Multiple gRPC services

I think websecure is the port on which SSL traffic gets routed. It is standard when installing Traefik via the chart, I believe. I am not sure what constitutes my dynamic configuration. Is that the configuration for the actual ingress (given below)? If not, let me know and I'll try to get the info you need.

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: whoami-grpc-route
  namespace: {{ .Values.environment.namespaceName }}
  annotations:
#    traefik.ingress.kubernetes.io/router.middlewares: "traefik-v2-autodetect@kubernetescrd"
#    traefik.ingress.kubernetes.io/service.serversscheme: h2c
spec:
  entryPoints:
  - websecure
  routes:
  - kind: Rule
    match: (Host(`{{ .Values.environment.namespaceName }}.mydomain.com`) || (Host(`{{ .Values.environment.namespaceName }}`))) && PathPrefix(`/update`)
    priority: 20
    middlewares:
    - name: strip-prefix-regex
      namespace: {{ .Values.environment.namespaceName }}
    services:
    - name: whoami-grpc-svc
      namespace: {{ .Values.environment.namespaceName }}
      port: {{ .Values.whoAmI.grpcInternalPort }}
      scheme: h2c
      passHostHeader: true
  tls:
    secretName: {{ .Values.environment.namespaceName }}.mydomain-tls
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: strip-prefix-regex
  namespace: {{ .Values.environment.namespaceName }}
spec:
  stripPrefixRegex:
    regex:
      - "^/[^/]+"

I installed Traefik using the chart (https://traefik.github.io/charts), specifically, this file has the values https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml). That sets these args (I am assuming that is the static configuration in my case):

- '--global.checknewversion'
- '--global.sendanonymoususage'
- '--entrypoints.metrics.address=:9100/tcp'
- '--entrypoints.traefik.address=:9000/tcp'
- '--entrypoints.web.address=:8000/tcp'
- '--entrypoints.websecure.address=:8443/tcp'
- '--api.dashboard=true'
- '--ping=true'
- '--metrics.prometheus=true'
- '--metrics.prometheus.entrypoint=metrics'
- '--providers.kubernetescrd'
- '--providers.kubernetesingress'
- '--entrypoints.websecure.http.tls=true'
- '--entrypoints.proxy.address=:6809/tcp'
- '--log.level=DEBUG'
- '--log.format=json'
- '--providers.kubernetescrd'
- '--providers.kubernetesingress=true'
- '--serversTransport.insecureSkipVerify=true'
- '--api=true'
- '--api.insecure=true'
- '--api.dashboard=true'
- '--accesslog'
- '--accesslog.format=json'

Did you manage to make this work eventually? I'm interested in a working example setup ^^

I did. I have to dig to find the source. Still interested?

I'm battling with the same problem. @thelever it would be great if you could share your solution

The key is in matching the regex which strips the prefix and the name at which you post the POST call. So, if your service is called FooService (from the proto), and you target the post at somedomain.com, you'll want to remove "bar" in the prefix stripping such that the URL matches that the service expects. Make sense?

FYI, I was able to make this work using a simple prefix path using the Protobuf package. The idea is that the Protobuf package is the prefix of the HTTP2 call the underling gRPC call.

The URL path is formated this way /<Package>.<Service>/<Method>, so if you map one grpc package (or service, or even method) to one service you can simply use a prefix path to redirect to the internal service using an Ingress.

Here is an example Ingress assuming that you have a foo-service Service that serve the gRPC API define in a foo_grpc_package:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: foo
  namespace: default
spec:
  ingressClassName: traefik
  rules:
  - http:
      paths:
      - backend:
          service:
            name: foo-service
            port:
              number: 80
        path: /foo_grpc_package
        pathType: Prefix

No need to strip prefix this way, which simplify the configuration and improve compatibility with clients.

Could you please share how you achieved it with Nginx Ingress