Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable http3 support for Traefik #5184

Closed
1 task
dereknola opened this issue Feb 28, 2022 · 3 comments
Closed
1 task

Enable http3 support for Traefik #5184

dereknola opened this issue Feb 28, 2022 · 3 comments
Assignees
@brandond @est-suse
Labels
kind/feature A large new piece of functionality
Milestone
v1.25.4+k3s1

Comments

@dereknola
Copy link
Member

Is your feature request related to a problem? Please describe.

Ask for by the community in this PR: #5069
Describe the solution you'd like

https://github.com/k3s-io/k3s/pull/5069/files#diff-950b8e60144da8e48c9c65a3e25d0c4cd3264400aca9bbf94d6f30e7dc2f030cR24

Describe alternatives you've considered

Additional context

Backporting

  • Needs backporting to older releases
@dereknola dereknola added the kind/feature A large new piece of functionality label Feb 28, 2022
@dereknola dereknola added this to the v1.24.0+k3s1 milestone Feb 28, 2022
@dereknola dereknola mentioned this issue Feb 28, 2022
Closed
@tete17 tete17 mentioned this issue Mar 7, 2022
Closed
@katran001 katran001 modified the milestones: v1.24.0+k3s1, 1.24 backlog Jun 28, 2022
@brandond brandond mentioned this issue Oct 26, 2022
Merged
@brandond
Copy link
Member

brandond commented Oct 26, 2022
edited
Loading

http3 support is no longer experimental as of v18.0.0 of the chart, but it still is not enabled by default.

Note that due to an issue in how helm patches the service spec, you may need to delete the traefik service before applying the following config in order to get the UDP port created correctly. If you don't it simply won't expose the udp port for http3.

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  valuesContent: |-
    ports:
      websecure:
        http3:
          enabled: true
          advertisedPort: 443

Once this is done, I can confirm that the resulting service supports http3, although it is still notably hard to test. Here's one way:

brandond@dev01:~$ docker run --rm ymuski/curl-http3 curl --http3 -vks https://172.17.0.2/
*   Trying 172.17.0.2:443...
* Connect socket 5 over QUIC to 172.17.0.2:443
* Sent QUIC client Initial, ALPN: h3-29,h3-28,h3-27
* Connected to 172.17.0.2 () port 443 (#0)
* h3 [:method: GET]
* h3 [:path: /]
* h3 [:scheme: https]
* h3 [:authority: 172.17.0.2]
* h3 [user-agent: curl/7.76.1-DEV]
* h3 [accept: */*]
* Using HTTP/3 Stream ID: 0 (easy handle 0x564db63ac020)
> GET / HTTP/3
> Host: 172.17.0.2
> user-agent: curl/7.76.1-DEV
> accept: */*
>
< HTTP/3 404
< x-content-type-options: nosniff
< content-type: text/plain; charset=utf-8
<
{ [19 bytes data]
* Connection #0 to host 172.17.0.2 left intact
404 page not found

This was referenced Nov 1, 2022
Merged
Closed
Closed
@brandond brandond self-assigned this Nov 8, 2022
@brandond brandond modified the milestones: 1.24 backlog, v1.25.4+k3s1 Nov 8, 2022
@est-suse
Copy link
Contributor

est-suse commented Nov 11, 2022
edited by bguzman-3pillar
Loading

Validated on branch 1.25 commit e212088

Infrastructure

Cloud
Hosted
Node(s) CPU architecture, OS, and Version:

NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.4 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
Cluster Configuration:

1 server
Testing Steps

  1. Install K3s curl -sfL https://get.k3s.io | INSTALL_K3S_COMMIT=e21208870c3b287a31a89f341bde2a7d1c996c7a INSTALL_K3S_EXEC="server" sh -
  2. install docker sudo snap install docker
  3. Delete traefik service kubectl delete svc traefik -n ….
  4. Deploy the helmchatconfig below in manifest directory my any name traefikconfig.yaml
    check the ip of the new service that is created and run the docker command he has shared.
sudo cat /var/lib/rancher/k3s/server/manifests/traefikconfig.yaml
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  valuesContent: |-
    ports:
      websecure:
        http3:
          enabled: true
          advertisedPort: 443

check the ip of the new service that is created and run the docker command

  • Trying 172.31.37.24:443...
  • Connect socket 5 over QUIC to 172.31.37.24:443
  • Sent QUIC client Initial, ALPN: h3-29,h3-28,h3-27
  • Connected to 172.31.37.24 () port 443 (#0)
  • h3 [:method: GET]
  • h3 [:path: /]
  • h3 [:scheme: https]
  • h3 [:authority: 172.31.37.24]
  • h3 [user-agent: curl/7.76.1-DEV]
  • h3 [accept: /]
  • Using HTTP/3 Stream ID: 0 (easy handle 0x55c3f34f0020)

GET / HTTP/3
Host: 172.31.37.24
user-agent: curl/7.76.1-DEV
accept: /

< HTTP/3 404
< content-type: text/plain; charset=utf-8
< x-content-type-options: nosniff
<
{ [19 bytes data]

  • Connection #0 to host 172.31.37.24 left intact

image

@brandond brandond mentioned this issue Jan 19, 2023
Closed
@knackstedt
Copy link

I'm simply going to add this for any weary travellers who may need it:

I had to manually delete both the traefik service and deployment so that the traefik service and endpoint would properly listen on both TCP and UDP. Apparently there's an issue with the traefik helm chart where it doesn't always apply the changes to these objects.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brandond brandond

@est-suse est-suse

Labels
kind/feature A large new piece of functionality
Projects
None yet
Milestone
v1.25.4+k3s1
Development

No branches or pull requests
5 participants
@brandond @dereknola @knackstedt @katran001 @est-suse