| 260 | } |
| 261 | |
| 262 | func (p *grpcConnectionPool) newConnection(target *route.Target) (*grpc.ClientConn, error) { |
| 263 | opts := []grpc.DialOption{ |
| 264 | grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(p.cfg.Proxy.GRPCMaxRxMsgSize)), |
| 265 | } |
| 266 | |
| 267 | if target.URL.Scheme == "grpcs" && p.tlscfg != nil { |
| 268 | opts = append(opts, grpc.WithTransportCredentials( |
| 269 | credentials.NewTLS(&tls.Config{ |
| 270 | ClientCAs: p.tlscfg.ClientCAs, |
| 271 | InsecureSkipVerify: target.TLSSkipVerify, |
| 272 | // as per the http/2 spec, the host header isn't required, so if your |
| 273 | // target service doesn't have IP SANs in it's certificate |
| 274 | // then you will need to override the servername |
| 275 | ServerName: target.Opts["grpcservername"], |
| 276 | }))) |
| 277 | } else { |
| 278 | opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials())) |
| 279 | } |
| 280 | |
| 281 | conn, err := grpc.NewClient(target.URL.Host, opts...) |
| 282 | |
| 283 | if err == nil { |
| 284 | p.Set(target, conn) |
| 285 | } |
| 286 | |
| 287 | return conn, err |
| 288 | } |
| 289 | |
| 290 | func (p *grpcConnectionPool) Set(target *route.Target, conn *grpc.ClientConn) { |
| 291 | p.lock.Lock() |