How to proxy the gRPC service
In this practice, we will introduce how to proxy the gRPC service.
Prerequisites#
- Prepare an available Kubernetes cluster in your workstation, we recommend you to use KIND to create a local Kubernetes cluster.
- Install Apache APISIX in Kubernetes by Helm Chart.
- Install apisix-ingress-controller.
Please note that in this practice, all components will be installed in the ingress-apisix namespace. If your Kubernetes cluster does not have such namespace, please create it first.
kubectl create ns ingress-apisix
You could install APISIX and APISIX ingress controller by running:
helm install apisix apisix/apisix -n ingress-apisix --set gateway.type=NodePort --set ingress-controller.enabled=true --set gateway.tls.enabled=true --set ingress-controller.config.apisix.serviceNamespace=ingress-apisix
Check that all related components have been installed successfully, including ETCD cluster / APISIX / apisix-ingress-controller.
kubectl get pod -n ingress-apisix
NAME READY STATUS RESTARTS AGE
apisix-569f94b7b6-qt5jj 1/1 Running 0 101m
apisix-etcd-0 1/1 Running 0 101m
apisix-etcd-1 1/1 Running 0 101m
apisix-etcd-2 1/1 Running 0 101m
apisix-ingress-controller-b5f5d49db-r9cxb 1/1 Running 0 101m
Prepare a gRPC service#
Using yages as the gRPC server.
Declare the deployment configuration of yapes, exposing port 9000.
kubectl run yages -n ingress-apisix --image smirl/yages:0.1.3 --expose --port 9000
Use the service that includes grpcurl to test gRPC connectivity.
kubectl run -it -n ingress-apisix --rm grpcurl --restart=Never --image=quay.io/mhausenblas/gump:0.1 -- sh
If you don't see a command prompt, try pressing enter.
/go $ grpcurl --plaintext yages:9000 yages.Echo.Ping
{
"text": "pong"
}
If you encounter a timeout error, you can first download quay.io/mhausenblas/gump:0.1 to the local.
Declare gRPC proxy configuration#
Create a route and tell APISIX proxy rules#
kubectl apply -f - <<EOF
apiVersion: apisix.apache.org/v2
kind: ApisixRoute
metadata:
name: grpc-proxy-route
namespace: ingress-apisix
spec:
http:
- name: grpc-route
match:
hosts:
- grpc-proxy
paths:
- "/*"
backends:
- serviceName: yages
servicePort: 9000
weight: 10
EOF
Inform APISIX the yages is a gRPC server through ApisixUpstream#
kubectl apply -f - <<EOF
apiVersion: apisix.apache.org/v2
kind: ApisixUpstream
metadata:
name: yages
namespace: ingress-apisix
spec:
scheme: grpc
EOF
Configure certificates for gRPC#
Common Name should be grpc-proxy, which needs to be consistent with the hosts declared in ApisixRoute.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=grpc-proxy/O=grpc-proxy"
Store key and crt in secret.
kubectl create secret tls grpc-secret -n ingress-apisix --cert=tls.crt --key=tls.key
Inform APISIX SSL configuration through ApisixTls.
kubectl apply -f - <<EOF
apiVersion: apisix.apache.org/v2
kind: ApisixTls
metadata:
name: grpc-secret
namespace: ingress-apisix
spec:
hosts:
- "grpc-proxy"
secret:
name: grpc-secret
namespace: ingress-apisix
EOF
Test#
OK, the configuration is complete, continue to verify through grpcurl, this time we visit the yages service through the Apache APISIX proxy.
Check the APISIX DP (Data Plane) service, which is apisix-gateway in this example.
kubectl get svc -n ingress-apisix
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
apisix-admin ClusterIP 10.96.49.113 <none> 9180/TCP 98m
apisix-etcd ClusterIP 10.96.81.162 <none> 2379/TCP,2380/TCP 98m
apisix-etcd-headless ClusterIP None <none> 2379/TCP,2380/TCP 98m
apisix-gateway NodePort 10.96.74.145 <none> 80:32600/TCP,443:32103/TCP 98m
apisix-ingress-controller ClusterIP 10.96.78.108 <none> 80/TCP 98m
yages ClusterIP 10.96.37.236 <none> 9000/TCP 94m
kubectl run -it -n ingress-apisix --rm grpcurl --restart=Never --image=quay.io/mhausenblas/gump:0.1 -- sh
If you don't see a command prompt, try pressing enter.
/go $ grpcurl --insecure -servername grpc-proxy apisix-gateway:443 yages.Echo.Ping
{
"text": "pong"
}
APISIX proxy gRPC server succeeded.
Cleanup#
kubectl delete ns ingress-apisix