From 0695847d792e0212529054a9199d6d12f5351db0 Mon Sep 17 00:00:00 2001 From: Manuel Alejandro de Brito Fontes Date: Wed, 2 Dec 2020 11:23:39 -0300 Subject: [PATCH] Disable HTTP/2 in the webhook server --- internal/ingress/controller/nginx.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go index b17177c06..90df5d8e3 100644 --- a/internal/ingress/controller/nginx.go +++ b/internal/ingress/controller/nginx.go @@ -18,6 +18,7 @@ package controller import ( "bytes" + "crypto/tls" "encoding/json" "errors" "fmt" @@ -114,6 +115,10 @@ func NewNGINXController(config *Configuration, mc metric.Collector) *NGINXContro Addr: config.ValidationWebhook, Handler: adm_controller.NewAdmissionControllerServer(&adm_controller.IngressAdmission{Checker: n}), TLSConfig: ssl.NewTLSListener(n.cfg.ValidationWebhookCertPath, n.cfg.ValidationWebhookKeyPath).TLSConfig(), + // disable http/2 + // https://github.com/kubernetes/kubernetes/issues/80313 + // https://github.com/kubernetes/ingress-nginx/issues/6323#issuecomment-737239159 + TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)), } }