feat: support h2c app protocol (#10737)

Co-authored-by: Nathan Fudenberg <[email protected]>

Author: yuval-k

Makefile

@@ -691,7 +691,7 @@ $(TEST_ASSET_DIR)/conformance/conformance_test.go:
 	cat $(shell go list -json -m sigs.k8s.io/gateway-api | jq -r '.Dir')/conformance/conformance_test.go >> $@
 	go fmt $@
 
-CONFORMANCE_SUPPORTED_FEATURES ?= -supported-features=Gateway,ReferenceGrant,HTTPRoute,HTTPRouteQueryParamMatching,HTTPRouteMethodMatching,HTTPRouteResponseHeaderModification,HTTPRoutePortRedirect,HTTPRouteHostRewrite,HTTPRouteSchemeRedirect,HTTPRoutePathRedirect,HTTPRouteHostRewrite,HTTPRoutePathRewrite,HTTPRouteRequestMirror,TLSRoute
+CONFORMANCE_SUPPORTED_FEATURES ?= -supported-features=Gateway,ReferenceGrant,HTTPRoute,HTTPRouteQueryParamMatching,HTTPRouteMethodMatching,HTTPRouteResponseHeaderModification,HTTPRoutePortRedirect,HTTPRouteHostRewrite,HTTPRouteSchemeRedirect,HTTPRoutePathRedirect,HTTPRouteHostRewrite,HTTPRoutePathRewrite,HTTPRouteRequestMirror,TLSRoute,HTTPRouteBackendProtocolH2C
 CONFORMANCE_SUPPORTED_PROFILES ?= -conformance-profiles=GATEWAY-HTTP
 CONFORMANCE_GATEWAY_CLASS ?= kgateway
 CONFORMANCE_REPORT_ARGS ?= -report-output=$(TEST_ASSET_DIR)/conformance/$(VERSION)-report.yaml -organization=kgateway-dev -project=kgateway -version=$(VERSION) -url=github.com/kgateway-dev/kgateway -contact=github.com/kgateway-dev/kgateway/issues/new/choose

internal/kgateway/extensions2/plugins/kubernetes/k8s.go

@@ -56,6 +56,7 @@ func NewPluginFromCollections(
 				},
 				Obj:               svc,
 				Port:              port.Port,
+				AppProtocol:       translateAppProtocol(port.AppProtocol),
 				GvPrefix:          "kube",
 				CanonicalHostname: fmt.Sprintf("%s.%s.svc.%s", svc.Name, svc.Namespace, clusterDomain),
 			})
@@ -79,6 +80,18 @@ func NewPluginFromCollections(
 	}
 }
 
+func translateAppProtocol(appProtocol *string) ir.AppProtocol {
+	if appProtocol == nil {
+		return ir.DefaultAppProtocol
+	}
+	switch *appProtocol {
+	case "kubernetes.io/h2c":
+		return ir.HTTP2AppProtocol
+	default:
+		return ir.DefaultAppProtocol
+	}
+}
+
 func processUpstream(ctx context.Context, in ir.BackendObjectIR, out *envoy_config_cluster_v3.Cluster) {
 	out.ClusterDiscoveryType = &envoy_config_cluster_v3.Cluster_Type{
 		Type: envoy_config_cluster_v3.Cluster_EDS,

internal/kgateway/ir/backend.go

@@ -47,12 +47,21 @@ func (c ObjectSource) Equals(in ObjectSource) bool {
 	return c.Namespace == in.Namespace && c.Name == in.Name && c.Group == in.Group && c.Kind == in.Kind
 }
 
+type AppProtocol string
+
+const (
+	DefaultAppProtocol AppProtocol = ""
+	HTTP2AppProtocol   AppProtocol = "http2"
+)
+
 type BackendObjectIR struct {
 	// Ref to source object. sometimes the group and kind are not populated from api-server, so
 	// set them explicitly here, and pass this around as the reference.
 	ObjectSource `json:",inline"`
 	// optional port for if ObjectSource is a service that can have multiple ports.
 	Port int32
+	// optional application protocol for the backend. Can be used to enable http2.
+	AppProtocol AppProtocol
 
 	// prefix the cluster name with this string to distinguish it from other GVKs.
 	// here explicitly as it shows up in stats. each (group, kind) pair should have a unique prefix.

internal/kgateway/setup/testdata/accesslog-filterhttp-httplisteneropt-out.yaml

@@ -97,6 +97,11 @@ clusters:
       typedConfig:
         '@type': type.googleapis.com/envoy.extensions.transport_sockets.raw_buffer.v3.RawBuffer
   type: EDS
+  typedExtensionProtocolOptions:
+    envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+      '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+      explicitHttpConfig:
+        http2ProtocolOptions: {}
 - connectTimeout: 5s
   edsClusterConfig:
     edsConfig:

internal/kgateway/setup/testdata/accesslog-filterhttp-httplisteneropt.yaml

@@ -87,6 +87,7 @@ spec:
   ports:
     - name: grpc
       port: 50051
+      appProtocol: kubernetes.io/h2c
       targetPort: 50051
   selector:
     app: log-test

internal/kgateway/translator/irtranslator/backend.go

@@ -7,13 +7,17 @@ import (
 
 	envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
+	envoy_upstreams_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/anypb"
 	"google.golang.org/protobuf/types/known/durationpb"
 	"istio.io/istio/pkg/kube/krt"
 
 	"k8s.io/apimachinery/pkg/runtime/schema"
 
 	extensionsplug "github.com/kgateway-dev/kgateway/v2/internal/kgateway/extensions2/plugin"
 	"github.com/kgateway-dev/kgateway/v2/internal/kgateway/ir"
+	"github.com/kgateway-dev/kgateway/v2/internal/kgateway/utils"
 )
 
 var (
@@ -78,6 +82,36 @@ func (t *BackendTranslator) runPlugins(
 	}
 }
 
+var (
+	h2Options = func() *anypb.Any {
+		http2ProtocolOptions := &envoy_upstreams_v3.HttpProtocolOptions{
+			UpstreamProtocolOptions: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig_{
+				ExplicitHttpConfig: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig{
+					ProtocolConfig: &envoy_upstreams_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{
+						Http2ProtocolOptions: &envoy_config_core_v3.Http2ProtocolOptions{},
+					},
+				},
+			},
+		}
+
+		a, err := utils.MessageToAny(http2ProtocolOptions)
+		if err != nil {
+			// should never happen - all values are known ahead of time.
+			panic(err)
+		}
+		return a
+	}()
+)
+
+func translateAppProtocol(appProtocol ir.AppProtocol) map[string]*anypb.Any {
+	typedExtensionProtocolOptions := map[string]*anypb.Any{}
+	switch appProtocol {
+	case ir.HTTP2AppProtocol:
+		typedExtensionProtocolOptions["envoy.extensions.upstreams.http.v3.HttpProtocolOptions"] = proto.Clone(h2Options).(*anypb.Any)
+	}
+	return typedExtensionProtocolOptions
+}
+
 // initializeCluster creates a default envoy cluster with minimal configuration,
 // that will then be augmented by various backend plugins
 func initializeCluster(u ir.BackendObjectIR) *envoy_config_cluster_v3.Cluster {
@@ -92,7 +126,9 @@ func initializeCluster(u ir.BackendObjectIR) *envoy_config_cluster_v3.Cluster {
 		// defaults to Cluster_USE_CONFIGURED_PROTOCOL
 		// ProtocolSelection: envoy_config_cluster_v3.Cluster_ClusterProtocolSelection(upstream.GetProtocolSelection()),
 		// this field can be overridden by plugins
-		ConnectTimeout: durationpb.New(ClusterConnectionTimeout),
+		ConnectTimeout:                durationpb.New(ClusterConnectionTimeout),
+		TypedExtensionProtocolOptions: translateAppProtocol(u.AppProtocol),
+
 		// Http2ProtocolOptions:      getHttp2options(upstream),
 		// IgnoreHealthOnHostRemoval: upstream.GetIgnoreHealthOnHostRemoval().GetValue(),
 		//	RespectDnsTtl:             upstream.GetRespectDnsTtl().GetValue(),

internal/kgateway/translator/irtranslator/backend_test.go

@@ -0,0 +1,52 @@
+package irtranslator_test
+
+import (
+	"context"
+	"testing"
+
+	envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
+	envoy_upstreams_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3"
+	"istio.io/istio/pkg/kube/krt"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+
+	. "github.com/onsi/gomega"
+
+	"github.com/kgateway-dev/kgateway/v2/internal/kgateway/ir"
+	"github.com/kgateway-dev/kgateway/v2/internal/kgateway/translator/irtranslator"
+)
+
+func testBInitBackend(ctx context.Context, in ir.BackendObjectIR, out *envoy_config_cluster_v3.Cluster) {
+}
+
+func TestBackendTranslatorTranslatesAppProtocol(t *testing.T) {
+	g := NewWithT(t)
+	var bt irtranslator.BackendTranslator
+	var ucc ir.UniqlyConnectedClient
+	var kctx krt.TestingDummyContext
+	backend := ir.BackendObjectIR{
+		ObjectSource: ir.ObjectSource{
+			Group:     "group",
+			Kind:      "kind",
+			Name:      "name",
+			Namespace: "namespace",
+		},
+		AppProtocol: ir.HTTP2AppProtocol,
+	}
+	bt.ContributedBackends = map[schema.GroupKind]ir.BackendInit{
+		{Group: "group", Kind: "kind"}: {
+			InitBackend: testBInitBackend,
+		},
+	}
+
+	c, err := bt.TranslateBackend(kctx, ucc, backend)
+	g.Expect(err).NotTo(HaveOccurred())
+	opts := c.GetTypedExtensionProtocolOptions()["envoy.extensions.upstreams.http.v3.HttpProtocolOptions"]
+	g.Expect(opts).NotTo(BeNil())
+
+	p, err := opts.UnmarshalNew()
+	g.Expect(err).NotTo(HaveOccurred())
+
+	httpOpts, ok := p.(*envoy_upstreams_v3.HttpProtocolOptions)
+	g.Expect(ok).To(BeTrue())
+	g.Expect(httpOpts.GetExplicitHttpConfig().GetHttp2ProtocolOptions()).NotTo(BeNil())
+}