Hello everyone,
I have a gRPC server hosted in my EKS cluster that I want to connect with istio Ingress Gateway. The Ingress gateway is exposed via ALB using ALB ingress controller. When I try to access the server without istio and only the ALB setting the backend as GRPC it works fine but when I try using istio it fails and gives me an error that “Peer name not available in Peer Certificate.”
I tried opening port 50051 on the istio-ingressgateway service and then it says “grpc_status:12 StatusCode.UNIMPLEMENTED”. Below are my templates that I am using:
Deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: grpc-test
spec:
selector:
matchLabels:
app.kubernetes.io/name: grpc-test
template:
spec:
containers:
- name: app
image: 36xxxxxxxx10.dkr.ecr.eu-west-2.amazonaws.com/grpc-greeter-yr:v1
ports:
- containerPort: 50051
name: grpc
resources:
limits:
memory: 500Mi
cpu: 250m
requests:
memory: 300Mi
cpu: 50m
Service.yaml
apiVersion: v1
kind: Service
metadata:
name: grpc-test
spec:
ports:
- port: 50051
name: grpc
appProtocol: grpc
targetPort: 50051
selector:
app.kubernetes.io/name: grpc-test
Gateway.yaml
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: grpc-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 50051
name: grpc
protocol: GRPC
hosts:
- "*"
VirtualService.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grpc-vs
spec:
hosts:
- "*"
gateways:
- grpc-gateway
tcp:
- match:
- port: 50051
route:
- destination:
host: grpc-test
port:
number: 50051
Istio-Ingressgateway.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grpc-istio-ingress
namespace: istio-system
annotations:
alb.ingress.kubernetes.io/healthcheck-path: /package.service/method
alb.ingress.kubernetes.io/healthcheck-port: status-port
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
alb.ingress.kubernetes.io/load-balancer-name: grpc-istio-ingress
alb.ingress.kubernetes.io/scheme: internal
alb.ingress.kubernetes.io/target-type: ip
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/actions.ssl-redirect: '443'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:eu-west-2:xxxxxxxxxx:certificate/abc-def-xyx-123
alb.ingress.kubernetes.io/backend-protocol-version: GRPC
spec:
rules:
- host: grpc-test-kf.abc.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
number: 50051