We are on Kubernetes and use Istio Service Mesh. Currently, there is SSL Termination for HTTPS in Gateway. I see in the istio-proxy logs that the HTTP protocol is HTTP 1.1.
I want to upgrade HTTP 1.1 to HTTP2 due to its various advantages. Clients should call our services HTTP2 over SSL/TLS.
I am using this blog for an internal demo on this topic.
These are the bottlenecks:
1) I want to propose a plan which will causes least amount of changes. I understand I need to update the Gateway from
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- "*"
tls:
mode: SIMPLE
serverCertificate: /etc/certs/server.pem
privateKey: /etc/certs/privatekey.pem
to
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http2
protocol: HTTP2
hosts:
- "*"
tls:
mode: SIMPLE
serverCertificate: /etc/certs/server.pem
privateKey: /etc/certs/privatekey.pem
based on the examples I see in the Istio's Gateway documentation.
I want to know: Will this allow HTTP2 over TLS connections from browsers (which support only this mode)? Can I provide tls details for HTTP2, like I did with HTTPS?
2) What are some of the other Istio configurations to update?
3) Will this change be break Microservices which are using http protocol currently? How can I mitigate this?
4) I was reading about DestinationRule and upgrade policy. Is this a good fit?