How to proxy the gRPC service
In this practice, we will introduce how to proxy the gRPC service.
Prerequisites#
- Prepare an available Kubernetes cluster in your workstation, we recommend you to use KIND to create a local Kubernetes cluster.
- Install Apache APISIX in Kubernetes by Helm Chart.
- Install apisix-ingress-controller.
Please note that in this practice, all components will be installed in the ingress-apisix namespace. If your Kubernetes cluster does not have such namespace, please create it first.
kubectl create ns ingress-apisixYou could install APISIX and APISIX ingress controller by running:
helm install apisix apisix/apisix -n ingress-apisix --set gateway.type=NodePort --set ingress-controller.enabled=true --set gateway.tls.enabled=true --set ingress-controller.config.apisix.serviceNamespace=ingress-apisixCheck that all related components have been installed successfully, including ETCD cluster / APISIX / apisix-ingress-controller.
kubectl get pod -n ingress-apisixNAME READY STATUS RESTARTS AGEapisix-569f94b7b6-qt5jj 1/1 Running 0 101mapisix-etcd-0 1/1 Running 0 101mapisix-etcd-1 1/1 Running 0 101mapisix-etcd-2 1/1 Running 0 101mapisix-ingress-controller-b5f5d49db-r9cxb 1/1 Running 0 101mPrepare a gRPC service#
Using yages as the gRPC server.
Declare the deployment configuration of yapes, exposing port 9000.
kubectl run yages -n ingress-apisix --image smirl/yages:0.1.3 --expose --port 9000Use the service that includes grpcurl to test gRPC connectivity.
kubectl run -it -n ingress-apisix --rm grpcurl --restart=Never --image=quay.io/mhausenblas/gump:0.1 -- shIf you don't see a command prompt, try pressing enter./go $ grpcurl --plaintext yages:9000 yages.Echo.Ping{ "text": "pong"}If you encounter a timeout error, you can first download quay.io/mhausenblas/gump:0.1 to the local.
Declare gRPC proxy configuration#
Create a route and tell APISIX proxy rules#
kubectl apply -f - <<EOFapiVersion: apisix.apache.org/v2beta3kind: ApisixRoutemetadata: name: grpc-proxy-route namespace: ingress-apisixspec: http: - name: grpc-route match: hosts: - grpc-proxy paths: - "/*" backends: - serviceName: yages servicePort: 9000 weight: 10EOFInform APISIX the yages is a gRPC server through ApisixUpstream#
kubectl apply -f - <<EOFapiVersion: apisix.apache.org/v1kind: ApisixUpstreammetadata: name: yages namespace: ingress-apisixspec: scheme: grpcEOFConfigure certificates for gRPC#
Common Name should be grpc-proxy, which needs to be consistent with the hosts declared in ApisixRoute.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=grpc-proxy/O=grpc-proxy"Store key and crt in secret.
kubectl create secret tls grpc-secret -n ingress-apisix --cert=tls.crt --key=tls.keyInform APISIX SSL configuration through ApisixTls.
kubectl apply -f - <<EOFapiVersion: apisix.apache.org/v1kind: ApisixTlsmetadata: name: grpc-secret namespace: ingress-apisixspec: hosts: - "grpc-proxy" secret: name: grpc-secret namespace: ingress-apisixEOFTest#
OK, the configuration is complete, continue to verify through grpcurl, this time we visit the yages service through the Apache APISIX proxy.
Check the APISIX DP (Data Plane) service, which is apisix-gateway in this example.
kubectl get svc -n ingress-apisixNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEapisix-admin ClusterIP 10.96.49.113 <none> 9180/TCP 98mapisix-etcd ClusterIP 10.96.81.162 <none> 2379/TCP,2380/TCP 98mapisix-etcd-headless ClusterIP None <none> 2379/TCP,2380/TCP 98mapisix-gateway NodePort 10.96.74.145 <none> 80:32600/TCP,443:32103/TCP 98mapisix-ingress-controller ClusterIP 10.96.78.108 <none> 80/TCP 98myages ClusterIP 10.96.37.236 <none> 9000/TCP 94mkubectl run -it -n ingress-apisix --rm grpcurl --restart=Never --image=quay.io/mhausenblas/gump:0.1 -- shIf you don't see a command prompt, try pressing enter./go $ grpcurl --insecure -servername grpc-proxy apisix-gateway:443 yages.Echo.Ping{ "text": "pong"}APISIX proxy gRPC server succeeded.
Cleanup#
kubectl delete ns ingress-apisix