This is a cache of https://docs.openshift.com/container-platform/4.9/serverless/knative-serving/external-ingress-routing/using-http2-gRPC.html. It is a snapshot of the page at 2024-11-25T19:50:41.948+0000.
Using HTTP2 and gRPC - Serving | Serverless | OpenShift Container Platform 4.9
×

OpenShift Serverless supports only insecure or edge-terminated routes. Insecure or edge-terminated routes do not support HTTP2 on OpenShift Container Platform. These routes also do not support gRPC because gRPC is transported by HTTP2. If you use these protocols in your application, you must call the application using the ingress gateway directly. To do this you must find the ingress gateway’s public address and the application’s specific host.

Interacting with a serverless application using HTTP2 and gRPC

This method applies to OpenShift Container Platform 4.10 and later. For older versions, see the following section.

Prerequisites
  • Install OpenShift Serverless Operator and Knative Serving on your cluster.

  • Install the OpenShift CLI (oc).

  • Create a Knative service.

  • Upgrade OpenShift Container Platform 4.10 or later.

  • Enable HTTP/2 on OpenShift Ingress controller.

Procedure
  1. Add the serverless.openshift.io/default-enable-http2=true annotation to the KnativeServing Custom Resource:

    $ oc annotate knativeserving <your_knative_CR> -n knative-serving serverless.openshift.io/default-enable-http2=true
  2. After the annotation is added, you can verify that the appProtocol value of the Kourier service is h2c:

    $ oc get svc -n knative-serving-ingress kourier -o jsonpath="{.spec.ports[0].appProtocol}"
    Example output
    h2c
  3. Now you can use the gRPC framework over the HTTP/2 protocol for external traffic, for example:

    import "google.golang.org/grpc"
    
    grpc.Dial(
       YOUR_URL, (1)
       grpc.WithTransportCredentials(insecure.NewCredentials())), (2)
    )
    1 Your ksvc URL.
    2 Your certificate.

Interacting with a serverless application using HTTP2 and gRPC in OpenShift Container Platform 4.9 and older

This method needs to expose Kourier Gateway using the LoadBalancer service type. You can configure this by adding the following YAML to your KnativeServing custom resource definition (CRD):

...
spec:
  ingress:
    kourier:
      service-type: LoadBalancer
...
Prerequisites
  • Install OpenShift Serverless Operator and Knative Serving on your cluster.

  • Install the OpenShift CLI (oc).

  • Create a Knative service.

Procedure
  1. Find the application host. See the instructions in Verifying your serverless application deployment.

  2. Find the ingress gateway’s public address:

    $ oc -n knative-serving-ingress get svc kourier
    Example output
    NAME                   TYPE           CLUSTER-IP      EXTERNAL-IP                                                             PORT(S)                                                                                                                                      AGE
    kourier   LoadBalancer   172.30.51.103   a83e86291bcdd11e993af02b7a65e514-33544245.us-east-1.elb.amazonaws.com   80:31380/TCP,443:31390/TCP   67m

    The public address is surfaced in the EXTERNAL-IP field, and in this case is a83e86291bcdd11e993af02b7a65e514-33544245.us-east-1.elb.amazonaws.com.

  3. Manually set the host header of your HTTP request to the application’s host, but direct the request itself against the public address of the ingress gateway.

    $ curl -H "Host: hello-default.example.com" a83e86291bcdd11e993af02b7a65e514-33544245.us-east-1.elb.amazonaws.com
    Example output
    Hello Serverless!

    You can also make a direct gRPC request against the ingress gateway:

    import "google.golang.org/grpc"
    
    grpc.Dial(
        "a83e86291bcdd11e993af02b7a65e514-33544245.us-east-1.elb.amazonaws.com:80",
        grpc.WithAuthority("hello-default.example.com:80"),
        grpc.WithInsecure(),
    )

    Ensure that you append the respective port, 80 by default, to both hosts as shown in the previous example.