gRPC Settings
Pomerium's gRPC settings apply to internal communication between:
- Pomerium services running in split service mode.
- The Enterprise Console and core Pomerium in a Pomerium Enterprise deployment.
These settings have no effect on gRPC traffic proxied on a regular Pomerium route.
gRPC Address
gRPC Address specifies the IP address and port for the internal gRPC service to listen on.
How to configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Default |
|---|---|---|---|
grpc_address | GRPC_ADDRESS | string | :5443 in all-in-one mode :443 in split service mode |
Examples
grpc_address: :8443
GRPC_ADDRESS=:8443
grpc_address is a bootstrap configuration setting and is not configurable in the Console.
gRPC Address is not customizable with Kubernetes
gRPC Client Timeout
gRPC Client Timeout sets the maximum time before canceling an upstream gRPC request. During transient failures, the proxy will retry upstream servers for this duration. You should leave this high enough to handle backend service restart and rediscovery so that client requests do not fail.
How to configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Default |
|---|---|---|---|
grpc_client_timeout | GRPC_CLIENT_TIMEOUT | string (Go Duration formatting) | 10s |
Examples
grpc_client_timeout: 15s
GRPC_CLIENT_TIMEOUT=15s
grpc_client_timeout is a bootstrap configuration setting and is not configurable in the Console.
Kubernetes does not support gRPC Client Timeout
gRPC Insecure
gRPC Insecure disables transport security (TLS) for internal gRPC communication.
How to configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Default |
|---|---|---|---|
grpc_insecure | GRPC_INSECURE | boolean | true in all-in-one mode false in split service mode |
Examples
grpc_insecure: false
GRPC_INSECURE=false
grpc_insecure is a bootstrap configuration setting and is not configurable in the Console.
gRPC Insecure is not customizable in Kubernetes