Hey! :wave: I am doing a quick PoC of Cerbos in lo...
# help
Hey! 👋 I am doing a quick PoC of Cerbos in local using KinD & nodejs, • installed cerbos on local kubernetes using the helm chart and mounting the policies specified in “quickstart” from a configmap ◦ port-forward the
port to
• small local nodejs script implementing the example from the JS part: https://docs.cerbos.dev/cerbos/latest/quickstart When I try to run a simple
I do get the response and it works! ❇️ Now when I try to expose cerbos behind an IngressRoute (Traefik CRD), and to connect from localhost to my cerbos running in KinD, I get
'Received RST_STREAM with code 0'
. I tried several variations of:
Copy code
apiVersion: <http://traefik.containo.us/v1alpha1|traefik.containo.us/v1alpha1>
kind: IngressRoute
  name: cerbos
    - web
    # tried without Headers() as well
    - match: Host(`<http://cerbos.|cerbos.>`) && Headers(`Content-Type`, `application/grpc`)
      kind: Rule
        - name: cerbos
          port: 3593
          scheme: h2c # tried without it as well
Taking inspiration from the ingressRoute in argocd that supports grpc as well Any idea what I could be doing wrong? Edit: needed to specify the port, it doesn’t pick up the GRPC by default. Maybe a futur improvement to add? 👀
Hi, can you explain what you mean by "needed to specify the port"? Where did you have to do it?
Sure, in the sdk:
Copy code
const { GRPC: Cerbos } = require("@cerbos/grpc");
const cerbos = new Cerbos("<http://cerbos.|cerbos.>", {
  tls: false,
}); // works

const cerbos = new Cerbos("<http://cerbos.|cerbos.>", {
  tls: false,
}); // doesn't work, it doesn't understand that default port for grpc is 3593
Ah yes. The normal convention is that a host name without a port defaults to port 80 or 443 -- which could very well be the case if Cerbos is behind a load balancer.
Makes sense 👍