You can route traffic to gRPC services in an Alibaba Cloud Service Mesh (ASM) instance by using an ingress gateway. This topic describes how to use an ingress gateway to access a gRPC service in an ASM instance. This topic also describes how to switch traffic between two versions of a gRPC service.
Prerequisites
An ingress gateway is deployed. For more information, see Deploy an ingress gateway service.
An ASM instance of the latest version is created and the instance edition is Enterprise or Ultimate. An application is deployed in a Container Service for Kubernetes (ACK) cluster that is added to the ASM instance. For more information, see Deploy an application in an ASM instance.
Step 1: Deploy two versions of a gRPC service
Deploy version 1 and version 2 of a gRPC service: istio-grpc-server-v1 and istio-grpc-server-v2.
- Log on to the ACK console and click Clusters in the left-side navigation pane.
- On the Clusters page, click the name of a cluster and choose in the left-side navigation pane.
In the upper part of the Deployments page, select a namespace from the Namespace drop-down list and click Create from YAML.
NoteThe namespace that you select must have the istio-system=enabled tag, which indicates that automatic sidecar injection is enabled for the namespace. For more information, see Upgrade sidecar proxies.
On the Create page, set Sample Template to Custom, copy the following YAML code to the code editor, and click Create.
apiVersion: apps/v1 kind: Deployment metadata: name: istio-grpc-server-v1 labels: app: istio-grpc-server version: v1 spec: replicas: 1 selector: matchLabels: app: istio-grpc-server version: v1 template: metadata: labels: app: istio-grpc-server version: v1 spec: containers: - args: - --address=0.0.0.0:8080 image: registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-server imagePullPolicy: Always livenessProbe: exec: command: - /bin/grpc_health_probe - -addr=:8080 initialDelaySeconds: 2 name: istio-grpc-server ports: - containerPort: 8080 readinessProbe: exec: command: - /bin/grpc_health_probe - -addr=:8080 initialDelaySeconds: 2 --- apiVersion: apps/v1 kind: Deployment metadata: name: istio-grpc-server-v2 labels: app: istio-grpc-server version: v2 spec: replicas: 1 selector: matchLabels: app: istio-grpc-server version: v2 template: metadata: labels: app: istio-grpc-server version: v2 spec: containers: - args: - --address=0.0.0.0:8080 image: registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-server imagePullPolicy: Always livenessProbe: exec: command: - /bin/grpc_health_probe - -addr=:8080 initialDelaySeconds: 2 name: istio-grpc-server ports: - containerPort: 8080 readinessProbe: exec: command: - /bin/grpc_health_probe - -addr=:8080 initialDelaySeconds: 2 --- apiVersion: v1 kind: Service metadata: name: istio-grpc-server labels: app: istio-grpc-server spec: ports: - name: grpc-backend port: 8080 protocol: TCP selector: app: istio-grpc-server type: ClusterIP ---
Step 2: Configure routing rules for the ASM instance
Create an Istio gateway, a virtual service, and a destination rule for the ASM instance to route all inbound traffic to istio-grpc-server-v1.
- Log on to the ASM console. In the left-side navigation pane, choose .
On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
Create an Istio gateway.
On the details page of the ASM instance, choose in the left-side navigation pane. On the page that appears, click Create from YAML.
On the Create page, select default from the Namespace drop-down list, select a template from the Template drop-down list, copy the following YAML code to the code editor, and then click Create.
apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: grpc-gateway spec: selector: istio: ingressgateway # use Istio default gateway implementation servers: - port: number: 8080 name: grpc protocol: GRPC hosts: - "*"
Create a destination rule.
On the details page of the ASM instance, choose in the left-side navigation pane. On the page that appears, click Create from YAML.
On the Create page, select default from the Namespace drop-down list, select a template from the Template drop-down list, copy the following YAML code to the code editor, and then click Create.
apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: dr-istio-grpc-server spec: host: istio-grpc-server trafficPolicy: loadBalancer: simple: ROUND_ROBIN subsets: - name: v1 labels: version: "v1" - name: v2 labels: version: "v2"
Create a virtual service.
On the details page of the ASM instance, choose in the left-side navigation pane. On the page that appears, click Create from YAML.
On the Create page, select default from the Namespace drop-down list, select a template from the Template drop-down list, copy the following YAML code to the code editor, and then click Create.
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: grpc-vs spec: hosts: - "*" gateways: - grpc-gateway http: - match: - port: 8080 route: - destination: host: istio-grpc-server subset: v1 weight: 100 - destination: host: istio-grpc-server subset: v2 weight: 0
Step 3: Create an ingress gateway
Enable port 8080 on the ingress gateway and point the port to port 8080 of the Istio gateway.
- Log on to the ASM console. In the left-side navigation pane, choose .
- On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose .
On the Ingress Gateway page, click Create. On the Create page, configure the parameters and click Create.
The following table describes some of the parameters. For more information, see the parameter description table in the Create an ingress gateway service topic.
Parameter
Description
Cluster
The cluster in which you want to deploy the ingress gateway.
SLB Instance Type
The access type of the Server Load Balancer (SLB) instance. In this example, Internet Access is selected.
Server Load Balancer (SLB)
You can choose between Create SLB Instance and Use Existing SLB Instance.
Use Existing SLB Instance: Select an existing SLB instance from the drop-down list.
Create SLB Instance: Select the SLB instance specifications that you need from the drop-down list.
NoteWe recommend that you assign an SLB instance to each Kubernetes service in the cluster. If multiple Kubernetes services share the same SLB instance, the following risks and limits exist:
If you assign a Kubernetes service with an SLB instance that is used by another Kubernetes service, the existing listeners of the SLB instance are forcibly overwritten. This may interrupt the original Kubernetes service and make your applications unavailable.
If you create an SLB instance when you create a Kubernetes service, the SLB instance cannot be shared among Kubernetes services. Only SLB instances that you create in the SLB console or by calling API operations can be shared.
Kubernetes services that share the same SLB instance must use different frontend listening ports. Otherwise, port conflicts may occur.
If multiple Kubernetes services share the same SLB instance, you must use the listener names and the vServer group names as unique identifiers in Kubernetes. The names of listeners or vServer groups cannot be changed.
You cannot share an SLB instance across clusters.
Port Mapping
You can click Add Port and specify the protocol and service port in the row that appears. In this example, Protocol is set to TCP and Service Port to 8080.
Step 4: Start the gRPC client
Run the following command to start the gRPC client:
docker run -d --name grpc-client registry.cn-hangzhou.aliyuncs.com/aliacs-app-catalog/istio-grpc-client 365d
Run the following command to log on to the default container of the pod where the gRPC client resides:
docker exec -it grpc-client -- sh
Run the following command to access the gRPC service that you deployed in the ASM instance:
/bin/greeter-client --insecure=true --address=<IP address of the ingress gateway service>:8080 --repeat=100
The command output indicates that all requests are routed to istio-grpc-server-v1.
2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:18:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw
Step 5: Route traffic to the two versions of the gRPC service based on a specific ratio
Route 40% of the traffic to istio-grpc-server-v2 and 60% of the traffic to istio-grpc-server-v1.
- Log on to the ASM console. In the left-side navigation pane, choose .
- On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose .
On the VirtualService page, find the grpc-vs virtual service and click YAML in the Actions column.
In the Edit dialog box, copy the following YAML code to the code editor. Then, click OK.
.... route: - destination: host: istio-grpc-server subset: v1 weight: 60 - destination: host: istio-grpc-server subset: v2 weight: 40
Log on to the default container of the pod where the gRPC client resides. Run the following command to access the gRPC service that you deployed in the ASM instance:
/bin/greeter-client --insecure=true --address=<IP address of the ingress gateway service>:8080 --repeat=100
The command output indicates that 40% of the traffic is routed to istio-grpc-server-v2.
NoteThe traffic may not be routed to istio-grpc-server-v1 and istio-grpc-server-v2 at an exact ratio of 60:40. However, the overall traffic distribution is always close to this ratio.
2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw 2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw 2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:34:51 Hello world from istio-grpc-server-v1-dbdd97cc-n85lw 2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw 2020/09/11 03:34:51 Hello world from istio-grpc-server-v2-665c4cf57d-h74lw