search

voyagermesh / voyager

🚀 Secure L7/L4 (HAProxy) Ingress Controller for Kubernetes
https://voyagermesh.com
Apache License 2.0
1.35k stars 134 forks source link

http/2 support on a subdomain #1429

Open mkozjak opened 5 years ago

mkozjak commented 5 years ago

I’m trying to set up http/2 on a subdomain but can’t seem to make it work (on version 10). I’m getting Warning IngressInvalid 69s voyager-operator Reason: spec.rules[2].HTTP has conflicting ALPN spec with spec.rules[0].HTTP. Any ideas why?

apiVersion: voyager.appscode.com/v1beta1
kind: Ingress
metadata:
  name: k8s-ingress
  namespace: default
  annotations:
    ingress.appscode.com/type: LoadBalancer
    ingress.appscode.com/load-balancer-ip: "x.x.x.x"
    ingress.appscode.com/replicas: "4" # TODO: move to HPA
spec:
  backend:
    serviceName: default # default backend
    servicePort: 8080
  rules:
  - host: mydomain.net
    http:
      paths:
      - backend:
          serviceName: static-webserver
          servicePort: 443
  - host: app.mydomain.net
    http:
      paths:
        - backend:
            serviceName: app
            servicePort: 8080
      alpn:
      - h2
      - http/1.1
      - http/1.0
  tls:
  - hosts:
    - mydomain.net
    - app.mydomain.net
    ref:
      kind: Certificate
      name: mkkwdevnet
---
apiVersion: voyager.appscode.com/v1beta1
kind: Certificate
metadata:
  name: mkkwdevnet
  namespace: default
spec:
  domains:
  - mydomain.net
  - app.mydomain.net
  acmeUserSecretName: acme-account
  challengeProvider:
    http:
      ingress:
        apiVersion: voyager.appscode.com/v1beta1
        kind: Ingress
        name: k8s-ingress

if I indent alpn once to the left so that it becomes parallel to http and host params it passes the deployment, but it doesn’t work. This is what’s shown in get -o yaml output:

  - alpn:
    - h2
    - http/1.1
    - http/1.0
    host: app.mydomain.net
    http:
      paths:
      - backend:
          serviceName: web-app
          servicePort: 8080
frontend http-0_0_0_0-443
    bind *:443  ssl no-sslv3 no-tlsv10 no-tls-tickets crt /etc/ssl/private/haproxy/tls/  alpn http/1.1

If I try like from the docs (https://appscode.com/products/voyager/10.0.0/guides/ingress/http/http2/) kubectl apply breaks with error: error parsing ingress.yaml: error converting YAML to JSON: yaml: line 93: did not find expected '-' indicator

  - host: app.mydomain.net
    http:
      paths:
        - path: "/"
          backend:
            serviceName: app
            servicePort: 8080
        alpn:
        - h2
        - http/1.1
        - http/1.0

If I indent alpn so that it’s parallel with path and backend apply passes, describe says ok but nor frontend or backend are configured with h2…

  - host: app.mydomain.net
    http:
      paths:
      - alpn:
        - h2
        - http/1.1
        - http/1.0
        backend:
          serviceName: app
          servicePort: 8080
        path: /
mkozjak commented 5 years ago

Maybe any ideas about this one?