Connection to Upstream to gRPC service from kong proxy expects TLS

girish.s · October 5, 2023, 5:55am

Hello all,

Have a question on connection to Upstream gRPC service from kong proxy.

I have the following setup:

client --> Kong API GW* --> gRPC Service A* <--> gRPC Service B*

* - Kuma Mesh with mutual TLS enabled.

Kong version: 3.3
Kuma version: 2.3.2

Observations:

gRPC Service A ↔ gRPC Service B communication works fine with grpc or grpcs, that is TLS is enabled or disabled.
client → Kong API GW → gRPC Service A works only if gRPC Service A is TLS enabled, otherwise results in TLS Protocol Error.

As the Kong API Gateway is part of the Kuma Mesh with mutual TLS enabled, we would like to run the gRPC service A in non-TLS mode to avoid double TLS handshake. Is there a way to disable TLS for the upstream connection from Kong Proxy to gRPC service A?

Thanks!

girish.s · October 7, 2023, 6:50am

This is resolved with the label addition on the Service resource:

konghq.com/protocol: grpc

Topic		Replies	Views
Kong proxy sending HTTP/1 request to upstream k8s gRPC service Kubernetes	2	1653	February 9, 2022
Kong GRPC Support over Plain Text (Http2) Kubernetes	0	394	June 7, 2023
Tls termination for mqtt broker	1	945	April 15, 2020
GRPC API exposure Questions	8	4650	May 22, 2019
Implement proxy_ssl_server_name/ssl_name Installation/Setup	0	761	November 30, 2022