Get ingress working for frontend gRPC service

Community Support
1

I’ve deployed temporal using helm chart on azure K8s and I’m not able to connect to the frontend gRPC service from outside the cluster. But I’m able to get the client application within the same cluster to connect to frontend service with its cluster ip address.

Questions:
I was not able to find Grpcurl in temporal pods, did I miss anything when deploying?

My Ingress resource manifest is below:
kind: Service
apiVersion: v1
metadata:
name: release-temporal-ingress-nginx-controller
namespace: temporal
uid: 2c6f35f4-9346-4bed-8d40-48467d2e9620
resourceVersion: ‘672709261’
creationTimestamp: ‘2024-05-22T14:58:30Z’
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: release-temporal
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.10.0
helm.sh/chart: ingress-nginx-4.10.0
annotations:
meta.helm.sh/release-name: release-temporal
meta.helm.sh/release-namespace: temporal
nginx.ingress.kubernetes.io/use-regex: ‘true’
service.beta.kubernetes.io/azure-load-balancer-internal: ‘true’
finalizers:
- service.kubernetes.io/load-balancer-cleanup
managedFields:
- manager: helm
operation: Update
apiVersion: v1
time: ‘2024-05-22T14:58:30Z’
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:meta.helm.sh/release-name: {}
f:meta.helm.sh/release-namespace: {}
f:nginx.ingress.kubernetes.io/use-regex: {}
f:service.beta.kubernetes.io/azure-load-balancer-internal: {}
f:labels:
.: {}
f:app.kubernetes.io/component: {}
f:app.kubernetes.io/instance: {}
f:app.kubernetes.io/managed-by: {}
f:app.kubernetes.io/name: {}
f:app.kubernetes.io/part-of: {}
f:app.kubernetes.io/version: {}
f:helm.sh/chart: {}
f:spec:
f:allocateLoadBalancerNodePorts: {}
f:externalTrafficPolicy: {}
f:internalTrafficPolicy: {}
f:ipFamilies: {}
f:ipFamilyPolicy: {}
f:ports:
.: {}
k:{“port”:80,“protocol”:“TCP”}:
.: {}
f:appProtocol: {}
f:name: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
k:{“port”:443,“protocol”:“TCP”}:
.: {}
f:appProtocol: {}
f:name: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
f:selector: {}
f:sessionAffinity: {}
f:type: {}
- manager: cloud-controller-manager
operation: Update
apiVersion: v1
time: ‘2024-05-22T14:58:35Z’
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:finalizers:
.: {}
v:“service.kubernetes.io/load-balancer-cleanup”: {}
f:status:
f:loadBalancer:
f:ingress: {}
subresource: status
spec:
ports:
- name: http
protocol: TCP
appProtocol: http
port: 80
targetPort: http
nodePort: 31319
- name: https
protocol: TCP
appProtocol: https
port: 443
targetPort: https
nodePort: 32753
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: release-temporal
app.kubernetes.io/name: ingress-nginx
clusterIP: 192.168.13.225
clusterIPs:
- 192.168.13.225
type: LoadBalancer
sessionAffinity: None
externalTrafficPolicy: Local
healthCheckNodePort: 31713
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
allocateLoadBalancerNodePorts: true
internalTrafficPolicy: Cluster
status:
loadBalancer:
ingress:
- ip: 10.23.160.10

My Ingress resource manifest is below:
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: temporal-temporalserver-frontend
namespace: temporalserver
uid: e429dae8-13f6-4fd7-b393-5bdbc1c21c11
resourceVersion: ‘682330243’
generation: 5
creationTimestamp: ‘2024-05-14T16:56:35Z’
labels:
app.kubernetes.io/component: frontend
app.kubernetes.io/instance: temporal
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: temporalserver
app.kubernetes.io/part-of: temporalserver
app.kubernetes.io/version: 1.23.0
helm.sh/chart: temporalserver-0.36.0
annotations:
kubernetes.io/ingress.class: nginx
meta.helm.sh/release-name: temporal
meta.helm.sh/release-namespace: temporalserver
nginx.ingress.kubernetes.io/backend-protocol: GRPC
nginx.ingress.kubernetes.io/force-ssl-redirect: ‘false’
nginx.ingress.kubernetes.io/proxy-body-size: 50m
nginx.ingress.kubernetes.io/proxy-connect-timeout: ‘60’
nginx.ingress.kubernetes.io/proxy-read-timeout: ‘60’
nginx.ingress.kubernetes.io/proxy-send-timeout: ‘60’
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: ‘false’
nginx.org/grpc-services: temporal-temporalserver-frontend
managedFields:
- manager: helm
operation: Update
apiVersion: networking.k8s.io/v1
time: ‘2024-06-07T01:26:47Z’
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubernetes.io/ingress.class: {}
f:meta.helm.sh/release-name: {}
f:meta.helm.sh/release-namespace: {}
f:nginx.ingress.kubernetes.io/backend-protocol: {}
f:nginx.ingress.kubernetes.io/force-ssl-redirect: {}
f:nginx.ingress.kubernetes.io/proxy-body-size: {}
f:nginx.ingress.kubernetes.io/proxy-connect-timeout: {}
f:nginx.ingress.kubernetes.io/proxy-read-timeout: {}
f:nginx.ingress.kubernetes.io/proxy-send-timeout: {}
f:nginx.ingress.kubernetes.io/rewrite-target: {}
f:nginx.ingress.kubernetes.io/ssl-redirect: {}
f:nginx.org/grpc-services: {}
f:labels:
.: {}
f:app.kubernetes.io/component: {}
f:app.kubernetes.io/instance: {}
f:app.kubernetes.io/managed-by: {}
f:app.kubernetes.io/name: {}
f:app.kubernetes.io/part-of: {}
f:app.kubernetes.io/version: {}
f:helm.sh/chart: {}
f:spec:
f:rules: {}
f:tls: {}
- manager: nginx-ingress-controller
operation: Update
apiVersion: networking.k8s.io/v1
time: ‘2024-06-07T02:31:27Z’
fieldsType: FieldsV1
fieldsV1:
f:status:
f:loadBalancer:
f:ingress: {}
subresource: status
spec:
tls:
- hosts:
- ergonapi-dv1.geico.net
secretName: certificate-tls-temporal-frontend
rules:
- host: ergonapi-dv1.geico.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: temporal-temporalserver-frontend
port:
number: 7233
status:
loadBalancer:
ingress:
- ip: 10.23.160.42

My Temporal frontend Service manifest is below:

kind: Service
apiVersion: v1
metadata:
name: temporal-temporalserver-frontend
namespace: temporalserver
uid: f9c36c95-dc14-4933-bc33-dcca78a650f4
resourceVersion: ‘669962719’
creationTimestamp: ‘2024-05-18T02:30:17Z’
labels:
app.kubernetes.io/component: frontend
app.kubernetes.io/instance: temporal
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: temporalserver
app.kubernetes.io/part-of: temporalserver
app.kubernetes.io/version: 1.23.0
helm.sh/chart: temporalserver-0.36.0
annotations:
meta.helm.sh/release-name: temporal
meta.helm.sh/release-namespace: temporalserver
managedFields:
- manager: helm
operation: Update
apiVersion: v1
time: ‘2024-05-18T02:30:17Z’
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:meta.helm.sh/release-name: {}
f:meta.helm.sh/release-namespace: {}
f:labels:
.: {}
f:app.kubernetes.io/component: {}
f:app.kubernetes.io/instance: {}
f:app.kubernetes.io/managed-by: {}
f:app.kubernetes.io/name: {}
f:app.kubernetes.io/part-of: {}
f:app.kubernetes.io/version: {}
f:helm.sh/chart: {}
f:spec:
f:internalTrafficPolicy: {}
f:ports:
.: {}
k:{“port”:7233,“protocol”:“TCP”}:
.: {}
f:name: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
f:selector: {}
f:sessionAffinity: {}
f:type: {}
spec:
ports:
- name: grpc-rpc
protocol: TCP
port: 7233
targetPort: rpc
selector:
app.kubernetes.io/component: frontend
app.kubernetes.io/instance: temporal
app.kubernetes.io/name: temporalserver
clusterIP: 192.168.113.186
clusterIPs:
- 192.168.113.186
type: ClusterIP
sessionAffinity: None
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
internalTrafficPolicy: Cluster
status:
loadBalancer: {}