Should it be possible to use "HTTP connect" as the mode for Konnectivity #598
Comments
|
Don't want to play the Uno reverse card here: why are you trying to setup http connect mode? I guess it could be related to network firewalls but any feedback would be really valuable. The gRPC one is the same used by other providers and we went with that choice, as well as the documentation from Kubernetes suggests using this mode. If you don't mind, I'll move this as a Discussion since it's not a bug per se. |
|
I might play a Uno draw four ;) But the additional context for “why” might have been useful… The reason was we have a reverse proxy solution for our Tenant Control Plane’s that doesn’t handle gRPC well sometimes (which you may argue is the real problem) so I’d hoped HTTP Connect mode might provide a workable solution, however I’ve not tested this outside of Kamajj so it may be a dead end for my own purposes…but I guess it’s more a question of why gRPC is the only option. If HTTP Connect is terrible for some reason I’m perfectly fine with this decision of forcing gRPC though. |
I'll leave this here. I remember we worked with @jwitko on 7ac8e5e in allowing overriding Konnectivity, as well as API Server, parameters, taking for granted users knew what they were doing. My main remark is that these kinds of customisations could potentially create issues with Kamaji, and newbie users would blame Kamaji for its instability, even tho it's their "fault". I'm open tho in supporting the customisations of the konnectivity server, unless there's a well-known and proven best practice in preferring gRPC over HTTP, besides the fact gRPC is based on a binary format which is more performant and robust. |
|
Touché for the Uno reference. I’m honestly fine if the position is that gRPC is a superior solution so that’s all Kamaji will support…as being opinionated in this regard is no problem. I don’t know enough about the internals of Kamaji or Konnectivity to comment on the suitability of HTTP Connect as an option, it was more to (hopefully) work around a deficiency in our environment. I can put tog PR so that option is not explicitly set if that helps? Then it can be accepted or rejected either way? |
|
Rather than superior, I'd say easier: I had a quick review of the current code and such a change would require a change in the Not a big deal, tho, we could provide an |
When adding
--mode=http-connecttoTenantControlPlane.spec.addons.konnectivity.server.extraArgsthis gets overridden to be set to "grpc" here:kamaji/internal/builders/controlplane/konnectivity_server.go
Line 52 in 7e08b9a
Is "grpc" hard coded for a particular reason? Or is "http-connect" not a good idea to use?
Thanks.
The text was updated successfully, but these errors were encountered: