feat: add grpc tls support on gateway #4522

samsja · 2022-03-21T14:59:44Z

This pr add tls suppport for the grpc gateway

allow tls on grpc server (gateway)
refactor to have a common API for http and gtpc tls support
(skip) OPTIONAL : intra pod communication using tls

PS: websocket and http gateway already handle tls

codecov · 2022-03-22T10:05:01Z

Codecov Report

Merging #4522 (03ec9ce) into master (b0f839b) will increase coverage by 0.43%.
The diff coverage is 95.83%.

@@            Coverage Diff             @@
##           master    #4522      +/-   ##
==========================================
+ Coverage   87.91%   88.34%   +0.43%     
==========================================
  Files         116      116              
  Lines        8455     8484      +29     
==========================================
+ Hits         7433     7495      +62     
+ Misses       1022      989      -33

Flag	Coverage Δ
daemon	`41.98% <37.50%> (-0.01%)`	⬇️
jina	`88.09% <95.83%> (+0.44%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
jina/orchestrate/flow/base.py	`91.45% <ø> (ø)`
jina/serve/runtimes/gateway/grpc/__init__.py	`95.83% <90.90%> (-1.61%)`	⬇️
jina/parsers/orchestrate/runtimes/remote.py	`100.00% <100.00%> (ø)`
jina/serve/runtimes/gateway/http/__init__.py	`97.77% <100.00%> (+0.21%)`	⬆️
jina/serve/runtimes/gateway/websocket/__init__.py	`97.77% <100.00%> (+0.21%)`	⬆️
jina/clients/base/__init__.py	`90.38% <0.00%> (-0.53%)`	⬇️
jina/serve/executors/__init__.py	`84.72% <0.00%> (+0.43%)`	⬆️
jina/serve/networking.py	`88.43% <0.00%> (+0.68%)`	⬆️
jina/orchestrate/deployments/__init__.py	`84.81% <0.00%> (+2.95%)`	⬆️
...deployments/config/k8slib/kubernetes_deployment.py	`51.21% <0.00%> (+4.87%)`	⬆️
... and 2 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b0f839b...03ec9ce. Read the comment docs.

github-actions · 2022-03-22T12:02:00Z

Latency summary

Current PR yields:

😶 index QPS at 1228, delta to last 2 avg.: -4%
🐢🐢 query QPS at 61, delta to last 2 avg.: -16%
🐎🐎🐎🐎 avg flow time within 1.5466 seconds, delta to last 2 avg.: +22%
😶 import jina within 0.3972 seconds, delta to last 2 avg.: +3%

Breakdown

Version	Index QPS	Query QPS	Avg Flow Time (s)	Import Time (s)
current	1228	61	1.5466	0.3972
`3.2.8`	1278	72	1.2679	0.3831
`3.2.7`	1294	72	1.2633	0.3832

Backed by latency-tracking. Further commits will update this comment.

style: fix overload and cli autocomplete feat: add tls

hanxiao · 2022-03-22T20:27:39Z

it is not clear to me if websocket'a TLS is included: if not, better include it. If it is already included, then please add it to PR's body

samsja · 2022-03-23T07:33:39Z

it is not clear to me if websocket'a TLS is included: if not, better include it. If it is already included, then please add it to PR's body

This pr is only about grpc as websocket is already handle both on server and on client side

JoanFM · 2022-03-23T09:19:08Z

Please, add documentation

JoanFM

Documentation required

tests/unit/serve/runtimes/gateway/grpc/test_grpc_tls.py

samsja · 2022-03-23T10:05:47Z

Documentation required

there is a pending PR that will add documentation for everything related to tls. #4500
I think that it is better to don't add documentation for this PR and do it only in the documentation PR

samsja mentioned this pull request Mar 21, 2022

Allow to use tls for grpc gateway #4492

Closed

github-actions bot added size/M area/cli This issue/PR affects the command line interface area/core This issue/PR affects the core codebase area/testing This issue/PR affects testing labels Mar 21, 2022

samsja closed this Mar 22, 2022

samsja reopened this Mar 22, 2022

samsja force-pushed the feat-tls-for-grpc branch 2 times, most recently from cb76f37 to 8320a7b Compare March 22, 2022 11:55

feat: add grpc ssl on server side

a1dbe5f

style: fix overload and cli autocomplete feat: add tls

samsja force-pushed the feat-tls-for-grpc branch from 8320a7b to a1dbe5f Compare March 22, 2022 12:57

samsja closed this Mar 22, 2022

samsja reopened this Mar 22, 2022

samsja force-pushed the feat-tls-for-grpc branch from 5fe46ba to f559aad Compare March 23, 2022 07:45

samsja marked this pull request as ready for review March 23, 2022 07:47

samsja closed this Mar 23, 2022

samsja reopened this Mar 23, 2022

refactor: add ssl key and cert as actual parameters

392dccf

samsja force-pushed the feat-tls-for-grpc branch from d9958e5 to 392dccf Compare March 23, 2022 08:05

style: fix overload and cli autocomplete

713f37a

samsja closed this Mar 23, 2022

samsja reopened this Mar 23, 2022

JoanFM reviewed Mar 23, 2022

View reviewed changes

JoanFM suggested changes Mar 23, 2022

View reviewed changes

tests/unit/serve/runtimes/gateway/grpc/test_grpc_tls.py Outdated Show resolved Hide resolved

fix: add fixture for tests log level

03ec9ce

samsja closed this Mar 23, 2022

samsja reopened this Mar 23, 2022

samsja requested a review from JoanFM March 23, 2022 12:35

JoanFM approved these changes Mar 23, 2022

View reviewed changes

JoanFM merged commit dd5f08e into master Mar 23, 2022

JoanFM deleted the feat-tls-for-grpc branch March 23, 2022 12:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: add grpc tls support on gateway #4522

feat: add grpc tls support on gateway #4522

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

feat: add grpc tls support on gateway #4522

feat: add grpc tls support on gateway #4522

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Latency summary

Breakdown

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!