onos-gui Architecture

The GUI is architected as a Cloud Native application to be run on Kubernetes accessing the back end modules through gRPC (and in the case of the Config GUI mostly through gNMI).

The main front end technology is Angular and is supplemented by gRPC Web to access the back through a gRPC proxy.

Nginx acts as a web server and web Proxy, while Envoy proxy server acts as a grpc-web proxy and all are deployed on Kubernetes.

While 2 proxies seem to be an overhead, it is unavoidable at present because:

• nginx cannot do the grpc-web proxying (while there was a module written for nginx in the grpc-web project, this does not work with anything beyond nginx v1.14.2)

• Envoy cannot load static web pages, and so nginx is required to perform this role

Alternatives to grpc-web

There are some alternatives to using grpc-web to allow web browsers to access gRPC directly, but grpc-web is the recommended solution as per the gRPC website.

See also this article on hacker noon.

Access to Kubernetes API

An instance of kubectl proxy runs inside the onos-gui pod alongside nginx. This exposes the Kubernetes REST API on port 8001.

The nginx server then proxies that to http://localhost:80/kubernetes-api

The application can then access the API like:

HTTP GET http://localhost:80/kubernetes-api/api/v1/namespaces/onos/services

The onos-gui pod needs to be given RBAC permission of list and get to be able to read these services. This is granted in the Helm Chart.