DEV Community: Jaska The latest articles on DEV Community by Jaska (@j45k4). https://dev.to/j45k4 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F153881%2F37cf4dfc-5421-40d9-a7f8-cf9156c6b0c9.jpeg DEV Community: Jaska https://dev.to/j45k4 en gke grpc Jaska Mon, 06 Jan 2020 17:25:17 +0000 https://dev.to/j45k4/gke-grpc-27fc https://dev.to/j45k4/gke-grpc-27fc <h1> Introduction </h1> <p>Using grpc in gke service with ingress requires that backend is configured to allow https connections. This is because grpc uses http2 protocol and some implementators require tls. Gcp loadbalancer can be set to use http2 by setting it to https. Google load balancer also requires that backed implements health check which means that for example / endpoint returns 200 status code.</p> <p>Grpc is implemented top of http2 protocol and it uses paths like any other http rest server. Path is /Package.ServiceName/rpcMethod this means that we can route all methods by putting /package.ServiceName/* to ingress rule.</p> <h3> Requirements </h3> <ul> <li>Kubernetes engine cluster</li> <li>Authenticated kubectl client</li> <li>Domain name</li> <li>ssl certificate (optional)</li> </ul> <h1> Implementation </h1> <p>In this example we are using typescript language and grpc npm package.</p> <h2> Program </h2> <p>First we start from creating a simple program that uses grpc to create bi directional connection between server and client.</p> <p>server.ts<br> </p> <div class="highlight"><pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">chattingServiceProto</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./proto</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Server</span><span class="p">,</span> <span class="nx">ServerCredentials</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">grpc</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Server</span><span class="p">();</span> <span class="nx">server</span><span class="p">.</span><span class="nx">addService</span><span class="p">(</span><span class="nx">chattingServiceProto</span><span class="p">.</span><span class="nx">ChattingService</span><span class="p">.</span><span class="nx">service</span><span class="p">,</span> <span class="p">{</span> <span class="na">createChatConnection</span><span class="p">:</span> <span class="nx">call</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">new chat connection</span><span class="dl">"</span><span class="p">);</span> <span class="nx">call</span><span class="p">.</span><span class="nx">on</span><span class="p">(</span><span class="dl">"</span><span class="s2">end</span><span class="dl">"</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">chatconnection ended</span><span class="dl">"</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">bindedPort</span> <span class="o">=</span> <span class="nx">server</span><span class="p">.</span><span class="nx">bind</span><span class="p">(</span> <span class="dl">"</span><span class="s2">0.0.0.0:4200</span><span class="dl">"</span><span class="p">,</span> <span class="nx">ServerCredentials</span><span class="p">.</span><span class="nx">createInsecure</span><span class="p">()</span> <span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">server binded to port</span><span class="dl">"</span><span class="p">,</span> <span class="nx">bindedPort</span><span class="p">);</span> <span class="nx">server</span><span class="p">.</span><span class="nx">start</span><span class="p">();</span> </code></pre></div> <p>client.ts<br> </p> <div class="highlight"><pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">ChattingServiceImplementation</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./proto</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">credentials</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">grpc</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">ChattingServiceImplementation</span><span class="p">(</span> <span class="dl">"</span><span class="s2">example.com:443</span><span class="dl">"</span><span class="p">,</span> <span class="nx">credentials</span><span class="p">.</span><span class="nx">createSsl</span><span class="p">()</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">chat</span> <span class="o">=</span> <span class="nx">client</span><span class="p">.</span><span class="nx">createChatConnection</span><span class="p">();</span> <span class="nx">chat</span><span class="p">.</span><span class="nx">write</span><span class="p">({</span> <span class="na">channel</span><span class="p">:</span> <span class="dl">"</span><span class="s2">testChannel</span><span class="dl">"</span><span class="p">,</span> <span class="na">mesage</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Hello</span><span class="dl">"</span> <span class="p">});</span> </code></pre></div> <p>proto.ts<br> </p> <div class="highlight"><pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">join</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">path</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">loadPackageDefinition</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">grpc</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">loadSync</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@grpc/proto-loader</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">protosPath</span> <span class="o">=</span> <span class="nx">join</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="dl">"</span><span class="s2">../chatting-service.proto</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">packageDefinition</span> <span class="o">=</span> <span class="nx">loadSync</span><span class="p">(</span><span class="nx">protosPath</span><span class="p">);</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">chattingServiceProto</span><span class="p">:</span> <span class="kr">any</span> <span class="o">=</span> <span class="nx">loadPackageDefinition</span><span class="p">(</span> <span class="nx">packageDefinition</span> <span class="p">).</span><span class="nx">Chatting</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">ChattingServiceImplementation</span> <span class="o">=</span> <span class="nx">chattingServiceProto</span><span class="p">.</span><span class="nx">ChattingService</span><span class="p">;</span> </code></pre></div> <p>chatting-service.proto<br> </p> <div class="highlight"><pre class="highlight protobuf"><code><span class="na">syntax</span> <span class="o">=</span> <span class="s">"proto3"</span><span class="p">;</span> <span class="kn">package</span> <span class="nn">Chatting</span><span class="p">;</span> <span class="kd">message</span> <span class="nc">SentMessage</span> <span class="p">{</span> <span class="kt">string</span> <span class="na">channelId</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="kt">string</span> <span class="na">text</span> <span class="o">=</span> <span class="mi">2</span><span class="p">;</span> <span class="p">}</span> <span class="kd">message</span> <span class="nc">ReceivedMessage</span> <span class="p">{</span> <span class="kt">string</span> <span class="na">text</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> <span class="kd">service</span> <span class="n">ChattingService</span> <span class="p">{</span> <span class="k">rpc</span> <span class="n">createChatConnection</span><span class="p">(</span><span class="n">stream</span> <span class="n">SentMessage</span><span class="p">)</span> <span class="k">returns</span><span class="p">(</span><span class="n">stream</span> <span class="n">ReceivedMessage</span><span class="p">)</span> <span class="p">{}</span> <span class="p">}</span> </code></pre></div> <p>Dockerfile<br> </p> <div class="highlight"><pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> node:12</span> <span class="k">WORKDIR</span><span class="s"> /source</span> <span class="k">ADD</span><span class="s"> package.json package.json</span> <span class="k">ADD</span><span class="s"> package-lock.json package-lock.json</span> <span class="k">RUN </span>npm <span class="nb">install</span> <span class="k">ADD</span><span class="s"> tsconfig.json tsconfig.json</span> <span class="k">COPY</span><span class="s"> ./src ./src</span> <span class="k">RUN </span>npm run build <span class="k">ADD</span><span class="s"> ./chatting-service.proto ./chatting-service.proto</span> <span class="k">CMD</span><span class="s"> node /source/dist/server.js</span> </code></pre></div> <p>Now that we have created simple program next we implement deployment for this program.</p> <p>And we start from deployment file</p> <h2> Deployment </h2> <p>In bellow we have simple deployment file which makes 1 repica of pod that contains two pods. chatting is container for program we just created which binds grpc server to port 4200.<br> grpc-proxy is container that is made top of nginx which purpouse is terminate tls, proxy traffic to program we created and implemented health check for google load balancer. We go more deeply to grpc-proxy implementation later.<br> </p> <div class="highlight"><pre class="highlight yaml"><code><span class="s">chatting-deployment.yaml</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">extensions/v1beta1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">chatting</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">1</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">chatting</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">chatting</span> <span class="na">image</span><span class="pi">:</span> <span class="s">jaska/chatting:4</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">4200</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">grpc-proxy</span> <span class="na">image</span><span class="pi">:</span> <span class="s">jaska/grpc-proxy:1</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">GRPC_PATH</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">/Chatting.ChattingService/"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">TARGET_HOST</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">localhost:4200"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">9900</span> </code></pre></div> <p>Next we create create service file for our deployment.<br> </p> <div class="highlight"><pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">extensions/v1beta1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">annotations</span><span class="pi">:</span> <span class="s">cloud.google.com/app-protocols</span><span class="pi">:</span> <span class="s1">'</span><span class="s">{"my-port":"HTTP2"}'</span> <span class="na">name</span><span class="pi">:</span> <span class="s">chatting-service</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">NodePort</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">chatting</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-port</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">port</span><span class="pi">:</span> <span class="m">443</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">9900</span> </code></pre></div> <p>cloud.google.com/app-protocols: '{"my-port":"HTTP2"}' annotation above tells google loadbalancer to route traffic to my-port using http2 protocol.</p> <p>ingress<br> </p> <div class="highlight"><pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">extensions/v1beta1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">chatting-ingress</span> <span class="na">annotations</span><span class="pi">:</span> <span class="s">kubernetes.io/ingress.global-static-ip-name</span><span class="pi">:</span> <span class="s">public-ip</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">tls</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">tls-secret</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">host</span><span class="pi">:</span> <span class="s2">"</span><span class="s">example.com"</span> <span class="na">http</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">serviceName</span><span class="pi">:</span> <span class="s">chatting-service</span> <span class="na">servicePort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/Chatting.ChattingService/*</span> </code></pre></div> <p>This requires that you have reserved static ip named public-ip</p> <h2> Grpc proxy </h2> <p>This proxy allows you to proxy grpc traffic to server. Proxy is configured using environment variables GRPC_PATH which is in this case /Chatting.ChattingService/* and TARGET_HOST which tells proxy which adress to route traffic. Proxy also haves / path handler which returns always 200 statusCode.</p> <p>Dockerfile<br> </p> <div class="highlight"><pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> nginx:1.17</span> <span class="k">RUN </span>apt-get update <span class="k">RUN </span>apt-get <span class="nb">install</span> <span class="nt">-y</span> openssl1.1 <span class="k">ADD</span><span class="s"> nginx.conf /etc/nginx/nginx.conf</span> <span class="k">ADD</span><span class="s"> run.sh /usr/local/bin/run.sh</span> <span class="k">RUN </span><span class="nb">chmod</span> +x /usr/local/bin/run.sh <span class="k">CMD</span><span class="s"> /usr/local/bin/run.sh</span> </code></pre></div> <p>nginx.conf<br> </p> <div class="highlight"><pre class="highlight plaintext"><code>events { worker_connections 1024; } http { server { listen 9900 http2 ssl; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ssl_certificate /certs/certificate.crt; ssl_certificate_key /certs/privateKey.key; location ${GRPC_PATH} { grpc_socket_keepalive on; grpc_send_timeout 300s; grpc_read_timeout 300s; grpc_connect_timeout 300s; grpc_pass ${TARGET_HOST}; } location / { return 200 'gangnam style!'; } } } </code></pre></div> <p>run.sh<br> </p> <div class="highlight"><pre class="highlight shell"><code>envsubst <span class="s1">'${GRPC_PATH},${TARGET_HOST}'</span> &lt; /etc/nginx/nginx.conf <span class="o">&gt;</span> /etc/nginx/nginx.conf <span class="nb">echo</span> <span class="s2">"Generating self-signed cert"</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /certs openssl req <span class="nt">-x509</span> <span class="nt">-sha256</span> <span class="nt">-nodes</span> <span class="nt">-days</span> 365 <span class="nt">-newkey</span> rsa:2048 <span class="se">\</span> <span class="nt">-keyout</span> /certs/privateKey.key <span class="se">\</span> <span class="nt">-out</span> /certs/certificate.crt <span class="se">\</span> <span class="nt">-subj</span> <span class="s2">"/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com"</span> <span class="nb">echo</span> <span class="s2">"Starting nginx"</span> <span class="nb">ln</span> <span class="nt">-sf</span> /dev/stdout /var/log/nginx/access.log <span class="nb">ln</span> <span class="nt">-sf</span> /dev/stderr /var/log/nginx/error.log <span class="nb">echo</span> <span class="nv">$GRPC_PATH</span> <span class="nb">echo</span> <span class="nv">$TARGET_HOST</span> nginx <span class="nt">-g</span> <span class="s2">"daemon off;"</span> </code></pre></div> <h2> Deployment </h2> <p>After you have created files described above you need to build dockerfiles and push them to some registry and replace image names from deployment. You also need some domain and point it to static ip you have reserved from gcp console and replace example.com from ingress.yaml. After you have done that move deployment files to deployment folder and run kubectl apply -f deployments. After you can go to gcp console and see in gke workloads newly created deployments and services. Because google http2 requires tls you need to have valid ssl certificate for service. You can use your own certificate or use google provided certificate. <a href="https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs">https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs</a> This way google automatically provides you free letsencrypt certificate to domain name in ingress file.</p> <h2> Running </h2> <p>Now when you run client you can see message new chat connection pop up stackdriver logging.</p> <h1> Links </h1> <ul> <li>Managed certificates <a href="https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs">https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs</a> </li> <li>Example project <a href="https://github.com/J45k4/gke-grpc">https://github.com/J45k4/gke-grpc</a> </li> </ul>