[wip] update deps to drop h2c lib

.github/workflows/kind-e2e.yaml

@@ -94,6 +94,7 @@ jobs:
         # Disabled due to flakiness: https://github.com/knative/serving/issues/14637
         # - istio-ambient
         - contour
+        - contour-tls
         - gateway_istio
         - gateway_contour
 
@@ -135,6 +136,10 @@ jobs:
           ingress-class: kourier
           enable-tls: 1
 
+        - ingress: contour-tls
+          ingress-class: contour
+          enable-tls: 1
+
         - test-suite: runtime
           test-path: ./test/conformance/runtime/...
 

go.mod

@@ -168,3 +168,5 @@ require (
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 	sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
 )
+
+replace knative.dev/pkg => github.com/dprotaso/pkg v0.0.0-20251130213149-b24adc693a81

go.sum

@@ -111,6 +111,8 @@ github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBi
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
 github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
+github.com/dprotaso/pkg v0.0.0-20251130213149-b24adc693a81 h1:7YeAKV/I+qI9cTjspBgyq2b9Weu2xiyBYXwqiIpy/Fc=
+github.com/dprotaso/pkg v0.0.0-20251130213149-b24adc693a81/go.mod h1:Eh9hwzqriXEfHiXcCuOYExUj7WH8prk57V6qSeO6m94=
 github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU=
 github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -592,8 +594,6 @@ knative.dev/hack v0.0.0-20251126013634-1484a9e9b641 h1:N9Xqx3YLUNFN1WIc3UXTanK4j
 knative.dev/hack v0.0.0-20251126013634-1484a9e9b641/go.mod h1:L5RzHgbvam0u8QFHfzCX6MKxu/a/gIGEdaRBqNiVbl0=
 knative.dev/networking v0.0.0-20251126213812-ebe48fd53262 h1:CEFraQgj5csZPv2NgCA4h8Bz09BEUo5nFBOE552KV/8=
 knative.dev/networking v0.0.0-20251126213812-ebe48fd53262/go.mod h1:nxN+sYiQCoT2FLgSMTShXYmYYcb7rALHSOz6l5RjCp4=
-knative.dev/pkg v0.0.0-20251126013532-e853b1d1d6bb h1:JhpOj4b8wdTjbahkCyZUaFlkuHib/6uCVyjPI/W4MPg=
-knative.dev/pkg v0.0.0-20251126013532-e853b1d1d6bb/go.mod h1:KFRQGFIcsdi9fDto0lGkcz/NwnNr/8hq9mmLyBuLkro=
 pgregory.net/rapid v1.1.0 h1:CMa0sjHSru3puNx+J0MIAuiiEV4N0qj8/cMWGBBCsjw=
 pgregory.net/rapid v1.1.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04=
 sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM=

test/e2e_flags.go

@@ -85,7 +85,7 @@ func initializeServingFlags() *ServingEnvironmentFlags {
 	flag.BoolVar(&f.DisableOptionalAPI, "disable-optional-api", false,
 		"Set this flag to skip conformance tests against optional API.")
 
-	flag.BoolVar(&f.SkipCleanupOnFail, "skip-cleanup-on-fail", false, "Set this flag to skip cleanup if test fails.")
+	flag.BoolVar(&f.SkipCleanupOnFail, "skip-cleanup-on-fail", true, "Set this flag to skip cleanup if test fails.")
 
 	flag.StringVar(&f.TestNamespace, "test-namespace", "serving-tests",
 		"Set this flag to change the default namespace for running tests.")

vendor/knative.dev/pkg/network/server.go

@@ -0,0 +1,38 @@
+/*
+Copyright 2025 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package network
+
+import (
+	"net/http"
+	"time"
+)
+
+func NewServer(addr string, h http.Handler) *http.Server {
+	var protocols http.Protocols
+	protocols.SetHTTP1(true)
+	protocols.SetHTTP2(true)
+	protocols.SetUnencryptedHTTP2(true)
+
+	return &http.Server{
+		Addr:      addr,
+		Handler:   h,
+		Protocols: &protocols,
+
+		// https://medium.com/a-journey-with-go/go-understand-and-mitigate-slowloris-attack-711c1b1403f6
+		ReadHeaderTimeout: time.Minute,
+	}
+}

vendor/knative.dev/pkg/network/transports.go

@@ -117,61 +117,120 @@ func dialBackOffHelper(ctx context.Context, network, address string, bo wait.Bac
 	return nil, fmt.Errorf("%w %s after %.2fs", ErrTimeoutDialing, address, elapsed.Seconds())
 }
 
-func newHTTPTransport(disableKeepAlives, disableCompression bool, maxIdle, maxIdlePerHost int) http.RoundTripper {
+func newHTTPTransport(
+	disableKeepAlives,
+	disableCompression bool,
+	maxIdle,
+	maxIdlePerHost int,
+) *http.Transport {
+	var protocols http.Protocols
+	protocols.SetHTTP1(true)
+
 	transport := http.DefaultTransport.(*http.Transport).Clone()
 	transport.DialContext = DialWithBackOff
 	transport.DisableKeepAlives = disableKeepAlives
 	transport.MaxIdleConns = maxIdle
 	transport.MaxIdleConnsPerHost = maxIdlePerHost
 	transport.ForceAttemptHTTP2 = false
 	transport.DisableCompression = disableCompression
+	transport.Protocols = &protocols
+
 	return transport
 }
 
 type DialTLSContextFunc func(ctx context.Context, network, addr string) (net.Conn, error)
 
-func newHTTPSTransport(disableKeepAlives, disableCompression bool, maxIdle, maxIdlePerHost int, tlsContext DialTLSContextFunc) http.RoundTripper {
+func newHTTPSTransport(
+	disableKeepAlives,
+	disableCompression bool,
+	maxIdle,
+	maxIdlePerHost int,
+	tlsContext DialTLSContextFunc,
+) *http.Transport {
+	var protocols http.Protocols
+	protocols.SetHTTP1(true)
+
 	transport := http.DefaultTransport.(*http.Transport).Clone()
 	transport.DisableKeepAlives = disableKeepAlives
 	transport.MaxIdleConns = maxIdle
 	transport.MaxIdleConnsPerHost = maxIdlePerHost
 	transport.ForceAttemptHTTP2 = false
 	transport.DisableCompression = disableCompression
 	transport.DialTLSContext = tlsContext
+	transport.Protocols = &protocols
 
 	return transport
 }
 
 // NewProberTransport creates a RoundTripper that is useful for probing,
 // since it will not cache connections.
 func NewProberTransport() http.RoundTripper {
-	return newAutoTransport(
-		newHTTPTransport(true /*disable keep-alives*/, false /*disable auto-compression*/, 0, 0 /*no caching*/),
-		NewH2CTransport())
+	http := newHTTPTransport(
+		true,  /*disable keep-alives*/
+		false, /*disable auto-compression*/
+		0,     /*max idle*/
+		0,     /*no caching*/
+	)
+
+	// h2 prior knowledge
+	h2 := http.Clone()
+	h2.Protocols.SetHTTP1(false)
+	h2.Protocols.SetUnencryptedHTTP2(true)
+
+	return newAutoTransport(http, h2)
 }
 
 // NewProxyAutoTLSTransport is same with NewProxyAutoTransport but it has DialTLSContextFunc to create HTTPS request.
 func NewProxyAutoTLSTransport(maxIdle, maxIdlePerHost int, tlsContext DialTLSContextFunc) http.RoundTripper {
-	return newAutoTransport(
-		newHTTPSTransport(false /*disable keep-alives*/, true /*disable auto-compression*/, maxIdle, maxIdlePerHost, tlsContext),
-		newH2Transport(true /*disable auto-compression*/, tlsContext))
+	https := newHTTPSTransport(
+		false, /*disable keep-alives*/
+		true,  /*disable auto-compression*/
+		maxIdle,
+		maxIdlePerHost,
+		tlsContext,
+	)
+
+	h2 := https.Clone()
+	h2.Protocols.SetHTTP1(false)
+	h2.Protocols.SetHTTP2(true)
+	h2.Protocols.SetUnencryptedHTTP2(true)
+
+	return newAutoTransport(https, h2)
 }
 
 // NewAutoTransport creates a RoundTripper that can use appropriate transport
 // based on the request's HTTP version.
 func NewAutoTransport(maxIdle, maxIdlePerHost int) http.RoundTripper {
-	return newAutoTransport(
-		newHTTPTransport(false /*disable keep-alives*/, false /*disable auto-compression*/, maxIdle, maxIdlePerHost),
-		newH2CTransport(false /*disable auto-compression*/))
+	http := newHTTPTransport(
+		false, /*disable keep-alives*/
+		false, /*disable auto-compression*/
+		maxIdle,
+		maxIdlePerHost,
+	)
+
+	h2 := http.Clone()
+	h2.Protocols.SetHTTP1(false)
+	h2.Protocols.SetUnencryptedHTTP2(true)
+
+	return newAutoTransport(http, h2)
 }
 
 // NewProxyAutoTransport creates a RoundTripper suitable for use by a reverse
 // proxy.  The returned transport uses HTTP or H2C based on the request's HTTP
 // version. The transport has DisableCompression set to true.
 func NewProxyAutoTransport(maxIdle, maxIdlePerHost int) http.RoundTripper {
-	return newAutoTransport(
-		newHTTPTransport(false /*disable keep-alives*/, true /*disable auto-compression*/, maxIdle, maxIdlePerHost),
-		newH2CTransport(true /*disable auto-compression*/))
+	http := newHTTPTransport(
+		false, /*disable keep-alives*/
+		true,  /*disable auto-compression*/
+		maxIdle,
+		maxIdlePerHost,
+	)
+
+	h2 := http.Clone()
+	h2.Protocols.SetHTTP1(false)
+	h2.Protocols.SetUnencryptedHTTP2(true)
+
+	return newAutoTransport(http, h2)
 }
 
 // AutoTransport uses h2c for HTTP2 requests and falls back to `http.DefaultTransport` for all others

vendor/modules.txt

@@ -1522,7 +1522,7 @@ knative.dev/networking/pkg/http/proxy
 knative.dev/networking/pkg/http/stats
 knative.dev/networking/pkg/ingress
 knative.dev/networking/pkg/prober
-# knative.dev/pkg v0.0.0-20251126013532-e853b1d1d6bb
+# knative.dev/pkg v0.0.0-20251126013532-e853b1d1d6bb => github.com/dprotaso/pkg v0.0.0-20251130213149-b24adc693a81
 ## explicit; go 1.24.0
 knative.dev/pkg/apiextensions/storageversion
 knative.dev/pkg/apiextensions/storageversion/cmd/migrate
@@ -1669,3 +1669,4 @@ sigs.k8s.io/structured-merge-diff/v6/value
 # sigs.k8s.io/yaml v1.6.0
 ## explicit; go 1.22
 sigs.k8s.io/yaml
+# knative.dev/pkg => github.com/dprotaso/pkg v0.0.0-20251130213149-b24adc693a81