Login/Register
How can two internal Cloud Run node.js microservices successfully communicate via gRPC?
Asked Answered
Solved node.jsgoogle-cloud-platformgrpcgoogle-cloud-rungrpc-node
A

1

6

New to Google Cloud Run and trying to have two node.js microservices communicate internally via gRPC.

The client interface:

constructor(address: string, credentials: grpc.ChannelCredentials, options?: object);

The client code:

const client: MyClient = new MyClient('my-service-abcdefgh3a-ew.a.run.app:443', grpc.credentials.createSsl());

The server code:

const server = new grpc.Server();
server.addService<IMyServer>(MyService, new MyServer());
server.bind(`0.0.0.0:${process.env.PORT}`, grpc.ServerCredentials.createInsecure());
server.start();

The server is set to listen to 443.

The above seems to work when the service is open to public requests but doesn't work when you have the server set as internal. Any ideas?

Amalgamate answered 24/8, 2020 at 17:9 Comment(1)
This is also documented in cloud.google.com/run/docs/triggering/grpc#request-auth. In a nutshell you need to provide Authentication header on outgoing RPCs (headers in gRPC are called "metadata").Symposiac
L
3

You have to add the credentials in the request metadata. Here an example

...
 // Create a client for the protobuf spec
  const client = new protoObj.Greeter(HOST, grpc.credentials.createInsecure());

  // Build gRPC request
  const metadata = new grpc.Metadata();
  metadata.add('authorization', `Bearer ${JWT_AUTH_TOKEN}`);

  // Execute gRPC request
  client.sayHello({name: GREETEE}, metadata, (err, response) => {...

Second question, how to get the JWT_AUTH_TOKEN. Here the documentation of Cloud Run to do this. But not completely, simply get the token and use it in the metadata of the request

...
request(tokenRequestOptions)
  .then((token) => {
  // add the token to the metadata
  });

// Make the call
...
Levins answered 24/8, 2020 at 20:49 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.