olvesh · April 23, 2018 14:50
diff --git a/grpcbin.proto b/grpcbin.proto
 syntax = "proto3";

 package grpcbin;

 service GRPCBin {
    // This endpoint
    rpc Index (EmptyMessage) returns (IndexReply) {
    }
    // Unary endpoint that takes no argument and replies an empty message.
    rpc Empty (EmptyMessage) returns (EmptyMessage) {
    }
    // Unary endpoint that replies a received DummyMessage
    rpc DummyUnary (DummyMessage) returns (DummyMessage) {
    }
    // Stream endpoint that sends back 10 times the received DummyMessage
    rpc DummyServerStream (DummyMessage) returns (stream DummyMessage) {
    }
    // Stream endpoint that receives 10 DummyMessages and replies with the last received one
    rpc DummyClientStream (stream DummyMessage) returns (DummyMessage) {
    }
    // Stream endpoint that sends back a received DummyMessage indefinitely (chat mode)
    rpc DummyBidirectionalStreamStream (stream DummyMessage) returns (stream DummyMessage) {
    }
    // Unary endpoint that raises a specified (by code) gRPC error
    rpc SpecificError (SpecificErrorRequest) returns (EmptyMessage) {
    }
    // Unary endpoint that raises a random gRPC error
    rpc RandomError (EmptyMessage) returns (EmptyMessage) {
    }
    // Unary endpoint that returns headers
    rpc HeadersUnary (EmptyMessage) returns (HeadersMessage) {
    }
    // Unary endpoint that returns no respnose
    rpc NoResponseUnary (EmptyMessage) returns (EmptyMessage) {
    }
 }

 message HeadersMessage {
    message Values {
        repeated string values = 1;
    }
    map<string, Values> Metadata = 1;
 }

 message SpecificErrorRequest {
    uint32 code = 1;
    string reason = 2;
 }

 message EmptyMessage {
 }

 message DummyMessage {
    message Sub {
        string f_string = 1;
    }
    enum Enum {
        ENUM_0 = 0;
        ENUM_1 = 1;
        ENUM_2 = 2;
    }
    string f_string = 1;
    repeated string f_strings = 2;
    int32 f_int32 = 3;
    repeated int32 f_int32s = 4;
    Enum f_enum = 5;
    repeated Enum f_enums = 6;
    Sub f_sub = 7;
    repeated Sub f_subs = 8;
    bool f_bool = 9;
    repeated bool f_bools = 10;
    int64 f_int64 = 11;
    repeated int64 f_int64s = 12;
    bytes f_bytes = 13;
    repeated bytes f_bytess = 14;
    float f_float = 15;
    repeated float f_floats = 16;
    // TODO: timestamp, duration, oneof, any, maps, fieldmask, wrapper type, struct, listvalue, value, nullvalue, deprecated
 }

 message IndexReply {
    message Endpoint {
        string path = 1;
        string description = 2;
    }
    string description = 1;
    repeated Endpoint endpoints = 2;
 }
diff --git a/grpcbin.yaml b/grpcbin.yaml
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  annotations:
    kubernetes.io/ingress.class: "nginx-grpc"
    nginx.ingress.kubernetes.io/grpc-backend: "true"
    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
    nginx.ingress.kubernetes.io/auth-tls-secret: "default/grpc-secret"
    nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
    kubernetes.io/tls-acme: "true"

  name: grpc-ingress
 spec:
  rules:
  - host: grpc.example.com
    http:
      paths:
      - backend:
          serviceName: grpcbin
          servicePort: 80
  tls:
  - secretName: grpc-example-com-tls
    hosts:
      - grpc.example.com
 ---
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    app: grpcbin
  name: grpcbin
 spec:
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 9000
    - name: https
      port: 443
      protocol: TCP
      targetPort: 9001
  selector:
    app: grpcbin
 ---
 apiVersion: apps/v1beta2
 kind: Deployment
 metadata:
  labels:
    app: grpcbin
  name: grpcbin
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: grpcbin
  template:
    metadata:
      labels:
        app: grpcbin
    spec:
      containers:
      - image: moul/grpcbin:latest
        imagePullPolicy: IfNotPresent
        name: grpcbin-grpcbin
        ports:
        - containerPort: 9000
          protocol: TCP
        - containerPort: 9001
          protocol: TCP
        resources:
          limits:
            cpu: 5m
          requests:
            cpu: 5m
            memory: 32Mi
diff --git a/secret-setup.sh b/secret-setup.sh
 echo "asdf" | openssl genrsa -des3 -out cauth.key -passout stdin 1024
 openssl req -new -x509 -days 365 -key cauth.key -out cauth.crt -passin

 openssl genrsa -des3 -out client.key 1024
 openssl req -new -key client.key -out client.csr
 openssl x509 -req -days 365 -in client.csr -CA cauth.crt -CAkey cauth.key -set_serial 01 -out client.crt

 #Used asdf for all passphrases

 cat client.crt cauth.crt > ca.crt

 #It seems nginx must have this in a file called ca.crt
 kubectl create secret generic grpc-secret --from-file=ca.crt
 kubectl apply -f grpcbin.yaml

 # Create pkcs8 formatted private key that is supported by polyglot
 openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in ~/DT/ccon-container/app/secrets/client.mydomain.com.key -out client-pkcs8.key

 curl -L https://github.com/grpc-ecosystem/polyglot/releases/download/v1.6.0/polyglot.jar -O
 echo '{}' | java -jar polyglot.jar --endpoint sds-receiver-grps.dev.disruptive-technologies.com:443 --full_method grpcbin.GRPCBin/HeadersUnary --proto_discovery_root=. --tls_client_cert_path=client.crt --tls_client_key_path=client-pkcs8.key --use_tls=true
	syntax = "proto3";

	package grpcbin;

	service GRPCBin {
	// This endpoint
	rpc Index (EmptyMessage) returns (IndexReply) {
	}
	// Unary endpoint that takes no argument and replies an empty message.
	rpc Empty (EmptyMessage) returns (EmptyMessage) {
	}
	// Unary endpoint that replies a received DummyMessage
	rpc DummyUnary (DummyMessage) returns (DummyMessage) {
	}
	// Stream endpoint that sends back 10 times the received DummyMessage
	rpc DummyServerStream (DummyMessage) returns (stream DummyMessage) {
	}
	// Stream endpoint that receives 10 DummyMessages and replies with the last received one
	rpc DummyClientStream (stream DummyMessage) returns (DummyMessage) {
	}
	// Stream endpoint that sends back a received DummyMessage indefinitely (chat mode)
	rpc DummyBidirectionalStreamStream (stream DummyMessage) returns (stream DummyMessage) {
	}
	// Unary endpoint that raises a specified (by code) gRPC error
	rpc SpecificError (SpecificErrorRequest) returns (EmptyMessage) {
	}
	// Unary endpoint that raises a random gRPC error
	rpc RandomError (EmptyMessage) returns (EmptyMessage) {
	}
	// Unary endpoint that returns headers
	rpc HeadersUnary (EmptyMessage) returns (HeadersMessage) {
	}
	// Unary endpoint that returns no respnose
	rpc NoResponseUnary (EmptyMessage) returns (EmptyMessage) {
	}
	}

	message HeadersMessage {
	message Values {
	repeated string values = 1;
	}
	map<string, Values> Metadata = 1;
	}

	message SpecificErrorRequest {
	uint32 code = 1;
	string reason = 2;
	}

	message EmptyMessage {
	}

	message DummyMessage {
	message Sub {
	string f_string = 1;
	}
	enum Enum {
	ENUM_0 = 0;
	ENUM_1 = 1;
	ENUM_2 = 2;
	}
	string f_string = 1;
	repeated string f_strings = 2;
	int32 f_int32 = 3;
	repeated int32 f_int32s = 4;
	Enum f_enum = 5;
	repeated Enum f_enums = 6;
	Sub f_sub = 7;
	repeated Sub f_subs = 8;
	bool f_bool = 9;
	repeated bool f_bools = 10;
	int64 f_int64 = 11;
	repeated int64 f_int64s = 12;
	bytes f_bytes = 13;
	repeated bytes f_bytess = 14;
	float f_float = 15;
	repeated float f_floats = 16;
	// TODO: timestamp, duration, oneof, any, maps, fieldmask, wrapper type, struct, listvalue, value, nullvalue, deprecated
	}

	message IndexReply {
	message Endpoint {
	string path = 1;
	string description = 2;
	}
	string description = 1;
	repeated Endpoint endpoints = 2;
	}
	apiVersion: extensions/v1beta1
	kind: Ingress
	metadata:
	annotations:
	kubernetes.io/ingress.class: "nginx-grpc"
	nginx.ingress.kubernetes.io/grpc-backend: "true"
	nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
	nginx.ingress.kubernetes.io/auth-tls-secret: "default/grpc-secret"
	nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
	kubernetes.io/tls-acme: "true"

	name: grpc-ingress
	spec:
	rules:
	- host: grpc.example.com
	http:
	paths:
	- backend:
	serviceName: grpcbin
	servicePort: 80
	tls:
	- secretName: grpc-example-com-tls
	hosts:
	- grpc.example.com
	---
	apiVersion: v1
	kind: Service
	metadata:
	labels:
	app: grpcbin
	name: grpcbin
	spec:
	ports:
	- name: http
	port: 80
	protocol: TCP
	targetPort: 9000
	- name: https
	port: 443
	protocol: TCP
	targetPort: 9001
	selector:
	app: grpcbin
	---
	apiVersion: apps/v1beta2
	kind: Deployment
	metadata:
	labels:
	app: grpcbin
	name: grpcbin
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: grpcbin
	template:
	metadata:
	labels:
	app: grpcbin
	spec:
	containers:
	- image: moul/grpcbin:latest
	imagePullPolicy: IfNotPresent
	name: grpcbin-grpcbin
	ports:
	- containerPort: 9000
	protocol: TCP
	- containerPort: 9001
	protocol: TCP
	resources:
	limits:
	cpu: 5m
	requests:
	cpu: 5m
	memory: 32Mi
	echo "asdf" \| openssl genrsa -des3 -out cauth.key -passout stdin 1024
	openssl req -new -x509 -days 365 -key cauth.key -out cauth.crt -passin

	openssl genrsa -des3 -out client.key 1024
	openssl req -new -key client.key -out client.csr
	openssl x509 -req -days 365 -in client.csr -CA cauth.crt -CAkey cauth.key -set_serial 01 -out client.crt

	#Used asdf for all passphrases

	cat client.crt cauth.crt > ca.crt

	#It seems nginx must have this in a file called ca.crt
	kubectl create secret generic grpc-secret --from-file=ca.crt
	kubectl apply -f grpcbin.yaml

	# Create pkcs8 formatted private key that is supported by polyglot
	openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in ~/DT/ccon-container/app/secrets/client.mydomain.com.key -out client-pkcs8.key

	curl -L https://github.com/grpc-ecosystem/polyglot/releases/download/v1.6.0/polyglot.jar -O
	echo '{}' \| java -jar polyglot.jar --endpoint sds-receiver-grps.dev.disruptive-technologies.com:443 --full_method grpcbin.GRPCBin/HeadersUnary --proto_discovery_root=. --tls_client_cert_path=client.crt --tls_client_key_path=client-pkcs8.key --use_tls=true