From 38c77e0f3368d4d90c591c68a7f3833092e84e8b Mon Sep 17 00:00:00 2001
From: Eric Chiang <eric.chiang@coreos.com>
Date: Fri, 13 Jan 2017 16:49:06 -0800
Subject: [PATCH] storage/kubernetes: enable HTTP/2 support

---
 storage/kubernetes/client.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/storage/kubernetes/client.go b/storage/kubernetes/client.go
index 55e319d7..1f562165 100644
--- a/storage/kubernetes/client.go
+++ b/storage/kubernetes/client.go
@@ -25,6 +25,7 @@ import (
 	"github.com/ghodss/yaml"
 	"github.com/gtank/cryptopasta"
 	"golang.org/x/net/context"
+	"golang.org/x/net/http2"
 
 	"github.com/coreos/dex/storage"
 	"github.com/coreos/dex/storage/kubernetes/k8sapi"
@@ -285,7 +286,8 @@ func newClient(cluster k8sapi.Cluster, user k8sapi.AuthInfo, namespace string, l
 		tlsConfig.Certificates = []tls.Certificate{cert}
 	}
 
-	var t http.RoundTripper = &http.Transport{
+	var t http.RoundTripper
+	httpTransport := &http.Transport{
 		Proxy: http.ProxyFromEnvironment,
 		Dial: (&net.Dialer{
 			Timeout:   30 * time.Second,
@@ -296,6 +298,15 @@ func newClient(cluster k8sapi.Cluster, user k8sapi.AuthInfo, namespace string, l
 		ExpectContinueTimeout: 1 * time.Second,
 	}
 
+	// Since we set a custom TLS client config we have to explicitly
+	// enable HTTP/2.
+	//
+	// https://github.com/golang/go/blob/go1.7.4/src/net/http/transport.go#L200-L206
+	if err := http2.ConfigureTransport(httpTransport); err != nil {
+		return nil, err
+	}
+	t = httpTransport
+
 	if user.Token != "" {
 		t = transport{
 			updateReq: func(r *http.Request) {