add per-httpproxy http-version support

projectcontour · Oct 4, 2023 · 726105a · 726105a
1 parent 7feb49e
commit 726105a
Show file tree

Hide file tree

Showing 11 changed files with 121 additions and 1 deletion.
diff --git a/apis/projectcontour/v1/httpproxy.go b/apis/projectcontour/v1/httpproxy.go
@@ -18,6 +18,10 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+// HttpVersion is an alias to enforce validation
+// +kubebuilder:validation:Enum=h2;http/1.1
+type HttpVersion string
+
 // HTTPProxySpec defines the spec of the CRD.
 type HTTPProxySpec struct {
 	// Virtualhost appears at most once. If it is present, the object is considered
@@ -40,6 +44,11 @@ type HTTPProxySpec struct {
 	// is given precedence over this field.
 	// +optional
 	IngressClassName string `json:"ingressClassName,omitempty"`
+
+	// HttpVersions specify the http versions to offer for this HTTPProxy.
+	// If empty, the DefaultHTTPVersions from v1alpha1.EnvoyConfig will be used.
+	// It is ignored when TCPProxy is set.
+	HttpVersions []HttpVersion `json:"httpVersions,omitempty"`
 }
 
 // Include describes a set of policies that can be applied to an HTTPProxy in a namespace.

diff --git a/apis/projectcontour/v1/zz_generated.deepcopy.go b/apis/projectcontour/v1/zz_generated.deepcopy.go
diff --git a/examples/contour/01-crds.yaml b/examples/contour/01-crds.yaml
@@ -5011,6 +5011,17 @@ spec:
           spec:
             description: HTTPProxySpec defines the spec of the CRD.
             properties:
+              httpVersions:
+                description: HttpVersions specify the http versions to offer for this
+                  HTTPProxy. If empty, the DefaultHTTPVersions from v1alpha1.EnvoyConfig
+                  will be used. It is ignored when TCPProxy is set.
+                items:
+                  description: HttpVersion is an alias to enforce validation
+                  enum:
+                  - h2
+                  - http/1.1
+                  type: string
+                type: array
               includes:
                 description: Includes allow for specific routing configuration to
                   be included from another HTTPProxy, possibly in another namespace.

diff --git a/examples/render/contour-deployment.yaml b/examples/render/contour-deployment.yaml
@@ -5230,6 +5230,17 @@ spec:
           spec:
             description: HTTPProxySpec defines the spec of the CRD.
             properties:
+              httpVersions:
+                description: HttpVersions specify the http versions to offer for this
+                  HTTPProxy. If empty, the DefaultHTTPVersions from v1alpha1.EnvoyConfig
+                  will be used. It is ignored when TCPProxy is set.
+                items:
+                  description: HttpVersion is an alias to enforce validation
+                  enum:
+                  - h2
+                  - http/1.1
+                  type: string
+                type: array
               includes:
                 description: Includes allow for specific routing configuration to
                   be included from another HTTPProxy, possibly in another namespace.

diff --git a/examples/render/contour-gateway-provisioner.yaml b/examples/render/contour-gateway-provisioner.yaml
@@ -5022,6 +5022,17 @@ spec:
           spec:
             description: HTTPProxySpec defines the spec of the CRD.
             properties:
+              httpVersions:
+                description: HttpVersions specify the http versions to offer for this
+                  HTTPProxy. If empty, the DefaultHTTPVersions from v1alpha1.EnvoyConfig
+                  will be used. It is ignored when TCPProxy is set.
+                items:
+                  description: HttpVersion is an alias to enforce validation
+                  enum:
+                  - h2
+                  - http/1.1
+                  type: string
+                type: array
               includes:
                 description: Includes allow for specific routing configuration to
                   be included from another HTTPProxy, possibly in another namespace.

diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml
@@ -5233,6 +5233,17 @@ spec:
           spec:
             description: HTTPProxySpec defines the spec of the CRD.
             properties:
+              httpVersions:
+                description: HttpVersions specify the http versions to offer for this
+                  HTTPProxy. If empty, the DefaultHTTPVersions from v1alpha1.EnvoyConfig
+                  will be used. It is ignored when TCPProxy is set.
+                items:
+                  description: HttpVersion is an alias to enforce validation
+                  enum:
+                  - h2
+                  - http/1.1
+                  type: string
+                type: array
               includes:
                 description: Includes allow for specific routing configuration to
                   be included from another HTTPProxy, possibly in another namespace.

diff --git a/examples/render/contour.yaml b/examples/render/contour.yaml
@@ -5230,6 +5230,17 @@ spec:
           spec:
             description: HTTPProxySpec defines the spec of the CRD.
             properties:
+              httpVersions:
+                description: HttpVersions specify the http versions to offer for this
+                  HTTPProxy. If empty, the DefaultHTTPVersions from v1alpha1.EnvoyConfig
+                  will be used. It is ignored when TCPProxy is set.
+                items:
+                  description: HttpVersion is an alias to enforce validation
+                  enum:
+                  - h2
+                  - http/1.1
+                  type: string
+                type: array
               includes:
                 description: Includes allow for specific routing configuration to
                   be included from another HTTPProxy, possibly in another namespace.

diff --git a/internal/dag/dag.go b/internal/dag/dag.go
@@ -793,6 +793,9 @@ type SecureVirtualHost struct {
 
 	// JWTProviders specify how to verify JWTs.
 	JWTProviders []JWTProvider
+
+	// AlpnProtos specify the HTTP version to offer for this vhost
+	HttpVersions []string
 }
 
 type JWTProvider struct {

diff --git a/internal/dag/httpproxy_processor.go b/internal/dag/httpproxy_processor.go
@@ -263,6 +263,9 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) {
 			svhost.Secret = sec
 			svhost.MinTLSVersion = minTLSVer
 			svhost.MaxTLSVersion = maxTLSVer
+			for _, httpVersion := range proxy.Spec.HttpVersions {
+				svhost.HttpVersions = append(svhost.HttpVersions, string(httpVersion))
+			}
 
 			// Check if FallbackCertificate && ClientValidation are both enabled in the same vhost
 			if tls.EnableFallbackCertificate && tls.ClientValidation != nil {

diff --git a/internal/xdscache/v3/listener.go b/internal/xdscache/v3/listener.go
@@ -502,7 +502,11 @@ func (c *ListenerCache) OnChange(root *dag.DAG) {
 
 				filters = envoy_v3.Filters(cm)
 
-				alpnProtos = envoy_v3.ProtoNamesForVersions(cfg.DefaultHTTPVersions...)
+				if len(vh.HttpVersions) != 0 {
+					alpnProtos = vh.HttpVersions
+				} else {
+					alpnProtos = envoy_v3.ProtoNamesForVersions(cfg.DefaultHTTPVersions...)
+				}
 			} else {
 				filters = envoy_v3.Filters(envoy_v3.TCPProxy(listener.Name, vh.TCPProxy, cfg.newSecureAccessLog()))
 

diff --git a/site/content/docs/main/config/api-reference.html b/site/content/docs/main/config/api-reference.html
@@ -161,6 +161,22 @@ <h3 id="projectcontour.io/v1.HTTPProxy">HTTPProxy
 is given precedence over this field.</p>
 </td>
 </tr>
+<tr>
+<td style="white-space:nowrap">
+<code>httpVersions</code>
+<br>
+<em>
+<a href="#projectcontour.io/v1.HttpVersion">
+[]HttpVersion
+</a>
+</em>
+</td>
+<td>
+<p>HttpVersions specify the http versions to offer for this HTTPProxy.
+If empty, the DefaultHTTPVersions from v1alpha1.EnvoyConfig will be used.
+It is ignored when TCPProxy is set.</p>
+</td>
+</tr>
 </table>
 </td>
 </tr>
@@ -1608,6 +1624,22 @@ <h3 id="projectcontour.io/v1.HTTPProxySpec">HTTPProxySpec
 is given precedence over this field.</p>
 </td>
 </tr>
+<tr>
+<td style="white-space:nowrap">
+<code>httpVersions</code>
+<br>
+<em>
+<a href="#projectcontour.io/v1.HttpVersion">
+[]HttpVersion
+</a>
+</em>
+</td>
+<td>
+<p>HttpVersions specify the http versions to offer for this HTTPProxy.
+If empty, the DefaultHTTPVersions from v1alpha1.EnvoyConfig will be used.
+It is ignored when TCPProxy is set.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="projectcontour.io/v1.HTTPProxyStatus">HTTPProxyStatus
@@ -2140,6 +2172,15 @@ <h3 id="projectcontour.io/v1.HeadersPolicy">HeadersPolicy
 </tr>
 </tbody>
 </table>
+<h3 id="projectcontour.io/v1.HttpVersion">HttpVersion
+(<code>string</code> alias)</p></h3>
+<p>
+(<em>Appears on:</em>
+<a href="#projectcontour.io/v1.HTTPProxySpec">HTTPProxySpec</a>)
+</p>
+<p>
+<p>HttpVersion is an alias to enforce validation</p>
+</p>
 <h3 id="projectcontour.io/v1.IPFilterPolicy">IPFilterPolicy
 </h3>
 <p>