Proxy GRPC Traffic over TLS

Related Documentation
Related Resources
TL;DR

Create a GRPCRoute resource, which will then be converted in to a Kong Gateway Service and Route.

Prerequisites

If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.

  1. The following Konnect items are required to complete this tutorial:
    • Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.
  2. Set the personal access token as an environment variable:

    export KONNECT_TOKEN='YOUR KONNECT TOKEN'
    
    Copied to clipboard!

Annotate the Kubernetes service

All services are assumed to be either HTTP or HTTPS by default. We need to update the service to specify gRPC over TLS as the protocol by adding a konghq.com/protocol annotation.

The annotation grpcs informs Kong Gateway that this service is a gRPC (with TLS) service and not an HTTP service.

kubectl annotate service -n kong grpcbin 'konghq.com/protocol=grpcs'
Copied to clipboard!

Generate a TLS certificate

  1. Create a test certificate for the example.com hostname. This will be used to secure TLS traffic.

    Older OpenSSL versions, including the version provided with macOS Monterey, require using the alternative version of this command.

  2. Create a Secret containing the certificate:

     kubectl create secret -n kong tls example.com --cert=./server.crt --key=./server.key
    
    Copied to clipboard!

Route gRPC traffic

Now that the test application is running, you can create GRPC routing configuration that proxies traffic to the application.

Test the configuration

Use grpcurl to send a gRPC request through the proxy:

grpcurl -d '{"greeting": "Kong"}' -authority example.com -insecure $PROXY_IP:443 hello.HelloService.SayHello
Copied to clipboard!

You should see the following response:

{
  "reply": "hello Kong"
}
Copied to clipboard!

Cleanup

kubectl delete -n kong -f https://developer.konghq.com/manifests/kic/grpcbin-service.yaml
Copied to clipboard!

Did this doc help?

Something wrong?

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!