Application Load Balancer Support for End-to-End HTTP/2 #458
Conversation
|
@szuecs I assume Zalando would be more inclined to fork |
aws/cf_template.go
Outdated
| if spec.http2 { | ||
| targetGroup.ProtocolVersion = cloudformation.String("HTTP2") | ||
| } else { | ||
| targetGroup.ProtocolVersion = cloudformation.String("HTTP1") | ||
| } |
There was a problem hiding this comment.
spec.http2 is true by default. If I get it right this change would enable HTTP/2 on the target group and according to this table https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#target-group-protocol-version
| Request protocol | Protocol version | Result |
|---|---|---|
| HTTP/1.1 | HTTP/2 | Error |
| HTTP/2 | HTTP/2 | Success |
this change
- is not backward-compatible as default protocol version is HTTP/1.1
- would not work if target supports only HTTP/1.1
- will disable HTTP/1.1 incoming requests
If that is correct then we may probably need to have a new flag and/or annotation to steer Target Group protocol version independently and backward-compatible.
Besides that HTTP/2 is only supported in conjunction with HTTPS protocol so this kind of config should be around here
kube-ingress-aws-controller/aws/cf_template.go
Lines 455 to 458 in 5c66137
There was a problem hiding this comment.
This is true, the http/2 TG protocol is a breaking change for http/1.1 clients. Looking for a procedure how to deal with while supporting end-to-end, found this statement: https://stackoverflow.com/a/66800142
Probably going to open a case at AWS
There was a problem hiding this comment.
well known issue: https://forums.aws.amazon.com/message.jspa?messageID=985494
There was a problem hiding this comment.
It also shows the complexity that everything is based on the client. I am thinking for a while to support h2c in skipper, but the current implementations have some critical bugs and if we would be able to serve it then I also do not know if grpc backends can listen on handlers without TLS....
There was a problem hiding this comment.
@AlexanderYastrebov interestingly the protocol H2 can be set via AWS console also for non-https target groups, also I found that documented in the TF provider https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group#protocol_version
Nevertheless I implemented as requested
The https://github.com/mweagle/go-cloudformation#this-repo-is-no-longer-supported suggests to move to https://github.com/awslabs/goformation which is most likely will be a large undertaking |
universam1
changed the title
This PR is naive mainly to trigger a decision where to go with the stale dependency |
|
In the long run we should migrate to https://github.com/awslabs/goformation. In general I don't mind to use a fork of an unmaintained library if this buys us some time to migrate to a more supported or better version. |
Primary goal is to support http/2 pass-thru or end-to-end. Currently that is cross converted loosing the main benefits, see https://stackoverflow.com/a/36057190 @szuecs do you suggest replacing ALBs with NLBs for that use case? Not much experience with that type of LB, sounds counter intuitive using an OSI 4 LB for OSI 7 application |
universam1
force-pushed
the
http2End2End
branch
2 times, most recently
from
6fb36ed
to
8536f77
Compare
universam1
changed the title
ref: https://aws.amazon.com/de/blogs/aws/new-application-load-balancer-support-for-end-to-end-http-2-and-grpc/ Currently HTTP/2 is only half way implemented, that is the ALB can be configured for HTTP/2 but the TargetGroup is not configured. This is probably due to the AWS delay of supporting that protocal version for the TargetGroup which is available in meantime. There is however an update missing for `mweagle/go-cloudformation` which is deprecated, thus a fork has been made that includes this Cloudformation feature: o11n/go-cloudformation@b975e65 Signed-off-by: Samuel Lang <gh@lang-sam.de>
universam1
force-pushed
the
http2End2End
branch
from
8536f77
to
fcf50d4
Compare
|
@AlexanderYastrebov @szuecs despite of the AWS ALB compatibility limitations this PR is tested and it does work as expected. Added a feature toggle in order not to break compatibility. |
| @@ -614,6 +619,38 @@ func TestGenerateTemplate(t *testing.T) { | |||
| require.NotEqual(t, cloudformation.Integer(3), tg.UnhealthyThresholdCount) | |||
| }, | |||
| }, | |||
| { | |||
| name: "target port http2 when https listener and configured", | |||
There was a problem hiding this comment.
@universam1 should be there a test case for GRPC as well?
There was a problem hiding this comment.
gRPC is using H2, so I guess this test is good enough, no?
|
@universam1 thanks for implementing - good to have these additional options ready 👍 |
|
@universam1 I just wanted to understand if possible options were thought about (NLB vs ALB with grpc TG). In general the less the load balancer has to do the better for latency. NLB would not break grpc I think, so that's why I asked. I have nothing against the PR itself and have no suggestions besides to answer other open comments. |
|
@AlexanderYastrebov @szuecs Sorry accidentally closed this PR by force pushing the commit, reopened here #460 |
|
no worries |
ref: https://aws.amazon.com/de/blogs/aws/new-application-load-balancer-support-for-end-to-end-http-2-and-grpc/
Currently HTTP/2 is only half way implemented, that is the ALB can be configured for HTTP/2 but the TargetGroup is not configured.
This is probably due to the AWS delay of supporting that protocal version for the TargetGroup which is available in meantime.
There is however an update missing for
mweagle/go-cloudformationwhich is deprecated, thus a fork has been made that includes this Cloudformation feature: o11n/go-cloudformation@b975e65fixes #391