Envoy: GRPC service mesh, configuration example

Created on 5 Mar 2018  路  5Comments  路  Source: envoyproxy/envoy

Hi,

Im trying to build grpc service mesh. For the reason i consider to use tenvoy.tcp_proxy filter type, but it does not seem to work. Assuming we have two miscroservices both running GRPC with client application talking them GRPC too, what is my most basic configuration to use. Is there anywhere a reasonable example? Would i still have to use http-grpc bridge?

question
Source
picture arkadyb

Most helpful comment

Assuming one of your gRPC services runs at e.g. port 50051 and the client could connect insecurely (no TLS e.g. if using go we use grpc.Dial(address, grpc.WithInsecure())) to the server, the simplest config (.yaml v2) will be something like:

admin:
  access_log_path: /tmp/admin_access.log
  address:
    socket_address: { address: 0.0.0.0, port_value: 9901 }

static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address: { address: 0.0.0.0, port_value: 10000 }
    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        config:
          stat_prefix: ingress_http
          codec_type: AUTO
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match: { prefix: "/" }
                route: { cluster: service_grpc }
          http_filters:
          - name: envoy.router
  clusters:
  - name: service_grpc
    connect_timeout: 25s
    type: LOGICAL_DNS
    lb_policy: ROUND_ROBIN
    dns_lookup_family: V4_ONLY
    http2_protocol_options: { }
    hosts: [{ socket_address: { address: 127.0.0.1, port_value: 50051 }}]
picture dio on 5 Mar 2018
👍2

All 5 comments

Assuming one of your gRPC services runs at e.g. port 50051 and the client could connect insecurely (no TLS e.g. if using go we use grpc.Dial(address, grpc.WithInsecure())) to the server, the simplest config (.yaml v2) will be something like:

admin:
  access_log_path: /tmp/admin_access.log
  address:
    socket_address: { address: 0.0.0.0, port_value: 9901 }

static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address: { address: 0.0.0.0, port_value: 10000 }
    filter_chains:
    - filters:
      - name: envoy.http_connection_manager
        config:
          stat_prefix: ingress_http
          codec_type: AUTO
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match: { prefix: "/" }
                route: { cluster: service_grpc }
          http_filters:
          - name: envoy.router
  clusters:
  - name: service_grpc
    connect_timeout: 25s
    type: LOGICAL_DNS
    lb_policy: ROUND_ROBIN
    dns_lookup_family: V4_ONLY
    http2_protocol_options: { }
    hosts: [{ socket_address: { address: 127.0.0.1, port_value: 50051 }}]
dio picture dio on 5 Mar 2018
👍2

@dio Thank u for response!
Why do you still use http manager for filter? Should`t it be tcp_proxy?

Thanks!

arkadyb picture arkadyb on 5 Mar 2018

gRPC transports over http2 and envoy supports it https://www.envoyproxy.io/docs/envoy/latest/api-v1/network_filters/http_conn_man.html while for the cluster, the http2_protocol_options enables http2 support for upstreams https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/cds.proto.html?highlight=http2_protocol_options

dio picture dio on 5 Mar 2018

@ArkadyB I'd suggest https://groups.google.com/forum/#!forum/envoy-users as a forum for exploring this question if @dio (thanks!) response needs further clarification.

htuch picture htuch on 5 Mar 2018

Closing this out as I think @ArkadyB has made some progress here.

htuch picture htuch on 8 Mar 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sabiurr picture sabiurr  路  3Comments
anatolebeuzon picture anatolebeuzon  路  3Comments
justConfused picture justConfused  路  3Comments
rshriram picture rshriram  路  3Comments
zanes2016 picture zanes2016  路  3Comments