I'm having some trouble getting GKE Ingress to work with my gRPC service. My set-up is the following:
- Deployment running two containers: gRPC server on port 80 and simple HTTP health checker on port 81. This is following the non-proxied example here.
- A NodePort service exposing these two ports
- A GKE Ingress with two paths, default goes to port 80 and /health goes to port 81
I can hit <ingress-ip>/health in my browser just fine. However when grpcurl on port 80 does not work:
% grpcurl -insecure <ingress-ip>:80 list
Failed to dial target host "<ingress-ip>:80": tls: first record does not look like a TLS handshake
% grpcurl -plaintext <ingress-ip>:80 list
Failed to dial target host "<ingress-ip>:80": context deadline exceeded
I can hit the gRPC server through the NodePort external IP directly:
% grpcurl -insecure <nodeport-ip>:30080 list
gateway.Gateway
grpc.reflection.v1alpha.ServerReflection
Any thoughts on why gRPC is not working through the load balancer?
My service:
% kubectl describe service gateway
...
Annotations: cloud.google.com/app-protocols: {"gateway":"HTTP2"}
cloud.google.com/backend-config: {"ports": {"80":"health-checker"}}
cloud.google.com/neg: {"ingress":true}
cloud.google.com/neg-status:
{"network_endpoint_groups":{"80":"k8s1-53077e00-default-gateway-80-c0e88604","81":"k8s1-53077e00-default-gateway-81-ec72f745"},"zones":["u...
Type: NodePort
...
Port: health-checker 81/TCP
TargetPort: health-checker/TCP
NodePort: health-checker 32174/TCP
Endpoints: <ip>:81
Port: gateway 80/TCP
TargetPort: gateway/TCP
NodePort: gateway 30080/TCP
Endpoints: <ip>:80
My ingress:
% kubectl describe ingress gateway
...
Default backend: gateway:80 (<ip>:80)
TLS:
gateway-tls terminates
Rules:
Host Path Backends
---- ---- --------
*
/health gateway:81 (<ip>)
My gRPC server is using TLS (with a self-signed certificate for now).
