GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mhausenblas → kruiser

mhausenblas / kruiser

Licence: Apache-2.0 license
A proxy that transparently exposes gRPC Kubernetes services cluster-externally

Programming Languages

go
31211 projects - #10 most used programming language

Labels

kubernetesproxygrpc

Projects that are alternatives of or similar to kruiser

grpc xds
gRPC xDS Loadbalancing
Stars: ✭ 35 (+150%)
Mutual labels:  grpc
run-aspnet-grpc
Using gRPC in Microservices for Building a high-performance Interservice Communication with .Net 5. See gRPC Microservices and Step by Step Implementation on .NET Course w/ discount->
Stars: ✭ 82 (+485.71%)
Mutual labels:  grpc
clean-architecture
Example about clean architecture in golang
Stars: ✭ 20 (+42.86%)
Mutual labels:  grpc
gcloud-opentracing
OpenTracing Tracer implementation for GCloud StackDriver in Go.
Stars: ✭ 44 (+214.29%)
Mutual labels:  grpc
micro
A simple tool kit for building microservices.
Stars: ✭ 15 (+7.14%)
Mutual labels:  grpc
node-grpc-ssl
Basic example gRPC protocol with NodeJS + SSL + Docker
Stars: ✭ 40 (+185.71%)
Mutual labels:  grpc
RPC reactive
Examples and explanations of how RPC systems works.
Stars: ✭ 25 (+78.57%)
Mutual labels:  grpc
bazel-cache
Minimal cloud oriented Bazel gRPC cache
Stars: ✭ 33 (+135.71%)
Mutual labels:  grpc
fullstack-grpc
gRPC web with REST gateway and interceptors and example web app with envoy proxy
Stars: ✭ 42 (+200%)
Mutual labels:  grpc
go-grpc
Package otgrpc provides OpenTracing support for any gRPC client or server.
Stars: ✭ 57 (+307.14%)
Mutual labels:  grpc
grpc-getting-started
Guide to get started with gRPC in Cisco IOS XR
Stars: ✭ 32 (+128.57%)
Mutual labels:  grpc
grpc-js-typescript
Generate gRPC TypeScript definitions for use with gRPC (@grpc/grpc-js).
Stars: ✭ 113 (+707.14%)
Mutual labels:  grpc
fm.consulinterop
a lib for build micro-service
Stars: ✭ 33 (+135.71%)
Mutual labels:  grpc
go-loadbalance
A well designed loadbalance API with dozens of implementations for go-grpc loadbalance.
Stars: ✭ 37 (+164.29%)
Mutual labels:  grpc
go-tensorflow
Tools and libraries for using Tensorflow (and Tensorflow Serving) in go
Stars: ✭ 25 (+78.57%)
Mutual labels:  grpc
nice-grpc
A TypeScript gRPC library that is nice to you
Stars: ✭ 120 (+757.14%)
Mutual labels:  grpc
drpc
drpc is a lightweight, drop-in replacement for gRPC
Stars: ✭ 1,014 (+7142.86%)
Mutual labels:  grpc
agentgo
Hi! Agentgo is a tool for making remote command executions from server to client with golang, protocol buffers (protobuf) and grpc.
Stars: ✭ 15 (+7.14%)
Mutual labels:  grpc
zepto
⚡️Lightweight web framework written in go
Stars: ✭ 115 (+721.43%)
Mutual labels:  grpc
modern-api-management
A modern approach to manage APIs effectively using Protobuf
Stars: ✭ 36 (+157.14%)
Mutual labels:  grpc
View All Similar Projects ➔

Kruiser

A proxy that transparently exposes gRPC Kubernetes services cluster-externally.

Using Ambassador as gRPC proxy, kruiser watches deployment in a target namespace that are labelled with grpc=expose. When it finds such a deployment, it creates a corresponding service of type NodePort proxying traffic to its pods from outside the cluster.

So far, I've tested kruiser on Minikube v0.24 with Kubernetes v1.8 and v1.9, as well as on GKE with Kubernetes v1.9 with and without RBAC.

Use cases

There are two main use cases:

UC1: inter-cluster within the enterprise

Imagine two or more clusters deployed within, say, a data center in an enterprise. In order for gRPC services to communicate across clusters, you need to proxy the traffic from one cluster to another.

UC2: public services

If you want to make your gRPC service publicly available, you need to somehow expose it, routing traffic from outside the cluster to the cluster-internal service.

Install

First, clone this repository with git clone https://github.com/mhausenblas/kruiser.git && cd kruiser.

Creating a namespaces for related apps rather than dumping all into the default namespace is a good practice, so let's do that first:

$ kubectl create namespace kruiser
$ go install .

Use

Example gRPC demo services

The two example gRPC demo services used below are:

  • A simple echo service yages.Echo available via quay.io/mhausenblas/yages:0.1.0
  • The reference helloworld.Greeter available via quay.io/mhausenblas/grpc-gs:0.2

As a generic gRPC client we use fullstorydev/grpcurl which you can either install locally, if you have Go installed, or as a container via the quay.io/mhausenblas/gump:0.1 container image.

Expose deployment

To expose a deployment, that is, creating an Ambassador-backed service proxying traffic to its pods from outside the cluster with kruiser you have to do two things: 1. define the gRPC service semantics, and 2. enable/disable the proxying.

Define the gRPC service semantics on the deployment you want to expose like so:

$ kubectl -n kruiser annotate deploy/ping kruiser.kubernetes.sh/container-port='9000'
$ kubectl -n kruiser annotate deploy/ping kruiser.kubernetes.sh/fq-service-name='yages.Echo'

And now, in order to trigger the service proxy to be created, label the deployment with kruiser.kubernetes.sh/grpc=expose, for example:

$ kubectl -n kruiser label deploy/ping kruiser.kubernetes.sh/grpc=expose

Note: use kubectl -n kruiser label deploy/ping kruiser.kubernetes.sh/grpc- to remove the label again.

Walkthroughs

In the following, I'll walk you through how you can use kruiser in a static manner, that is, manually exposing gRPC services cluster-externally. Along the way I explain how kruiser works.

$ kubectl create namespace kruiser

Minikube

First, install Ambassador with:

$ kubectl -n kruiser apply -f ambassador/admin.yaml

Next, deploy the two gRPC demo services:

$ kubectl -n kruiser apply -f demo-services/

Now you can invoke each of the gRPC demo services from outside Minikube like so:

$ grpcurl --plaintext $(minikube ip):31001 yages.Echo.Ping

$ grpcurl --plaintext  -d '{ "name" : "Michael" }' $(minikube ip):31000 helloworld.Greeter.SayHello

Alternatively, you can access one of the gRPC services via the gRPC jump pod like so:

$ kubectl -n kruiser run -it --rm gumpod \
          --restart=Never --image=quay.io/mhausenblas/gump:0.1

/go $ grpcurl --plaintext ping:9000 yages.Echo.Ping

GKE

Note that the GKE deployment in the following uses RBAC for access control.

As a preparation, you need to give your user certain rights.

$ cat ambassador/gke-crb.yaml | \
  sed s/__USER__/$(gcloud projects get-iam-policy $(gcloud config get-value core/project) | grep -m 1 user | awk '{split($0,u,":"); print u[2]}')/g | \
  kubectl -n kruiser apply -f -

Above, we replace the __USER__ placeholder in ambassador/gke-crb.yaml with the value of the user name of the active GKE project before creating the respective cluster-role binding.

Next, install Ambassador with:

$ kubectl -n kruiser apply -f ambassador/admin-rbac.yaml

And now deploy the two gRPC demo services:

$ kubectl -n kruiser apply -f demo-services/

To be able to access the services from outside the GKE cluster we first have to find values for external IPs of cluster nodes (store them for example in an env var NODE_IP):

$ kubectl get nodes --selector=kubernetes.io/role!=master \ 
                    -o jsonpath={.items[*].status.addresses[?\(@.type==\"ExternalIP\"\)].address}

Now, finally, you can invoke each of the gRPC demo services from outside the GKE cluster like so:

$ grpcurl --plaintext $(NODE_IP):31001 yages.Echo.Ping

$ grpcurl --plaintext  -d '{ "name" : "Michael" }' $(NODE_IP):31000 helloworld.Greeter.SayHello

Cleanup

When done, clean up with:

$ kubectl delete ns kruiser
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].