Configuring HTTP¶
HTTPS redirection¶
Operators can force HTTPS redirection for all Services. See the http-protocol
mentioned in the Enabling automatic TLS certificate provisioning page for more details.
Overriding the default HTTP behavior¶
You can override the default behavior for each Service or global configuration.
- Global key:
http-protocol
- Per-revision annotation key:
networking.knative.dev/http-protocol
- Possible values:
enabled
— Services accept HTTP traffic.redirected
— Services send a 301 redirect for all HTTP connections and ask clients to use HTTPS instead.
- Default:
enabled
Example:
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: example
namespace: default
annotations:
networking.knative.dev/http-protocol: "redirected"
spec:
...
apiVersion: v1
kind: ConfigMap
metadata:
name: config-network
namespace: knative-serving
data:
http-protocol: "redirected"
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
spec:
config:
network:
http-protocol: "redirected"
HTTP/1 Full Duplex support per workload¶
Knative services can turn on the support for HTTP/1 full duplex end-to-end on the data path. This should be used in scenarios where the related Golang issue is hit eg. the application server writes back to QP's reverse proxy before the latter has consumed the whole request. For more details on why the issue appears see here.
Configure HTTP/1 Full Duplex support¶
In order to enable the HTTP/1 full duplex support you can set the corresponding annotation at the revision spec level as follows:
Warning
Test with your http clients before enabling, as older clients may not provide support for HTTP/1 full duplex.
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: example-service
namespace: default
spec:
template:
spec:
annotations:
features.knative.dev/http-full-duplex: "Enabled"
...