Load balance to multiple gRPC hosts external to the mesh

cleverguy25 · March 22, 2019, 5:14pm

I have a set of hosts outside my mesh hosting a gRPC service. I want to set Istio egress gateway to act as a proxy between these hosts, so local client code can just connect to “myservice” and have the request routed round robin to one of these gRPC hosts. LinkerD seems capable of this…

Question is how do I do this with Istio? I have read through the Gateway, VirtualService, and ServiceEntry but not quite sure how to set that up.

chaturvedia · March 22, 2019, 6:29pm

Any service outside the mesh will need to be added as ServiceEntry, https://istio.io/docs/reference/config/networking/v1alpha3/service-entry/

The resolution https://istio.io/docs/reference/config/networking/v1alpha3/service-entry/#ServiceEntry-Resolution DNS|None|Static is what you would have to tune as per how your gRPC service is setup

ugodiggi · April 15, 2019, 7:02pm

I have a similar issue to @cleverguy25.

I have a set of hosts that are defined using DNS.
I have defined my ServiceEntry to point at them.

Then I start my client in its own pod, with its istio-proxy sidecar, and configure it to talk to the DNS name.
My client resolves the DNS name to the IPs of the hosts (these are external to the mesh). Then it opens separate, long-lived grpc/http2 connections meant for each of the hosts. I believe those connections are routed through the istio-proxy.

This is surprising to me, because it seems to imply that the client is expected to perform clientside load balancing, which I’d like to avoid.

I’d like to alter the behavior so that my client opens a single grpc/http2 connection to istio-proxy and that istio provides the load balancing.
I have been trying to play with ServiceEntry.Resolution to alter this behavior, but it doesn’t seem to make a difference for me.

vvarma · February 19, 2020, 11:24am

This is exactly the issue i am trying to solve. The documentation and examples seem a bit limited for STATIC resolution.

When i diagnosed the pods endpoints with istioctl proxy-config endpoints --cluster "outbound|8451||xyz-svc " ${POD_NAME} i get no entries. Following is the ServiceEntry i am creating.

Is there anything wrong with the configuration?

kind: ServiceEntry
metadata:
  name: xyz-svc
spec:
  hosts:
    - xyz-svc
  ports:
    - name: grpc
      protocol: GRPC
      number: 8888
  location: MESH_EXTERNAL
  resolution: STATIC
  endpoints:
    - address: x.x.x.x

vvarma · February 21, 2020, 4:25am

Got this working.

the port had to be a unique port or have to add

addresses:
    - x.x.x.x/32

have to create a service and an endpoint to get the dns lookup working

Topic		Replies	Views
Exposing gRPC service externally results in Access Denied errors	2	1512	June 8, 2021
How to consume external gRPC service? Networking	5	2360	June 6, 2021
Istio Ingress Gateway - Visibility into gRPC connections and load balancing Networking	0	1273	October 29, 2020
Etcd GRPC through an Istio Gateway	0	1416	August 13, 2019
ServiceEntry with multiple dns endpoints and HOST header	1	650	July 3, 2023

Load balance to multiple gRPC hosts external to the mesh

Related Topics