APIs come in all different shapes and forms. In this tutorial, I'll show you a K8s Ingress gRPC example. I’ll explain how to deploy a gRPC service to Kubernetes and provide external access to the service using Kong's Kubernetes Ingress Controller.
And to hype you up a little bit about the upcoming live-action movie, Dune, based on Frank Herbert’s book, I created a Kubernetes service that delivers Dune quotes. It's arguably one of the most outstanding science fiction books ever written…what do you think? Let me know @GAMUSSA on Twitter.
Before we dive into the code, let's review a few basics.
gRPC is a procedural framework initially developed by Google in 2015. Based on HTTP2 protocol for transport and Protocol Buffer (Protobuf) as the interface definition language, gRPC has seen growing adoption in recent years. gRPC has several capabilities that traditional REST APIs struggle with, such as bidirectional streaming and efficient binary encoding.
Kong supports TCP streams and can proxy any protocol built on top of a TCP or TLS. We felt that native support for gRPC would allow a growing user base to leverage Kong to manage their REST and gRPC services uniformly.
Now that we've covered the basics, let's take a look at the Protobuf definition of my Dune Quote service.
My Protobuf definition contains a quote service that uses two methods. One method is to deliver a simple quote on any gRPC request. That method doesn’t require any input parameter, so we'll be using the Protobuf empty type. And as a return, it will have a quote message that will include a message field.
And another method that I have here is a GetQuoteStream method that also doesn’t require any parameters to provide. In this case, I also used an empty type. But in this case, I’m returning a stream of these results.
I’m using Java to generate a server-side implementation of the service. However, you can take this proto file and implement this service in any language that you use.
Protobuf comes with various tools in different languages, including some code generators that support your language of choice.
Let's take a look at the deployment for our Dune Quote service.
I'm using the same image in my deployment, but my active service will be using version 3.
My application will be running the GRPC_SERVER on port 9001. And this port will be available to the service to expose this inside my Kubernetes cluster.
My service has security enabled. And I do provide some certificates in the gRPC server private key.
I’m using a self-signed TLS certificate in this example. You'll need to use a certificate signed by a certification authority that you trust in a production use case.
I created the secrets. After that, I mount those secrets as files in my deployment.
My service will use port 9001 as my target port. Pay attention to Line 6, where I have the limitation: konghq.com/protocol. It will respond to gRPC as a protocol because my service has security enabled, and I need to notify my Kong Gateway that my service understands gRPCS protocol.
And last but not least, I need to create an ingress.
You see some familiar things like ingress.class that corresponds to my open source Kong Ingress Controller. Now, I also have an annotation here: konghq.com/protocols
It's an ingress configuration that allows Kong Gateway to understand what kind of incoming clients we expect. In this case, we’re creating this ingress for gRPCS because we’re expecting gRPC clients to connect to the service. We’re using gRPC or gRPCS protocols.
Before deploying the Kubernetes service, we'll need to set up Kong Ingress Controller and Kubernetes cert-manager.
I've already installed the Kong Ingress Controller. If you haven't, follow along in my previous getting started tutorial.
I configured my cluster to use cert-manager. I will be using certificates issued by LetsEncrypt. In Kong's documentation, there is a getting started guide for cert-manager that allows you to configure your Kong Ingress Controller and your API Gateway to use automatically issued certificates for TLS.
Next, we need to follow the Kubernetes cert-manager documentation.
Then, we'll be able to request the TLS certificate from the certification authority. And after that, the application will use port 443 TLS to communicate with external clients.
That’s why I have this annotation, kubernetes.io/tls-acme, to use an automatic certificate management extension enabled for my cluster. I’m using the LetsEncrypt server production version to receive the certificate.
The next thing is to configure my ingress. I need to specify that I’m using TLS for my ingress and issue a certificate for this domain name. This domain name corresponds to the external IP address that Google Cloud Platform provided.
It’s the same configuration rules for the particular path. By default, that will correspond to my Dune Quote service.
Inbound traffic will listen on gRPC or gRPCS protocols. My Kong Gateway and Dune Quote service will also use the gRPCS protocol because I deployed my service using gRPCS.
The next thing is to configure my ingress. I need to specify that I’m using TLS for my ingress and issue a certificate for this domain name. This domain name corresponds to the external IP address that Google Cloud Platform provided.
It’s the same configuration rules for the particular path. By default, that will correspond to my Dune Quote service.
Inbound traffic will listen on gRPC or gRPCS protocols. My Kong Gateway and Dune Quote service will also use the gRPCS protocol because I deployed my service using gRPCS.
Before we can deploy, we need to provide two secrets.
We can provide the secrets with the below script. It generates a self-signed certificate and after that, applies this certificate and key as my secrets.
Next, let's restart the deployment and bring up our service.
Once our service is up, we can use Insomnia to hit the service.
In Insomnia, let's upload our proto file. Once that's uploaded, we'll see two methods, GetQuote and GetQuoteStream.
When we hit GetQuote, we get some quotes from Dune. It works!
Next, let’s see if streaming works by switching to the GetQuoteStream. When I click Start, my response contains 10 responses from the gRPCS server. Nice!
And my implementation has an interceptor that will log all the calls to my service.
In this article, I showed you how to deploy a gRPC service to Kubernetes and expose it outside of the cluster using Kong Ingress Controller.
Once you've finished this Kubernetes Ingress gRPC example, you may find these other Kubernetes tutorials helpful:
Have questions or want to stay in touch with the Kong community? Join us wherever you hang out:
We're very excited to announce Kong Mesh 2.12 to the world! Kong Mesh 2.12 delivers two very important features: SPIFFE / SPIRE support, which provides enterprise-class workload identity and trust models for your mesh, as well as a consistent Kuma R
Meet Emily. She’s an API product manager at ACME, Inc., an ecommerce company that runs on dozens of APIs. One morning, her team lead asks a simple question: “Who’s our top API consumer, and which of your APIs are causing the most issues right now?”
In the last two parts of this series, we discussed How to Strengthen a ReAct AI Agent with Kong AI Gateway and How to Build a Single-LLM AI Agent with Kong AI Gateway and LangGraph . In this third and final part, we're going to evolve the AI Agen
In my previous post, we discussed how we can implement a basic AI Agent with Kong AI Gateway. In part two of this series, we're going to review LangGraph fundamentals, rewrite the AI Agent and explore how Kong AI Gateway can be used to protect an LLM
This is part one of a series exploring how Kong AI Gateway can be used in an AI Agent development with LangGraph. The series comprises three parts: Basic ReAct AI Agent with Kong AI Gateway Single LLM ReAct AI Agent with Kong AI Gateway and LangGr
What Is RAG, and Why Should You Use It? RAG (Retrieval-Augmented Generation) is not a new concept in AI, and unsurprisingly, when talking to companies, everyone seems to have their own interpretation of how to implement it. So, let’s start with a r
In February 2024, Kong became the first API platform to launch a dedicated AI gateway, designed to bring production-grade performance, observability, and policy enforcement to GenAI workloads. At its core, Kong’s AI Gateway provides a universal API