layout | page_title | description |
---|---|---|
docs |
GRPCRoute resource configuration reference |
The GRPCRoute resource CRD configures L7 gRPC traffic behavior within the service mesh. GRPCRoute requires the v2 catalog API. Learn how to configure the GRPCRoute CRD with specifications and example configurations. |
This page provides reference information for the GRPCRoute
resource, which defines L7 gRPC traffic within the service mesh.
This custom resource definition (CRD) describes a resource related to the Kubernetes GAMMA initiative that requires the v2 catalog API. It is not compatible with the v1 catalog API. For more information about GAMMA resources, refer to the Kubernetes Gateway API documentation.
The following list outlines field hierarchy, language-specific data types, and requirements in a gRPC route CRD. Click on a property name to view additional details, including default values.
apiVersion
: string | required | must be set tomesh.consul.hashicorp.com/v2beta1
kind
: string | required | must be set toGRPCRoute
metadata
: map | requiredspec
: map | requiredparentRefs
: map | requiredrules
: map | requiredbackendRefs
: mapbackendRef
: mapdatacenter
: stringport
: stringref
: mapname
: stringtype
: mapgroup
: stringgroupVersion
: stringkind
: string
filters
: maprequestHeaderModifier
: mapresponseHeaderModifier
: mapurlRewrite
: mappathPrefix
: string
weight
: number |1
filters
: maprequestHeaderModifier
: mapresponseHeaderModifier
: mapurlRewrite
: mappathPrefix
: string
matches
: mapretries
: mapnumber
: mapvalue
: number
onConditions
: map of stringsonConnectFailure
: boolean |false
onStatusCodes
: map of numbers
timeouts
: map
When every field is defined, a gRPC route resource CRD has the following form:
apiVersion: mesh.consul.hashicorp.com/v2beta1 # required
kind: GRPCRoute # required
metadata:
name: <CRDName>
namespace: <namespace>
spec:
parentRefs:
port: <portRoutedFrom>
- ref:
name: <nameRoutedFrom>
type:
group: <catalog>
groupVersion: <v2beta1>
kind: <Service>
rules:
- backendRefs:
- backendRef:
datacenter: <datacenterRoutedTo>
port: "<portRoutedTo>"
ref:
name: <nameRoutedTo>
type:
group: <catalog>
groupVersion: <v2beta1>
kind: <Service>
filters:
- requestHeaderModifier:
add:
name: <headerName>
value: <headerValue>
- responseHeaderModifier:
set:
name: <headerName>
value: <headerValue>
urlRewrite:
pathPrefix: <path/prefix>
weight: 1
filters:
requestHeaderModifier:
remove:
name: <headerName>
value: <headerValue>
responseHeaderModifier:
add:
name: <headerName>
value: <headerValue>
urlRewrite:
pathPrefix: <path/prefix>
matches:
headers:
name: <nameToMatch>
type: <typeToMatch>
value: <valueToMatch>
method:
method: <methodToMatch>
service: <serviceToMatch>
type: <typeToMatch>
retries:
number:
value: 1
onConditions: ["cancelled", "unavailable"]
onConnectFailure: false
onStatusCodes: [400, 404]
timeouts:
idle: <1s>
request: <1s>
This section provides details about the fields you can configure in the GRPCRoute
custom resource definition (CRD).
Specifies the version of the Consul API for integrating with Kubernetes. The value must be mesh.consul.hashicorp.com/v2beta1
.
- Default: None
- This field is required.
- String value that must be set to
mesh.consul.hashicorp.com/v2beta1
.
Specifies the type of CRD to implement. Must be set to GRPCRoute
.
- Default: None
- This field is required.
- Data type: String value that must be set to
GRPCRoute
.
Map that contains an arbitrary name for the CRD and the namespace it applies to.
- Default: None
- Data type: Map
Specifies a name for the CRD. The name is metadata that you can use to reference the resource when performing Consul operations, such as using the consul resource
command. Refer to consul resource
for more information.
- Default: None
- This field is required.
- Data type: String
Specifies the namespace that the service resolver applies to. Refer to namespaces for more information.
- Default: None
- Data type: String
Map that contains the details about the GRPCRoute
CRD. The apiVersion
, kind
, and metadata
fields are siblings of the spec field. All other configurations are children.
When using this CRD, the spec
field closely resembles the GRPCRoute
GAMMA resource. Refer to GRPCRoute in the Kubernetes documentation.
- Default: None
- This field is required.
- Data type: Map
Specifies the services and other resources to attach the route to. You can only define one parentsRefs
configuration for each route. To attach the route to multiple resources, specify additional spec.parentRefs.ref
configurations in the parentsRefs
block. You can only specify the name of one port for the route. Any resources that send traffic through the route use the same port.
- Default: None
- This field is required.
- Data type: Map
Specifies the port for the Consul service that the configuration applies to. This parameter can be either a virtual port number, such as a Kubernetes service port, or a non-numeric target port value representing a named workload port.
If you are not targeting a virtual port, specify the workload port name directly.
- Default: None
- Data type: String
Specifies the resource that the route attaches to.
- Default: None
- Data type: Map
Specifies the user-defined name of the resource that the configuration applies to.
- Default: None
- Data type: String
Specifies the type of resource that the configuration applies to. To reference a service in the Consul catalog, configure the resource type as catalog.v2beta1.Service
.
-
Default: None
-
Data type: Map containing the following parameters:
Parameter Description Data type Default group
Specifies a group for the resource type within the Kubernetes cluster. To reference a service in the Consul catalog, set this parameter to catalog
.String None groupVersion
Specifies a groupVersion for the resource type within the Kubernetes cluster. To reference a service in the Consul catalog, set this parameter to v2beta1
.String None kind
Specifies the kind of the Kubernetes object the resource applies to. To reference a service in the Consul catalog, set this parameter to Service
.String None
Specifies rules for sidecar proxies to direct a service's gRPC traffic within the service mesh, including filtering, retry, and timeout behavior.
- Default: None
- Data type: Map
Specifies the Kubernetes Service backend to direct GRPC traffic to when a request matches the service described in spec.parentRefs
. The Service backend is the collection of endpoint IPs for the service. Refer to the Kubernetes Gateway API specification for more information about Service backends.
When a valid Service backend cannot be reached and no additional filters apply, traffic that matches the rule returns a 500 status code.
When different Service backends are specified in spec.rules.backendRefs.weight
and one of the backends is invalid, Consul continues to apply the specified weights instead of adjusting the relative weights to exclude traffic to the invalid backend. For example, when traffic is configured in a 50-50 split between api
and admin
and no valid endpoints for admin
can be reached, the 50% of traffic intended for admin
returns with a 500 status code.
- Default: None
- Data type: Map
Specifies an individual Service backend where matching requests should be sent.
- Default: None
- Data type: Map
Specifies the name of the Consul datacenter that registered the Service backend that the configuration routes traffic to.
- Default: None
- Data type: String
Specifies the port for the Consul service that the configuration routes traffic to. This parameter can be either a virtual port number, such as a Kubernetes service port, or a non-numeric target port value representing a named workload port.
If you are not targeting a virtual port, specify the workload port name directly.
- Default: None
- Data type: String
The Consul service that the configuration routes traffic to.
- Default: None
- Data type: Map
Specifies the user-defined name of the resource that the configuration routes traffic to.
- Default: None
- Data type: String
Specifies the type of resource that the configuration routes traffic to. To reference a service in the Consul catalog, configure the resource type as catalog.v2beta1.Service
.
-
Default: None
-
Data type: Map containing the following parameters:
Parameter Description Data type Default group
Specifies a group for the resource type within the Kubernetes cluster. To reference a service in the Consul catalog, set this parameter to catalog
.String None groupVersion
Specifies a groupVersion for the resource type within the Kubernetes cluster. To reference a service in the Consul catalog, set this parameter to v2beta1
.String None kind
Specifies the kind of the Kubernetes object for the resource. To reference a service in the Consul catalog, set this parameter to Service
.String None
Specifies filtering behavior for services configured in the same spec.rules.backendRefs
block.
- Default: None
- Data type: Map
Specifies a set of header modification rules applied to requests routed with the gRPC route resource.
- Default: None
- Values: Object containing one or more fields that define header modification rules:
add
: Map of one or more key-value pairs.set
: Map of one or more key-value pairs.remove
: Map of one or more key-value pairs.
The following table describes how to configure values for request headers:
Rule | Description | Type |
---|---|---|
add |
Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can use variable placeholders. | Map of strings |
set |
Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can use variable placeholders. | Map of strings |
remove |
Defines a list of headers to remove. Consul removes only headers containing exact matches. Header names are not case-sensitive. | List of strings |
For add
and set
, if the service is configured to use Envoy as the proxy, the value may contain variables to interpolate dynamic metadata into the value. For example, using the variable %DOWNSTREAM_REMOTE_ADDRESS%
allows you to pass a value that is generated when the split occurs.
Specifies a set of header modification rules applied to responses routed with the gRPC route resource.
- Default: None
- Values: Object containing one or more fields that define header modification rules:
add
: Map of one or more key-value pairs.set
: Map of one or more key-value pairs.remove
: Map of one or more key-value pairs.
The following table describes how to configure values for request headers:
Rule | Description | Type |
---|---|---|
add |
Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can use variable placeholders. | Map of strings |
set |
Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can use variable placeholders. | Map of strings |
remove |
Defines a list of headers to remove. Consul removes only headers containing exact matches. Header names are not case-sensitive. | List of strings |
For add
and set
, if the service is configured to use Envoy as the proxy, the value may contain variables to interpolate dynamic metadata into the value. For example, using the variable %DOWNSTREAM_REMOTE_ADDRESS%
allows you to pass a value that is generated when the split occurs.
Specifies a path to modify the URL with when a request is forwarded.
-
Default: None
-
Data type: Map containing the following parameter:
Parameter Description Data type Default pathPrefix
Specifies the path that is prepended to the URL. String None
Specifies the proportion of requests routed to the specified service.
This proportion is relative to the sum of all weights in the spec.rules.backendRefs
block. As a result, weights do not need to add up to 100. When only one backend is specified and the weight is greater then 0, Consul forwards 100% of traffic to the backend.
When this parameter is not specified, Consul defaults to 1
.
- Default:
1
- Data type: Integer
Specifies filtering behavior for all requests that match the service defined in spec.parentRefs
.
- Default: None
- Data type: Map
Specifies a set of header modification rules applied to requests that match the service defined in spec.parentRefs
.
- Default: None
- Values: Object containing one or more fields that define header modification rules:
add
: Map of one or more key-value pairs.set
: Map of one or more key-value pairs.remove
: Map of one or more key-value pairs.
The following table describes how to configure values for request headers:
Rule | Description | Type |
---|---|---|
add |
Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can use variable placeholders. | Map of strings |
set |
Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can use variable placeholders. | Map of strings |
remove |
Defines a list of headers to remove. Consul removes only headers containing exact matches. Header names are not case-sensitive. | List of strings |
For add
and set
, if the service is configured to use Envoy as the proxy, the value may contain variables to interpolate dynamic metadata into the value. For example, using the variable %DOWNSTREAM_REMOTE_ADDRESS%
allows you to pass a value that is generated when the split occurs.
Specifies a set of header modification rules applied to responses from services matching spec.parentRefs
.
- Default: None
- Values: Object containing one or more fields that define header modification rules:
add
: Map of one or more key-value pairs.set
: Map of one or more key-value pairs.remove
: Map of one or more key-value pairs.
The following table describes how to configure values for request headers:
Rule | Description | Type |
---|---|---|
add |
Defines a set of key-value pairs to add to the header. Use header names as the keys. Header names are not case-sensitive. If header values with the same name already exist, the value is appended and Consul applies both headers. You can use variable placeholders. | Map of strings |
set |
Defines a set of key-value pairs to add to the request header or to replace existing header values with. Use header names as the keys. Header names are not case-sensitive. If header values with the same names already exist, Consul replaces the header values. You can use variable placeholders. | Map of strings |
remove |
Defines a list of headers to remove. Consul removes only headers containing exact matches. Header names are not case-sensitive. | List of strings |
For add
and set
, if the service is configured to use Envoy as the proxy, the value may contain variables to interpolate dynamic metadata into the value. For example, using the variable %DOWNSTREAM_REMOTE_ADDRESS%
allows you to pass a value that is generated when the split occurs.
Specifies a path to modify the URL with when a request matching spec.parentRefs
is forwarded.
-
Default: None
-
Data type: Map containing the following parameter:
Parameter Description Data type Default pathPrefix
Specifies a path to prepend to the URL when a request matching spec.parentRefs
is forwarded.String None
Specifies rules for matching traffic to services described in spec.parentRefs
according to the request header or method.
- Default: None
- Data type: Map
Specifies criteria for matching gRPC request headers.
When [spec.rules.matches.headers.value
] is specified multiple times, a request must match all of the specified values for the route to be selected.
- Default: None
- Data type: Map
Specifies the name of a gRPC request header to match on.
- Default: None
- Data type: String
Specifies a type of match to perform on the gRPC request header. Supported match types include: unspecified, exact, regex, present, prefix, and suffix.
-
Default: None
-
Data type: String that should match one of the following values:
HEADER_MATCH_TYPE_UNSPECIFIED
HEADER_MATCH_TYPE_EXACT
HEADER_MATCH_TYPE_REGEX
HEADER_MATCH_TYPE_PRESENT
HEADER_MATCH_TYPE_PREFIX
HEADER_MATCH_TYPE_SUFFIX
Specifies the value of the gRPC request header to match. When this field is specified multiple times, a request must match all of the specified values for the route to be selected.
- Default: None
- Data type: String
Specifies criteria for matching a service and a gRPC request method. When configuring this field, either spec.rules.matches.method.method
or spec.rules.matches.method.service
must be a non-empty string.
- Default: None
- Data type: Map
Specifies the value of the method to match. When empty or omitted, all methods match.
- Default: None
- Data type: String
Specifies the value of the service to match. When empty or omitted, all services match.
- Default: None
- Data type: String
Specifies a type of match to perform on the gRPC request method. Supported match types include: unspecified, exact, and regex.
-
Default: None
-
Data type: String that should match one of the following values:
GRPC_METHOD_MATCH_TYPE_UNSPECIFIED
GRPC_METHOD_MATCH_TYPE_EXACT
GRPC_METHOD_MATCH_TYPE_REGEX
Specifies retry logic for routing gRPC traffic.
- Default: None
- Data type: Map
Specifies the number of retries to attempt when a request fails.
-
Default: None
-
Data type: Map that contains the following parameter:
Parameter Description Data type Default value
Specifies the number of retries to attempt. Integer None
Specifies Envoy conditions that cause an automatic retry attempt.
- Default: None
- Data type: Map of strings
Enables an automatic retry attempt when a connection failure error occurs.
- Default:
false
- Data type: Boolean
Specifies the response status codes that are eligible for retry attempts.
- Default: None
- Data type: Map of integers
Specifies timeout logic when routing gRPC traffic
- Default: None
- Data type: Map
Specifies the total amount of time permitted for the request stream to be idle before a timeout occurs.
This field accepts a string indicating the number of seconds. For example, indicate five seconds with 5s
and five milliseconds with 0.005s
.
- Default: None
- Data type: String
Specifies the total amount of time spent processing the entire downstream request, including retries, before triggering a timeout.
This field accepts a string indicating the number of seconds. For example, indicate five seconds with 5s
and five milliseconds with 0.005s
.
- Default: None
- Data type: String
The following examples demonstrate common GRPCRoute CRD configuration patterns for specific use cases.
The following example splits traffic for the api
service. GRPC traffic for services registered to the Consul catalog that are available at the api-workload
port is split so that 50% of the traffic routes to the service at the api-workload
port and 50% routes to the service at the admin-workload
port.
apiVersion: mesh.consul.hashicorp.com/v2beta1
kind: GRPCRoute
metadata:
name: api-split
namespace: default
spec:
parentRefs:
- ref:
type:
group: catalog
groupVersion: v2beta1
kind: Service
name: api
# The virtual port number for the "api-workload" target port.
port: "80"
rules:
- backendRefs:
- backendRef:
ref:
type:
group: catalog
groupVersion: v2beta1
kind: Service
name: api
# The virtual port number for the "api-workload" target port.
port: "80"
weight: 50
- backendRef:
ref:
type:
group: catalog
groupVersion: v2beta1
kind: Service
name: api
# The virtual port number for the "admin-workload" target port.
port: "90"
weight: 50
The following example routes gRPC traffic for the api
service according to its header. GRPC traffic for services registered to the Consul catalog that are available at the api-workload
port are routed according to the following criteria:
- For traffic with a header that contains a
x-debug
value of exactly1
, Consul modifies the response and request headers and routes to theapi
service at theapi-workload
port. - For traffic with a header that contains a
x-debug
value of exactly2
, Consul modifies the response and request headers and routes to theapi-admin
service at theadmin-workload
port.
This example also includes how to include filters that modify request or response headers.
apiVersion: mesh.consul.hashicorp.com/v2beta1
kind: GRPCRoute
metadata:
name: api-match-split
namespace: default
spec:
parentRefs:
- ref:
type:
group: catalog
groupVersion: v2beta1
kind: Service
name: api
# The virtual port number for the "api-workload" target port.
port: "80"
rules:
- matches:
- headers:
- type: "HEADER_MATCH_TYPE_EXACT"
name: "x-debug"
value: "1"
filters:
- requestHeaderModifier:
add:
- name: "request-foo"
value: "request-bar"
- responseHeaderModifier:
add:
- name: "response-foo"
value: "response-bar"
backendRefs:
- backendRef:
ref:
type:
group: catalog
groupVersion: v2beta1
kind: Service
name: api
# The virtual port number for the "api-workload" target port.
port: "80"
- matches:
- headers:
- type: "HEADER_MATCH_TYPE_EXACT"
name: "x-debug"
value: "2"
filters:
- requestHeaderModifier:
add:
- name: "request-foo"
value: "request-bar"
- responseHeaderModifier:
add:
- name: "response-foo"
value: "response-bar"
backendRefs:
- backendRef:
ref:
type:
group: catalog
groupVersion: v2beta1
kind: Service
name: api-admin
# The virtual port number for the "admin-workload" target port.
port: "90"