GRPC API exposure


#1

We are exposing a GRPC API and would like to perform rate limiting and access control. Do you support GRPC and/or HTTP/2 APIs?


#2

Hi,

Due to the lack of support for upstream HTTP/2 and gRPC support, Kong currently does not offer support for proxying such APIs. Our mid/long term plans are to offer support for HTTP/2 and gRPC, but no timeline can be given at this point, sorry.


#3

Any update on gRPC support in Kong?


#4

At this time we are waiting for OpenResty to officially bump the underlying Nginx core to at least 1.13.10 (in which gRPC proxying support was added to Nginx) before releasing any related work. No further updates, but we are actively thinking and taking steps in that direction.


#5

An update on this, as we have some good news to share: OpenResty 1.15.5.1rc0 was released yesterday (see https://github.com/openresty/openresty/issues/353#issuecomment-434153093), so a 1.15 based Kong version is now in sight on the horizon.

We will make efforts to bump our OpenResty code and test subsequent OpenResty release candidates after our Kong 1.0 release (on which we are still working on).

If you feel like hacking around with Kong and gRPC, you can run Kong with this new OpenResty rc already, just make sure to update the following file so that Kong accepts the new OpenResty version:

And of course, tweak the nginx configuration file to with some of the new ngx_http_grpc_module directives. If anybody is conducting any experiments on this, we would be curious to hear what you are up to!


#6

Thank for your information. I would like to share my experience here.

First, I rebuilded OpenResty 1.15.6.1rc0 https://openresty.org/download/openresty-1.15.6.1rc0.tar.gz (according to agentzh’s comment here: https://github.com/openresty/openresty/issues/353#issuecomment-440520657), installed luarocks, and rebuilded Kong 1.0.0rc3 (followed https://docs.konghq.com/install/source/ basically) with modified meta.lua:

-    nginx = {"1.13.6.2"},
+    nginx = {"1.15.6.1"},

Then, modified /etc/kong/kong.conf

proxy_listen = 0.0.0.0:8000 http2, 0.0.0.0:8443 http2 ssl

Then, modified kong/templates/nginx_kong.lua

server {
    server_name kong;
    …
    …
    + location /{your_gRPC_package.your_gRPC_service} {
    +     grpc_pass 127.0.0.1:50051; # forward to a gRPC server
    + }
}

to add a new location in Kong server to forward gRPC.

It works!

Sorry it might be too early, but have some questions about future plans for gRPC supports.

1. Will Kong support gRPC fowarding via the way of setting service and route?
Although now we can modify nginx_kong.lua to forward gRPC requests. It is a bit hacky and not that dynamic. I wonder if Kong would extend route configuration with new protocol: ‘grpc’? or other dynamic way?

2. Will rate-limit plugin work for gRPC service?
Assuming I create a gRPC server as Kong service, will rate-limit plugin be applicable to this service?

3. Will JWT plugin work for gRPC service?
If we add HTTP Authorization header in client gRPC requests, does it make JWT plugin work?

Thank you so much.


#7

@supl Glad you gave this a try! And very happy that you got it to work :slight_smile:

Then, modified kong/templates/nginx_kong.lua

Don’t forget that you can use your own nginx configuration template which should be slightly more elegant than patching Kong’s source template.

Now, to answer some of your questions:

Will Kong support gRPC fowarding via the way of setting service and route?

Yes, that is our plan for the future (post 1.0 release, so most likely first half of 2019). We intend to natively support gRPC proxying, although it is still too early to talk about the planned underlying model changes for this. Don’t forget that OpenResty 1.15.6.1 is hasn’t even started the proper release cycle, rc0 is still very early.

Will rate-limit plugin work for gRPC service?

So is our intent. When and how, it is too early to tell still.

Will JWT plugin work for gRPC service?

The answer here would be “maybe”. Hopefully. Again, it is very early to tell at this point, considering no work has started on our end (hence why I posted those above instructions, for any adventurous hackers). We are still focused on our 1.0 release.

Good job hacking around with Kong and gRPC!


#8

I understood it is still early.
I’ll keep following.

Thank you for answering :slight_smile: