此文档演示如何通过nginx-ingress将流量路由到gRPC服务上。
环境
环境
版本
kubernetes
1.17.4
Rancher
v2.4.5
nginx-ingress
0.25.1
示例 以下gRPC应用基于ingress自带的示例,您也可以使用自己的gRPC应用进行测试
地址:https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/grpc
部署一个gRPC应用
该应用程序通过go实现gRPC服务,并监听50051端口
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 apiVersion: apps/v1 kind: Deployment metadata: name: fortune-teller-app labels: k8s-app: fortune-teller-app namespace: default spec: replicas: 1 selector: matchLabels: k8s-app: fortune-teller-app template: metadata: labels: k8s-app: fortune-teller-app spec: containers: - name: fortune-teller-app image: quay.io/kubernetes-ingress-controller/grpc-fortune-teller:0.1 ports: - containerPort: 50051 name: grpc
部署service,通过selector选择对应label的pod
1 2 3 4 5 6 7 8 9 10 11 12 13 apiVersion: v1 kind: Service metadata: name: fortune-teller-service namespace: default spec: selector: k8s-app: fortune-teller-app ports: - port: 50051 targetPort: 50051 name: grpc
部署ingress
这里主要设置这个参数来使用gRPC协议:nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
还配置了SSL证书,默认使用ingress颁发的证书
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/backend-protocol: "GRPC" name: fortune-ingress namespace: default spec: rules: - host: fortune-teller.stack.build http: paths: - backend: serviceName: fortune-teller-service servicePort: grpc tls: - secretName: fortune-teller.stack.build hosts: - fortune-teller.stack.build
kubectl执行以上文件
使用grpcurl测试应用
grpcurl命令下载地址如下:https://github.com/fullstorydev/grpcurl/releases
例如下载 grpcurl_1.6.1_linux_x86_64.tar.gz
测试基于ingress访问gRPC应用(示例中,message的值会不一样)
1 2 3 4 { "message" : "[We] use bad software and bad machines for the wrong things.\n\t\t-- R. W. Hamming" }