WIP: Envoy proxy handles HTTP/2

- This configuration works for apps that speak h2c, but does not work for HTTP/1.1-only apps [#177586568] [cloudfoundry/routing-release#200] Co-authored-by: Greg Cobb <[email protected]>
pet-forks · Apr 8, 2021 · 8469517 · 8469517
1 parent d98dd1d
commit 8469517
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/depot/containerstore/proxy_config_handler.go b/depot/containerstore/proxy_config_handler.go
@@ -462,6 +462,7 @@ func generateListeners(container executor.Container, requireClientCerts bool) ([
 		tlsContext := &envoy_tls.DownstreamTlsContext{
 			RequireClientCertificate: &wrappers.BoolValue{Value: requireClientCerts},
 			CommonTlsContext: &envoy_tls.CommonTlsContext{
+				AlpnProtocols: []string{"h2,http/1.1"},
 				TlsCertificateSdsSecretConfigs: []*envoy_tls.SdsSecretConfig{
 					{
 						Name: "server-cert-and-key",

diff --git a/depot/containerstore/proxy_config_handler_test.go b/depot/containerstore/proxy_config_handler_test.go
@@ -635,7 +635,7 @@ var _ = Describe("ProxyConfigHandler", func() {
 				}
 			})
 
-			It("creates the appropriate proxy config file", func() {
+			FIt("creates the appropriate proxy config file", func() {
 				err := proxyConfigHandler.Update(containerstore.Credential{Cert: "cert", Key: "key"}, container)
 				Expect(err).NotTo(HaveOccurred())
 				Eventually(proxyConfigFile).Should(BeAnExistingFile())
@@ -869,6 +869,7 @@ func (l expectedListener) check(listener *envoy_listener.Listener) {
 	Expect(filterChain.TransportSocket.Name).To(Equal(l.name))
 
 	Expect(downstreamTlsContext.RequireClientCertificate.Value).To(Equal(l.requireClientCertificate))
+	Expect(downstreamTlsContext.CommonTlsContext.AlpnProtocols).To(Equal([]string{"h2,http/1.1"}))
 	Expect(downstreamTlsContext.CommonTlsContext.TlsCertificateSdsSecretConfigs).To(ConsistOf(
 		&envoy_tls.SdsSecretConfig{
 			Name: "server-cert-and-key",