search

emissary-ingress / emissary

open source Kubernetes-native API gateway for microservices built on the Envoy Proxy
https://www.getambassador.io
Apache License 2.0
4.36k stars 683 forks source link

Websockets won't work when HTTP/2 is enabled for the upstream cluster #5721

Open rgs1 opened 2 months ago

rgs1 commented 2 months ago

When HTTP/2 is enabled for the upstream cluster, WebSocket connections won't work since they are disabled by default for HTTP/2 in Envoy:

https://github.com/envoyproxy/envoy/pull/8156

This issue can arise when you have two mappings sharing the same upstream cluster, with one having use_websocket: true and the other having grpc: true (which forces HTTP/2 on the upstream cluster). For this case one workaround is to set cluster_tag on the mapping withuse_websocket: true – this will create a dedicated upstream cluster without HTTP/2 enabled.

A possible solution is to automatically set allow_connect in the HTTP/2 options of the cluster:

https://github.com/envoyproxy/envoy/blob/8a149cbce8450b8aaf5575cbd66591e472e9d778/api/envoy/config/core/v3/protocol.proto#L486

when use_websocket is set and the upstream cluster is configured for HTTP/2.

kflynn commented 2 months ago

@rgs1 Ouch, thanks for the catch! Don't suppose you're interested in working on that? 🙂

rgs1 commented 2 months ago

@kflynn of course, I'l send a PR 🙂