If you are willing to trust someone else to resolve "localhost" for you,
you can leave your internal DNS untouched.

https://stackoverflow.com/questions/1562954/public-wildcard-domain-name-to-resolve-to-127-0-0-1

On Thu, Aug 10, 2017 at 2:37 PM, <vadim.iva...@gmail.com> wrote:

> That's pretty cool. We use linkerd inside of DC/OS and configured marathon
> <https://linkerd.io/config/1.1.3/linkerd/index.html#marathon-service-discovery>
> namer to resolve ip addresses from :authority header. Since we have to use
> Mesos DNS (part of Marathon) there is not much we can do except overriding
> :authority.
>
> Thanks.
>
> On Thursday, August 10, 2017 at 5:20:45 PM UTC-4, Ryan Michela wrote:
>>
>> We use linkerd as well and found a neat trick for routing grpc requests
>> to the proxy without having to muck with the Authority header. We added a
>> magic "localhost" domain name to our dns where all subdomains point to
>> 127.0.0.1. In the client builder, we set the destination to
>> servicename.mesh.company.com:4140, which resolves to 127.0.0.1:4140.
>> Linkerd is listening on port 4140.
>>
>> In our linkerd and dtab configuration, we use the
>> http-2-header-token-identifier
>> <https://linkerd.io/config/1.1.2/linkerd/index.html#http-2-header-token-identifier>
>>  to
>> extract the :authority header from the grpc request. We run the result
>> through the subdomainofpfx namer
>> <https://linkerd.io/config/1.1.2/linkerd/index.html#subdomainofpfx> to
>> extract just the leftmost part of the authority header ("servicename" in
>> the above example). Finally, pass the service name to the Zookeeper
>> serversets announcer
>> <https://linkerd.io/config/1.1.2/linkerd/index.html#serversets> to
>> resolve the service name into a set of hosts and ports from our discovery
>> system.
>>
>> The dtab looks something like
>> /authority => /svc ;
>> /svc       => /#/io.bouyant.http.subdomainOfPfx/mesh.company.com/s ;
>> /s         => /#/io.l5d/serversets/services ;
>>
>>
>>
>> On Thu, Aug 10, 2017 at 1:37 PM, <vadim....@gmail.com> wrote:
>>
>>> I use https://linkerd.io/ for the proxy - it performs load balancing
>>> and name resolution. It is HTTP/2 aware and uses authority header by
>>> default to resolve names.
>>>
>>> Yes, I use insecure channels and need to route certain connections only
>>> through the proxy, so setting global http proxy will not work.
>>>
>>> On Thursday, August 10, 2017 at 3:31:29 PM UTC-4, Eric Anderson wrote:
>>>>
>>>> On Wed, Aug 9, 2017 at 1:56 PM, <vadim....@gmail.com> wrote:
>>>>
>>>>> What's the right way to override authority for a channel or stub?
>>>>>
>>>>> I see there is withAuthority method in CallOptions, but there is no
>>>>> withAuthority method in AbstractStub and I cannot pass CallOptions to
>>>>> generated stubs.
>>>>>
>>>>
>>>> The withAuthority in CallOptions is a bit dangerous because it doesn't
>>>> currently verify the TLS certificate when being used.
>>>>
>>>> There is overrideAuthority method in ManagedChannelBuilder class, but
>>>>> the comment says "Should only used by tests".
>>>>>
>>>>> In gRPC C# I can do something like that:
>>>>>
>>>>> var channel = new Channel(
>>>>>     "myproxy:4140",
>>>>>     ChannelCredentials.Insecure,
>>>>>     new []{new ChannelOption(ChannelOptions.DefaultAuthority,
>>>>> "original-authority")});
>>>>>
>>>>
>>>> The equivalent of that in Java is 
>>>> ManagedChannelBuilder.overrideAuthority().
>>>> The only reason that works though is because you are using insecure. I'm
>>>> assuming that the proxy is a TCP-level proxy that knows nothing of HTTP/2.
>>>>
>>>> How does the proxy know where to proxy to? Normally we'd expect to see
>>>> an HTTPS proxy and we'd use HTTP's CONNECT to form a connection.
>>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "grpc.io" group.
>>> To unsubscribe from this topic, visit https://groups.google.com/d/to
>>> pic/grpc-io/RK8fsCIOHDk/unsubscribe.
>>> To unsubscribe from this group and all its topics, send an email to
>>> grpc-io+u...@googlegroups.com.
>>> To post to this group, send email to grp...@googlegroups.com.
>>> Visit this group at https://groups.google.com/group/grpc-io.
>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/grpc-io/446c1de1-11c6-4fef-9480-fbaec7d6fcb5%40googlegroups.com
>>> <https://groups.google.com/d/msgid/grpc-io/446c1de1-11c6-4fef-9480-fbaec7d6fcb5%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
> You received this message because you are subscribed to a topic in the
> Google Groups "grpc.io" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
> topic/grpc-io/RK8fsCIOHDk/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> grpc-io+unsubscr...@googlegroups.com.
> To post to this group, send email to grpc-io@googlegroups.com.
> Visit this group at https://groups.google.com/group/grpc-io.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/grpc-io/e6261c89-77d4-4412-9df4-c89bc700d324%40googlegroups.com
> <https://groups.google.com/d/msgid/grpc-io/e6261c89-77d4-4412-9df4-c89bc700d324%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to grpc-io+unsubscr...@googlegroups.com.
To post to this group, send email to grpc-io@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/grpc-io/CACzu-z8Qx_Ap5N5SoM3vhM3TCP8ep7xR9jzFsTJdSasxxQN9uQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to