Merge pull request kubernetes#129538 from hzxuzhonghu/http2-clean

Cleanup: only initiate http2 server options when http2 is not disabled

Author: k8s-ci-robot

staging/src/k8s.io/apiserver/pkg/server/secure_serving.go

@@ -172,33 +172,31 @@ func (s *SecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Dur
 		ReadHeaderTimeout: 32 * time.Second, // just shy of requestTimeoutUpperBound
 	}
 
-	// At least 99% of serialized resources in surveyed clusters were smaller than 256kb.
-	// This should be big enough to accommodate most API POST requests in a single frame,
-	// and small enough to allow a per connection buffer of this size multiplied by `MaxConcurrentStreams`.
-	const resourceBody99Percentile = 256 * 1024
-
-	http2Options := &http2.Server{
-		IdleTimeout: 90 * time.Second, // matches http.DefaultTransport keep-alive timeout
-	}
-
-	// shrink the per-stream buffer and max framesize from the 1MB default while still accommodating most API POST requests in a single frame
-	http2Options.MaxUploadBufferPerStream = resourceBody99Percentile
-	http2Options.MaxReadFrameSize = resourceBody99Percentile
-
-	// use the overridden concurrent streams setting or make the default of 250 explicit so we can size MaxUploadBufferPerConnection appropriately
-	if s.HTTP2MaxStreamsPerConnection > 0 {
-		http2Options.MaxConcurrentStreams = uint32(s.HTTP2MaxStreamsPerConnection)
-	} else {
-		// match http2.initialMaxConcurrentStreams used by clients
-		// this makes it so that a malicious client can only open 400 streams before we forcibly close the connection
-		// https://github.com/golang/net/commit/b225e7ca6dde1ef5a5ae5ce922861bda011cfabd
-		http2Options.MaxConcurrentStreams = 100
-	}
+	if !s.DisableHTTP2 {
+		// At least 99% of serialized resources in surveyed clusters were smaller than 256kb.
+		// This should be big enough to accommodate most API POST requests in a single frame,
+		// and small enough to allow a per connection buffer of this size multiplied by `MaxConcurrentStreams`.
+		const resourceBody99Percentile = 256 * 1024
+
+		http2Options := &http2.Server{
+			IdleTimeout: 90 * time.Second, // matches http.DefaultTransport keep-alive timeout
+			// shrink the per-stream buffer and max framesize from the 1MB default while still accommodating most API POST requests in a single frame
+			MaxUploadBufferPerStream: resourceBody99Percentile,
+			MaxReadFrameSize:         resourceBody99Percentile,
+		}
 
-	// increase the connection buffer size from the 1MB default to handle the specified number of concurrent streams
-	http2Options.MaxUploadBufferPerConnection = http2Options.MaxUploadBufferPerStream * int32(http2Options.MaxConcurrentStreams)
+		// use the overridden concurrent streams setting or make the default of 250 explicit so we can size MaxUploadBufferPerConnection appropriately
+		if s.HTTP2MaxStreamsPerConnection > 0 {
+			http2Options.MaxConcurrentStreams = uint32(s.HTTP2MaxStreamsPerConnection)
+		} else {
+			// match http2.initialMaxConcurrentStreams used by clients
+			// this makes it so that a malicious client can only open 400 streams before we forcibly close the connection
+			// https://github.com/golang/net/commit/b225e7ca6dde1ef5a5ae5ce922861bda011cfabd
+			http2Options.MaxConcurrentStreams = 100
+		}
 
-	if !s.DisableHTTP2 {
+		// increase the connection buffer size from the 1MB default to handle the specified number of concurrent streams
+		http2Options.MaxUploadBufferPerConnection = http2Options.MaxUploadBufferPerStream * int32(http2Options.MaxConcurrentStreams)
 		// apply settings to the server
 		if err := http2.ConfigureServer(secureServer, http2Options); err != nil {
 			return nil, nil, fmt.Errorf("error configuring http2: %v", err)