We use linkerd as well and found a neat trick for routing grpc requests to the proxy without having to muck with the Authority header. We added a magic "localhost" domain name to our dns where all subdomains point to 127.0.0.1. In the client builder, we set the destination to servicename.mesh.company.com:4140, which resolves to 127.0.0.1:4140. Linkerd is listening on port 4140.
In our linkerd and dtab configuration, we use the http-2-header-token-identifier <https://linkerd.io/config/1.1.2/linkerd/index.html#http-2-header-token-identifier> to extract the :authority header from the grpc request. We run the result through the subdomainofpfx namer <https://linkerd.io/config/1.1.2/linkerd/index.html#subdomainofpfx> to extract just the leftmost part of the authority header ("servicename" in the above example). Finally, pass the service name to the Zookeeper serversets announcer <https://linkerd.io/config/1.1.2/linkerd/index.html#serversets> to resolve the service name into a set of hosts and ports from our discovery system. The dtab looks something like /authority => /svc ; /svc => /#/io.bouyant.http.subdomainOfPfx/mesh.company.com/s ; /s => /#/io.l5d/serversets/services ; On Thu, Aug 10, 2017 at 1:37 PM, <vadim.iva...@gmail.com> wrote: > I use https://linkerd.io/ for the proxy - it performs load balancing and > name resolution. It is HTTP/2 aware and uses authority header by default to > resolve names. > > Yes, I use insecure channels and need to route certain connections only > through the proxy, so setting global http proxy will not work. > > On Thursday, August 10, 2017 at 3:31:29 PM UTC-4, Eric Anderson wrote: >> >> On Wed, Aug 9, 2017 at 1:56 PM, <vadim....@gmail.com> wrote: >> >>> What's the right way to override authority for a channel or stub? >>> >>> I see there is withAuthority method in CallOptions, but there is no >>> withAuthority method in AbstractStub and I cannot pass CallOptions to >>> generated stubs. >>> >> >> The withAuthority in CallOptions is a bit dangerous because it doesn't >> currently verify the TLS certificate when being used. >> >> There is overrideAuthority method in ManagedChannelBuilder class, but the >>> comment says "Should only used by tests". >>> >>> In gRPC C# I can do something like that: >>> >>> var channel = new Channel( >>> "myproxy:4140", >>> ChannelCredentials.Insecure, >>> new []{new ChannelOption(ChannelOptions.DefaultAuthority, >>> "original-authority")}); >>> >> >> The equivalent of that in Java is ManagedChannelBuilder.overrideAuthority(). >> The only reason that works though is because you are using insecure. I'm >> assuming that the proxy is a TCP-level proxy that knows nothing of HTTP/2. >> >> How does the proxy know where to proxy to? Normally we'd expect to see an >> HTTPS proxy and we'd use HTTP's CONNECT to form a connection. >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "grpc.io" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/grpc-io/RK8fsCIOHDk/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > grpc-io+unsubscr...@googlegroups.com. > To post to this group, send email to grpc-io@googlegroups.com. > Visit this group at https://groups.google.com/group/grpc-io. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/grpc-io/446c1de1-11c6-4fef-9480-fbaec7d6fcb5%40googlegroups.com > <https://groups.google.com/d/msgid/grpc-io/446c1de1-11c6-4fef-9480-fbaec7d6fcb5%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CACzu-z_QDqcK%3DHeARd6U_NK_4Z-rBvHfXXnj845eA%2BXicT4kbA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
