I want to use envoy as my kubernetes deployment service proxy, and my application uses grpc to communicate with client-side.
My steps:
- Write a yaml file for envoy configuration.
Envoy configuration:
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address: { address: 0.0.0.0, port_value: 9901 }
static_resources:
listeners:
- name: http_listener
address:
socket_address: { address: 0.0.0.0, port_value: 8080 }
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
codec_type: auto
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: [ "*" ]
routes:
- match:
{ prefix: "/" }
route:
cluster: my_app_prod_service
timeout: 30s
max_grpc_timeout: 30s
cors:
allow_origin_string_match:
- safe_regex: { regex: ".*", google_re2: { } }
allow_methods: GET, PUT, DELETE, POST, OPTIONS
allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,custom-header-1,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
max_age: "1728000"
expose_headers: custom-header-1,grpc-status,grpc-message
http_filters:
- name: envoy.filters.http.router
clusters:
- name: my_app_prod_service
connect_timeout: 0.5s
type: strict_dns
http2_protocol_options: {}
lb_policy: round_robin
load_assignment:
cluster_name: my_app_prod_service
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: my-app-service-staging
port_value: 30015
- Deploy it as config map.
kubectl create configmap envoy-config-prod \
--from-file=envoy_config_prod.yaml \
-o yaml --dry-run=client | kubectl replace --force -f -
- Deploy envoy deployment and service, and mount the config map.
apiVersion: apps/v1
kind: Deployment
metadata:
name: envoy-server-prod
spec:
replicas: 3
selector:
matchLabels:
app: envoy-server-prod
template:
metadata:
labels:
app: envoy-server-prod
spec:
containers:
- name: envoy-server-prod
image: envoyproxy/envoy:v1.18.2
args:
- -c
- /etc/envoy/envoy_config_prod.yaml
- --log-path
- /tmp/envoy_info.log
ports:
- name: http
containerPort: 8080
- name: envoy-admin
containerPort: 9901
resources:
requests:
cpu: 5
memory: 5Gi
volumeMounts:
- mountPath: /etc/envoy
name: envoy-config-prod
volumes:
- name: envoy-config-prod
configMap:
name: envoy-config-prod
---
kind: Service
apiVersion: v1
metadata:
name: envoy-service-prod
labels:
app: envoy-service-prod
spec:
selector:
app: envoy-server-prod
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
type: ClusterIP
externalIPs:
- 10.1.4.63
- Make a headless service and its deployment.
apiVersion: v1
kind: Service
metadata:
name: my-app-service-staging
labels:
app: my-app-service-staging
spec:
clusterIP: None
ports:
- name: grpc
port: 30015
targetPort: 30015
protocol: TCP
selector:
app: my-app-deploy-staging
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app-deploy-staging
spec:
replicas: 1
selector:
matchLabels:
app: my-app-deploy-staging
template:
metadata:
labels:
app: my-app-deploy-staging
spec:
containers:
- name: my-app-deploy-staging
image: $IMAGE_SHA
resources:
requests:
memory: 2G
cpu: 1
I checked that in the envoy deployment, /etc/envoy/envoy_config_prod.yaml and /tmp/envoy_info.log both exist, and I don't see error messages in it.
I tried to make http connections to envoy service, hoping it to transfer it to my application deployment.
> curl -v 10.1.4.63:8080
* Trying 10.1.4.63:8080...
* TCP_NODELAY set
* connect to 10.1.4.63 port 8080 failed: Connection timed out
* Failed to connect to 10.1.4.63 port 8080: Connection timed out
* Closing connection 0
curl: (28) Failed to connect to 10.1.4.63 port 8080: Connection timed out
But it just time outs.
I tried to get the services and deployments.
> k get svc
my-app-service-staging ClusterIP None <none> 30015/TCP 3h54m
envoy-service-prod ClusterIP 10.43.157.121 10.1.4.63 8080/TCP 6h55m
> k get deploy
my-deploy-deploy-staging 1/1 1 1 29d
I'm wondering, how should debug this issue?
