That's pretty cool. We use linkerd inside of DC/OS and configured marathon <https://linkerd.io/config/1.1.3/linkerd/index.html#marathon-service-discovery> namer to resolve ip addresses from :authority header. Since we have to use Mesos DNS (part of Marathon) there is not much we can do except overriding :authority.
Thanks. On Thursday, August 10, 2017 at 5:20:45 PM UTC-4, Ryan Michela wrote: > > We use linkerd as well and found a neat trick for routing grpc requests to > the proxy without having to muck with the Authority header. We added a > magic "localhost" domain name to our dns where all subdomains point to > 127.0.0.1. In the client builder, we set the destination to > servicename.mesh.company.com:4140, which resolves to 127.0.0.1:4140. > Linkerd is listening on port 4140. > > In our linkerd and dtab configuration, we use the > http-2-header-token-identifier > <https://linkerd.io/config/1.1.2/linkerd/index.html#http-2-header-token-identifier> > to > extract the :authority header from the grpc request. We run the result > through the subdomainofpfx namer > <https://linkerd.io/config/1.1.2/linkerd/index.html#subdomainofpfx> to > extract just the leftmost part of the authority header ("servicename" in > the above example). Finally, pass the service name to the Zookeeper > serversets announcer > <https://linkerd.io/config/1.1.2/linkerd/index.html#serversets> to > resolve the service name into a set of hosts and ports from our discovery > system. > > The dtab looks something like > /authority => /svc ; > /svc => /#/io.bouyant.http.subdomainOfPfx/mesh.company.com/s ; > /s => /#/io.l5d/serversets/services ; > > > > On Thu, Aug 10, 2017 at 1:37 PM, <vadim....@gmail.com <javascript:>> > wrote: > >> I use https://linkerd.io/ for the proxy - it performs load balancing and >> name resolution. It is HTTP/2 aware and uses authority header by default to >> resolve names. >> >> Yes, I use insecure channels and need to route certain connections only >> through the proxy, so setting global http proxy will not work. >> >> On Thursday, August 10, 2017 at 3:31:29 PM UTC-4, Eric Anderson wrote: >>> >>> On Wed, Aug 9, 2017 at 1:56 PM, <vadim....@gmail.com> wrote: >>> >>>> What's the right way to override authority for a channel or stub? >>>> >>>> I see there is withAuthority method in CallOptions, but there is no >>>> withAuthority method in AbstractStub and I cannot pass CallOptions to >>>> generated stubs. >>>> >>> >>> The withAuthority in CallOptions is a bit dangerous because it doesn't >>> currently verify the TLS certificate when being used. >>> >>> There is overrideAuthority method in ManagedChannelBuilder class, but >>>> the comment says "Should only used by tests". >>>> >>>> In gRPC C# I can do something like that: >>>> >>>> var channel = new Channel( >>>> "myproxy:4140", >>>> ChannelCredentials.Insecure, >>>> new []{new ChannelOption(ChannelOptions.DefaultAuthority, >>>> "original-authority")}); >>>> >>> >>> The equivalent of that in Java >>> is ManagedChannelBuilder.overrideAuthority(). The only reason that works >>> though is because you are using insecure. I'm assuming that the proxy is a >>> TCP-level proxy that knows nothing of HTTP/2. >>> >>> How does the proxy know where to proxy to? Normally we'd expect to see >>> an HTTPS proxy and we'd use HTTP's CONNECT to form a connection. >>> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "grpc.io" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/grpc-io/RK8fsCIOHDk/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> grpc-io+u...@googlegroups.com <javascript:>. >> To post to this group, send email to grp...@googlegroups.com >> <javascript:>. >> Visit this group at https://groups.google.com/group/grpc-io. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/grpc-io/446c1de1-11c6-4fef-9480-fbaec7d6fcb5%40googlegroups.com >> >> <https://groups.google.com/d/msgid/grpc-io/446c1de1-11c6-4fef-9480-fbaec7d6fcb5%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/e6261c89-77d4-4412-9df4-c89bc700d324%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
