-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: disable HTTP/2 ALPN handshake for connections on routes configured with AI-proxy. #13735
base: master
Are you sure you want to change the base?
Conversation
28fdb00
to
0c402b6
Compare
f86330c
to
c71fdc8
Compare
c71fdc8
to
ab71f75
Compare
9d538a0
to
9e4bf73
Compare
4e0e15f
to
b666932
Compare
…ing the route configured with ai-proxy
9e4bf73
to
2340e90
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm except a minor naming comment
local snis_set, err = kong.cache:get(sni_cache_key, TTL_FOREVER, | ||
sni_filter.build_ssl_route_filter_set, plugin_name) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if this could cause similar performance impact, just the same as the mTLS plugin's case. Suggest we introduce this PR after https://github.com/Kong/kong-ee/pull/10510/files
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's merge the current PR first,it seems that's different functionality in here. When the ee PR merged, I will cherry-pick it to CE ( actually can not directly cherry-pick due to ee and ce db related core code difference)
Summary
This change will disable HTTP/2 ALPN handshake for connections on routes configured with AI-proxy.
The following are the specific changes
kong/tls/plugins/certificate.lua
andkong/tls/plugins/sni_filter.lua
from ee to ce repotls.disable_http2_alpn()
function needed patch for disabling HTTP/2 ALPN when tls handshake. #13709 and feat: introducetls.disable_http2_alpn()
function lua-kong-nginx-module#93, we introduce thedisable_http2_alpn
action in the ai-proxy plugin to solve theai-proxy
plugin did not work in HTTP2 case. After the current PR is merged, HTTP/2 ALPN handshakes will be disabled for requests on routes configured with AI-proxy, and all these connections will fall back to the http1.1 protocol.Checklist
changelog/unreleased/kong
orskip-changelog
label added on PR if changelog is unnecessary. README.mdIssue reference
AG-119