This example demonstrates step by step to deploy and access gRPC service to Kubernetes in Azure (aks)
- You have an Azure Subscription. Free $200 Azure Credit
- You have an image repository (this example used Azure container registry)
- Your gRPC service docker image is pushed to Azure Container registry(ACR) Push your image to ACR
- Create Azure kubernetes Cluster
az aks create -g <resourceGroupName> --name <kubernetes-cluster-name> --service-principal <servicePrincipalId> --client-secret <clientSecret>
- Create a public (static) IP address in the resource group MC_resourceGroupName_location and note the dns name
- Configure the route traffic to the ingress controller
helm install stable/nginx-ingress \
--namespace ingress-basic \
--set controller.replicaCount=1 \
--set controller.image.repository= quay.io/kubernetes-ingress-controller/nginx-ingress-controller \
--set controller.service.loadBalancerIP="<your Ip address>"
- Configure a DNS name: For the HTTPS certificates to work correctly, configure an FQDN for the ingress controller IP address. Update the following script with the IP address of your ingress controller and a unique name that you would like to use for the FQDN: (This step is not always necessay but good to be sure)
# Public IP address of static ip address
IP="<your static IP>"
# Name to associate with public IP address
DNSNAME="<dns name>"
# Get the resource-id of the public ip
PUBLICIPID=$(az network public-ip list --query "[?ipAddress!=null]|[?contains(ipAddress, '$IP')].[id]" --output tsv)
# Update public ip address with DNS name
az network public-ip update --ids $PUBLICIPID --dns-name $DNSNAME
- Create
secret
to pull image
kubectl create secret docker-registry <secret-name> --docker-server=<youracr.azurecr.io> --docker-username=<acrusername> --docker-password=<acr-password> --docker-email=<youremailaddress>
- Create
certificate
kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml
helm install stable/cert-manager \
--name cert-manager \
--namespace kube-system \
--set ingressShim.extraArgs='{--default-issuer-name=letsencrypt-prod,--default-issuer-kind=Issuer}' \
--set rbac.create=false
kubectl apply -f cert-issuer.yaml
kubectl apply -f certificates.yaml
If you get helm or tiller related error then run followin script and repeated step 6
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
helm init
- Kubernetes
ingress
kubectl create -f ingress.yaml
A few things to note:
We've tagged the ingress with the annotation nginx.ingress.kubernetes.io/backend-protocol: "GRPC". This is the magic ingredient that sets up the appropriate nginx configuration to route http/2 traffic to our service.
- Kubernetes
deployment
kubectl create -f app-deployment.yaml
- Kubernetes
service
kubectl create -f app-service.yaml
- Check
deployment, services and pods
you can run following commands to check deployment, services and pods
kubectl get ing -n ingress-basic
kubectl get deployment
kubectl get pods
kubectl logs <pod_name> -f
Why grpc service cannot be deployed on Azure Appservice (for windows and linux both) grpc/grpc-dotnet#578, dotnet/aspnetcore#9020 (comment)