gRPC Client Authentication

A crash course in different auth methods

Introduction Best practices for performing client authentication with gRPC is a question that comes up again and again, so I thought I’d dive into a few different methods for performing authentication, using the tools provided by the Go gRPC packages. Today we’ll explore 3 methods of authentication: TLS Client certificate authentication Token Header authenticaiton HTTP Basic authentication For the TL:DR; check the example repo. Note: Go-gRPC interceptors are being redesigned, so if you implement this in your server today, you may want to keep in mind that it will change again in the future. [Read More]

Using gRPC with JSON

Easy introspection of requests and responses with JSON payloads

Introduction It’s often said that gRPC is tied to the Google Protocol Buffers payload format, but this is not strictly true. While the default format for gRPC payloads is Protobuf, the gRPC-Go implementation exposes a Codec interface which allows arbitrary payload encoding. This could be used for all kinds of things, like your own binary format, using flatbuffers, or, as we shall see today, using JSON for requests and responses. [Read More]

Replacing Docker Cloud

Introducing Redeploy, automatic Docker Hub deployments

Introduction Last year I wrote a post about automating deployment of your application, all the way from git push to redeploying your application in your environment. It relied on the free version of Docker Cloud, which allowed the use of a single node for free. Of course, the idea was that you should eventually want to scale your deployment, and then you’d need to pay. As long as all you needed was a single node, Docker Cloud and its Bring Your Own Host was powerful, flexible and simple. [Read More]

Automatic TLS certificate distribution with Vault

Introducing Certify, a purpose built library

It’s often recommended that microservice communications are encrypted, especially if they cross the public internet. Even when you control the network, whether virtually or physically, encrypting traffic can still be valuable. Lets Encrypt has revolutionized the distribution of certificates for publically facing servers; unfortunately, encrypting internal traffic often involves complicated certificate generation setups. Hashicorp Vault is a project for storing secrets and performing authentication. It has a PKI Secret Engine backend which allows you to use it as a certificate authority in an internal public key infrastructure deployment. [Read More]

Advanced gRPC Error Usage

Best practices for error metadata propagation with gRPC

How to best handle errors in Go is a divisive issue, leading to opinion pieces by illustruous bloggers such as Dave Cheney, the commander himself Rob Pike as well as the official Go blog. I’m not going to tackle those opinions here, instead I’m going to talk about best practices for errors when using gRPC and Go. The gRPC Status package The Go gRPC implementation has a status package which exposes a nice simple interface for creating rich gRPC errors. [Read More]

So you want to use GoGo Protobuf

Best practices for using GoGo Protobuf

Introduction In the Go protobuf ecosystem there are two major implementations to choose from. There’s the official golang/protobuf, which uses reflection to marshal and unmarshal structs, and there’s gogo/protobuf, a third party implementation that leverages type-specific marshalling code for extra performance, and has many cool extensions you can use to customize the generated code. gogo/protobuf has been recommended as the best choice of Go serialization library in a large test of different implementations. [Read More]

I was invited to a meetup

My fantastic experience in Budapest

Introduction After my presentation at the Go London meetup I was approached on Gophers slack by a gentleman from Hungary called Máté Gulyás. Máté is one of the organisers of the Budapest Go Meetup, and was reaching out to me to ask if I would like to come down to Budapest and deliver a talk for the meetup. I was delighted with this invitation and promptly accepted and we started planning. [Read More]

Client side streaming in gRPC-Web

Enhancing the GopherJS gRPC-Web bindings with Websockets

In a previous post I introduced my open source project to bring GopherJS bindings to Improbable’s gRPC-Web client. I’m happy to say that the initial goal of supporting all features of the gRPC-Web client has been completed. I was initially going to leave it at that and wait for client side streaming to land in the WHATWG Streams API Standard, and subsequently added to the official grpc-web spec and probably the gRPC-Web client, but then I was sitting at the GolangUK conference and I had a brain wave. [Read More]

Advanced CircleCI docker testing

Using docker-compose with CircleCI

In a recent blog post I talked about automating the testing of an advanced GopherJS library using a combination of QUnit, Ginkgo and Agouti. That allowed me to run a complete integration test suite against my library by automatically spinning up browsers and pointing them at my QUnit GopherJS page. This was a great start, but after running it a couple of times we find that there are several problems: [Read More]

Chunking large messages with gRPC

Using gRPC server-side streaming with binary blobs

One of the gotchas of using gRPC is that it was not designed to transport large messages in one chunk. The default max message size is slightly arbitrarily set at 4MB today, and while it is possible to configure, that kind of behaviour might lead to a slippery slope scenario of ever increasing max message sizes. So what do we do when the message size is too large? We chunk the data into smaller pieces and stream it, using the gRPC streaming methods, naturally. [Read More]