Skip to content

Add support for HTTP/2 listener protocol in OCI Load Balancer #505

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add support for HTTP/2 listener protocol in OCI Load Balancer #505

wants to merge 2 commits into from

Conversation

raniellyferreira
Copy link

Problem

When using Layer 7 load balancers with service.beta.kubernetes.io/oci-load-balancer-backend-protocol: "HTTP", the HTTPS listener on port 443 was defaulting to HTTP/1.1 instead of respecting the oci.oraclecloud.com/oci-load-balancer-protocol: "HTTP2" annotation.

This prevented users from configuring HTTP/2 on the listener while maintaining HTTP communication with backends, which is a common configuration pattern for performance optimization.

Solution

Added support for the oci.oraclecloud.com/oci-load-balancer-protocol annotation to allow independent configuration of listener and backend protocols.

Key Changes

  1. New annotation: Added ServiceAnnotationLoadBalancerProtocol = "oci.oraclecloud.com/oci-load-balancer-protocol"
  2. Separate protocol handling: Modified getListenersOciLoadBalancer() to handle listener and backend protocols independently
  3. HTTP/2 support: Added HTTP2 to the list of supported listener protocols
  4. Enhanced validation: Added proper error handling for invalid protocol values
  5. Backward compatibility: All existing functionality is preserved

Usage Example

apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress-controller
  annotations:
    # Backend communicates via HTTP
    service.beta.kubernetes.io/oci-load-balancer-backend-protocol: "HTTP"
    # Listener uses HTTP/2 for better performance
    oci.oraclecloud.com/oci-load-balancer-protocol: "HTTP2"
spec:
  type: LoadBalancer
  ports:
    - name: https
      port: 443
      targetPort: https

Supported Protocols

Backend Protocol (service.beta.kubernetes.io/oci-load-balancer-backend-protocol):

  • TCP (default)
  • HTTP
  • GRPC

Listener Protocol (oci.oraclecloud.com/oci-load-balancer-protocol):

  • TCP (default, matches backend protocol)
  • HTTP
  • HTTP2 NEW
  • GRPC

Testing

  • Added comprehensive test coverage for HTTP2 and HTTP listener protocols
  • All existing tests continue to pass
  • Build verification successful
  • Backward compatibility maintained

Before/After

Before: HTTP-443 listener defaulted to HTTP/1.1 regardless of the protocol annotation
After: HTTP-443 listener correctly uses HTTP/2 when oci.oraclecloud.com/oci-load-balancer-protocol: "HTTP2" is specified

This change resolves issue #449 and enables users to optimize their load balancer configurations for modern HTTP/2 performance while maintaining flexibility in backend communication protocols.

@Copilot Copilot AI review requested due to automatic review settings July 14, 2025 19:09
@oracle-contributor-agreement Oracle Contributor Agreement
Copy link

Thank you for your pull request and welcome to our community! To contribute, please sign the Oracle Contributor Agreement (OCA).
The following contributors of this PR have not signed the OCA:

To sign the OCA, please create an Oracle account and sign the OCA in Oracle's Contributor Agreement Application.

When signing the OCA, please provide your GitHub username. After signing the OCA and getting an OCA approval from Oracle, this PR will be automatically updated.

If you are an Oracle employee, please make sure that you are a member of the main Oracle GitHub organization, and your membership in this organization is public.

@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Required At least one contributor does not have an approved Oracle Contributor Agreement. label Jul 14, 2025
Copilot

This comment was marked as outdated.

Sign in to view

@raniellyferreira raniellyferreira force-pushed the feature/http2-listener-support branch from 67d17c6 to 25b9ce1 Compare July 14, 2025 19:19
@raniellyferreira raniellyferreira force-pushed the feature/http2-listener-support branch from 25b9ce1 to e7d91e4 Compare July 14, 2025 20:01
@oracle-contributor-agreement Oracle Contributor Agreement
Copy link

Thank you for signing the OCA.

@oracle-contributor-agreement oracle-contributor-agreement bot added OCA Verified All contributors have signed the Oracle Contributor Agreement. and removed OCA Required At least one contributor does not have an approved Oracle Contributor Agreement. labels Jul 14, 2025
@raniellyferreira raniellyferreira changed the title Add support for separate HTTP/2 listener protocol in OCI Load Balancer Add support for HTTP/2 listener protocol in OCI Load Balancer Jul 14, 2025
@raniellyferreira raniellyferreira requested a review from Copilot July 16, 2025 15:48
Copilot

This comment was marked as outdated.

Sign in to view

@raniellyferreira raniellyferreira force-pushed the feature/http2-listener-support branch from f588dcf to 609b223 Compare July 16, 2025 15:51
@raniellyferreira raniellyferreira requested a review from Copilot July 16, 2025 15:52
Copilot
Copilot AI reviewed Jul 16, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Adds independent listener protocol configuration to OCI Load Balancer resources, introducing HTTP/2 support via a new annotation and updating listener naming and timeout logic.

  • New oci.oraclecloud.com/oci-load-balancer-protocol annotation for listener protocol
  • getListenersOciLoadBalancer split into backendProtocol and listenerProtocol, with HTTP2 validation
  • Listener naming and default idle timeouts updated to include HTTP/2

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
pkg/cloudprovider/providers/oci/load_balancer_util.go Normalize listener names to use the "HTTP" prefix for HTTP/2
pkg/cloudprovider/providers/oci/load_balancer_spec.go Added listenerProtocol override, HTTP2 support, and idle timeout map
pkg/cloudprovider/providers/oci/load_balancer_spec_test.go Added test cases covering HTTP2 and HTTP listener protocols
Comments suppressed due to low confidence (1)

pkg/cloudprovider/providers/oci/load_balancer_spec.go:1163

  • The comment is outdated now that HTTP/2 (and gRPC) are supported; please update it to reflect all currently supported protocols.
			// At that point LB only supports HTTP and TCP

@raniellyferreira
Copy link
Author

Up

@raniellyferreira
Copy link
Author

raniellyferreira commented Jul 26, 2025
edited
Loading

Eu preciso muito dessa alteração! Não sei porque a Oracle insiste em usar o OCI Ingress Controller sendo que não eles garantem os 28.000 QPS por núcleo como o NGINX. Fora que o WAF deles é muito caro!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
OCA Verified All contributors have signed the Oracle Contributor Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@raniellyferreira