Skip to content

Commit

Permalink
Disable HTTP2 in webhook server
Browse files Browse the repository at this point in the history
  • Loading branch information
abays committed Oct 20, 2023
1 parent 27e4912 commit 6ea0629
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 1 deletion.
1 change: 0 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,6 @@ require (
)

replace (

// required by Microsoft/hcsshim, containers/storage, sriov-network-operator
// Not used within this Operator.
// Bump to avoid CVE detection with earlier versions (v1.5.4).
Expand Down
11 changes: 11 additions & 0 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ limitations under the License.
package main

import (
"crypto/tls"
"flag"
"fmt"
"os"
Expand Down Expand Up @@ -94,6 +95,8 @@ func main() {
var enableLeaderElection bool
var enableWebhooks bool
var probeAddr string
var enableHTTP2 bool
flag.BoolVar(&enableHTTP2, "enable-http2", enableHTTP2, "If HTTP/2 should be enabled for the metrics and webhook servers.")
flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
flag.BoolVar(&enableLeaderElection, "leader-elect", false,
Expand Down Expand Up @@ -156,6 +159,13 @@ func main() {
os.Exit(1)
}

disableHTTP2 := func(c *tls.Config) {
if enableHTTP2 {
return
}
c.NextProtos = []string{"http/1.1"}
}

checker := healthz.Ping
if strings.ToLower(os.Getenv("ENABLE_WEBHOOKS")) != "false" {
enableWebhooks = true
Expand All @@ -166,6 +176,7 @@ func main() {
srv.CertName = WebhookCertName
srv.KeyName = WebhookKeyName
srv.Port = WebhookPort
srv.TLSOpts = []func(config *tls.Config){disableHTTP2}
}

if err = (&controllers.OpenStackControlPlaneReconciler{
Expand Down

0 comments on commit 6ea0629

Please sign in to comment.