gRPC Settings
Pomerium's gRPC settings apply to internal communication between:
- Pomerium services running in split service mode.
- The Enterprise Console and core Pomerium in a Pomerium Enterprise deployment.
These settings have no effect on gRPC traffic proxied on a regular Pomerium route.
gRPC Address
gRPC Address specifies the IP address and port for the internal gRPC service to listen on.
How to configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Default |
|---|---|---|---|
grpc_address | GRPC_ADDRESS | string | :5443 in all-in-one mode :443 in split service mode |
Examples
grpc_address: :8443
GRPC_ADDRESS=:8443
grpc_address is a bootstrap configuration setting and is not configurable in the Console.
gRPC Address is not customizable with Kubernetes
gRPC Client DNS RoundRobin
gRPC Client DNS RoundRobin enables DNS-based round-robin load balancing. This method uses DNS to resolve endpoints and distributes load balancing of all addresses returned by the DNS record client side. Do not disable unless you have a specific use case.
How to configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Default |
|---|---|---|---|
grpc_client_dns_roundrobin | GRPC_CLIENT_DNS_ROUNDROBIN | boolean | true |
Examples
grpc_client_dns_roundrobin: false
GRPC_CLIENT_DNS_ROUNDROBIN=false
grpc_client_dns_roundrobin is a bootstrap configuration setting and is not configurable in the Console.
Kubernetes does not support gRPC Client DNS RoundRobin
gRPC Client Timeout
gRPC Client Timeout sets the maximum time before canceling an upstream gRPC request. During transient failures, the proxy will retry upstream servers for this duration. You should leave this high enough to handle backend service restart and rediscovery so that client requests do not fail.
How to configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Default |
|---|---|---|---|
grpc_client_timeout | GRPC_CLIENT_TIMEOUT | string (Go Duration formatting) | 10s |
Examples
grpc_client_timeout: 15s
GRPC_CLIENT_TIMEOUT=15s
grpc_client_timeout is a bootstrap configuration setting and is not configurable in the Console.
Kubernetes does not support gRPC Client Timeout
gRPC Insecure
gRPC Insecure disables transport security (TLS) for internal gRPC communication.
How to configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Default |
|---|---|---|---|
grpc_insecure | GRPC_INSECURE | boolean | true in all-in-one mode false in split service mode |
Examples
grpc_insecure: false
GRPC_INSECURE=false
grpc_insecure is a bootstrap configuration setting and is not configurable in the Console.
gRPC Insecure is not customizable in Kubernetes