In this practice, we will introduce how to proxy the gRPC service.
Please note that in this practice, all components will be installed in the ingress-apisix namespace. If your Kubernetes cluster does not have such namespace, please create it first.
kubectl create ns ingress-apisix
You could install APISIX and APISIX ingress controller by running:
# We use Apisix 3.0 in this example. If you're using Apisix v2.x, please set to v2 ADMIN_API_VERSION=v3 helm install apisix apisix/apisix -n ingress-apisix \ --set service.type=NodePort \ --set ingress-controller.enabled=true \ --set apisix.ssl.enabled=true \ --set ingress-controller.config.apisix.serviceNamespace=ingress-apisix \ --set ingress-controller.config.apisix.adminAPIVersion=$ADMIN_API_VERSION
Check that all related components have been installed successfully, including ETCD cluster / APISIX / apisix-ingress-controller.
$ kubectl get pod -n ingress-apisix NAME READY STATUS RESTARTS AGE apisix-569f94b7b6-qt5jj 1/1 Running 0 101m apisix-etcd-0 1/1 Running 0 101m apisix-etcd-1 1/1 Running 0 101m apisix-etcd-2 1/1 Running 0 101m apisix-ingress-controller-b5f5d49db-r9cxb 1/1 Running 0 101m
Using yages as the gRPC server.
Declare the deployment configuration of yapes, exposing port 9000.
kubectl run yages -n ingress-apisix --image smirl/yages:0.1.3 --expose --port 9000
Use the service that includes grpcurl to test gRPC connectivity.
$ kubectl run -it -n ingress-apisix --rm grpcurl --restart=Never --image=fullstorydev/grpcurl:v1.8.7 --command -- \ /bin/grpcurl -plaintext yages:9000 yages.Echo.Ping # It should output: { "text": "pong" }
If you encounter a timeout error, you can first download quay.io/mhausenblas/gump:0.1 to the local.
kubectl apply -f - <<EOF apiVersion: apisix.apache.org/v2 kind: ApisixRoute metadata: name: grpc-proxy-route namespace: ingress-apisix spec: http: - name: grpc-route match: hosts: - grpc-proxy paths: - "/*" backends: - serviceName: yages servicePort: 9000 weight: 10 EOF
kubectl apply -f - <<EOF apiVersion: apisix.apache.org/v2 kind: ApisixUpstream metadata: name: yages namespace: ingress-apisix spec: scheme: grpc EOF
Common Name should be grpc-proxy, which needs to be consistent with the hosts declared in ApisixRoute.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=grpc-proxy/O=grpc-proxy"
Store key and crt in secret.
kubectl create secret tls grpc-secret -n ingress-apisix --cert=tls.crt --key=tls.key
Inform APISIX SSL configuration through ApisixTls.
kubectl apply -f - <<EOF apiVersion: apisix.apache.org/v2 kind: ApisixTls metadata: name: grpc-secret namespace: ingress-apisix spec: hosts: - "grpc-proxy" secret: name: grpc-secret namespace: ingress-apisix EOF
OK, the configuration is complete, continue to verify through grpcurl, this time we visit the yages service through the Apache APISIX proxy.
Check the APISIX DP (Data Plane) service, which is apisix-gateway in this example.
kubectl get svc -n ingress-apisix NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE apisix-admin ClusterIP 10.96.49.113 <none> 9180/TCP 98m apisix-etcd ClusterIP 10.96.81.162 <none> 2379/TCP,2380/TCP 98m apisix-etcd-headless ClusterIP None <none> 2379/TCP,2380/TCP 98m apisix-gateway NodePort 10.96.74.145 <none> 80:32600/TCP,443:32103/TCP 98m apisix-ingress-controller ClusterIP 10.96.78.108 <none> 80/TCP 98m yages ClusterIP 10.96.37.236 <none> 9000/TCP 94m
$ kubectl run -it -n ingress-apisix --rm grpcurl --restart=Never --image=fullstorydev/grpcurl:v1.8.7 --command -- \ /bin/grpcurl -insecure -servername grpc-proxy apisix-gateway:443 yages.Echo.Ping # It should output: { "text": "pong" }
APISIX proxy gRPC server succeeded.
kubectl delete ns ingress-apisix