In this practice, we will introduce how to proxy the gRPC service.
Please note that in this practice, all components will be installed in the ingress-apisix
namespace. If your Kubernetes cluster does not have such namespace, please create it first.
kubectl create ns ingress-apisix
You could install APISIX and APISIX ingress controller by running:
helm install apisix apisix/apisix -n ingress-apisix --set gateway.type=NodePort --set ingress-controller.enabled=true --set gateway.tls.enabled=true --set ingress-controller.config.apisix.serviceNamespace=ingress-apisix
Check that all related components have been installed successfully, including ETCD cluster / APISIX / apisix-ingress-controller.
kubectl get pod -n ingress-apisix NAME READY STATUS RESTARTS AGE apisix-569f94b7b6-qt5jj 1/1 Running 0 101m apisix-etcd-0 1/1 Running 0 101m apisix-etcd-1 1/1 Running 0 101m apisix-etcd-2 1/1 Running 0 101m apisix-ingress-controller-b5f5d49db-r9cxb 1/1 Running 0 101m
Using yages as the gRPC server.
Declare the deployment configuration of yapes, exposing port 9000
.
kubectl run yages -n ingress-apisix --image smirl/yages:0.1.3 --expose --port 9000
Use the service that includes grpcurl
to test gRPC connectivity.
kubectl run -it -n ingress-apisix --rm grpcurl --restart=Never --image=quay.io/mhausenblas/gump:0.1 -- sh If you don't see a command prompt, try pressing enter. /go $ grpcurl --plaintext yages:9000 yages.Echo.Ping { "text": "pong" }
If you encounter a timeout error, you can first download quay.io/mhausenblas/gump:0.1
to the local.
kubectl apply -f - <<EOF apiVersion: apisix.apache.org/v2 kind: ApisixRoute metadata: name: grpc-proxy-route namespace: ingress-apisix spec: http: - name: grpc-route match: hosts: - grpc-proxy paths: - "/*" backends: - serviceName: yages servicePort: 9000 weight: 10 EOF
kubectl apply -f - <<EOF apiVersion: apisix.apache.org/v2 kind: ApisixUpstream metadata: name: yages namespace: ingress-apisix spec: scheme: grpc EOF
Common Name should be grpc-proxy
, which needs to be consistent with the hosts declared in ApisixRoute.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=grpc-proxy/O=grpc-proxy"
Store key and crt in secret.
kubectl create secret tls grpc-secret -n ingress-apisix --cert=tls.crt --key=tls.key
Inform APISIX SSL configuration through ApisixTls.
kubectl apply -f - <<EOF apiVersion: apisix.apache.org/v2 kind: ApisixTls metadata: name: grpc-secret namespace: ingress-apisix spec: hosts: - "grpc-proxy" secret: name: grpc-secret namespace: ingress-apisix EOF
OK, the configuration is complete, continue to verify through grpcurl
, this time we visit the yages
service through the Apache APISIX proxy.
Check the APISIX DP (Data Plane) service, which is apisix-gateway in this example.
kubectl get svc -n ingress-apisix NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE apisix-admin ClusterIP 10.96.49.113 <none> 9180/TCP 98m apisix-etcd ClusterIP 10.96.81.162 <none> 2379/TCP,2380/TCP 98m apisix-etcd-headless ClusterIP None <none> 2379/TCP,2380/TCP 98m apisix-gateway NodePort 10.96.74.145 <none> 80:32600/TCP,443:32103/TCP 98m apisix-ingress-controller ClusterIP 10.96.78.108 <none> 80/TCP 98m yages ClusterIP 10.96.37.236 <none> 9000/TCP 94m
kubectl run -it -n ingress-apisix --rm grpcurl --restart=Never --image=quay.io/mhausenblas/gump:0.1 -- sh If you don't see a command prompt, try pressing enter. /go $ grpcurl --insecure -servername grpc-proxy apisix-gateway:443 yages.Echo.Ping { "text": "pong" }
APISIX proxy gRPC server succeeded.
kubectl delete ns ingress-apisix