Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

EKS Ingress for gRPC and HTTP services

0

Hello all,

In EKS I am running a service that serves http and grpc requests. Both are on different ports, say http on port 8080 and grpc on port 9000. I have corresponding services as well, say http-service and grpc-service.

I want to configure Ingress resource with ALB annotations. This ingress will need to support routing to http or grpc service based on the content-type header. If content-type is set to application/grpc or application/grpc+proto, request need to be routed to grpc-service, otherwise route it to http-service. This ingress is internet facing one with its own target-group. Both grpc and http need to be served on example.com:443.

I have tried several ways to configure this include actions annotation. None of them seem to be working. Does anybody have any idea on how to configure the ingress resource to achieve this ?

Thanks

Topics
Containers
Tags
Amazon Elastic Kubernetes Service
Language
English
asked 2 months ago159 views
1 Answer
0

To configure an Ingress resource in EKS that routes traffic based on content-type headers between your HTTP and gRPC services, you'll need to use specific ALB annotations. This is a bit complex because you're trying to route based on headers rather than paths.

Here's how you can approach this:

  1. First, create an Ingress resource with the appropriate ALB annotations:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dual-protocol-ingress
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/ssl-redirect: "443"
alb.ingress.kubernetes.io/actions.grpc-route: >
{"type":"forward","forwardConfig":{"targetGroups":[{"serviceName":"grpc-service","servicePort":9000,"weight":1}]}}
alb.ingress.kubernetes.io/conditions.grpc-route: >
[{"field":"http-header","httpHeaderConfig":{"httpHeaderName":"Content-Type","values":["application/grpc","application/grpc+proto"]}}]
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:<region>:<account-id>:certificate/<certificate-id>
spec:
ingressClassName: alb
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: http-service
port:
number: 8080
- path: /
pathType: Prefix
backend:
k8s:
name: grpc-route
port:
name: use-annotation

For the gRPC service, you'll also need to add these annotations to ensure proper handling of gRPC traffic:

alb.ingress.kubernetes.io/backend-protocol-version: "GRPC"

This configuration:

  1. Creates an internet-facing ALB
  2. Sets up IP-based target groups
  3. Configures HTTPS on port 443
  4. Creates a conditional rule that routes traffic with Content-Type headers of "application/grpc" or "application/grpc+proto" to your gRPC service
  5. Routes all other traffic to your HTTP service

Make sure your gRPC service is properly configured to handle HTTP/2 traffic, as gRPC requires HTTP/2. Also, ensure you have a valid SSL certificate in ACM for your domain, as gRPC requires TLS.

If you're still experiencing issues, check the AWS Load Balancer Controller logs for any errors or misconfiguration details.
Sources
Deploy a gRPC-based application on an Amazon EKS cluster and access it with an Application Load Balancer - AWS Prescriptive Guidance
Beanstalk gRPC communication failure | AWS re:Post
Route application and HTTP traffic with Application Load Balancers - Amazon EKS
Unpacking Cluster Networking for Amazon EKS Hybrid Nodes | AWS re:Post

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content