Hey! 👋 I am doing a quick PoC of Cerbos in local using KinD & nodejs, • installed cerbos on local kubernetes using the helm chart and mounting the policies specified in “quickstart” from a configmap ◦ port-forward the

grpc

port to

localhost:3593

• small local nodejs script implementing the example from the JS part: https://docs.cerbos.dev/cerbos/latest/quickstart When I try to run a simple

index.js

I do get the response and it works! ❇️ Now when I try to expose cerbos behind an IngressRoute (Traefik CRD), and to connect from localhost to my cerbos running in KinD, I get

'Received RST_STREAM with code 0'

. I tried several variations of:

---
apiVersion: <http://traefik.containo.us/v1alpha1|traefik.containo.us/v1alpha1>
kind: IngressRoute
metadata:
  name: cerbos
spec:
  entryPoints:
    - web
  routes:
    # tried without Headers() as well
    - match: Host(`<http://cerbos.127.0.0.1.nip.io|cerbos.127.0.0.1.nip.io>`) && Headers(`Content-Type`, `application/grpc`)
      kind: Rule
      services:
        - name: cerbos
          port: 3593
          scheme: h2c # tried without it as well

Taking inspiration from the ingressRoute in argocd that supports grpc as well Any idea what I could be doing wrong? Edit: needed to specify the port, it doesn’t pick up the GRPC by default. Maybe a futur improvement to add? 👀

Hi, can you explain what you mean by "needed to specify the port"? Where did you have to do it?

Sure, in the sdk:

const { GRPC: Cerbos } = require("@cerbos/grpc");
const cerbos = new Cerbos("<http://cerbos.127.0.0.1.nip.io:3593|cerbos.127.0.0.1.nip.io:3593>", {
  tls: false,
}); // works

const cerbos = new Cerbos("<http://cerbos.127.0.0.1.nip.io|cerbos.127.0.0.1.nip.io>", {
  tls: false,
}); // doesn't work, it doesn't understand that default port for grpc is 3593

Ah yes. The normal convention is that a host name without a port defaults to port 80 or 443 -- which could very well be the case if Cerbos is behind a load balancer.

Makes sense 👍