Configuring HTTP

HTTPS redirection

Operators can force HTTPS redirection for all Services. See the http-protocol mentioned in Configure external domain encryption page for more details.

Overriding the default HTTP behavior

You can override the default behavior for each Service or global configuration.

• Global key: http-protocol
• Per-revision annotation key: networking.knative.dev/http-protocol
• Possible values:
  • enabled — Services accept HTTP traffic.
  • redirected — Services send a 301 redirect for all HTTP connections and ask clients to use HTTPS instead.
• Default: enabled

Example:

Per ServiceGlobal (ConfigMap)Global (Operator)

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: example
  namespace: default
  annotations:
    networking.knative.dev/http-protocol: "redirected"
spec:
  ...

apiVersion: v1
kind: ConfigMap
metadata:
  name: config-network
  namespace: knative-serving
data:
  http-protocol: "redirected"

apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
  name: knative-serving
spec:
  config:
    network:
      http-protocol: "redirected"

HTTP/1 Full Duplex support per workload

Knative services can turn on the support for HTTP/1 full duplex end-to-end on the data path. This should be used in scenarios where the related Golang issue is hit eg. the application server writes back to QP’s reverse proxy before the latter has consumed the whole request. For more details on why the issue appears see here.

Configure HTTP/1 Full Duplex support

In order to enable the HTTP/1 full duplex support you can set the corresponding annotation at the revision spec level as follows:

Warning

Test with your http clients before enabling, as older clients may not provide support for HTTP/1 full duplex.

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: example-service
  namespace: default
spec:
  template:
    metadata:
      annotations:
        features.knative.dev/http-full-duplex: "Enabled"
...