Search code examples
grpcapi-gatewaygrpc-javakong

gRPC service endpoint is not accessible via Kong Gateway

gRPC services (developed in springboot) deployed as docker container on AWS linux (ec2). Started the docker image with port forwarding -p6565:6565. Now when directly hit via BloomRPC on laptop, it worked : ec2.IP:6565 Package.Service.Method

Configured service & route in Kong:

{
            "host": "ec2.IP",
            "created_at": 1588403433,
            "connect_timeout": 60000,
            "id": "e657d8df-6247-458a-a8e8-bec00c41e03c",
            "protocol": "grpc",
            "name": "aws-grpc1",
            "read_timeout": 60000,
            "port": 6565,
            "path": null,
            "updated_at": 1588403433,
            "retries": 5,
            "write_timeout": 60000,
            "tags": null,
            "client_certificate": null
}

Route:
{
            "strip_path": false,
            "path_handling": "v0",
            "updated_at": 1588403452,
            "destinations": null,
            "headers": null,
            "protocols": [
                "grpc",
                "grpcs"
            ],
            "created_at": 1588403452,
            "snis": null,
            "service": {
                "id": "e657d8df-6247-458a-a8e8-bec00c41e03c"
            },
            "name": "aws-grpc1-route1",
            "methods": null,
            "preserve_host": false,
            "regex_priority": 0,
            "paths": [
                "/grpc2"
            ],
            "sources": null,
            "id": "5739297e-3be7-4a0d-8afb-cfa8ed01cec2",
            "https_redirect_status_code": 426,
            "hosts": null,
            "tags": null
        }

Now hitting it via grpcurl -> its not working:

grpcurl -v -d "{}" -insecure ec2.ip:8443 package.service.pingMethod

Error invoking method "package.service.ping": target server does not expose service "package.service"

Here is kong config which looks related:

"proxy_listen": [
            "0.0.0.0:8000 reuseport backlog=16384",
            "0.0.0.0:8443 **http2** ssl reuseport backlog=16384"
        ],

So here are queries: (1) can 8000 also be configured for https as insecure -> via passing a env KONG_PROXY_LISTEN variable at time of kong-container start by 

    -e "KONG_PROXY_LISTEN=0.0.0.0:8000 http2, 0.0.0.0:8443 http2 ssl"

Is this good to do?

(2) How to enable server side reflection? OR what is use of /grpc.reflection.v1alpha.ServerReflection/ServerReflectionInfo ?

Solution

  • You need to expose HTTP2 Proxy Listener for Kong. You can refer to this one: https://konghq.com/blog/manage-grpc-services-kong/

    In short, you need to add env variable details for KONG_PROXY_LISTEN like so:

    -e "KONG_PROXY_LISTEN=0.0.0.0:8000 http2, 0.0.0.0:8443 http2 ssl, 0.0.0.0:9080 http2, 0.0.0.0:9081 http2 ssl"

    Note: apparently Kong uses the ports 9080 for HTTP2 and 9081 for HTTP2 SSL. But I think this can be changed.

    And also expose those 9080 and 9081 ports like so, this is example for docker run command:

    -p 127.0.0.1:9080:9080 \
-p 127.0.0.1:9081:9081

    And use the 9080 port in grpcurl when you try to request, like so:

    grpcurl -v -d '{"name": "Ken"}' -plaintext localhost:9080 facade.GreetingService/SayHello