The GUI is architected as a Cloud Native application to be run on Kubernetes accessing the back end modules through gRPC (and in the case of the Config GUI mostly through gNMI).
While 2 proxies seem to be an overhead, it is unavoidable at present because:
Envoy cannot load static web pages, and so nginx is required to perform this role
Alternatives to grpc-web
There are some alternatives to using grpc-web to allow web browsers to access gRPC directly, but grpc-web is the recommended solution as per the gRPC website.
See also this article on hacker noon.
Access to Kubernetes API
An instance of
kubectl proxy runs inside the
onos-gui pod alongside
nginx. This exposes the Kubernetes REST API on port 8001.
nginx server then proxies that to http://localhost:80/kubernetes-api
The application can then access the API like:
HTTP GET http://localhost:80/kubernetes-api/api/v1/namespaces/onos/services
onos-gui pod needs to be given RBAC permission of
get to be able to read these services. This is granted in the Helm Chart.