From 6f8e8ea2521a141856cebe5e16b5518d089e2139 Mon Sep 17 00:00:00 2001
From: Simon Stender Boisen <simon@skov-boisen.dk>
Date: Thu, 16 Sep 2021 12:18:08 +0200
Subject: [PATCH] Ensure disableHTTP2 works with k8s crd

---
 docs/content/routing/providers/kubernetes-crd.md            | 6 ++++--
 .../kubernetes/crd/fixtures/with_servers_transport.yml      | 1 +
 pkg/provider/kubernetes/crd/kubernetes.go                   | 1 +
 pkg/provider/kubernetes/crd/kubernetes_test.go              | 1 +
 4 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/docs/content/routing/providers/kubernetes-crd.md b/docs/content/routing/providers/kubernetes-crd.md
index 4db55f7f2..4fbfe2d0d 100644
--- a/docs/content/routing/providers/kubernetes-crd.md
+++ b/docs/content/routing/providers/kubernetes-crd.md
@@ -1709,13 +1709,14 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
         responseHeaderTimeout: 42s     # [8]
         idleConnTimeout: 42s           # [9]
       peerCertURI: foobar              # [10]
+      disableHTTP2: true               # [11]
     ```
 
 | Ref  | Attribute               | Purpose                                                                                                                                              |
 |------|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|
 | [1]  | `serverName`            | ServerName used to contact the server.                                                                                                               |
-| [2]  | `insecureSkipVerify`    | Disable SSL certificate verification.                                                                                                                |
-| [3]  | `rootCAsSecrets`        | Add cert file for self-signed certificate. The secret must contain a certificate under either a tls.ca or a ca.crt key.                              |
+| [2]  | `insecureSkipVerify`    | Disables SSL certificate verification.                                                                                                               |
+| [3]  | `rootCAsSecrets`        | Adds cert file for self-signed certificate. The secret must contain a certificate under either a tls.ca or a ca.crt key.                             |
 | [4]  | `certificatesSecrets`   | Certificates for mTLS.                                                                                                                               |
 | [5]  | `maxIdleConnsPerHost`   | If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, `defaultMaxIdleConnsPerHost` is used.                                 |
 | [6]  | `forwardingTimeouts`    | Timeouts for requests forwarded to the backend servers.                                                                                              |
@@ -1723,6 +1724,7 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
 | [8]  | `responseHeaderTimeout` | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. |
 | [9]  | `idleConnTimeout`       | The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself.                                              |
 | [10] | `peerCertURI`           | URI used to match with service certificate.                                                                                                          |
+| [11] | `disableHTTP2`          | Disables HTTP/2 for connections with backend servers.                                                                                                |
 
 !!! info "CA Secret"
 
diff --git a/pkg/provider/kubernetes/crd/fixtures/with_servers_transport.yml b/pkg/provider/kubernetes/crd/fixtures/with_servers_transport.yml
index cddf9f5f5..25e4f6a25 100644
--- a/pkg/provider/kubernetes/crd/fixtures/with_servers_transport.yml
+++ b/pkg/provider/kubernetes/crd/fixtures/with_servers_transport.yml
@@ -93,6 +93,7 @@ spec:
   serverName: "test"
   insecureSkipVerify: true
   maxIdleConnsPerHost: 42
+  disableHTTP2: true
   rootCAsSecrets:
   - root-ca0
   - root-ca1
diff --git a/pkg/provider/kubernetes/crd/kubernetes.go b/pkg/provider/kubernetes/crd/kubernetes.go
index 4dd1d208d..1f33d0993 100644
--- a/pkg/provider/kubernetes/crd/kubernetes.go
+++ b/pkg/provider/kubernetes/crd/kubernetes.go
@@ -344,6 +344,7 @@ func (p *Provider) loadConfigurationFromCRD(ctx context.Context, client Client)
 			InsecureSkipVerify:  serversTransport.Spec.InsecureSkipVerify,
 			RootCAs:             rootCAs,
 			Certificates:        certs,
+			DisableHTTP2:        serversTransport.Spec.DisableHTTP2,
 			MaxIdleConnsPerHost: serversTransport.Spec.MaxIdleConnsPerHost,
 			ForwardingTimeouts:  forwardingTimeout,
 		}
diff --git a/pkg/provider/kubernetes/crd/kubernetes_test.go b/pkg/provider/kubernetes/crd/kubernetes_test.go
index c02f9889d..d0f7d18c0 100644
--- a/pkg/provider/kubernetes/crd/kubernetes_test.go
+++ b/pkg/provider/kubernetes/crd/kubernetes_test.go
@@ -3505,6 +3505,7 @@ func TestLoadIngressRoutes(t *testing.T) {
 								{CertFile: "TESTCERT3", KeyFile: "TESTKEY3"},
 							},
 							MaxIdleConnsPerHost: 42,
+							DisableHTTP2:        true,
 							ForwardingTimeouts: &dynamic.ForwardingTimeouts{
 								DialTimeout:           types.Duration(42 * time.Second),
 								ResponseHeaderTimeout: types.Duration(42 * time.Second),