contour
contour copied to clipboard
projectcontour
Instructions for presenting grpc services needs a guide
We need a guide that concisely describes the HTTPProxy configuration and service annotations required to proxy grpc through contour.
Awesome all yours @reagul!
Some work steps in my head if this helps:
- I think this would be a good "guide" where you'd add a new file here: https://github.com/projectcontour/contour/tree/master/site/_guides
- If you want to test what it looks like on your machine you can run:
make site-develand open up a browser tolocalhost:4000 - It would be good to link to this guide from the
annotationspage as well as theHTTPProxy
hey folks! Any progress on this? I was just looking for this exact info. Happy to help if anyone can point me at a starting point.
hey folks! Any progress on this? I was just looking for this exact info. Happy to help if anyone can point me at a starting point.
To expose gRPC services, you would need to enable TLS on the virtual hosts and set the h2 protocol on any upstream service entries.
If you'd like to contribute a specific user guide, that would be great. Steve's comment above and the site contribution doc should help you get started with the docs.
Hmm, it doesn't look like there's much movement here. I'd agree that this one is prime candidate for a fresh guide. Perhaps @OrlinVasilev or @jonasrosland could raise this one at a Tech Docs WG meeting?
@reagul did you make any progress on that or we can restart that topic?
A guide would be really helpful. Am stumbling piecing together what's required in the contour+envoy config to make this work
@jpeach - are you still interested in that or if anyone else wants to take it ?
I think that James has moved on and will not be interested in updating here.
Was able to piece it together - props to y'all and this amazing project. There were only 2 custom parts to getting grpc-web working
envoy-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: adddog-envoy-config
data:
config.yaml: |
domain: contour
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9901 }
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match: { prefix: "/" }
route:
cluster: echo_service
timeout: 0s
max_stream_duration:
grpc_timeout_header_max: 0s
cors:
allow_origin_string_match:
- prefix: "*"
allow_methods: GET, PUT, DELETE, POST, OPTIONS
allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,custom-header-1,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
max_age: "1728000"
expose_headers: custom-header-1,grpc-status,grpc-message
http_filters:
- name: envoy.filters.http.grpc_web
- name: envoy.filters.http.cors
- name: envoy.filters.http.router
clusters:
- name: echo_service
connect_timeout: 0.25s
type: logical_dns
http2_protocol_options: {}
lb_policy: round_robin
load_assignment:
cluster_name: cluster_0
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: node-server
port_value: 50051
Then used the example project https://github.com/projectcontour/contour/tree/main/examples/contour , just changing the loadBalancerIP to the GKE static ip
I wrote custom HTTPProxy in Tanka so it's kinda hard to share, but can do if someone asks. Essentially, combined the letsencrypt and cors guides , also adding protocol: 'h2c', to the services block made it all work. Also the timeoutPolicy on the route block has been useful for the grpc streams
As long as its acceptable I gloss over pieces I don't understand. Of course if someone helps give some depth to my shallow understanding of some of the envoy config in particular, this would be most welcome and perhaps the guide would better obfuscate my nativity with the whole k8s thing.
I can write a guide based on this grpc-web experience, sure.
This looks interesting @samelie, thanks! How are you applying the envoy config?
Here's a draft based on my experience https://gist.github.com/samelie/e9a30aecf0fbbc6e903fe5598153273b . Lmk thoughts if anyone has bandwidth
cc @sunjayBhatia, I'm thinking it'd be nice to have a sample gRPC client & server that folks could actually run as part of the guide -- could containerize the demo used in https://grpc.io/docs/languages/go/quickstart/.
cc @sunjayBhatia, I'm thinking it'd be nice to have a sample gRPC client & server that folks could actually run as part of the guide -- could containerize the demo used in https://grpc.io/docs/languages/go/quickstart/.
yeah thats what i was thinking as well, was seeing whether we should use an existing service like that or write our own fixture
also to accompany maybe some e2e tests to make sure we can show everything works
also to accompany maybe some e2e tests to make sure we can show everything works
Big :+1:
so far for a test fixture/example I'm planning on starting a new repo and using goreleaser etc. to build it and containerize it
found a few samples that are useful but they're all missing something
-
examples in
grpc-goare great but not containerized as far as I can tell- would have to containerize a few different examples
- one for plain http+h2c upstream from Envoy, one for tls+h2 upstream from Envoy (another for mTLS if we want to do it)
-
yages is containerized but doesn't have the ability to do TLS
- might make a PR here to see if we can enable it, but it's not been touched since 2018 so maybe not super active
If yages hasn't been updated in a long time, that seems like a good fork candidate maybe? Building something yourself is also fine, I think.