.NET Core 6 gRPC running in Kubernetes with Traefik

gRPC is ideal for communication between microservices. gRPC has performance advantages through the Protobuf message structure. gRPC is intended for internal systems due to its limited low browser support. Therefore very suitable to use within Kubernetes. It’s the recommended way from Microsoft to build RPC services using .NET.

.NET Core supports gRPC services with a special project type in Visual Studio 2022. Since .NET 6 there are many performance improvements and other features.

Running a gRPC .NET Core 6 service in Kubernetes, which can be accessed using Traefik needs some specific configuration.

The problem

After creating a Helm chart and configuring the values file with the obvious configuration and installing the chart, you are able to access the gRPC service. You will get an exception: 500 Internal Server Error. Despite the error, the pod is actually working. When you execute a port-forward to the Service or Pod, you will be able to call the gRPC service from your local machine.

So it has to do with ingress. Traefik is not able to pass the request because of TLS requirements that gRPC requires. So we have to configure Traefik to make sure that the calls after Traefik are using HTTP.
I’m used to configure Ingress using annotations on the Ingress. But the catch this time is that the annotation is needed on the Service.

The solution

Make sure the service has the following annotation:
traefik.ingress.kubernetes.io/service.serversscheme: h2c

The yaml for the service and ingress looks like this:

apiVersion: v1
kind: Service
  name: grpcdemo-service
    traefik.ingress.kubernetes.io/service.serversscheme: h2c
    - port: 80
    app.kubernetes.io/name: grpcdemo
    app.kubernetes.io/instance: grpcdemo
  type: ClusterIP
apiVersion: networking.k8s.io/v1
kind: Ingress
  name: grpcdemo-ingress
    ingress.kubernetes.io/protocol: https   
    cert-manager.io/cluster-issuer: letsencrypt-prod    
  - hosts:
      - grpcdemo.mydomain.com
    secretName: grpcdemo-tls 
  - host: grpcdemo.mydomain.com
      - path: /
        pathType: Prefix
            name: grpcdemo-service
              number: 80

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen.

WordPress.com logo

Je reageert onder je WordPress.com account. Log uit /  Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit /  Bijwerken )

Verbinden met %s

Deze site gebruikt Akismet om spam te bestrijden. Ontdek hoe de data van je reactie verwerkt wordt.