Re-architecture the stack using gRPC for internal services

[thangchung]

Upgrade to latest version of netcorekit with gRPC protocol out of the box.

[thangchung]

References:

• https://github.com/grpc-ecosystem/grpc-gateway/blob/master/examples/gateway/main.go
• https://github.com/philips/grpc-gateway-example
• https://github.com/mch1307/go-ws-api
• https://blog.jdriven.com/2018/11/transcoding-grpc-to-http-json-using-envoy/ <= document

[thangchung]

Write out EnvoyFilter to port current envoy-proxy config to istio. Another thing is to integrate with id4 server, we have an example which integrates with key-cloak and the article.

Authorization on istio can be at https://istio.io/docs/reference/config/policy-and-telemetry/templates/authorization/

Forward the headers to metadata field mentioned at https://github.com/envoyproxy/envoy/issues/3038

Transcode

• https://github.com/mukundha/istio-sample-grpc-transcoding
• https://github.com/mukundha/hipster-apim-demo
• https://github.com/tetratelabs/istio-tools
• https://github.com/lucperkins/colossus

https://github.com/luismoramedina/istio-secure-microservices <== https://github.com/istio/proxy/issues/986 ==> great one https://tyk.io/docs/customise-tyk/plugins/rich-plugins/grpc/custom-auth-dot-net/ https://github.com/opentracing-contrib/csharp-grpc https://github.com/plaisted/grpc-csharp-middleware https://github.com/grpc/grpc/blob/master/src/csharp/Grpc.IntegrationTesting/MetadataCredentialsTest.cs https://github.com/istio/proxy/tree/master/src/envoy/http/jwt_auth https://github.com/BuiltCloud/Built/tree/master/src/Built.Grpc.HttpGateway

NodeJS:

• https://github.com/svengau/grpc-graphql-sample
• https://github.com/restorecommerce/chassis-srv
• https://github.com/amulyakashyap09/nodejs_grpc
• https://github.com/alfianlosari/node-grpc-server-note-crud
• https://github.com/KaindlJulian/todo-manager
• http://thecodebarbarian.com/introducing-mongoose-5 => mongoose async/await

[thangchung]

Another approach to build gRPC is to build up the .NET gateway by using .NET Core, then we can implement the calling context handler to call to gRPC service in the downstream. Some of that is planning and implementing by .NET Core 3.0. Some of examples code as below:

• https://github.com/grpc/grpc-dotnet <== Microsoft works here
• https://github.com/aspnet/grpc-dotnet <== Microsoft works here
• https://github.com/JunTaoLuo/GrpcSandbox
• https://github.com/jtattermusch/grpc-aspnetcore-experiments
• https://github.com/CodingMilitia/GrpcExtensions
• https://github.com/m-andrei/grpc-example-for-.net-core

[thangchung]

In order to debugging the app, we might need to enable egress-http on envoy-proxy, just like https://github.com/envoyproxy/envoy/blob/master/examples/grpc-bridge/config/s2s-python-envoy.yaml#L25 and https://github.com/envoyproxy/envoy/blob/master/configs/envoy_service_to_service_v2.template.yaml. But we need to do an experiment it a bit.

[thangchung]

Making Catalog and Rating services (Nodejs) work with Idp

// https://github.com/auth0/node-jsonwebtoken
// Verify using getKey callback
// Example uses https://github.com/auth0/node-jwks-rsa as a way to fetch the keys.
var jwksClient = require('jwks-rsa');
var client = jwksClient({
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json'
});
function getKey(header, callback){
  client.getSigningKey(header.kid, function(err, key) {
    var signingKey = key.publicKey || key.rsaPublicKey;
    callback(null, signingKey);
  });
}

jwt.verify(token, getKey, options, function(err, decoded) {
  console.log(decoded.foo) // bar
});

ref: https://github.com/lyphtec/idsvr4-node-jwks