0

So, I have a grpc request which I invoke as follows:

grpcurl -vv \
       -import-path ./protos/src \
       -proto protobuf/grpc/my_api.proto \
      -H 'Authorization:Bearer <token>' \
-d '{"data":"yes"}'  usvc.dev.company.com:443  com.protobuf.grpc.package/DoSomething

and I get a response as expected.

I have set up an Envoy grpc reverse bridge as follows:

# envoy-grpc.yaml

admin:
  address:
    socket_address:
      address: 0.0.0.0
      port_value: 9901
static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 8050
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          access_log:
          - name: envoy.access_loggers.stdout
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
          stat_prefix: ingress_http
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match:
                  prefix: "/DoSomething"
                route:
                  host_rewrite_literal: usvc.dev.company.com
                  cluster: grpc
                  timeout: 25.00s
                typed_per_filter_config:
                  envoy.filters.http.grpc_http1_reverse_bridge:
                    "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_http1_reverse_bridge.v3.FilterConfigPerRoute
                    
              - match:
                  prefix: ""
                route:
                  host_rewrite_literal: usvc.dev.company.com
                  cluster: grpc
                  timeout: 25.00s
          http_filters:
          - name: envoy.filters.http.grpc_http1_reverse_bridge
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_http1_reverse_bridge.v3.FilterConfig
              content_type: application/grpc+proto
              withhold_grpc_frames: true
          - name: envoy.filters.http.router
  clusters:
  - name: other
    type: LOGICAL_DNS
    connect_timeout: 20.000s
    dns_lookup_family: V4_ONLY
    lb_policy: ROUND_ROBIN
    load_assignment:
      cluster_name: some_service
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: localhost
                port_value: 4630
  - name: grpc
    type: STRICT_DNS
    connect_timeout: 20.000s
    lb_policy: ROUND_ROBIN
    typed_extension_protocol_options:
      envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
        "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
        explicit_http_config:
          http2_protocol_options: {}
    load_assignment:
      cluster_name: grpc
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: usvc.dev.company.com
                port_value: 443
layered_runtime:
  layers:
  - name: disable_apple_dns
    static_layer:
      envoy.restart_features.use_apple_api_for_dns_lookups: false

How do I pass a grpc request via this proxy at localhost:8050? So far, I tried using curl as:

curl -v localhost:8050/com.protobuf.grpc.package/DoSomething -H 'Content-type: application/grpc+proto' -H 'Authorization:Bearer <token>' -d '{"data":"yes"}'

and I see a response like :

< HTTP/1.1 200 OK
< content-type: application/grpc
< grpc-status: 2
< grpc-message: envoy reverse bridge: upstream responded with unsupported content-type application/grpc, status code 200
< date: Wed, 07 Jul 2021 06:49:34 GMT
< server: envoy
< content-length: 0
<
* Connection #0 to host localhost left intact
* Closing connection 0

Is there anyway I can convert this request via curl to a grpc request? grpcurl does not have a --proxy flag so I have use curl. But it doesn't look like usvc.dev.company.com wants to respond. usvc.dev.company.com does accept grpc requests.

Is there something wrong with my envoy configuration that it's not translating/sending the request correctly? The aim is to send a gRPC request via this proxy (envoy) which translates it to an HTTP1.1 request and forwards it to the destination for a response.

Saturnian
  • 1,686
  • 6
  • 39
  • 65
  • I'm only somewhat familiar with Envoy configuration (and find it **complex**) but... I want to try to help. Given that `usvc.dev.company.com` is a functioning gRPC service and you can interact with it using `gRPCurl`, then the service is using HTTP/2 (gRPC requires this) and so you don't want to reverse proxy. This would convert a gRPC call (received by Envoy) into an HTTP/1.1 request received by `usvc.dev.company.com` that it would not accept. – DazWilkin Jul 09 '21 at 15:50
  • If you had a configured proxy, I think you don't need to specify the proxy using `gRPCurl`. You would configure `gRPCurl` to talk to the proxy (directly) and it would indirectly talk to your backend service. (Reverse) Proxies insulate the caller from the origin. – DazWilkin Jul 09 '21 at 15:52
  • You're right about that - I changed the destination to the proxy and the proxy can now forward the requests accordingly. I agree with the Envoy bit - the config is COMPLEX and took me 3 days to really understand what's really going on. Thank you! – Saturnian Jul 09 '21 at 19:51

0 Answers0