Skip to content
This repository has been archived by the owner on Apr 10, 2024. It is now read-only.

Use HTTP/1.1 to perform readiness check #156

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -89,9 +89,7 @@ public void waitUntilReady() {
var readinessChecker = new ProcessReadinessChecker();
var timeout = config.getStartupTimeout();
var startTime = System.currentTimeMillis();
// the 1.29.0 binary has issue with this. Will temporarily comment out and further investigate.
// But with this now all the executions are failing
// readinessChecker.waitUntilReady(apiServerPort, "readyz", KUBE_API_SERVER, true, timeout);
readinessChecker.waitUntilReady(apiServerPort, "readyz", KUBE_API_SERVER, true, timeout);
int newTimout = (int) (timeout - (System.currentTimeMillis() - startTime));
readinessChecker.waitUntilDefaultNamespaceAvailable(apiServerPort, binaryManager, certManager,
config, newTimout);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -177,8 +177,13 @@ public void checkServerTrusted(
}
},
null);
// Set protocol to HTTP/1.1 for unauthenticated invocations of "GET /readyz". Sending
// unauthenticated requests using HTTP/2 is problematic on Kubernetes >=1.29, which enables
// denial-of-service mitigation for authenticated HTTP/2 by default with the
// UnauthenticatedHTTP2DOSMitigation feature gate.
return HttpClient.newBuilder()
.sslContext(sslContext)
adriansuarez marked this conversation as resolved.
Show resolved Hide resolved
.version(HttpClient.Version.HTTP_1_1)
.build();
} catch (NoSuchAlgorithmException | KeyManagementException e) {
throw new JenvtestException(e);
Expand Down
Loading