousey notifications@github.com wrote:
In pkg/util/net/http.go
#25280 (comment)
:@@ -67,6 +70,9 @@ func SetTransportDefaults(t *http.Transport) *http.Transport {
if t.TLSHandshakeTimeout == 0 {
t.TLSHandshakeTimeout = defaultTransport.TLSHandshakeTimeout
}
- if err := http2.ConfigureTransport(t); err != nil {
I don't understand how a custom CA affects or is affected by http2. What
am I missing?—
You are receiving this because you are on a team that was mentioned.
Reply to this email directly or view it on GitHub
https://github.com/kubernetes/kubernetes/pull/25280/files/53ddc93c6e80e750d09fa72680c718754e0693bc#r62537120
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Picking through the upstream code, I now see why this has to be done. Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I only noticed it because I saw the comment above the line you pasted and
it intrigued me :)
We have the TLS transport cache so in practice this won't cause a
performance issue. We just need to be sure we're aware of any wrinkles.
On Mon, May 9, 2016 at 1:35 PM, krousey notifications@github.com wrote:
In pkg/util/net/http.go
#25280 (comment)
:@@ -67,6 +70,9 @@ func SetTransportDefaults(t *http.Transport) *http.Transport {
if t.TLSHandshakeTimeout == 0 {
t.TLSHandshakeTimeout = defaultTransport.TLSHandshakeTimeout
}
- if err := http2.ConfigureTransport(t); err != nil {
Picking through the upstream code, I now see why this has to be done.
Thanks!—
You are receiving this because you are on a team that was mentioned.
Reply to this email directly or view it on GitHub
https://github.com/kubernetes/kubernetes/pull/25280/files/53ddc93c6e80e750d09fa72680c718754e0693bc#r62539066
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yea, that's what I went back and read more closely too. My concern wasn't performance, but maintainability. I dislike having to import non-standard library packages to have to enable features in the standard library. But in this case, that seems to be the intention.
@krousey - I'm reasigning to you |
something is wrong here that has nothing to do with this PR. I'm seeing this on a number of other PRs as well. |
I rebased again just to verify, and check test results. |
I would like it in this release if possible, otherwise we will need to carry. Also, many of the hang-ups were around waiting on other tests to merge. |
Per discussion on @kubernetes/sig-api-machinery I'll add a disable knob. @krousey given that is spans tools, I'm inclined to use environment vars. Thoughts? |
port-forward which are customized
@krousey I've updated to default off with an option to enable. I think this would make a 0 risk change for 1.3. |
cc @lavalamp to make the milestone call |
OK, this looks pretty harmless. Sorry for delay. ...tests currently red though. |
@k8s-bot unit test this issue #IGNORE |
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
GCE e2e build/test passed for commit 199e15a. |
Automatic merge from submit-queue |
func SetTransportDefaults(t *http.Transport) *http.Transport { | ||
t = SetOldTransportDefaults(t) | ||
// Allow HTTP2 clients but default off for now | ||
if s := os.Getenv("ENABLE_HTTP2"); len(s) > 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/cc @jeremyeder @mffiedler FYI. New option to reduce connection counts, defaulted off.
Addresses #21081
Enables http2 connection by default.
before:
after
/cc @jeremyeder