yaml configuration for Istio and gRPC

Question

I am working on a POC for Istio + gRPC, the Istio version is 1.6, but I could not see any gRPC traffic to my pods.

I suspect my Istio Gateway or VirtualService miss something, but I could not figure out what's wrong here? Could anybody help review my yaml file and correct me what's missing or wrong in my yaml?

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: syslogserver
  name: syslogserver
  namespace: mynamespace
spec:
  selector:
    matchLabels:
      app: syslogserver
  replicas: 1
  template:
    metadata:
      labels:
        app: syslogserver
    spec:
      containers:
        - name: syslogserver
          image: docker.io/grpc-syslog:latest
          imagePullPolicy: Always
          ports:
            - containerPort: 5555
      imagePullSecrets:
        - name: pull-image-credential
---
apiVersion: v1
kind: Service
metadata:
  name: syslogserver
  namespace: mynamespace
  labels:
    app: syslogserver
spec:
  selector:
    app: syslogserver
  ports:
  - name: grpc
    port: 6666
    protocol: TCP
    targetPort: 5555
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: xyz-ingress-gateway
  namespace: istio-system
spec:
  selector:
    istio: ingressgateway
  servers:
    - port:
        number: 7777
        name: http2
        protocol: HTTP2
      hosts:
        - "*"
---
apiVersion: v1
kind: Service
metadata:
  name: xyz-istio-ingressgateway
  namespace: istio-system
  labels:
    app: xyz-istio-ingressgateway
spec:
  selector:
    app: istio-ingressgateway
    istio: ingressgateway
  type: NodePort
  ports:
    - protocol: TCP
      nodePort: 32555
      port: 7777
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: xyz-ingress-gateway-virtualservice
  namespace: istio-system
spec:
  hosts:
    - "*"
  gateways:
    - xyz-ingress-gateway
  #tls:
  http:
    - match:
        - port: 7777
      route:
        - destination:
            host: syslogserver.mynamespace.svc.cluster.local
            port:
              number: 6666
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: xyz-destinationrule
  namespace: istio-system
spec:
  host: syslogserver.mynamespace.svc.cluster.local
  trafficPolicy:
    loadBalancer:
      simple: ROUND_ROBIN

Please give your guidance, thanks.

Answer 1

From what I see the service name: xyz-istio-ingressgateway should be deleted, as that's not how you communicate when using Istio.

---

Instead you should use istio ingress gateway, combined with a gateway, virtual service and destination rule.

If you've choosen port number 7777 on your gateway, you have to open this port on istio ingress gateway, there are few ways to do that in this stackoverflow question. There are the default istio ingress gateway values.

---

After you configure the port you can use kubectl get svc istio-ingressgateway -n istio-system to get the istio ingress gateway external IP.

If the external IP value is set, your environment has an external load balancer that you can use for the ingress gateway. If the EXTERNAL-IP value is pending, then your environment does not provide an external load balancer for the ingress gateway. In this case, you can access the gateway using the service’s node port.

---

The rest of your configuration looks fine for me. Just a reminder about injecting a sidecar proxy to your pods.