Comments (11)
grepwood
commented on June 28, 2024
2
Playing devil's advocate, I wonder if it is worth the effort to implement an
h2cGetconsidering that one can just register a HTTP1.1 route/healthzjust for probing. Saying this because we are looking at supporting all options that httpGet supports today (minus scheme) and also a whole new implementation for h2c.
That's exactly what I'm going to do and I don't think this is a good test. Such a probe will only test if we can emit HTTP/1.1 responses specifically designed to return healthchecks. It's not gonna test a generic endpoint so that we know the microservice returns HTTP responses relevant to its job.
from kubernetes.
lol768
commented on June 28, 2024
1
Thank you for reviving this one @grepwood
You've set out all of the motivation here quite eloquently.
As @mauri870 has observed, it shouldn't be very complex to support this at all.
Playing devil's advocate, I wonder if it is worth the effort to implement an h2cGet considering that one can just register a HTTP1.1 route /healthz just for probing
@mauri870 with the framework I use (Kestrel/ASP.NET) you cannot just do HTTP/1.1 and unencrypted HTTP/2 at the same time on the same port because it needs ALPN to be either to do protocol negotiation, which relies on TLS.
I have to do something like this today:
builder.WebHost.ConfigureKestrel(options =>
{
// port 8282 for HTTP/2 (unencrypted)
options.Listen(IPAddress.Any, 8282, listenOptions =>
{
listenOptions.Protocols = HttpProtocols.Http2;
});
// port 80 for k8s probe which is too stupid to understand clear HTTP/2 - #97330
options.Listen(IPAddress.Any, 80, listenOptions =>
{
listenOptions.Protocols = HttpProtocols.Http1;
});
});
See also grpc/grpc-dotnet#979 (comment)
from kubernetes.
grepwood
commented on June 28, 2024
1
That's exactly what I'm going to do and I don't think this is a good test. Such a probe will only test if we can emit HTTP/1.1 responses specifically designed to return healthchecks. It's not gonna test a generic endpoint so that we know the microservice returns HTTP responses relevant to its job.
I did exactly this, and it works. It's slightly more messy than if we supported HTTP/1.1 and h2c on the same socket, but it works.
from kubernetes.
k8s-ci-robot
commented on June 28, 2024
This issue is currently awaiting triage.
If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.
The triage/accepted label can be added by org members by writing /triage accepted in a comment.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
from kubernetes.
grepwood
commented on June 28, 2024
/sig node
from kubernetes.
mauri870
commented on June 28, 2024
From the information of both issues, I see this as a totally valid use case.
It is common to have HTTP servers that run in cleartext mode and do SSL termination on some upper load balancer layer.
What changes are you actually proposing @grepwood?
Shall we add counterparts to the httpGet and grpc type probes for http2, perhaps even separated in http2Get and h2cGet?
from kubernetes.
grepwood
commented on June 28, 2024
@mauri870 yes please. All the solutions you've listed are good from my point of view, so I think it's up to developers to decide which one would give them least amount of issues now and later.
from kubernetes.
mauri870
commented on June 28, 2024
I was looking a bit into the current implementation, looks like setting httpGet with scheme set to HTTPS already works with HTTP2 over tls. So the proposal is for a h2c type probe.
Playing devil's advocate, I wonder if it is worth the effort to implement an h2cGet considering that one can just register a HTTP1.1 route /healthz just for probing. Saying this because we are looking at supporting all options that httpGet supports today (minus scheme) and also a whole new implementation for h2c.
from kubernetes.
mauri870
commented on June 28, 2024
Some more details I found. To make a http client an h2c client we just have to change the transport:
That seems to plug nicely with our http prober:
kubernetes/pkg/probe/http/http.go
Lines 46 to 55 in e6ea4f0
Now it does not seem so complex to support h2c, but I might have overlooked something.
from kubernetes.
mauri870
commented on June 28, 2024
/retitle Support HTTP2 probes over cleartext (h2c)
from kubernetes.
mauri870
commented on June 28, 2024
/assign
from kubernetes.
Related Issues (20)
- Node Labeling node.kubernetes.io/out-of-service Taint Label Delay HOT 2
- [FG:InPlacePodVerticalScaling] e2e test does not verify resource update in pod status HOT 3
- cronjob schedule with multiple conditions not working - conflict between day (week) and day (month) HOT 5
- NetPol block self pod trafic using an svc and not direct call HOT 12
- kube-apiserver logs watch requests before they end in 1.30 HOT 9
- Node Lifecycle Controller does not mark pods not ready when node becomes Ready=False HOT 8
- endpoints cannot be changed from notReadyAddresses to addresses HOT 8
- Enhancement: Add vTPM Configuration Fields for Enhanced Container Security HOT 3
- 'kubectl delete istag/$ISTAG --dry-run=server' is unexpectedly deleting the object from the server HOT 5
- [FG:InPlacePodVerticalScaling] resources in pod status are never updated if EventedPLEG is enabled HOT 2
- [Flaking test] ci-kubernetes-e2e-gci-gce.Overall HOT 4
- `kubernetes.io/legacy-token-last-used` label being added to long lived service token secrets HOT 2
- The endpoint status does not update when the pod state changes rapidly. HOT 8
- Pod with exitCode 137, The reason has nothing to do with resources。 HOT 2
- Failure cluster [9afae275...] HOT 2
- finish DRA for 1.31 HOT 4
- [Failing Test] ci-kubernetes-cloud-provider-kind-conformance-parallel-ipv6 (client rate limiter error) HOT 2
- TypeMeta is empty in Type client Apply and Patch responses HOT 3
- Job API: Relax validation enforcing Pod Failure Policy is only compatible with pod restart policy of "Never" HOT 7
- invalid memory address or nil pointer dereference" in wait.JitterUntil HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes.