I've been trying to deploy a grpc application to be frontend by google endpoints on a GKE cluster and terminating TLS on the load balancer itself for the better part of 3 days now and I am very confused how to get this working.
At first I tried a simple deployment without Google endpoints to make sure the load balancer works. It is described in more detail here
https://github.com/kubernetes/ingress-gce/issues/18#issuecomment-454047010
That did not work. I then followed up by trying to deploy the application here
https://github.com/salrashid123/gcegrpc/tree/master/gke_ingress_lb
That seems to have worked well however I am not quite able to understand what makes it work. It seems to me (as suggested by someone else) that it might be because the application speaks TLS on the grpc endpoint
I have tried enabling TLS in my application grpc endpoint including adding a grpc health check as suggested by someone else however that did not seem to help.
My esp config was something as simple as
- name: endpoints-proxy
image: gcr.io/endpoints-release/endpoints-runtime:1
args: [
"--http2_port=8080",
"--backend=grpc://127.0.0.1:50051",
"--service=myapp.endpoints.myproject-34342.cloud.goog",
"--rollout_strategy=managed",
"--service_account_key=/etc/nginx/creds/endpoints-credentials.json"
]
How exactly does one go about terminating TLS on the GLB together with the ESP proxy and a grpc application behind it? There seems to be a sweet spot that I am missing on how to get all those things working together