Use an ingress gateway to access a gRPC service in an ASM instance - Best Practices| Alibaba Cloud Documentation Center

You can route traffic to gRPC services in an Alibaba Cloud Service Mesh (ASM) instance by using an ingress gateway. This topic describes how to use an ingress gateway to access a gRPC service in an ASM instance. This topic also describes how to switch traffic between two versions of a gRPC service.

Prerequisites

An ASM instance is created. For more information, see Create an ASM instance.
A Container Service for Kubernetes (ACK) cluster is created. For more information, see Create an ACK managed cluster.
The ACK cluster is added to the ASM instance. For more information, see Add a cluster to an ASM instance.
An ingress gateway service is deployed. For more information, see Deploy an ingress gateway service.
An application is deployed in the ACK cluster that is added to the ASM instance. For more information, see Deploy an application in an ASM instance.

Step 1: Deploy the two versions of a gRPC service

Deploy version 1 and version 2 of a gRPC service: istio-grpc-server-v1 and istio-grpc-server-v2.

Log on to the Container Service console.
In the left-side navigation pane of the ACK console, click Clusters.
On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
In the left-side navigation pane of the details page, choose Workloads > Deployments.
At the top of the Deployments page, select a namespace from the Namespace drop-down list. Click Create from YAML.

Note Select a namespace that has the istio-system=enabled tag, which indicates that automatic sidecar injection is enabled. For more information, see Upgrade sidecar proxies.

Copy the following YAML code to the Template editor. Then, click Create.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: istio-grpc-server-v1
  labels:
    app: istio-grpc-server
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: istio-grpc-server
      version: v1
  template:
    metadata:
      labels:
        app: istio-grpc-server
        version: v1
    spec:
      containers:
      - args:
        - --address=0.0.0.0:8080
        image: registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-server
        imagePullPolicy: Always
        livenessProbe:
          exec:
            command:
            - /bin/grpc_health_probe
            - -addr=:8080
          initialDelaySeconds: 2
        name: istio-grpc-server
        ports:
        - containerPort: 8080
        readinessProbe:
          exec:
            command:
            - /bin/grpc_health_probe
            - -addr=:8080
          initialDelaySeconds: 2
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: istio-grpc-server-v2
  labels:
    app: istio-grpc-server
    version: v2
spec:
  replicas: 1
  selector:
    matchLabels:
      app: istio-grpc-server
      version: v2
  template:
    metadata:
      labels:
        app: istio-grpc-server
        version: v2
    spec:
      containers:
        - args:
            - --address=0.0.0.0:8080
          image: registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-server
          imagePullPolicy: Always
          livenessProbe:
            exec:
              command:
                - /bin/grpc_health_probe
                - -addr=:8080
            initialDelaySeconds: 2
          name: istio-grpc-server
          ports:
            - containerPort: 8080
          readinessProbe:
            exec:
              command:
                - /bin/grpc_health_probe
                - -addr=:8080
            initialDelaySeconds: 2
---
apiVersion: v1
kind: Service
metadata:
  name: istio-grpc-server
  labels:
    app: istio-grpc-server
spec:
  ports:
  - name: grpc-backend
    port: 8080
    protocol: TCP
  selector:
    app: istio-grpc-server
  type: ClusterIP
---

Step 2: Set routing rules for the ASM instance

Create an Istio gateway, a virtual service, and a destination rule for the ASM instance to route all inbound traffic to istio-grpc-server-v1.

Log on to the ASM console.
In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
Create an Gateway.
1. On the details page of the ASM instance, choose Traffic Management > Gateway in the left-side navigation pane. On the Gateway rules page, click Create from YAML.
2. In the Create panel, select default from the Namespace drop-down list and copy the following YAML code to the code editor. Then, click Create.
```
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: grpc-gateway
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 8080
      name: grpc
      protocol: GRPC
    hosts:
    - "*"
```
Create a DestinationRule.
1. On the details page of the ASM instance, choose Traffic Management > DestinationRule in the left-side navigation pane. On the Target rule page, click Create from YAML.
2. In the Create panel, select default from the Namespace drop-down list and copy the following YAML code to the code editor. Then, click Create.
```
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: dr-istio-grpc-server
spec:
  host: istio-grpc-server
  trafficPolicy:
    loadBalancer:
      simple: ROUND_ROBIN
  subsets:
    - name: v1
      labels:
        version: "v1"
    - name: v2
      labels:
        version: "v2"
```

Create a VirtualService.

On the details page of the ASM instance, choose Traffic Management > VirtualService in the left-side navigation pane. On the Virtual service page, click Create from YAML.

In the Create panel, select default from the Namespace drop-down list and copy the following YAML code to the code editor. Then, click Create.

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: grpc-vs
spec:
  hosts:
  - "*"
  gateways:
  - grpc-gateway
  http:
    - match:
        - port: 8080
      route:
        - destination:
            host: istio-grpc-server
            subset: v1
          weight: 100
        - destination:
            host: istio-grpc-server
            subset: v2
          weight: 0

Step 3: Deploy an ingress gateway service

Enable port 8080 in the ingress gateway service and point the port to port 8080 of the Istio gateway.

Log on to the ASM console.
In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
On the details page of the ASM instance, click ASM Gateways in the left-side navigation pane.

On the ASM Gateways page, click Create. In the Create panel, set the parameters as required.


Parameter	Description
Cluster	Select the cluster in which you want to deploy an ingress gateway service.
SLB Instance Type	Select Internet Access.
Use Existing SLB Instance or Create SLB Instance	Configure a Server Load Balancer (SLB) instance. Use Existing SLB Instance: Select an SLB instance from the drop-down list. Create SLB Instance: Click Create SLB Instance and select an SLB instance type from the drop-down list. Note We recommend that you assign a dedicated SLB instance to each Kubernetes service in the cluster. If multiple Kubernetes services share the same SLB instance, the following risks and limits exist: If you assign a Kubernetes service with an SLB instance that is used by another Kubernetes service, the existing listeners of the SLB instance are forcibly overwritten. This may interrupt the original Kubernetes service and make your application unavailable. If you create an SLB instance when you create a Kubernetes service, the SLB instance cannot be shared among Kubernetes services. Only SLB instances that you create in the SLB console or by calling API operations can be shared. Kubernetes services that share the same SLB instance must use different frontend listening ports. Otherwise, port conflicts may occur. If multiple Kubernetes services share the same SLB instance, you must use the listener names and the VServer group names as unique identifiers in Kubernetes. Do not modify the names of listeners or VServer groups. You cannot share SLB instances across clusters.
Port Mapping	Click Add Port and set the Protocol parameter to TCP, the Service Port parameter to 8080, and the Container Port parameter to 8080. Note The service port exposes the ASM instance to external access. Inbound traffic accesses the ASM instance by using the service port and is routed to a port on the Istio gateway, which serves as the container port. Make sure that the container port that you enter is the same as the specified port on the Istio gateway.

Click Create.

Step 4: Start the gRPC client

Run the following command to start the gRPC client:

docker run -d --name grpc-client registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-client 365d

Run the following command to log on to the default container of the pod where the gRPC client resides:
```
docker exec -it grpc-client sh
```

Run the following command to access the gRPC service that you deployed in the ASM instance:

/bin/greeter-client --insecure=true --address=<IP address of the ingress gateway service>:8080 --repeat=100

The command output indicates that all requests are routed to istio-grpc-server-v1.

2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw

Step 5: Transfer a specific ratio of the traffic to istio-grpc-server-v2

Route 40% of the traffic to istio-grpc-server-v2 and 60% of the traffic to istio-grpc-server-v1.

Log on to the ASM console.
In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
On the details page of the ASM instance, choose Traffic Management > VirtualService in the left-side navigation pane.
On the VirtualService page, click YAML in the Actions column of the grpc-vs virtual service.

In the Edit panel, copy the following YAML code to the code editor. Then, click OK.

....
      route:
        - destination:
            host: istio-grpc-server
            subset: v1
          weight: 60
        - destination:
            host: istio-grpc-server
            subset: v2
          weight: 40

Log on to the default container of the pod where the gRPC client resides. Run the following command to access the gRPC service that you deployed in the ASM instance:

/bin/greeter-client --insecure=true --address=<IP address of the ingress gateway service>:8080 --repeat=100

The command output indicates that 40% of the traffic is routed to istio-grpc-server-v2.

Note If you send 100 requests in a test, the traffic may not always be routed to istio-grpc-server-v1 and istio-grpc-server-v2 at an exact ratio of 60 to 40, but will be close.

2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw