New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gRPC client response http1.x server #2497
Comments
Hi Kent, looking at this. At first glance, I'd recommend the following:
Also, increase the logging on the nginx controller. Here's mine:
(may also compare outcome using this image (quay.io/aledbf/nginx-ingress-controller:0.348) to 0.14, though I doubt that would be the cause) |
Also @aledbf I can't see grpc-fortune-teller via browsing https://quay.io/organization/kubernetes-ingress-controller or:
|
Hi @pcj , many thanks for the help! I actually wasn't able to grab the image as you just pointed out. I'm just using an gRPC test image of my own that has a single response like yours. It works just fine using NodePort and no Ingress. This is the full output from the client:
The port-forward command output. Is it suppose hang? Had to ctrl-c to exit.
More verbose controller output from startup to several request attempts, made a gist here. |
Fixed |
@pcj, Is anything popping out to you here? Can I provide anything else? |
Looks like you may have mis-spelled the annotation |
@pcj Thanks for catching that! Unfortunately it doesn't seem to have fixed the issue. I continue to get Do you get an address listed on your ingress?
nginx ingress controller log tail
|
I have the same issue. The I am connecting directly to the ingress controller to avoid any issues with platform load balancers without support for HTTP/2:
On the node-based client (it also fails with a java client, though with a different client error):
And in the nginx ingress pod logs at debug level 5:
|
I guess it's failing because nginx does not support both http and http/2 on port 80... See #2444. |
@rocketraman Were you able to get your setup working on another port then? |
@kent-williams The only easy way I see to do that with ingress-nginx is to create another ingress controller with a different class. I haven't tried that yet because my workaround of using node-port directly is working fine for now, and am hoping for a better built-in solution that doesn't require managing another ingress. |
@pcj @aledbf I have yet to get this successfully working still. I can confirm that using port-forward to the pod works just fine. I have noticed that request attempts from chrome seem to get routed just fine to the appropriate backend pod, but do not from the grpc client? Below is log outputs from the ingress controller that I sent the request to. Obviously a GET request is expected to fail, but it's clearly getting to the pod, and the grpc client request are not. nginx ingress controller log from grpc client request
nginx ingress controller log from chrome request
Any suggestions for uncovering more information on the routing would be much appreciated! |
@kent-williams I am facing similar issues while running the example, were you able to get this working? Thanks! |
@mayankjuneja I have not unfortunately. I'm hoping that someone can shine some more light on this less than helpful log output from the nginx controller from gRPC connection attempts.
|
@aledbf
|
I have this working now. I was not properly opening a TLS channel in the gRPC client. It would have been helpful to know from the ingress controller side that the request were not being routed to the backend because of this. |
@kent-williams Are you using grpcurl? Do you mind sharing the client code, what changes did you make? Thanks! |
@mayankjuneja I was using it to test an initial connection. You should be able to get through with the -insecure option with grpcurl at port 443. This was necessary for me since I am using a self signed cert for the gRPC ingress secret. I will link my test grpc client/server tomorrow! |
@mayankjuneja my testing client/server grpc-python-kubernetes Let me know if I can help! |
hey @kent-williams any idea on how we can disable TLS auth? I have everything running just like you did, but want to try disabling it. |
@odino if you really want to use grpc backend without TLS, you can use e.g. nghttpx proxy. It works for me perfectly :) (I'm using it only for gRPC in internal, private network). There is even ingress implementation for it: https://github.com/zlabjp/nghttpx-ingress-lb |
Hi. I am facing this issue on my local kubernetes cluster, which has a grpc-server service listening on port 50053, and an ingress object with |
For what it's worth, I encountered this same error and ultimately realized it was the result of providing a custom |
If anyone tried to make K8s Tensorflow Serving over gRPC work using Helm Charts, here is my working example. Hope it helps. |
can you share the configuration how you achieved this? i am facing similar issue of 400 status code |
BUG REPORT :
NGINX Ingress controller version:
0.14.0
Kubernetes version (use
kubectl version
):1.10.2
Environment:
Baremetal via juju
ubuntu 16.04
uname -a
):4.4.0-116-generic
What happened:
Continue to get the following gRPC client response:
StatusCode.UNAVAILABLE, Trying to connect an http1.x server
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
Following gRPC Example:
Created TLS Secret for Ingress.
app.yaml
svc.yaml
ingress.yaml
NGINX Ingress Controller Logs including startup and incoming gRPC request at the bottom
Anything else we need to know:
The text was updated successfully, but these errors were encountered: