Configuring HTTP

HTTPS redirection

Operators can force HTTPS redirection for all Services. See the http-protocol mentioned in the Enabling automatic TLS certificate provisioning page for more details.

Overriding the default HTTP behavior

You can override the default behavior for each Service or global configuration.

  • Global key: http-protocol
  • Per-revision annotation key: networking.knative.dev/http-protocol
  • Possible values:
    • enabled — Services accept HTTP traffic.
    • redirected — Services send a 301 redirect for all HTTP connections and ask clients to use HTTPS instead.
  • Default: enabled

Example:

Per ServiceGlobal (ConfigMap)Global (Operator)

  1. apiVersion: serving.knative.dev/v1
  2. kind: Service
  3. metadata:
  4. name: example
  5. namespace: default
  6. annotations:
  7. networking.knative.dev/http-protocol: "redirected"
  8. spec:
  9. ...
  1. apiVersion: v1
  2. kind: ConfigMap
  3. metadata:
  4. name: config-network
  5. namespace: knative-serving
  6. data:
  7. http-protocol: "redirected"
  1. apiVersion: operator.knative.dev/v1alpha1
  2. kind: KnativeServing
  3. metadata:
  4. name: knative-serving
  5. spec:
  6. config:
  7. network:
  8. http-protocol: "redirected"

HTTP/1 Full Duplex support per workload

Knative services can turn on the support for HTTP/1 full duplex end-to-end on the data path. This should be used in scenarios where the related Golang issue is hit eg. the application server writes back to QP’s reverse proxy before the latter has consumed the whole request. For more details on why the issue appears see here.

Configure HTTP/1 Full Duplex support

In order to enable the HTTP/1 full duplex support you can set the corresponding annotation at the revision spec level as follows:

Warning

Test with your http clients before enabling, as older clients may not provide support for HTTP/1 full duplex.

  1. apiVersion: serving.knative.dev/v1
  2. kind: Service
  3. metadata:
  4. name: example-service
  5. namespace: default
  6. spec:
  7. template:
  8. metadata:
  9. annotations:
  10. features.knative.dev/http-full-duplex: "Enabled"
  11. ...