You can route traffic to gRPC services in an Alibaba Cloud Service Mesh (ASM) instance by using an ingress gateway. This topic describes how to use an ingress gateway to access a sample gRPC service in an ASM instance. This topic also describes how to switch traffic between the two versions of the sample gRPC service.

Prerequisites

Step 1: Deploy the two versions of a sample gRPC service

Deploy the version 1 and version 2 of a sample gRPC service: istio-grpc-server-v1 and istio-grpc-server-v2.

  1. Log on to the Container Service console.
  2. In the left-side navigation pane of the ACK console, click Clusters.
  3. On the Clusters page, click the name of the cluster where you want to deploy the sample gRPC service. Alternatively, click Applications in the Actions column of the cluster.
  4. At the top of the Deployments page, select a namespace from the Namespace drop-down list.
    Note Select a namespace that is tagged with istio-system=enabled, which indicates that automatic sidecar injection is enabled. For more information, see Upgrade sidecar proxies.
  5. In the upper-right corner of the Deployments page, click Create from YAML.
  6. Copy the following YAML code to the Template editor. Then, click Create.
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: istio-grpc-server-v1
      labels:
        app: istio-grpc-server
        version: v1
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: istio-grpc-server
          version: v1
      template:
        metadata:
          labels:
            app: istio-grpc-server
            version: v1
        spec:
          containers:
          - args:
            - --address=0.0.0.0:8080
            image: registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-server
            imagePullPolicy: Always
            livenessProbe:
              exec:
                command:
                - /bin/grpc_health_probe
                - -addr=:8080
              initialDelaySeconds: 2
            name: istio-grpc-server
            ports:
            - containerPort: 8080
            readinessProbe:
              exec:
                command:
                - /bin/grpc_health_probe
                - -addr=:8080
              initialDelaySeconds: 2
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: istio-grpc-server-v2
      labels:
        app: istio-grpc-server
        version: v2
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: istio-grpc-server
          version: v2
      template:
        metadata:
          labels:
            app: istio-grpc-server
            version: v2
        spec:
          containers:
            - args:
                - --address=0.0.0.0:8080
              image: registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-server
              imagePullPolicy: Always
              livenessProbe:
                exec:
                  command:
                    - /bin/grpc_health_probe
                    - -addr=:8080
                initialDelaySeconds: 2
              name: istio-grpc-server
              ports:
                - containerPort: 8080
              readinessProbe:
                exec:
                  command:
                    - /bin/grpc_health_probe
                    - -addr=:8080
                initialDelaySeconds: 2
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: istio-grpc-server
      labels:
        app: istio-grpc-server
    spec:
      ports:
      - name: grpc-backend
        port: 8080
        protocol: TCP
      selector:
        app: istio-grpc-server
      type: ClusterIP
    ---

Step 2: Set routing rules for the ASM instance

Create an Istio gateway, a virtual service, and a destination rule for the ASM instance to route all inbound traffic to istio-grpc-server-v1.

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
  4. Create an Istio gateway.
    1. On the details page of the ASM instance, choose Traffic Management > Gateway in the left-side navigation pane. On the Gateway rules page, click Create from YAML.
    2. In the Create panel, select default from the Namespace drop-down list and copy the following YAML code to the code editor. Then, click OK.
      apiVersion: networking.istio.io/v1alpha3
      kind: Gateway
      metadata:
        name: grpc-gateway
      spec:
        selector:
          istio: ingressgateway # use Istio default gateway implementation
        servers:
        - port:
            number: 8080
            name: grpc
            protocol: GRPC
          hosts:
          - "*"

      After you create the Istio gateway that is named grpc-gateway, it appears on the Gateway page.

  5. Create a destination rule.
    1. On the details page of the ASM instance, choose Traffic Management > DestinationRule in the left-side navigation pane. On the Target rule page, click Create from YAML.
    2. In the Create panel, select default from the Namespace drop-down list and copy the following YAML code to the code editor. Then, click OK.
      apiVersion: networking.istio.io/v1alpha3
      kind: DestinationRule
      metadata:
        name: dr-istio-grpc-server
      spec:
        host: istio-grpc-server
        trafficPolicy:
          loadBalancer:
            simple: ROUND_ROBIN
        subsets:
          - name: v1
            labels:
              version: "v1"
          - name: v2
            labels:
              version: "v2"

      After you create the destination rule that is named dr-istio-grpc-server, it appears on the DestinationRule page.

  6. Create a virtual service.
    1. On the details page of the ASM instance, choose Traffic Management > VirtualService in the left-side navigation pane. On the Virtual service page, click Create from YAML.
    2. In the Create panel, select default from the Namespace drop-down list and copy the following YAML code to the code editor. Then, click OK.
      apiVersion: networking.istio.io/v1alpha3
      kind: VirtualService
      metadata:
        name: grpc-vs
      spec:
        hosts:
        - "*"
        gateways:
        - grpc-gateway
        http:
          - match:
              - port: 8080
            route:
              - destination:
                  host: istio-grpc-server
                  subset: v1
                weight: 100
              - destination:
                  host: istio-grpc-server
                  subset: v2
                weight: 0

      After you create the virtual service that is named grpc-vs, it appears on the VirtualService page.

Step 3: Deploy an ingress gateway service

Enable port 8080 in the ingress gateway service and point the port to port 8080 of the Istio gateway.

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
  4. On the details page of the ASM instance, click ASM Gateways in the left-side navigation pane. On the ASM Gateways page, click Deploy Default Ingress Gateway.
  5. In the Deploy Ingress Gateway panel, set the parameters as required.
    Parameter Description
    Cluster Select the cluster where you want to deploy an ingress gateway service.
    SLB Instance Type Select Internet Access.
    Use Existing SLB Instance or Create SLB Instance Configure a Server Load Balancer (SLB) instance.
    • Use Existing SLB Instance: Select an existing SLB instance from the drop-down list.
    • Create SLB Instance: Click Create SLB instance. Then, select an instance specification type from the drop-down list.
    Note We recommend that you assign a dedicated SLB instance to each Kubernetes service in the cluster. If multiple Kubernetes services share the same SLB instance, the following risks and limits may occur:
    • If you assign a Kubernetes service with an SLB instance that is used by another Kubernetes service, the existing listeners of the SLB instance are forcibly overwritten. This may interrupt the original Kubernetes service and make your application unavailable.
    • If you create an SLB instance when you create a Kubernetes service, the SLB instance cannot be shared among Kubernetes services. Only SLB instances that you create in the SLB console or by calling API operations can be shared.
    • Kubernetes services that share the same SLB instance must use different frontend listening ports. Otherwise, port conflicts may occur.
    • When multiple Kubernetes services share the same SLB instance, you must use the listener names and the vServer group names as unique identifiers in Kubernetes. Do not modify the names of listeners or vServer groups.
    • You cannot share SLB instances across clusters or regions.
    Port Mapping Click Add Port and set the Name parameter to tcp, the Service Port parameter to 8080, and the Container Port parameter to 8080.
    Note The service port exposes the ASM instance to external access. Inbound traffic accesses the ASM instance by using the service port and is routed to a port on the Istio gateway, which serves as the container port. Make sure that the container port that you enter is the same as the specified port on the Istio gateway.
  6. Click OK.

Step 4: Start the gRPC client

  1. Run the following command to start the gRPC client:
    docker run -d --name grpc-client registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-client 365d
  2. Run the following command to log on to the default container of the pod where the gRPC client resides:
    docker exec -it grpc-client sh
  3. Run the following command to access the sample gRPC service in the ASM instance:
    /bin/greeter-client --insecure=true --address=<IP address of the ingress gateway service>:8080 --repeat=100

    The command output indicates that all requests are routed to istio-grpc-server-v1.

    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw

Step 5: Transfer a specific ratio of the traffic to istio-grpc-server-v2

Route 40% of the traffic to istio-grpc-server-v2, and 60% of the traffic to istio-grpc-server-v1.

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
  4. On the details page of the ASM instance, choose Traffic Management > VirtualService in the left-side navigation pane.
  5. On the VirtualService page, click YAML in the Actions column of the grpc-vs virtual service.
  6. In the Edit panel, copy the following YAML code to the code editor. Then, click OK.
    ....
          route:
            - destination:
                host: istio-grpc-server
                subset: v1
              weight: 60
            - destination:
                host: istio-grpc-server
                subset: v2
              weight: 40
  7. Log on to the default container of the pod where the gRPC client resides. Run the following command to access the sample gRPC service in the ASM instance:
    /bin/greeter-client --insecure=true --address=<IP address of the ingress gateway service>:8080 --repeat=100
    The command output indicates that 40% of the traffic is routed to istio-grpc-server-v2.
    Note If you send 100 requests in a test, the traffic may not always be routed to istio-grpc-server-v1 and istio-grpc-server-v2 at the ratio of 60 to 40. However, the ratio must be close to 60:40.
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw