You can route traffic to gRPC services in an Alibaba Cloud Service Mesh (ASM) instance by using an ingress gateway. This topic describes how to use an ingress gateway to access a gRPC service in an ASM instance. This topic also describes how to switch traffic between two versions of a gRPC service.

Prerequisites

Step 1: Deploy the two versions of a gRPC service

Deploy version 1 and version 2 of a gRPC service: istio-grpc-server-v1 and istio-grpc-server-v2.

  1. Log on to the Container Service console.
  2. In the left-side navigation pane of the ACK console, click Clusters.
  3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
  4. In the left-side navigation pane of the details page, choose Workloads > Deployments.
  5. At the top of the Deployments page, select a namespace from the Namespace drop-down list. Click Create from YAML.
    Note Select a namespace that has the istio-system=enabled tag, which indicates that automatic sidecar injection is enabled. For more information, see Upgrade sidecar proxies.
  6. Copy the following YAML code to the Template editor. Then, click Create.
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: istio-grpc-server-v1
      labels:
        app: istio-grpc-server
        version: v1
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: istio-grpc-server
          version: v1
      template:
        metadata:
          labels:
            app: istio-grpc-server
            version: v1
        spec:
          containers:
          - args:
            - --address=0.0.0.0:8080
            image: registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-server
            imagePullPolicy: Always
            livenessProbe:
              exec:
                command:
                - /bin/grpc_health_probe
                - -addr=:8080
              initialDelaySeconds: 2
            name: istio-grpc-server
            ports:
            - containerPort: 8080
            readinessProbe:
              exec:
                command:
                - /bin/grpc_health_probe
                - -addr=:8080
              initialDelaySeconds: 2
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: istio-grpc-server-v2
      labels:
        app: istio-grpc-server
        version: v2
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: istio-grpc-server
          version: v2
      template:
        metadata:
          labels:
            app: istio-grpc-server
            version: v2
        spec:
          containers:
            - args:
                - --address=0.0.0.0:8080
              image: registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-server
              imagePullPolicy: Always
              livenessProbe:
                exec:
                  command:
                    - /bin/grpc_health_probe
                    - -addr=:8080
                initialDelaySeconds: 2
              name: istio-grpc-server
              ports:
                - containerPort: 8080
              readinessProbe:
                exec:
                  command:
                    - /bin/grpc_health_probe
                    - -addr=:8080
                initialDelaySeconds: 2
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: istio-grpc-server
      labels:
        app: istio-grpc-server
    spec:
      ports:
      - name: grpc-backend
        port: 8080
        protocol: TCP
      selector:
        app: istio-grpc-server
      type: ClusterIP
    ---

Step 2: Set routing rules for the ASM instance

Create an Istio gateway, a virtual service, and a destination rule for the ASM instance to route all inbound traffic to istio-grpc-server-v1.

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
  4. Create an Gateway.
    1. On the details page of the ASM instance, choose Traffic Management > Gateway in the left-side navigation pane. On the Gateway rules page, click Create from YAML.
    2. In the Create panel, select default from the Namespace drop-down list and copy the following YAML code to the code editor. Then, click Create.
      apiVersion: networking.istio.io/v1alpha3
      kind: Gateway
      metadata:
        name: grpc-gateway
      spec:
        selector:
          istio: ingressgateway # use Istio default gateway implementation
        servers:
        - port:
            number: 8080
            name: grpc
            protocol: GRPC
          hosts:
          - "*"
  5. Create a DestinationRule.
    1. On the details page of the ASM instance, choose Traffic Management > DestinationRule in the left-side navigation pane. On the Target rule page, click Create from YAML.
    2. In the Create panel, select default from the Namespace drop-down list and copy the following YAML code to the code editor. Then, click Create.
      apiVersion: networking.istio.io/v1alpha3
      kind: DestinationRule
      metadata:
        name: dr-istio-grpc-server
      spec:
        host: istio-grpc-server
        trafficPolicy:
          loadBalancer:
            simple: ROUND_ROBIN
        subsets:
          - name: v1
            labels:
              version: "v1"
          - name: v2
            labels:
              version: "v2"
  6. Create a VirtualService.
    1. On the details page of the ASM instance, choose Traffic Management > VirtualService in the left-side navigation pane. On the Virtual service page, click Create from YAML.
    2. In the Create panel, select default from the Namespace drop-down list and copy the following YAML code to the code editor. Then, click Create.
      apiVersion: networking.istio.io/v1alpha3
      kind: VirtualService
      metadata:
        name: grpc-vs
      spec:
        hosts:
        - "*"
        gateways:
        - grpc-gateway
        http:
          - match:
              - port: 8080
            route:
              - destination:
                  host: istio-grpc-server
                  subset: v1
                weight: 100
              - destination:
                  host: istio-grpc-server
                  subset: v2
                weight: 0

Step 3: Deploy an ingress gateway service

Enable port 8080 in the ingress gateway service and point the port to port 8080 of the Istio gateway.

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
  4. On the details page of the ASM instance, click ASM Gateways in the left-side navigation pane.
  5. On the ASM Gateways page, click Create. In the Create panel, set the parameters as required.
    Parameter Description
    Cluster Select the cluster in which you want to deploy an ingress gateway service.
    SLB Instance Type Select Internet Access.
    Use Existing SLB Instance or Create SLB Instance Configure a Server Load Balancer (SLB) instance.
    • Use Existing SLB Instance: Select an SLB instance from the drop-down list.
    • Create SLB Instance: Click Create SLB Instance and select an SLB instance type from the drop-down list.
    Note We recommend that you assign a dedicated SLB instance to each Kubernetes service in the cluster. If multiple Kubernetes services share the same SLB instance, the following risks and limits exist:
    • If you assign a Kubernetes service with an SLB instance that is used by another Kubernetes service, the existing listeners of the SLB instance are forcibly overwritten. This may interrupt the original Kubernetes service and make your application unavailable.
    • If you create an SLB instance when you create a Kubernetes service, the SLB instance cannot be shared among Kubernetes services. Only SLB instances that you create in the SLB console or by calling API operations can be shared.
    • Kubernetes services that share the same SLB instance must use different frontend listening ports. Otherwise, port conflicts may occur.
    • If multiple Kubernetes services share the same SLB instance, you must use the listener names and the VServer group names as unique identifiers in Kubernetes. Do not modify the names of listeners or VServer groups.
    • You cannot share SLB instances across clusters.
    Port Mapping Click Add Port and set the Protocol parameter to TCP, the Service Port parameter to 8080, and the Container Port parameter to 8080.
    Note The service port exposes the ASM instance to external access. Inbound traffic accesses the ASM instance by using the service port and is routed to a port on the Istio gateway, which serves as the container port. Make sure that the container port that you enter is the same as the specified port on the Istio gateway.
  6. Click Create.

Step 4: Start the gRPC client

  1. Run the following command to start the gRPC client:
    docker run -d --name grpc-client registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-client 365d
  2. Run the following command to log on to the default container of the pod where the gRPC client resides:
    docker exec -it grpc-client sh
  3. Run the following command to access the gRPC service that you deployed in the ASM instance:
    /bin/greeter-client --insecure=true --address=<IP address of the ingress gateway service>:8080 --repeat=100

    The command output indicates that all requests are routed to istio-grpc-server-v1.

    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw

Step 5: Transfer a specific ratio of the traffic to istio-grpc-server-v2

Route 40% of the traffic to istio-grpc-server-v2 and 60% of the traffic to istio-grpc-server-v1.

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
  4. On the details page of the ASM instance, choose Traffic Management > VirtualService in the left-side navigation pane.
  5. On the VirtualService page, click YAML in the Actions column of the grpc-vs virtual service.
  6. In the Edit panel, copy the following YAML code to the code editor. Then, click OK.
    ....
          route:
            - destination:
                host: istio-grpc-server
                subset: v1
              weight: 60
            - destination:
                host: istio-grpc-server
                subset: v2
              weight: 40
  7. Log on to the default container of the pod where the gRPC client resides. Run the following command to access the gRPC service that you deployed in the ASM instance:
    /bin/greeter-client --insecure=true --address=<IP address of the ingress gateway service>:8080 --repeat=100
    The command output indicates that 40% of the traffic is routed to istio-grpc-server-v2.
    Note If you send 100 requests in a test, the traffic may not always be routed to istio-grpc-server-v1 and istio-grpc-server-v2 at an exact ratio of 60 to 40, but will be close.
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw
    2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw