How to expose GRPCS service deployed on kubernetes in AWS using Kops

Question

I'm deploying an grpc application that uses tls application ( grpcs to be precise). App is deployed to kube.netes cluster in AWS cloud created using Kops tool. I'm using self signed certs for auth (by now). The problem is I can't find any guideline on how to properly expose such service to outer world . There are bits and pieces here and there, but nothing that seems to do what I want. Additional level of complexity - I need to expose several ports on same service, so I can't use Ingress rules for k8s as my client application restricts using any paths in urls and requires me to specify only host and port. Inside cluster everything is setup and works as expected with authorisation and proper DNS resolution.

So ideally I want:

• Solution that proxies grpcs requests to specific service in cluster.
• Solution that introduces load balancer that does the same

Thank you very much for your time!

Answer 1

Ok. Thank was enough to fix the issue. Notice the annotation section.

apiVersion: v1
kind: Service

metadata:
  name: my-service
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "9999"
spec:
  ports:
    - port: 9999
      targetPort: 9999
      protocol: TCP
  selector:
    app: my-service
  type: LoadBalancer

Then I had to add A record with balancer dns name to Route 53, and it worked.

Answer 2

Over the time, I've reiterated on the solution and found external-dns sidecar container that watches all services appearing in the cluster, searches for certain annotation and creates Route53 records automatically. I could only make it work with KIAM sidecar container that manages roles for cluster nodes. Both dependencies proved to perform well in production.