Java xDS Proxyless connection when client is also a gRPC server accessed via grpc-web

[Oleg Cohen]

Greetings!

I have a use case as follows:

• A React SPA Application (frontend) calls Service 1 using gRpc-Web
• Service 1 (backend) calls Service 2 (backend2) via gRPC using proxyless xDS

I have been able to build three deployments:

• frontend
• backend
• backend2

backend uses a sidecar proxy and a grpc-web port to allow connection from frontend. This works well.

backend2 has a inject.istio.io/templates: grpc-agent annotation and the Service2 successfully initializes an XdsServer and finds GRPC_XDS_BOOTSTRAP 

The issue is how to initialize and use an xDS proxyless client within Service 1 to call Service 2. I am not able to use the annotation grpc-agent annotation on backend (Service 1) as it removes the sidecar and makes gRpc-Web impossible. 

I am wondering if there is a way to make this happen? I did see solutions about custom templates to have both annotations, but couldn't find an example. Not sure whether it is the right way.

Thank you!

Oleg  

[Oleg Cohen]

I was referring to this discussion: https://github.com/istio/istio/issues/40318

It does discuss the requirement I need. There are a couple points there:

• There is a mentioning if this capability envisioned and implemented but not documented
• There is also a grpc-mixed.yaml custom template that is shared. I wanted to try but not sure how such a file is deployed into istio.

Thank you!

Oleg

[Feng Li]

Thanks for the question.

gRPC-web was natively supported in Envoy years ago, and as istio uses envoy as its sidecar proxy, you get the functionality for free.

However, with the istio template you mentioned, that sidecar proxy is removed.

Here are some options in my mind:

- Continue to use the istio grpc-agent template for both of backend and backend2 in your case. And configure a separate Enovy proxy to serve gRPC-web traffic in front of backend

- Or improve the istio template to allow the sidecar proxy for backend.

I read this as a functionality of istio to provide the templates to optimize your workload creation, and support gRPC-web on the edge of a proxyless gRPC mesh.

[Oleg Cohen]

Hi Feng,

Thank you for replying with options! Really appreciate!

Your reading this “as a functionality of istio to provide the templates to optimize your workload creation, and support gRPC-web on the edge of a proxyless gRPC mesh.” Is absolutely correct. I think such capability within Istio would be great.

If you don’t mind I have some follow-up questions regarding these options:

1. On the option to configure a separate Envoy Proxy. Would I add it a separate container in that same pod? Are there any resources on how to inject a container? Perhaps it is a generic k8s capability.

2. I would love to improve the template! I looked into it, but I lack examples/documentation on how to it. Are there resources/examples I can look at how a template can be adjusted, extended, and deployed?

3. This is mine. I am considering to build my own xDS control plane in Java based on the Envoy control plane library. I have it working as a standalone server and now working to add k8s integration for endpoint identification. Perhaps it is too ambitious on my part and the above two options will do the job.

Again, thank you for the info!

Best regards,

Oleg

-- 
You received this message because you are subscribed to the Google Groups "grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/5da87eb3-f8b4-4d36-9f79-5908e5b11188n%40googlegroups.com.

[Feng Li]

On Tuesday, October 24, 2023 at 5:34:24 PM UTC-7 Oleg Cohen wrote:

Hi Feng,

Thank you for replying with options! Really appreciate!

Your reading this “as a functionality of istio to provide the templates to optimize your workload creation, and support gRPC-web on the edge of a proxyless gRPC mesh.” Is absolutely correct. I think such capability within Istio would be great.

If you don’t mind I have some follow-up questions regarding these options:

1. On the option to configure a separate Envoy Proxy. Would I add it a separate container in that same pod? Are there any resources on how to inject a container? Perhaps it is a generic k8s capability.

Yes, but it mostly depends on your needs. For convenience, you can add a container in the sam pod, as a sidecar which would scale up/down with your pod. It's a generic k8s capability. On the contrast, you can also configure Envoy as a separate edge service with a pod and scale it up/down independently.

2. I would love to improve the template! I looked into it, but I lack examples/documentation on how to it. Are there resources/examples I can look at how a template can be adjusted, extended, and deployed?

Istio forum would be a better place to get help. There are many systems use gRPC, istio is one of them, these systems on top of gRPC are responsible to help their customers streamline their configuration and they competing on that (which is a good thing for the whole ecosystem).

[Oleg Cohen]

Thank you so much! Very helpful!

On Oct 26, 2023, at 1:24 PM, 'Feng Li' via grpc.io <grp...@googlegroups.com> wrote:



You received this message because you are subscribed to a topic in the Google Groups "grpc.io" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/grpc-io/Xpf9Cg_YYOI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to grpc-io+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/3f6d8a6f-4a3c-4549-a6a4-1da91cbc36e1n%40googlegroups.com.