diff --git a/go.mod b/go.mod index 9e0e38893..7dc4e43e6 100644 --- a/go.mod +++ b/go.mod @@ -46,7 +46,7 @@ require ( gopkg.in/square/go-jose.v2 v2.6.0 k8s.io/api v0.0.0-20240508202814-7ccc2456a96f k8s.io/apimachinery v0.0.0-20240503202409-c9c3e94f52f0 - k8s.io/client-go v0.0.0-20240509003152-8a8d0731deec + k8s.io/client-go v0.0.0-20240509043313-62f959700d55 k8s.io/component-base v0.0.0-20240509004100-482591e4108c k8s.io/klog/v2 v2.120.1 k8s.io/kms v0.0.0-20240507203920-200fd0923998 diff --git a/go.sum b/go.sum index 44fde0316..fccdeff29 100644 --- a/go.sum +++ b/go.sum @@ -377,8 +377,8 @@ k8s.io/api v0.0.0-20240508202814-7ccc2456a96f h1:JD5C6Ov1+pP7Ze8s7O/+0YfhlAH2Nrk k8s.io/api v0.0.0-20240508202814-7ccc2456a96f/go.mod h1:63wOlHLR6A1SAeEfLi6u/gVTKmQklvs6IL52WjMSKn0= k8s.io/apimachinery v0.0.0-20240503202409-c9c3e94f52f0 h1:7WYV6yFZ33GBiOXTMsfUjlaZvdWfda0JRXrn/xxekAY= k8s.io/apimachinery v0.0.0-20240503202409-c9c3e94f52f0/go.mod h1:+hpAhBheGa7Ub4X6JfKqjEeACgGYZqZv+ILGzigzVGU= -k8s.io/client-go v0.0.0-20240509003152-8a8d0731deec h1:akBU/J0mAZMXVFEuYiQa8XHJWPft/OYFUo1XamPuLzM= -k8s.io/client-go v0.0.0-20240509003152-8a8d0731deec/go.mod h1:j5TdCy1D4o/8Hw6VjFwXsPxANdrTKVHisxrjVF4tc7A= +k8s.io/client-go v0.0.0-20240509043313-62f959700d55 h1:TTHuyPSIxllgHDQzFvkYJ9Iewk3/Balim0/HUvKCWwI= +k8s.io/client-go v0.0.0-20240509043313-62f959700d55/go.mod h1:j5TdCy1D4o/8Hw6VjFwXsPxANdrTKVHisxrjVF4tc7A= k8s.io/component-base v0.0.0-20240509004100-482591e4108c h1:dsvBpyLyEc10p5ARPS+9ZZgYIu8W89k2T9oNWvgxEmQ= k8s.io/component-base v0.0.0-20240509004100-482591e4108c/go.mod h1:iQnJj8brojGA7iHRX01Yx9zVMeAuOGBVhQ0UpOm7vTw= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= diff --git a/pkg/server/options/serving.go b/pkg/server/options/serving.go index 842ab7ee0..21a2736e1 100644 --- a/pkg/server/options/serving.go +++ b/pkg/server/options/serving.go @@ -44,6 +44,8 @@ type SecureServingOptions struct { // BindNetwork is the type of network to bind to - defaults to "tcp", accepts "tcp", // "tcp4", and "tcp6". BindNetwork string + // DisableHTTP2Serving indicates that http2 serving should not be enabled. + DisableHTTP2Serving bool // Required set to true means that BindPort cannot be zero. Required bool // ExternalAddress is the address advertised, even if BindAddress is a loopback. By default this @@ -163,6 +165,9 @@ func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet) { } fs.IntVar(&s.BindPort, "secure-port", s.BindPort, desc) + fs.BoolVar(&s.DisableHTTP2Serving, "disable-http2-serving", s.DisableHTTP2Serving, + "If true, HTTP2 serving will be disabled [default=false]") + fs.StringVar(&s.ServerCert.CertDirectory, "cert-dir", s.ServerCert.CertDirectory, ""+ "The directory where the TLS certs are located. "+ "If --tls-cert-file and --tls-private-key-file are provided, this flag will be ignored.") @@ -256,6 +261,7 @@ func (s *SecureServingOptions) ApplyTo(config **server.SecureServingInfo) error *config = &server.SecureServingInfo{ Listener: s.Listener, HTTP2MaxStreamsPerConnection: s.HTTP2MaxStreamsPerConnection, + DisableHTTP2: s.DisableHTTP2Serving, } c := *config diff --git a/pkg/server/options/serving_test.go b/pkg/server/options/serving_test.go index 1ccccb417..a08ce2b3b 100644 --- a/pkg/server/options/serving_test.go +++ b/pkg/server/options/serving_test.go @@ -290,7 +290,8 @@ func TestServerRunWithSNI(t *testing.T) { KeyFile: serverKeyFile, }, }, - SNICertKeys: namedCertKeys, + DisableHTTP2Serving: true, + SNICertKeys: namedCertKeys, }).WithLoopback() // use a random free port ln, err := net.Listen("tcp", "127.0.0.1:0")