In this practice, we will introduce how to proxy the gRPC service.
Please note that in this practice, all components will be installed in the ingress-apisix namespace. If your Kubernetes cluster does not have such namespace, please create it first.
kubectl create ns ingress-apisix
You could install APISIX and APISIX ingress controller by running:
helm install apisix apisix/apisix -n ingress-apisix --set gateway.type=NodePort --set ingress-controller.enabled=true --set gateway.tls.enabled=true --set ingress-controller.config.apisix.serviceNamespace=ingress-apisix
Check that all related components have been installed successfully, including ETCD cluster / APISIX / apisix-ingress-controller.
kubectl get pod -n ingress-apisix NAME READY STATUS RESTARTS AGE apisix-569f94b7b6-qt5jj 1/1 Running 0 101m apisix-etcd-0 1/1 Running 0 101m apisix-etcd-1 1/1 Running 0 101m apisix-etcd-2 1/1 Running 0 101m apisix-ingress-controller-b5f5d49db-r9cxb 1/1 Running 0 101m
Using yages as the gRPC server.
Declare the deployment configuration of yapes, exposing port 9000.
kubectl run yages -n ingress-apisix --image smirl/yages:0.1.3 --expose --port 9000
Use the service that includes grpcurl to test gRPC connectivity.
kubectl run -it -n ingress-apisix --rm grpcurl --restart=Never --image=quay.io/mhausenblas/gump:0.1 -- sh If you don't see a command prompt, try pressing enter. /go $ grpcurl --plaintext yages:9000 yages.Echo.Ping { "text": "pong" }
If you encounter a timeout error, you can first download quay.io/mhausenblas/gump:0.1 to the local.
kubectl apply -f - <<EOF apiVersion: apisix.apache.org/v2 kind: ApisixRoute metadata: name: grpc-proxy-route namespace: ingress-apisix spec: http: - name: grpc-route match: hosts: - grpc-proxy paths: - "/*" backends: - serviceName: yages servicePort: 9000 weight: 10 EOF
kubectl apply -f - <<EOF apiVersion: apisix.apache.org/v2 kind: ApisixUpstream metadata: name: yages namespace: ingress-apisix spec: scheme: grpc EOF
Common Name should be grpc-proxy, which needs to be consistent with the hosts declared in ApisixRoute.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=grpc-proxy/O=grpc-proxy"
Store key and crt in secret.
kubectl create secret tls grpc-secret -n ingress-apisix --cert=tls.crt --key=tls.key
Inform APISIX SSL configuration through ApisixTls.
kubectl apply -f - <<EOF apiVersion: apisix.apache.org/v2 kind: ApisixTls metadata: name: grpc-secret namespace: ingress-apisix spec: hosts: - "grpc-proxy" secret: name: grpc-secret namespace: ingress-apisix EOF
OK, the configuration is complete, continue to verify through grpcurl, this time we visit the yages service through the Apache APISIX proxy.
Check the APISIX DP (Data Plane) service, which is apisix-gateway in this example.
kubectl get svc -n ingress-apisix NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE apisix-admin ClusterIP 10.96.49.113 <none> 9180/TCP 98m apisix-etcd ClusterIP 10.96.81.162 <none> 2379/TCP,2380/TCP 98m apisix-etcd-headless ClusterIP None <none> 2379/TCP,2380/TCP 98m apisix-gateway NodePort 10.96.74.145 <none> 80:32600/TCP,443:32103/TCP 98m apisix-ingress-controller ClusterIP 10.96.78.108 <none> 80/TCP 98m yages ClusterIP 10.96.37.236 <none> 9000/TCP 94m
kubectl run -it -n ingress-apisix --rm grpcurl --restart=Never --image=quay.io/mhausenblas/gump:0.1 -- sh If you don't see a command prompt, try pressing enter. /go $ grpcurl --insecure -servername grpc-proxy apisix-gateway:443 yages.Echo.Ping { "text": "pong" }
APISIX proxy gRPC server succeeded.
kubectl delete ns ingress-apisix