Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gke_ingress_lb_envoy example doen't work #5

Closed
isbee opened this issue Sep 26, 2019 · 2 comments
Closed

gke_ingress_lb_envoy example doen't work #5

isbee opened this issue Sep 26, 2019 · 2 comments

Comments

@isbee
Copy link

isbee commented Sep 26, 2019

I tested gke_ingress_lb_mux example and it did work. But gke_ingress_lb_envoy did not work on same environment. (and i didn't change any codes)

For details,

  1. Pods are running and health check is working (confirmed by kubectl describe, kubectl logs)
  2. However NEG says these pods are 'unhealthy'(checked on GCP console), and so Ingress also says backend is unhealthy.

To fix this problem I try to change port, add initialDelay on health-check, but none of these worked.
@salrashid123
Copy link
Owner

Thanks for reporting this....you're correct..for some reason the envoy sample doesn't register as a valid backend anymore. I'm not sure what could be causing this as it've verified it workes locally w/ grpc,http client --> envoy --> grpc server

the http client can access the healthcheck and grpc server works as normal.

the only thing the NEG should check for 'liveness' is the healcheck backend.

i'll continue to look ( it was working :( )

kubernetes/ingress-gce#807

@salrashid123
Copy link
Owner

ok, i needed to add in alpn_protocols
into the envoy config

          tls_context:
            common_tls_context:
              alpn_protocols: h2
              tls_certificates:
                - certificate_chain:
                    filename: "/data/certs/tls.crt"
                  private_key:
                    filename: "/data/certs/tls.key"

without it the NEG healthehecks was failing (again, this must be a new requirement for GCE NEG healthchecks)

anyway, if you wanted to set up the grpc client,server and envoy on your laptop , here's some inf

get the envoy binary

  mkdir /tmp/envoybin
  docker run -v /tmp/envoybin/:/tmp/envoybin -ti envoyproxy/envoy:latest /bin/bash

inside the container copy envoy out
$ cp /usr/local/bin/envoy /tmp/envoybin/

Run envoy

now that you have envoy outside, run the config (you'll need to edit the certs path)

/tmp/envoybin/envoy -c envoy_config.yaml  --log-level debug

Run GRPC service

docker run -p 50051:50051   -t  salrashid123/grpc_only_backend /grpc_server  --grpcport :50051 --insecure

Run clients

curl -vk --http2 -H "Host: localhost" https://localhost:8080/_ah/health

docker run --net=host --add-host server.domain.com:127.0.0.1   -t salrashid123/grpc_backend /grpc_client --host server.domain.com:8080

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@salrashid123 @isbee