Apply suggestions from code review

Co-authored-by: Michael Pleshakov <[email protected]>

examples-of-custom-resources/grpc-upstreams/README.md

@@ -1,60 +1,33 @@
 # gRPC support
 
-To support a gRPC application using Virtual server resources with NGINX Ingress controllers, you need to add the **type: grpc** field to an upstream.
+To support a gRPC application using VirtualServer resources with NGINX Ingress Controller, you need to add the **type: grpc** field to an upstream.
 The protocol defaults to http if left unset.
 
 ## Prerequisites
 
-1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) instructions to deploy the Ingress Controller with custom resources enabled.
-2. Save the public IP address of the Ingress Controller into a shell variable:
-    ```
-    $ IC_IP=XXX.YYY.ZZZ.III
-    ```
-3. Save the HTTPS port of the Ingress Controller into a shell variable:
-    ```
-    $ IC_HTTPS_PORT=<port number>
-    ```
-
-## Step 0 - Replace the ConfigMap
-
 * HTTP/2 must be enabled. See `http2` ConfigMap key in the [ConfigMap](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/#listeners)
 
+* VirtualServer and VirtualServerRoute resources for gRPC applications must include TLS termination.
+
+## Example
+
+```yaml
+apiVersion: k8s.nginx.org/v1
+kind: VirtualServer
+metadata:
+  name: grpc-vs
+spec:
+  host: grpc.example.com
+  tls:
+    secret: gprc-secret
+  upstreams:
+  - name: grpc1
+    service: grpc-svc
+    port: 50051
+    type: grpc
+  routes:
+  - path: /helloworld.Greeter
+    action:
+      pass: grpc1
 ```
-$ kubectl apply -f nginx-config.yaml
-```
-
-## Step 1 - Deploy the Cafe Application
-
-Create the greeter and the grpc-svc deployment and service:
-```
-$ kubectl create -f grpc-app.yaml
-```
-
-## Step 2 - Configure Load Balancing and TLS Termination
-
-1. Create the secret with the TLS certificate and key:
-    ```
-    $ kubectl create -f vs-grpc-secret.yaml
-    ```
-
-2. Create the VirtualServer resource:
-    ```
-    $ kubectl create -f vs-grpc.yaml
-    ```
-
-## Step 3 - Test the Configuration
-
-1. Check that the configuration has been successfully applied by inspecting the events of the VirtualServer:
-    ```
-    $ kubectl describe virtualserver virtual-server
-    . . .
-    Events:
-      Type    Reason          Age   From                      Message
-      ----    ------          ----  ----                      -------
-      Normal  AddedOrUpdated  7s    nginx-ingress-controller  Configuration for default/virtual-server was added or updated
-    ```
-2. Access the application using a version of the helloworld gRPC client; see the (documentation here)[https://grpc.io/docs/languages/go/quickstart/] - e.g.:
-
-$(go env GOPATH)/bin/greeter_client
-2021/11/01 14:22:25 Received: world
-2021/11/01 14:22:25 Greeting: Hello world
+*grpc-svc* is a service for the gRPC application. The service becomes available at the `/helloworld.Greeter` path. Note how we used the **type: grpc** field in the Upstream configuration.

internal/configs/version2/nginx-plus.virtualserver.tmpl

@@ -345,7 +345,7 @@ server {
         proxy_pass {{ $l.InternalProxyPass }};
         {{ end }}
 
-        {{ if or $l.ProxyPass $l.GRPCPass}}
+        {{ if or $l.ProxyPass $l.GRPCPass }}
             {{ range $r := $l.Rewrites }}
         rewrite {{ $r }};
             {{ end }}
@@ -366,29 +366,35 @@ server {
         {{ $proxyOrGRPC }}_buffer_size {{ $l.ProxyBufferSize }};
             {{ end }}
 
-        {{ if $l.GRPCPass }}
-        error_page 400 @grpcerror400;
-        error_page 401 @grpcerror401;
-        error_page 403 @grpcerror403;
-        error_page 404 @grpcerror404;
-        error_page 405 @grpcerror405;
-        error_page 408 @grpcerror408;
-        error_page 414 @grpcerror414;
-        error_page 426 @grpcerror426;
-        error_page 500 @grpcerror500;
-        error_page 501 @grpcerror501;
-        error_page 502 @grpcerror502;
-        error_page 503 @grpcerror503;
-        error_page 504 @grpcerror504;
-        {{ end }}
+            {{ if $l.GRPCPass }}
+        error_page 400 = @grpc_internal;
+        error_page 401 = @grpc_unauthenticated;
+        error_page 403 = @grpc_permission_denied;
+        error_page 404 = @grpc_unimplemented;
+        error_page 429 = @grpc_unavailable;
+        error_page 502 = @grpc_unavailable;
+        error_page 503 = @grpc_unavailable;
+        error_page 504 = @grpc_unavailable;
+        error_page 405 = @grpc_internal;
+        error_page 408 = @grpc_deadline_exceeded;
+        error_page 413 = @grpc_resource_exhausted;
+        error_page 414 = @grpc_resource_exhausted;
+        error_page 415 = @grpc_internal;
+        error_page 426 = @grpc_internal;
+        error_page 495 = @grpc_unauthenticated;
+        error_page 496 = @grpc_unauthenticated;
+        error_page 497 = @grpc_internal;
+        error_page 500 = @grpc_internal;
+        error_page 501 = @grpc_internal;
+            {{ end }}
 
-        {{ if not $l.GRPCPass }}
+            {{ if not $l.GRPCPass }}
         proxy_http_version 1.1;
         set $default_connection_header {{ if $l.HasKeepalive }}""{{ else }}close{{ end }};
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $vs_connection_header;
         proxy_pass_request_headers {{ if $l.ProxyPassRequestHeaders }}on{{ else }}off{{ end }};
-        {{ end }}
+            {{ end }}
         {{ $proxyOrGRPC }}_set_header X-Real-IP $remote_addr;
         {{ $proxyOrGRPC }}_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         {{ $proxyOrGRPC }}_set_header X-Forwarded-Host $host;
@@ -433,47 +439,54 @@ server {
     {{ with $ssl := $s.SSL }}
         {{ if $ssl.HTTP2 }}
 	location @grpc_deadline_exceeded {
-    default_type application/grpc;
-    add_header grpc-status 4;
-    add_header grpc-message 'deadline exceeded';
-    return 204;
+        default_type application/grpc;
+        add_header grpc-status 4;
+        add_header grpc-message 'deadline exceeded';
+        return 204;
     }
+
     location @grpc_permission_denied {
-    default_type application/grpc;
-    add_header grpc-status 7;
-    add_header grpc-message 'permission denied';
-    return 204;
+        default_type application/grpc;
+        add_header grpc-status 7;
+        add_header grpc-message 'permission denied';
+        return 204;
     }
+
     location @grpc_resource_exhausted {
-    default_type application/grpc;
-    add_header grpc-status 8;
-    add_header grpc-message 'resource exhausted';
-    return 204;
+        default_type application/grpc;
+        add_header grpc-status 8;
+        add_header grpc-message 'resource exhausted';
+        return 204;
     }
+
     location @grpc_unimplemented {
-    default_type application/grpc;
-    add_header grpc-status 12;
-    add_header grpc-message unimplemented;
-    return 204;
+        default_type application/grpc;
+        add_header grpc-status 12;
+        add_header grpc-message unimplemented;
+        return 204;
     }
+
     location @grpc_internal {
-    default_type application/grpc;
-    add_header grpc-status 13;
-    add_header grpc-message 'internal error';
-    return 204;
+        default_type application/grpc;
+        add_header grpc-status 13;
+        add_header grpc-message 'internal error';
+        return 204;
     }
+
     location @grpc_unavailable {
-    default_type application/grpc;
-    add_header grpc-status 14;
-    add_header grpc-message unavailable;
-    return 204;
+        default_type application/grpc;
+        add_header grpc-status 14;
+        add_header grpc-message unavailable;
+        return 204;
     }
+
     location @grpc_unauthenticated {
-    default_type application/grpc;
-    add_header grpc-status 16;
-    add_header grpc-message unauthenticated;
-    return 204;
+        default_type application/grpc;
+        add_header grpc-status 16;
+        add_header grpc-message unauthenticated;
+        return 204;
     }
+
 	    {{ end }}
     {{ end }}
 }