Use HTTP1.1 to connect to upstream jwks endpoint (envoyproxy#977)

Use HTTP1.1 to connec to upstream jwks endpoint Signed-off-by: Arko Dasgupta <arko@tetrate.io>
arkodg · Feb 4, 2023 · 82e7672 · 82e7672
1 parent 4a04915
commit 82e7672
Show file tree

Hide file tree

Showing 5 changed files with 4 additions and 30 deletions.
diff --git a/internal/xds/translator/authentication.go b/internal/xds/translator/authentication.go
@@ -219,11 +219,10 @@ func buildClusterFromJwks(jwks *jwksCluster) (*cluster.Cluster, error) {
 				},
 			},
 		},
-		TypedExtensionProtocolOptions: buildTypedExtensionProtocolOptions(),
-		DnsRefreshRate:                durationpb.New(30 * time.Second),
-		RespectDnsTtl:                 true,
-		DnsLookupFamily:               cluster.Cluster_V4_ONLY,
-		TransportSocket:               tSocket,
+		DnsRefreshRate:  durationpb.New(30 * time.Second),
+		RespectDnsTtl:   true,
+		DnsLookupFamily: cluster.Cluster_V4_ONLY,
+		TransportSocket: tSocket,
 	}, nil
 }
 

diff --git a/internal/xds/translator/testdata/out/xds-ir/authn-multi-route-multi-provider.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/authn-multi-route-multi-provider.clusters.yaml
@@ -58,11 +58,6 @@
           trustedCa:
             filename: /etc/ssl/certs/ca-certificates.crt
   type: STATIC
-  typedExtensionProtocolOptions:
-    envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
-      '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
-      explicitHttpConfig:
-        http2ProtocolOptions: {}
 - connectTimeout: 10s
   dnsLookupFamily: V4_ONLY
   dnsRefreshRate: 30s
@@ -87,8 +82,3 @@
           trustedCa:
             filename: /etc/ssl/certs/ca-certificates.crt
   type: STATIC
-  typedExtensionProtocolOptions:
-    envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
-      '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
-      explicitHttpConfig:
-        http2ProtocolOptions: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/authn-multi-route-single-provider.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/authn-multi-route-single-provider.clusters.yaml
@@ -58,8 +58,3 @@
           trustedCa:
             filename: /etc/ssl/certs/ca-certificates.crt
   type: STATIC
-  typedExtensionProtocolOptions:
-    envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
-      '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
-      explicitHttpConfig:
-        http2ProtocolOptions: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/authn-ratelimit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/authn-ratelimit.clusters.yaml
@@ -97,8 +97,3 @@
           trustedCa:
             filename: /etc/ssl/certs/ca-certificates.crt
   type: STATIC
-  typedExtensionProtocolOptions:
-    envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
-      '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
-      explicitHttpConfig:
-        http2ProtocolOptions: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/authn-single-route-single-match.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/authn-single-route-single-match.clusters.yaml
@@ -40,8 +40,3 @@
           trustedCa:
             filename: /etc/ssl/certs/ca-certificates.crt
   type: STATIC
-  typedExtensionProtocolOptions:
-    envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
-      '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
-      explicitHttpConfig:
-        http2ProtocolOptions: {}