Spring Cloud Gateway OSS contains a filter to automatically transform a JSON request into to gRPC request transparently for the client. You can configure this filter with the following route configuration:
apiVersion: "tanzu.vmware.com/v1"
kind: SpringCloudGatewayRouteConfig
metadata:
name: test-gateway-grpc-routes
spec:
routes:
- uri: https://test-grpc-server-service
predicates:
- Path=/json/hello
filters:
- JsonToGrpc=file:proto-file/hello.pb,file:proto-file/hello.proto,HelloService,hello
Since gRPC is based on HTTP/2 it is a good practice to secure the gateway application via TLS. A complete configuration requires configuring both the certificate to connect to the gRPC service and the keystore to expose the gateway HTTP endpoint. If your gateway access is not secured (for example, TLS is treated in another layer like ingress) you can ignore the server.ssl.* properties from the example. In order for the gateway to have access to the protobuf definition files, the public certificate, and, for example, the key store. It can be configured the following way:
apiVersion: "tanzu.vmware.com/v1"
kind: SpringCloudGateway
metadata:
name: test-gateway-grpc
spec:
env:
- name: "spring.cloud.gateway.httpclient.ssl.trusted-x509-certificates"
value: "file:ssl-files/public.cert"
- name: "server.ssl.key-store-type"
value: "PKCS12"
- name: "server.ssl.key-store"
value: "file:ssl-files/keystore.p12"
- name: "server.ssl.key-store-password"
value: "password"
- name: "server.http2.enabled"
value: "true"
podOverrides:
containers:
- name: gateway
volumeMounts:
- name: proto-file
mountPath: /workspace/proto-file
- name: ssl-files
mountPath: /workspace/ssl-files
volumes:
- name: proto-file
configMap:
name: proto-file
items:
- key: hello.pb
path: hello.pb
- key: hello.proto
path: hello.proto
- name: ssl-files
configMap:
name: ssl-files
items:
- key: keystore.p12
path: keystore.p12
- key: public.cert
path: public.cert
Content feedback and comments