Configurar uma malha de serviço gRPC sem proxy no GKE
Nestas páginas, descrevemos como implantar um exemplo de cliente e servidor gRPC sem proxy em um Cloud Service Mesh.
Pré-requisitos
Como ponto de partida deste guia, consideramos que você:
- criou um cluster do GKE e o registrou em uma frota;
- instalou as definições de recursos personalizados.
Requisitos
Esta seção lista os requisitos para serviços compatíveis:
- gRPC C++: versão 1.68.1 ou mais recente
- gRPC Java: versão 1.68.2 ou mais recente
- gRPC Go: versão 1.68.0 ou mais recente
- gRPC Python: versão 1.68.1 ou mais recente
Configurar o serviço gRPC sem proxy
Este guia descreve dois métodos para configurar um serviço gRPC sem proxy na malha de serviço:
Método 1: configuração manual
Esse método exige que você configure manualmente os componentes necessários para o serviço gRPC sem proxy.
- InitContainer: use um initContainer na especificação do pod para executar o gerador de inicialização do gRPC do Traffic Director. Esse gerador produz a configuração necessária para o serviço.
- Montagem de volume: monte um volume que contenha a configuração gerada do initContainer. Isso garante que o aplicativo possa acessar as configurações necessárias.
- Variáveis de ambiente: inclua as variáveis de ambiente adequadas para ativar a emissão de métricas de observabilidade do CSM no aplicativo. Essas métricas fornecem insights valiosos sobre a performance do serviço.
Método 2: automático usando o injetor de inicialização sem proxy
Em vez de configurar manualmente o serviço gRPC sem proxy, você pode optar por uma abordagem simplificada usando o injetor de inicialização sem proxy.
Esse recurso automatiza o processo de configuração, facilitando a implantação do serviço. Para ativá-lo, adicione o rótulo mesh.cloud.google.com/csm-injection=proxyless ao namespace.
Ao adicionar esse rótulo ao namespace, o injetor cuida de todas as configurações necessárias, economizando tempo e esforço.
Se você precisar de um controle mais granular, também poderá aplicar esse rótulo diretamente a pods individuais. Isso permite substituir a configuração no nível do namespace e personalizar o comportamento de injeção por pod.
Ao seguir um desses métodos, você pode estabelecer um serviço gRPC sem proxy na malha de serviço.
Manual
Aplicar o namespace
kubectl apply -f - <<EOF --- kind: Namespace apiVersion: v1 metadata: name: proxyless-example EOFImplantar um serviço gRPC:
C++
kubectl apply -f - <<EOF
---
apiVersion: v1
kind: Service
metadata:
name: helloworld
namespace: proxyless-example
spec:
selector:
app: psm-grpc-server
ports:
- port: 50051
targetPort: 50051
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-server
namespace: proxyless-example
labels:
app: psm-grpc-server
spec:
replicas: 2
selector:
matchLabels:
app: psm-grpc-server
template:
metadata:
labels:
app: psm-grpc-server
service.istio.io/canonical-name: deployment-psm-grpc-server
spec:
containers:
- name: psm-grpc-server
image: grpc/csm-o11y-example-cpp-server:v1.68.1
imagePullPolicy: Always
args:
- "--port=50051"
ports:
- containerPort: 50051
env:
- name: GRPC_XDS_BOOTSTRAP
value: "/tmp/grpc-xds/td-grpc-bootstrap.json"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: CONTAINER_NAME
value: psm-grpc-server
- name: NAMESPACE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CSM_WORKLOAD_NAME
value: psm-grpc-server
- name: CSM_CANONICAL_SERVICE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.labels['service.istio.io/canonical-name']
- name: CSM_MESH_ID
value: proj-PROJECT_NUMBER
- name: OTEL_RESOURCE_ATTRIBUTES
value: k8s.pod.name=\$(POD_NAME),k8s.namespace.name=\$(NAMESPACE_NAME),k8s.container.name=\$(CONTAINER_NAME)
volumeMounts:
- mountPath: /tmp/grpc-xds/
name: grpc-td-conf
readOnly: true
initContainers:
- name: grpc-td-init
image: gcr.io/trafficdirector-prod/td-grpc-bootstrap:0.19.0
imagePullPolicy: Always
args:
- "--output=/tmp/bootstrap/td-grpc-bootstrap.json"
- "--vpc-network-name=default"
- "--xds-server-uri=trafficdirector.googleapis.com:443"
- "--generate-mesh-id"
volumeMounts:
- mountPath: /tmp/bootstrap/
name: grpc-td-conf
volumes:
- name: grpc-td-conf
emptyDir:
medium: Memory
EOF
Java
kubectl apply -f - <<EOF
---
apiVersion: v1
kind: Service
metadata:
name: helloworld
namespace: proxyless-example
spec:
selector:
app: psm-grpc-server
ports:
- port: 50051
targetPort: 50051
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-server
namespace: proxyless-example
labels:
app: psm-grpc-server
spec:
replicas: 2
selector:
matchLabels:
app: psm-grpc-server
template:
metadata:
labels:
app: psm-grpc-server
service.istio.io/canonical-name: deployment-psm-grpc-server
spec:
containers:
- name: psm-grpc-server
image: grpc/csm-o11y-example-java-server:v1.68.2
imagePullPolicy: Always
args:
- "50051"
- "9464"
ports:
- containerPort: 50051
env:
- name: GRPC_XDS_BOOTSTRAP
value: "/tmp/grpc-xds/td-grpc-bootstrap.json"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: CONTAINER_NAME
value: psm-grpc-server
- name: NAMESPACE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CSM_WORKLOAD_NAME
value: psm-grpc-server
- name: CSM_CANONICAL_SERVICE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.labels['service.istio.io/canonical-name']
- name: CSM_MESH_ID
value: proj-PROJECT_NUMBER
- name: OTEL_RESOURCE_ATTRIBUTES
value: k8s.pod.name=\$(POD_NAME),k8s.namespace.name=\$(NAMESPACE_NAME),k8s.container.name=\$(CONTAINER_NAME)
volumeMounts:
- mountPath: /tmp/grpc-xds/
name: grpc-td-conf
readOnly: true
initContainers:
- name: grpc-td-init
image: gcr.io/trafficdirector-prod/td-grpc-bootstrap:0.19.0
imagePullPolicy: Always
args:
- "--output=/tmp/bootstrap/td-grpc-bootstrap.json"
- "--vpc-network-name=default"
- "--xds-server-uri=trafficdirector.googleapis.com:443"
- "--generate-mesh-id"
volumeMounts:
- mountPath: /tmp/bootstrap/
name: grpc-td-conf
volumes:
- name: grpc-td-conf
emptyDir:
medium: Memory
EOF
Go
kubectl apply -f - <<EOF
---
apiVersion: v1
kind: Service
metadata:
name: helloworld
namespace: proxyless-example
spec:
selector:
app: psm-grpc-server
ports:
- port: 50051
targetPort: 50051
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-server
namespace: proxyless-example
labels:
app: psm-grpc-server
spec:
replicas: 2
selector:
matchLabels:
app: psm-grpc-server
template:
metadata:
labels:
app: psm-grpc-server
service.istio.io/canonical-name: deployment-psm-grpc-server
spec:
containers:
- name: psm-grpc-server
image: grpc/csm-o11y-example-go-server:v1.69.4
imagePullPolicy: Always
args:
- "--port=50051"
ports:
- containerPort: 50051
env:
- name: GRPC_XDS_BOOTSTRAP
value: "/tmp/grpc-xds/td-grpc-bootstrap.json"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: CONTAINER_NAME
value: psm-grpc-server
- name: NAMESPACE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CSM_WORKLOAD_NAME
value: psm-grpc-server
- name: CSM_CANONICAL_SERVICE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.labels['service.istio.io/canonical-name']
- name: CSM_MESH_ID
value: proj-PROJECT_NUMBER
- name: OTEL_RESOURCE_ATTRIBUTES
value: k8s.pod.name=\$(POD_NAME),k8s.namespace.name=\$(NAMESPACE_NAME),k8s.container.name=\$(CONTAINER_NAME)
volumeMounts:
- mountPath: /tmp/grpc-xds/
name: grpc-td-conf
readOnly: true
initContainers:
- name: grpc-td-init
image: gcr.io/trafficdirector-prod/td-grpc-bootstrap:0.19.0
imagePullPolicy: Always
args:
- "--output=/tmp/bootstrap/td-grpc-bootstrap.json"
- "--vpc-network-name=default"
- "--xds-server-uri=trafficdirector.googleapis.com:443"
- "--generate-mesh-id"
volumeMounts:
- mountPath: /tmp/bootstrap/
name: grpc-td-conf
volumes:
- name: grpc-td-conf
emptyDir:
medium: Memory
EOF
Python
kubectl apply -f - <<EOF
---
apiVersion: v1
kind: Service
metadata:
name: helloworld
namespace: proxyless-example
spec:
selector:
app: psm-grpc-server
ports:
- port: 50051
targetPort: 50051
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-server
namespace: proxyless-example
labels:
app: psm-grpc-server
spec:
replicas: 2
selector:
matchLabels:
app: psm-grpc-server
template:
metadata:
labels:
app: psm-grpc-server
service.istio.io/canonical-name: deployment-psm-grpc-server
spec:
containers:
- name: psm-grpc-server
image: grpc/csm-o11y-example-python-server:v1.68.1
imagePullPolicy: Always
args:
- "--port=50051"
ports:
- containerPort: 50051
env:
- name: GRPC_XDS_BOOTSTRAP
value: "/tmp/grpc-xds/td-grpc-bootstrap.json"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: CONTAINER_NAME
value: psm-grpc-server
- name: NAMESPACE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CSM_WORKLOAD_NAME
value: psm-grpc-server
- name: CSM_CANONICAL_SERVICE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.labels['service.istio.io/canonical-name']
- name: CSM_MESH_ID
value: proj-PROJECT_NUMBER
- name: OTEL_RESOURCE_ATTRIBUTES
value: k8s.pod.name=\$(POD_NAME),k8s.namespace.name=\$(NAMESPACE_NAME),k8s.container.name=\$(CONTAINER_NAME)
volumeMounts:
- mountPath: /tmp/grpc-xds/
name: grpc-td-conf
readOnly: true
initContainers:
- name: grpc-td-init
image: gcr.io/trafficdirector-prod/td-grpc-bootstrap:0.16.0
imagePullPolicy: Always
args:
- "--output=/tmp/bootstrap/td-grpc-bootstrap.json"
- "--vpc-network-name=default"
- "--xds-server-uri=trafficdirector.googleapis.com:443"
- "--generate-mesh-id"
volumeMounts:
- mountPath: /tmp/bootstrap/
name: grpc-td-conf
volumes:
- name: grpc-td-conf
emptyDir:
medium: Memory
EOF
A resposta é semelhante a:
namespace/proxyless-example created
service/helloworld created
deployment.apps/psm-grpc-server created
Automático
Aplicar o namespace
kubectl apply -f - <<EOF --- kind: Namespace apiVersion: v1 metadata: name: proxyless-example EOFExecute o comando a seguir para ativar o injetor de inicialização sem proxy no namespace proxyless-example:
kubectl label namespace proxyless-example mesh.cloud.google.com/csm-injection=proxylessImplantar um serviço gRPC:
C++
kubectl apply -f - <<EOF
---
apiVersion: v1
kind: Service
metadata:
name: helloworld
namespace: proxyless-example
spec:
selector:
app: psm-grpc-server
ports:
- port: 50051
targetPort: 50051
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-server
namespace: proxyless-example
labels:
app: psm-grpc-server
spec:
replicas: 2
selector:
matchLabels:
app: psm-grpc-server
template:
metadata:
labels:
app: psm-grpc-server
spec:
containers:
- name: psm-grpc-server
image: grpc/csm-o11y-example-cpp-server:v1.68.1
imagePullPolicy: Always
args:
- "--port=50051"
ports:
- containerPort: 50051
EOF
Java
kubectl apply -f - <<EOF
---
apiVersion: v1
kind: Service
metadata:
name: helloworld
namespace: proxyless-example
spec:
selector:
app: psm-grpc-server
ports:
- port: 50051
targetPort: 50051
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-server
namespace: proxyless-example
labels:
app: psm-grpc-server
spec:
replicas: 2
selector:
matchLabels:
app: psm-grpc-server
template:
metadata:
labels:
app: psm-grpc-server
spec:
containers:
- name: psm-grpc-server
image: grpc/csm-o11y-example-java-server:v1.68.2
imagePullPolicy: Always
args:
- "50051"
- "9464"
ports:
- containerPort: 50051
EOF
Go
kubectl apply -f - <<EOF
---
apiVersion: v1
kind: Service
metadata:
name: helloworld
namespace: proxyless-example
spec:
selector:
app: psm-grpc-server
ports:
- port: 50051
targetPort: 50051
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-server
namespace: proxyless-example
labels:
app: psm-grpc-server
spec:
replicas: 2
selector:
matchLabels:
app: psm-grpc-server
template:
metadata:
labels:
app: psm-grpc-server
spec:
containers:
- name: psm-grpc-server
image: grpc/csm-o11y-example-go-server:v1.69.4
imagePullPolicy: Always
args:
- "--port=50051"
ports:
- containerPort: 50051
EOF
Python
kubectl apply -f - <<EOF
---
apiVersion: v1
kind: Service
metadata:
name: helloworld
namespace: proxyless-example
spec:
selector:
app: psm-grpc-server
ports:
- port: 50051
targetPort: 50051
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-server
namespace: proxyless-example
labels:
app: psm-grpc-server
spec:
replicas: 2
selector:
matchLabels:
app: psm-grpc-server
template:
metadata:
labels:
app: psm-grpc-server
spec:
containers:
- name: psm-grpc-server
image: grpc/csm-o11y-example-python-server:v1.68.1
imagePullPolicy: Always
args:
- "--port=50051"
ports:
- containerPort: 50051
EOF
A resposta é semelhante a:
namespace/proxyless-example created
service/helloworld created
deployment.apps/psm-grpc-server created
Verifique se os pods foram criados:
kubectl get pods -n proxyless-exampleA resposta é semelhante a:
NAME READY STATUS RESTARTS AGE psm-grpc-server-65966bf76d-2wwxz 1/1 Running 0 13s psm-grpc-server-65966bf76d-nbxd2 1/1 Running 0 13sAguarde até que todos os pods estejam prontos e tenham o
Statusem execução antes de continuar.Implantar um HTTPRoute:
kubectl apply -f - <<EOF apiVersion: gateway.networking.k8s.io/v1beta1 kind: HTTPRoute metadata: name: app1 namespace: proxyless-example spec: parentRefs: - name: helloworld namespace: proxyless-example kind: Service group: "" rules: - backendRefs: - name: helloworld port: 50051 EOFEsse comando cria um HTTPRoute chamado app1 e envia todos os RPCs para o serviço
helloworld.O serviço
parentReftambém éhelloworld, o que significa que nosso HTTPRoute está anexado a esse serviço e processará todos os RPCs endereçados a ele. No caso do gRPC sem proxy, isso significa que qualquer cliente que envie RPCs em um canal gRPC para o destinoxds:///helloworld.proxyless-example.svc.cluster.local:50051.Verifique se o novo HTTPRoute app1 foi criado:
kubectl get httproute -n proxyless-exampleA resposta é semelhante a:
NAME HOSTNAMES AGE app1 72s
Configurar o cliente gRPC sem proxy
Esta seção descreve como usar um cliente gRPC para verificar se o Cloud Service Mesh está roteando o tráfego corretamente na malha.
Assim como na configuração do serviço, você tem duas opções para configurar o cliente:
Método 1: configuração manual
Essa abordagem envolve a configuração manual dos componentes necessários para o cliente, espelhando as configurações de serviço manuais.
Método 2: automático usando o injetor de inicialização sem proxy
Como alternativa, você pode usar o injetor automático para simplificar o processo de configuração do cliente. Isso simplifica a configuração e reduz a intervenção manual. Isso é feito aplicando o rótulo no namespace.
As duas opções fornecem os recursos necessários para o cliente. Escolha o método que melhor atenda às suas necessidades e preferências.
Manual
Execute um cliente gRPC e direcione-o para usar a configuração de roteamento especificada pelo HTTPRoute:
C++
kubectl apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-client
namespace: proxyless-example
labels:
app: psm-grpc-client
spec:
replicas: 1
selector:
matchLabels:
app: psm-grpc-client
template:
metadata:
labels:
app: psm-grpc-client
service.istio.io/canonical-name: deployment-psm-grpc-client
spec:
containers:
- name: psm-grpc-client
image: grpc/csm-o11y-example-cpp-client:v1.68.1
imagePullPolicy: Always
args:
- "--target=xds:///helloworld.proxyless-example.svc.cluster.local:50051"
env:
- name: GRPC_XDS_BOOTSTRAP
value: "/tmp/grpc-xds/td-grpc-bootstrap.json"
- name: CSM_WORKLOAD_NAME
value: psm-grpc-client
- name: CSM_CANONICAL_SERVICE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.labels['service.istio.io/canonical-name']
- name: CSM_MESH_ID
value: proj-PROJECT_NUMBER
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONTAINER_NAME
value: psm-grpc-client
- name: OTEL_RESOURCE_ATTRIBUTES
value: k8s.pod.name=\$(POD_NAME),k8s.namespace.name=\$(NAMESPACE_NAME),k8s.container.name=\$(CONTAINER_NAME)
volumeMounts:
- mountPath: /tmp/grpc-xds/
name: grpc-td-conf
readOnly: true
initContainers:
- name: grpc-td-init
image: gcr.io/trafficdirector-prod/td-grpc-bootstrap:0.16.0
imagePullPolicy: Always
args:
- "--output=/tmp/bootstrap/td-grpc-bootstrap.json"
- "--vpc-network-name=default"
- "--xds-server-uri=trafficdirector.googleapis.com:443"
- "--generate-mesh-id"
volumeMounts:
- mountPath: /tmp/bootstrap/
name: grpc-td-conf
volumes:
- name: grpc-td-conf
emptyDir:
medium: Memory
EOF
Java
kubectl apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-client
namespace: proxyless-example
labels:
app: psm-grpc-client
spec:
replicas: 1
selector:
matchLabels:
app: psm-grpc-client
template:
metadata:
labels:
app: psm-grpc-client
service.istio.io/canonical-name: deployment-psm-grpc-client
spec:
containers:
- name: psm-grpc-client
image: grpc/csm-o11y-example-java-client:v1.68.2
imagePullPolicy: Always
args:
- "world"
- "xds:///helloworld.proxyless-example.svc.cluster.local:50051"
- "9464"
env:
- name: GRPC_XDS_BOOTSTRAP
value: "/tmp/grpc-xds/td-grpc-bootstrap.json"
- name: CSM_WORKLOAD_NAME
value: psm-grpc-client
- name: CSM_CANONICAL_SERVICE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.labels['service.istio.io/canonical-name']
- name: CSM_MESH_ID
value: proj-PROJECT_NUMBER
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONTAINER_NAME
value: psm-grpc-client
- name: OTEL_RESOURCE_ATTRIBUTES
value: k8s.pod.name=\$(POD_NAME),k8s.namespace.name=\$(NAMESPACE_NAME),k8s.container.name=\$(CONTAINER_NAME)
volumeMounts:
- mountPath: /tmp/grpc-xds/
name: grpc-td-conf
readOnly: true
initContainers:
- name: grpc-td-init
image: gcr.io/trafficdirector-prod/td-grpc-bootstrap:0.16.0
imagePullPolicy: Always
args:
- "--output=/tmp/bootstrap/td-grpc-bootstrap.json"
- "--vpc-network-name=default"
- "--xds-server-uri=trafficdirector.googleapis.com:443"
- "--generate-mesh-id"
volumeMounts:
- mountPath: /tmp/bootstrap/
name: grpc-td-conf
volumes:
- name: grpc-td-conf
emptyDir:
medium: Memory
EOF
Go
kubectl apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-client
namespace: proxyless-example
labels:
app: psm-grpc-client
spec:
replicas: 1
selector:
matchLabels:
app: psm-grpc-client
template:
metadata:
labels:
app: psm-grpc-client
service.istio.io/canonical-name: deployment-psm-grpc-client
spec:
containers:
- name: psm-grpc-client
image: grpc/csm-o11y-example-go-client:v1.69.4
imagePullPolicy: Always
args:
- "--target=xds:///helloworld.proxyless-example.svc.cluster.local:50051"
env:
- name: GRPC_XDS_BOOTSTRAP
value: "/tmp/grpc-xds/td-grpc-bootstrap.json"
- name: CSM_WORKLOAD_NAME
value: psm-grpc-client
- name: CSM_CANONICAL_SERVICE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.labels['service.istio.io/canonical-name']
- name: CSM_MESH_ID
value: proj-PROJECT_NUMBER
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONTAINER_NAME
value: psm-grpc-client
- name: OTEL_RESOURCE_ATTRIBUTES
value: k8s.pod.name=\$(POD_NAME),k8s.namespace.name=\$(NAMESPACE_NAME),k8s.container.name=\$(CONTAINER_NAME)
volumeMounts:
- mountPath: /tmp/grpc-xds/
name: grpc-td-conf
readOnly: true
initContainers:
- name: grpc-td-init
image: gcr.io/trafficdirector-prod/td-grpc-bootstrap:0.16.0
imagePullPolicy: Always
args:
- "--output=/tmp/bootstrap/td-grpc-bootstrap.json"
- "--vpc-network-name=default"
- "--xds-server-uri=trafficdirector.googleapis.com:443"
- "--generate-mesh-id"
volumeMounts:
- mountPath: /tmp/bootstrap/
name: grpc-td-conf
volumes:
- name: grpc-td-conf
emptyDir:
medium: Memory
EOF
Python
kubectl apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-client
namespace: proxyless-example
labels:
app: psm-grpc-client
spec:
replicas: 1
selector:
matchLabels:
app: psm-grpc-client
template:
metadata:
labels:
app: psm-grpc-client
service.istio.io/canonical-name: deployment-psm-grpc-client
spec:
containers:
- name: psm-grpc-client
image: grpc/csm-o11y-example-python-client:v1.68.1
imagePullPolicy: Always
args:
- "--target=xds:///helloworld.proxyless-example.svc.cluster.local:50051"
env:
- name: GRPC_XDS_BOOTSTRAP
value: "/tmp/grpc-xds/td-grpc-bootstrap.json"
- name: CSM_WORKLOAD_NAME
value: psm-grpc-client
- name: CSM_CANONICAL_SERVICE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.labels['service.istio.io/canonical-name']
- name: CSM_MESH_ID
value: proj-PROJECT_NUMBER
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONTAINER_NAME
value: psm-grpc-client
- name: OTEL_RESOURCE_ATTRIBUTES
value: k8s.pod.name=\$(POD_NAME),k8s.namespace.name=\$(NAMESPACE_NAME),k8s.container.name=\$(CONTAINER_NAME)
volumeMounts:
- mountPath: /tmp/grpc-xds/
name: grpc-td-conf
readOnly: true
initContainers:
- name: grpc-td-init
image: gcr.io/trafficdirector-prod/td-grpc-bootstrap:0.16.0
imagePullPolicy: Always
args:
- "--output=/tmp/bootstrap/td-grpc-bootstrap.json"
- "--vpc-network-name=default"
- "--xds-server-uri=trafficdirector.googleapis.com:443"
- "--generate-mesh-id"
volumeMounts:
- mountPath: /tmp/bootstrap/
name: grpc-td-conf
volumes:
- name: grpc-td-conf
emptyDir:
medium: Memory
EOF
Automático
Execute um cliente gRPC e direcione-o para usar a configuração de roteamento especificada pelo HTTPRoute:
C++
kubectl apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-client
namespace: proxyless-example
labels:
app: psm-grpc-client
spec:
replicas: 1
selector:
matchLabels:
app: psm-grpc-client
template:
metadata:
labels:
app: psm-grpc-client
spec:
containers:
- name: psm-grpc-client
image: grpc/csm-o11y-example-cpp-client:v1.68.1
imagePullPolicy: Always
args:
- "--target=xds:///helloworld.proxyless-example.svc.cluster.local:50051"
EOF
Java
kubectl apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-client
namespace: proxyless-example
labels:
app: psm-grpc-client
spec:
replicas: 1
selector:
matchLabels:
app: psm-grpc-client
template:
metadata:
labels:
app: psm-grpc-client
spec:
containers:
- name: psm-grpc-client
image: grpc/csm-o11y-example-java-client:v1.68.2
imagePullPolicy: Always
args:
- "world"
- "xds:///helloworld.proxyless-example.svc.cluster.local:50051"
- "9464"
EOF
Go
kubectl apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-client
namespace: proxyless-example
labels:
app: psm-grpc-client
spec:
replicas: 1
selector:
matchLabels:
app: psm-grpc-client
template:
metadata:
labels:
app: psm-grpc-client
spec:
containers:
- name: psm-grpc-client
image: grpc/csm-o11y-example-go-client:v1.69.4
imagePullPolicy: Always
args:
- "--target=xds:///helloworld.proxyless-example.svc.cluster.local:50051"
EOF
Python
kubectl apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: psm-grpc-client
namespace: proxyless-example
labels:
app: psm-grpc-client
spec:
replicas: 1
selector:
matchLabels:
app: psm-grpc-client
template:
metadata:
labels:
app: psm-grpc-client
spec:
containers:
- name: psm-grpc-client
image: grpc/csm-o11y-example-python-client:v1.68.1
imagePullPolicy: Always
args:
- "--target=xds:///helloworld.proxyless-example.svc.cluster.local:50051"
EOF
A resposta é semelhante a:
deployment.apps/psm-grpc-client created
Para verificar se o cliente conseguiu acessar o serviço, consulte os registros do cliente:
kubectl logs -n proxyless-example $(kubectl get po -n proxyless-example | grep psm-grpc-client | awk '{print $1;}') -f
A saída é semelhante a:
Defaulted container "psm-grpc-client" out of: psm-grpc-client, grpc-td-init (init)
Greeter received: Hello from psm-grpc-server-xxxxxxx-xxxx world
Configuração do Google Cloud Managed Service para Prometheus (opcional)
Você pode implantar o recurso
PodMonitoring do Serviço Gerenciado do Google Cloud para Prometheus para exportar as métricas para o Cloud Monitoring.
Para servidores, execute o seguinte comando:
kubectl apply -f - <<EOF apiVersion: monitoring.googleapis.com/v1 kind: PodMonitoring metadata: name: psm-grpc-server-gmp namespace: proxyless-example spec: selector: matchLabels: app: psm-grpc-server endpoints: - port: 9464 interval: 10s EOFPara clientes, , execute o seguinte comando:
kubectl apply -f - <<EOF apiVersion: monitoring.googleapis.com/v1 kind: PodMonitoring metadata: name: psm-grpc-client-gmp namespace: proxyless-example spec: selector: matchLabels: app: psm-grpc-client endpoints: - port: 9464 interval: 10s EOFDepois de implantar o recurso
PodMonitoring, olocalhost:9464/metricsde cada pod correspondente será extraído a cada 10 segundos e exportará os resultados para o Cloud Monitoring.
Para conferir as métricas no Cloud Monitoring, siga estas etapas:
navegue até a seção "Metrics Explorer" do seu Google Cloud console, selecione Prometheus Target > Grpc para encontrar as métricas.
É possível observar as cargas de trabalho e os serviços implantados na seção "Service Mesh" do seu Google Cloud console.
Resolver problemas de observabilidade do Cloud Service Mesh
Esta seção mostra como resolver problemas comuns.
As métricas não são exportadas / mostradas
Verifique se todos os binários envolvidos (cliente e servidor) estão configurados com observabilidade.
Se você estiver usando o exportador do Prometheus, verifique se o URL dele está configurado conforme o esperado.
Verifique se os canais gRPC estão ativados para o Cloud Service Mesh. Os canais precisam ter um destino no formato xds:///. Os servidores gRPC estão sempre ativados para o Cloud Service Mesh.
Nenhuma métrica exportada / um valor de atributo em uma métrica aparece como desconhecido
A observabilidade do Cloud Service Mesh determina as informações topológicas da malha por meio de rótulos de ambiente. Verifique se a especificação do pod ou do serviço para o cliente e o serviço especifica todos os rótulos conforme descrito no exemplo.
Descreva a implantação do servidor psm-grpc:
kubectl describe Deployment psm-grpc-server -n proxyless-example \ | grep "psm-grpc-server:" -A 12A saída é semelhante a:
psm-grpc-server: Image: grpc/csm-example-server:2024-02-13 Port: 50051/TCP Host Port: 0/TCP Args: --port=50051 Environment: GRPC_XDS_BOOTSTRAP: /tmp/grpc-xds/td-grpc-bootstrap.json POD_NAME: (v1:metadata.name) NAMESPACE_NAME: (v1:metadata.namespace) CSM_WORKLOAD_NAME: psm-grpc-server OTEL_RESOURCE_ATTRIBUTES: k8s.pod.name=$(POD_NAME),k8s.namespace.name=$(NAMESPACE_NAME),k8s.container.name=$(CONTAINER_NAME)Descreva a implantação do cliente psm-grpc:
kubectl describe Deployment psm-grpc-client -n proxyless-example \ | grep "psm-grpc-client:" -A 12A saída é semelhante a:
psm-grpc-client: Image: grpc/csm-example-client:2024-02-13 Port: <none> Host Port: <none> Args: --target=xds:///helloworld.proxyless-example.svc.cluster.local:50051 Environment: GRPC_XDS_BOOTSTRAP: /tmp/grpc-xds/td-grpc-bootstrap.json CSM_WORKLOAD_NAME: test-workload-name POD_NAME: (v1:metadata.name) NAMESPACE_NAME: (v1:metadata.namespace) CONTAINER_NAME: psm-grpc-client