Menu
Can I enable HTTP/2 for my website hosted on OpenShift?
I know you can use CloudFlare as a proxy, then it will provide support for HTTP/2. But I am interested in is the ability to configure precisely my apps on OpenShift.
390
Red Hat OpenShift is a cloud-based Kubernetes platform that helps developers build applications. It offers automated installation, upgrades, and life cycle management throughout the container stack — the operating system, Kubernetes and cluster services, and applications — on any cloud.
Creating a passthrough route You can configure a secure route using passthrough termination by using the oc create route command. With passthrough termination, encrypted traffic is sent straight to the destination without the router providing TLS termination. Therefore no key or certificate is required on the route.
The Red Hat OpenShift ingress controller implementation is designed to watch ingress objects and create one or more routes to fulfill the conditions specified. If you change the ingress object, the Red Hat OpenShift Ingress Controller syncs the changes and applies to the generated route objects.
No, you can't.
Hopefully, this answer will be wrong someday and and some one will correct me according to Cunningham's law.
119
There's hope!
Openshift 3 itself has a dependency of HAProxy not supporting H/2, so unfortunately there's close to no support.. There is hope for partial support for HTTP/2. You can keep an eye on this GitHub issue to see if they'd consider swapping out HAProxy.
From the mentioned issue:
Actually, the status is not too bad. We got HTTP/2 working when the public route uses a pass-through TLS termination strategy.
So:
H2 between pods works (with TLS) H2C between pods works (H2C with and without TLS) H2 behind a public route requires the route TLS termination to be "pass-through" H2C behind a public route requires the same and SSL enabled on the server side
Also HAProxy itself promised to make HTTP/2 a major focus for their next release (we were teased with the hope of H/2 support for release 1.7, but it didn't happen). If you'd like to read more on HAProxy H/2 support, then there's a promising SO answer and a Discourse discussion.
22
As of OpenShift 3.11 you can enable it with the environment variable ROUTER_ENABLE_HTTP2, see https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html#ocp-311-haproxy-enhancements
Implements HAProxy router HTTP/2 support (terminating at the router).
$ oc set env dc/router ROUTER_ENABLE_HTTP2=true
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
