All Products
Search

This Product

    Container Service for Kubernetes:Use an ingress gateway to access a gRPC service in an ASM instance

    Document Center

    Container Service for Kubernetes:Use an ingress gateway to access a gRPC service in an ASM instance

    Last Updated:Apr 13, 2023

    You can route traffic to gRPC services in an Alibaba Cloud Service Mesh (ASM) instance by using an ingress gateway. This topic describes how to use an ingress gateway to access a gRPC service in an ASM instance. This topic also describes how to switch traffic between two versions of a gRPC service.

    Prerequisites

    • An ingress gateway is deployed. For more information, see Deploy an ingress gateway service.

    • An ASM instance of the latest version is created and the instance edition is Enterprise or Ultimate. An application is deployed in a Container Service for Kubernetes (ACK) cluster that is added to the ASM instance. For more information, see Deploy an application in an ASM instance.

    Step 1: Deploy two versions of a gRPC service

    Deploy version 1 and version 2 of a gRPC service: istio-grpc-server-v1 and istio-grpc-server-v2.

    1. Log on to the ACK console and click Clusters in the left-side navigation pane.
    2. On the Clusters page, click the name of a cluster and choose Workloads > Deployments in the left-side navigation pane.

    3. In the upper part of the Deployments page, select a namespace from the Namespace drop-down list and click Create from YAML.

      Note

      The namespace that you select must have the istio-system=enabled tag, which indicates that automatic sidecar injection is enabled for the namespace. For more information, see Upgrade sidecar proxies.

    4. On the Create page, set Sample Template to Custom, copy the following YAML code to the code editor, and click Create. 

      apiVersion: apps/v1
kind: Deployment
metadata:
  name: istio-grpc-server-v1
  labels:
    app: istio-grpc-server
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: istio-grpc-server
      version: v1
  template:
    metadata:
      labels:
        app: istio-grpc-server
        version: v1
    spec:
      containers:
      - args:
        - --address=0.0.0.0:8080
        image: registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-server
        imagePullPolicy: Always
        livenessProbe:
          exec:
            command:
            - /bin/grpc_health_probe
            - -addr=:8080
          initialDelaySeconds: 2
        name: istio-grpc-server
        ports:
        - containerPort: 8080
        readinessProbe:
          exec:
            command:
            - /bin/grpc_health_probe
            - -addr=:8080
          initialDelaySeconds: 2
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: istio-grpc-server-v2
  labels:
    app: istio-grpc-server
    version: v2
spec:
  replicas: 1
  selector:
    matchLabels:
      app: istio-grpc-server
      version: v2
  template:
    metadata:
      labels:
        app: istio-grpc-server
        version: v2
    spec:
      containers:
        - args:
            - --address=0.0.0.0:8080
          image: registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-server
          imagePullPolicy: Always
          livenessProbe:
            exec:
              command:
                - /bin/grpc_health_probe
                - -addr=:8080
            initialDelaySeconds: 2
          name: istio-grpc-server
          ports:
            - containerPort: 8080
          readinessProbe:
            exec:
              command:
                - /bin/grpc_health_probe
                - -addr=:8080
            initialDelaySeconds: 2
---
apiVersion: v1
kind: Service
metadata:
  name: istio-grpc-server
  labels:
    app: istio-grpc-server
spec:
  ports:
  - name: grpc-backend
    port: 8080
    protocol: TCP
  selector:
    app: istio-grpc-server
  type: ClusterIP
---

    Step 2: Configure routing rules for the ASM instance

    Create an Istio gateway, a virtual service, and a destination rule for the ASM instance to route all inbound traffic to istio-grpc-server-v1.

    1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

    2. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.

    3. Create an Istio gateway.

      1. On the details page of the ASM instance, choose ASM Gateways > Gateway in the left-side navigation pane. On the page that appears, click Create from YAML.

      2. On the Create page, select default from the Namespace drop-down list, select a template from the Template drop-down list, copy the following YAML code to the code editor, and then click Create. 

        apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: grpc-gateway
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 8080
      name: grpc
      protocol: GRPC
    hosts:
    - "*"

    4. Create a destination rule.

      1. On the details page of the ASM instance, choose Traffic Management Center > DestinationRule in the left-side navigation pane. On the page that appears, click Create from YAML.

      2. On the Create page, select default from the Namespace drop-down list, select a template from the Template drop-down list, copy the following YAML code to the code editor, and then click Create. 

        apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: dr-istio-grpc-server
spec:
  host: istio-grpc-server
  trafficPolicy:
    loadBalancer:
      simple: ROUND_ROBIN
  subsets:
    - name: v1
      labels:
        version: "v1"
    - name: v2
      labels:
        version: "v2"

    5. Create a virtual service.

      1. On the details page of the ASM instance, choose Traffic Management Center > VirtualService in the left-side navigation pane. On the page that appears, click Create from YAML.

      2. On the Create page, select default from the Namespace drop-down list, select a template from the Template drop-down list, copy the following YAML code to the code editor, and then click Create. 

        apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: grpc-vs
spec:
  hosts:
  - "*"
  gateways:
  - grpc-gateway
  http:
    - match:
        - port: 8080
      route:
        - destination:
            host: istio-grpc-server
            subset: v1
          weight: 100
        - destination:
            host: istio-grpc-server
            subset: v2
          weight: 0

    Step 3: Create an ingress gateway

    Enable port 8080 on the ingress gateway and point the port to port 8080 of the Istio gateway.

    1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
    2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Gateways > Ingress Gateway.

    3. On the Ingress Gateway page, click Create. On the Create page, configure the parameters and click Create.

      The following table describes some of the parameters. For more information, see the parameter description table in the Create an ingress gateway service topic.

      Parameter

      Description

      Cluster

      The cluster in which you want to deploy the ingress gateway.

      SLB Instance Type

      The access type of the Server Load Balancer (SLB) instance. In this example, Internet Access is selected.

      Server Load Balancer (SLB)

      You can choose between Create SLB Instance and Use Existing SLB Instance.

      • Use Existing SLB Instance: Select an existing SLB instance from the drop-down list.

      • Create SLB Instance: Select the SLB instance specifications that you need from the drop-down list.

      Note

      We recommend that you assign an SLB instance to each Kubernetes service in the cluster. If multiple Kubernetes services share the same SLB instance, the following risks and limits exist:

      • If you assign a Kubernetes service with an SLB instance that is used by another Kubernetes service, the existing listeners of the SLB instance are forcibly overwritten. This may interrupt the original Kubernetes service and make your applications unavailable.

      • If you create an SLB instance when you create a Kubernetes service, the SLB instance cannot be shared among Kubernetes services. Only SLB instances that you create in the SLB console or by calling API operations can be shared.

      • Kubernetes services that share the same SLB instance must use different frontend listening ports. Otherwise, port conflicts may occur.

      • If multiple Kubernetes services share the same SLB instance, you must use the listener names and the vServer group names as unique identifiers in Kubernetes. The names of listeners or vServer groups cannot be changed.

      • You cannot share an SLB instance across clusters.

      Port Mapping

      You can click Add Port and specify the protocol and service port in the row that appears. In this example, Protocol is set to TCP and Service Port to 8080.

    Step 4: Start the gRPC client

    1. Run the following command to start the gRPC client: 

      docker run -d --name grpc-client registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-client 365d

    2. Run the following command to log on to the default container of the pod where the gRPC client resides: 

      docker exec -it grpc-client -- sh

    3. Run the following command to access the gRPC service that you deployed in the ASM instance: 

      /bin/greeter-client --insecure=true --address=<IP address of the ingress gateway service>:8080 --repeat=100

      The command output indicates that all requests are routed to istio-grpc-server-v1. 

      2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw

    Step 5: Route traffic to the two versions of the gRPC service based on a specific ratio

    Route 40% of the traffic to istio-grpc-server-v2 and 60% of the traffic to istio-grpc-server-v1.

    1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
    2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose Traffic Management Center > VirtualService.

    3. On the VirtualService page, find the grpc-vs virtual service and click YAML in the Actions column.

    4. In the Edit dialog box, copy the following YAML code to the code editor. Then, click OK. 

      ....
      route:
        - destination:
            host: istio-grpc-server
            subset: v1
          weight: 60
        - destination:
            host: istio-grpc-server
            subset: v2
          weight: 40

    5. Log on to the default container of the pod where the gRPC client resides. Run the following command to access the gRPC service that you deployed in the ASM instance: 

      /bin/greeter-client --insecure=true --address=<IP address of the ingress gateway service>:8080 --repeat=100

      The command output indicates that 40% of the traffic is routed to istio-grpc-server-v2.

      Note

      The traffic may not be routed to istio-grpc-server-v1 and istio-grpc-server-v2 at an exact ratio of 60:40. However, the overall traffic distribution is always close to this ratio. 

      2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw