1
votes

I've been trying to deploy a grpc application to be frontend by google endpoints on a GKE cluster and terminating TLS on the load balancer itself for the better part of 3 days now and I am very confused how to get this working.

At first I tried a simple deployment without Google endpoints to make sure the load balancer works. It is described in more detail here

https://github.com/kubernetes/ingress-gce/issues/18#issuecomment-454047010

That did not work. I then followed up by trying to deploy the application here

https://github.com/salrashid123/gcegrpc/tree/master/gke_ingress_lb

That seems to have worked well however I am not quite able to understand what makes it work. It seems to me (as suggested by someone else) that it might be because the application speaks TLS on the grpc endpoint

I have tried enabling TLS in my application grpc endpoint including adding a grpc health check as suggested by someone else however that did not seem to help.

My esp config was something as simple as

- name: endpoints-proxy
  image: gcr.io/endpoints-release/endpoints-runtime:1
  args: [
    "--http2_port=8080",
    "--backend=grpc://127.0.0.1:50051",
    "--service=myapp.endpoints.myproject-34342.cloud.goog",
    "--rollout_strategy=managed",
    "--service_account_key=/etc/nginx/creds/endpoints-credentials.json"
  ]

How exactly does one go about terminating TLS on the GLB together with the ESP proxy and a grpc application behind it? There seems to be a sweet spot that I am missing on how to get all those things working together

1

1 Answers

1
votes

Figured out how to do it. Turns out there are a couple, not so well documented, things that need to be done.

See here for the details

https://github.com/GoogleCloudPlatform/endpoints-samples/issues/52#issuecomment-454387373