You can route traffic to gRPC services in an Alibaba Cloud Service Mesh (ASM) instance
by using an ingress gateway. This topic describes how to use an ingress gateway to
access a gRPC service in an ASM instance. This topic also describes how to switch
traffic between two versions of a gRPC service.
Step 1: Deploy the two versions of a gRPC service
Deploy version 1 and version 2 of a gRPC service: istio-grpc-server-v1 and istio-grpc-server-v2.
- Log on to the Container Service console.
- In the left-side navigation pane of the ACK console, click Clusters.
- On the Clusters page, find the cluster that you want to manage and click the name of the cluster
or click Details in the Actions column. The details page of the cluster appears.
- In the left-side navigation pane of the details page, choose .
- At the top of the Deployments page, select a namespace from the Namespace drop-down list. Click Create from YAML.
Note Select a namespace that has the istio-system=enabled tag, which indicates that automatic
sidecar injection is enabled. For more information, see
Upgrade sidecar proxies.
- Copy the following YAML code to the Template editor. Then, click Create.
apiVersion: apps/v1
kind: Deployment
metadata:
name: istio-grpc-server-v1
labels:
app: istio-grpc-server
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: istio-grpc-server
version: v1
template:
metadata:
labels:
app: istio-grpc-server
version: v1
spec:
containers:
- args:
- --address=0.0.0.0:8080
image: registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-server
imagePullPolicy: Always
livenessProbe:
exec:
command:
- /bin/grpc_health_probe
- -addr=:8080
initialDelaySeconds: 2
name: istio-grpc-server
ports:
- containerPort: 8080
readinessProbe:
exec:
command:
- /bin/grpc_health_probe
- -addr=:8080
initialDelaySeconds: 2
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: istio-grpc-server-v2
labels:
app: istio-grpc-server
version: v2
spec:
replicas: 1
selector:
matchLabels:
app: istio-grpc-server
version: v2
template:
metadata:
labels:
app: istio-grpc-server
version: v2
spec:
containers:
- args:
- --address=0.0.0.0:8080
image: registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-server
imagePullPolicy: Always
livenessProbe:
exec:
command:
- /bin/grpc_health_probe
- -addr=:8080
initialDelaySeconds: 2
name: istio-grpc-server
ports:
- containerPort: 8080
readinessProbe:
exec:
command:
- /bin/grpc_health_probe
- -addr=:8080
initialDelaySeconds: 2
---
apiVersion: v1
kind: Service
metadata:
name: istio-grpc-server
labels:
app: istio-grpc-server
spec:
ports:
- name: grpc-backend
port: 8080
protocol: TCP
selector:
app: istio-grpc-server
type: ClusterIP
---
Step 2: Set routing rules for the ASM instance
Create an Istio gateway, a virtual service, and a destination rule for the ASM instance
to route all inbound traffic to istio-grpc-server-v1.
- Log on to the ASM console.
- In the left-side navigation pane, choose .
- On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM
instance or click Manage in the Actions column of the ASM instance.
- Create an Gateway.
- On the details page of the ASM instance, choose in the left-side navigation pane. On the Gateway rules page, click Create from YAML.
- In the Create panel, select default from the Namespace drop-down list and copy the following YAML code to the code editor. Then, click Create.
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: grpc-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 8080
name: grpc
protocol: GRPC
hosts:
- "*"
- Create a DestinationRule.
- On the details page of the ASM instance, choose in the left-side navigation pane. On the Target rule page, click Create from YAML.
- In the Create panel, select default from the Namespace drop-down list and copy the following YAML code to the code editor. Then, click Create.
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: dr-istio-grpc-server
spec:
host: istio-grpc-server
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN
subsets:
- name: v1
labels:
version: "v1"
- name: v2
labels:
version: "v2"
- Create a VirtualService.
- On the details page of the ASM instance, choose in the left-side navigation pane. On the Virtual service page, click Create from YAML.
- In the Create panel, select default from the Namespace drop-down list and copy the following YAML code to the code editor. Then, click Create.
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grpc-vs
spec:
hosts:
- "*"
gateways:
- grpc-gateway
http:
- match:
- port: 8080
route:
- destination:
host: istio-grpc-server
subset: v1
weight: 100
- destination:
host: istio-grpc-server
subset: v2
weight: 0
Step 3: Deploy an ingress gateway service
Enable port 8080 in the ingress gateway service and point the port to port 8080 of
the Istio gateway.
- Log on to the ASM console.
- In the left-side navigation pane, choose .
- On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM
instance or click Manage in the Actions column of the ASM instance.
- On the details page of the ASM instance, click ASM Gateways in the left-side navigation pane.
- On the ASM Gateways page, click Create. In the Create panel, set the parameters as required.
Parameter |
Description |
Cluster |
Select the cluster in which you want to deploy an ingress gateway service. |
SLB Instance Type |
Select Internet Access.
|
Use Existing SLB Instance or Create SLB Instance |
Configure a Server Load Balancer (SLB) instance.
- Use Existing SLB Instance: Select an SLB instance from the drop-down list.
- Create SLB Instance: Click Create SLB Instance and select an SLB instance type from the drop-down list.
Note We recommend that you assign a dedicated SLB instance to each Kubernetes service in
the cluster. If multiple Kubernetes services share the same SLB instance, the following
risks and limits exist:
- If you assign a Kubernetes service with an SLB instance that is used by another Kubernetes
service, the existing listeners of the SLB instance are forcibly overwritten. This
may interrupt the original Kubernetes service and make your application unavailable.
- If you create an SLB instance when you create a Kubernetes service, the SLB instance
cannot be shared among Kubernetes services. Only SLB instances that you create in
the SLB console or by calling API operations can be shared.
- Kubernetes services that share the same SLB instance must use different frontend listening
ports. Otherwise, port conflicts may occur.
- If multiple Kubernetes services share the same SLB instance, you must use the listener
names and the VServer group names as unique identifiers in Kubernetes. Do not modify
the names of listeners or VServer groups.
- You cannot share SLB instances across clusters.
|
Port Mapping |
Click Add Port and set the Protocol parameter to TCP, the Service Port parameter to 8080, and the Container Port parameter to 8080.
Note The service port exposes the ASM instance to external access. Inbound traffic accesses
the ASM instance by using the service port and is routed to a port on the Istio gateway,
which serves as the container port. Make sure that the container port that you enter
is the same as the specified port on the Istio gateway.
|
- Click Create.
Step 4: Start the gRPC client
- Run the following command to start the gRPC client:
docker run -d --name grpc-client registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-client 365d
- Run the following command to log on to the default container of the pod where the
gRPC client resides:
docker exec -it grpc-client sh
- Run the following command to access the gRPC service that you deployed in the ASM
instance:
/bin/greeter-client --insecure=true --address=<IP address of the ingress gateway service>:8080 --repeat=100
The command output indicates that all requests are routed to istio-grpc-server-v1.
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
Step 5: Transfer a specific ratio of the traffic to istio-grpc-server-v2
Route 40% of the traffic to istio-grpc-server-v2 and 60% of the traffic to istio-grpc-server-v1.
- Log on to the ASM console.
- In the left-side navigation pane, choose .
- On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM
instance or click Manage in the Actions column of the ASM instance.
- On the details page of the ASM instance, choose in the left-side navigation pane.
- On the VirtualService page, click YAML in the Actions column of the grpc-vs virtual service.
- In the Edit panel, copy the following YAML code to the code editor. Then, click OK.
....
route:
- destination:
host: istio-grpc-server
subset: v1
weight: 60
- destination:
host: istio-grpc-server
subset: v2
weight: 40
- Log on to the default container of the pod where the gRPC client resides. Run the
following command to access the gRPC service that you deployed in the ASM instance:
/bin/greeter-client --insecure=true --address=<IP address of the ingress gateway service>:8080 --repeat=100
The command output indicates that 40% of the traffic is routed to istio-grpc-server-v2.
Note If you send 100 requests in a test, the traffic may not always be routed to istio-grpc-server-v1
and istio-grpc-server-v2 at an exact ratio of 60 to 40, but will be close.
2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw
2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw