I have a following setup:
- Web app
- Grpc api
Both deployed on k8s behind nginx-ingress with auto tls provided by cert-manager. When Web app is trying to reach the gRPC api i'm getting 404. The gRPC api is running on 80 without tls so the ingress should terminate SSL. Here is my ingress configuration:
UPDATE:
Requests coming through thanks to help of Mr. Mason. Now I am getting 403 PermissionDEnied response. Any ideas how this can be resolved ?
kind: Service
metadata:
name: ${AUTH_API_IMAGE}
spec:
type: ClusterIP
ports:
- port: 80
- targetPort: 5300
selector:
app: ${AUTH_API_IMAGE}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ${AUTH_API_IMAGE}-ingress
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
cert-manager.io/cluster-issuer: letsencrypt
spec:
ingressClassName: nginx
tls:
- hosts:
- ${AUTH_API_HOST_NAME}
secretName: ${AUTH_API_IMAGE}-tls-secret
rules:
- host: ${AUTH_API_HOST_NAME}
http:
paths:
- path: /(.*)
pathType: Prefix
backend:
service:
name: ${AUTH_API_IMAGE}
port:
number: 80```
CodePudding user response:
I think you must use SSL if this is a dotnet, however below code works for me.
With addition of nginx.ingress.kubernetes.io/grpc-backend: 'true'
and changing PathType to ImplementationSpecific
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ${AUTH_API_IMAGE}-ingress
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
nginx.ingress.kubernetes.io/grpc-backend: 'true'
nginx.ingress.kubernetes.io/ssl-redirect: "true"
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
spec:
ingressClassName: nginx
tls:
- hosts:
- ${AUTH_API_HOST_NAME}
secretName: ${AUTH_API_IMAGE}-tls-secret
rules:
- host: ${AUTH_API_HOST_NAME}
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: ${AUTH_API_IMAGE}
port:
number: 80```
and configMap for Ingress
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-ingress-controller
namespace: ingress
annotations:
kubectl.kubernetes.io/last-applied-configuration: >
{"apiVersion":"v1","data":{"ssl-ciphers":"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"nginx-ingress-controller","namespace":"ingress"}}
selfLink: /api/v1/namespaces/ingress/configmaps/nginx-ingress-controller
data:
client-body-buffer-size: 32k
client-header-buffer-size: 32k
hsts: 'true'
hsts-max-age: '31536000'
hsts-preload: 'true'
http2-max-field-size: 32k
http2-max-header-size: 32k
large-client-header-buffers: 32 32k
proxy-buffer-size: 128k