github.com/cilium/cilium@v1.16.2/Documentation/network/servicemesh/envoy-load-balancing.rst (about) 1 .. only:: not (epub or latex or html) 2 3 WARNING: You are looking at unreleased Cilium documentation. 4 Please use the official rendered version released here: 5 https://docs.cilium.io 6 7 .. _gs_envoy_load_balancing: 8 9 *************************************************** 10 Proxy Load Balancing for Kubernetes Services (beta) 11 *************************************************** 12 13 This guide explains how to configure Proxy Load Balancing for Kubernetes 14 services using Cilium, which is useful for use cases such as gRPC 15 load-balancing. Once enabled, the traffic to a Kubernetes service will be 16 redirected to a Cilium-managed Envoy proxy for load balancing. This feature 17 is independent of the :ref:`gs_ingress` feature. 18 19 .. include:: ../../beta.rst 20 21 Deploy Test Applications 22 ======================== 23 24 .. parsed-literal:: 25 26 $ kubectl apply -f \ |SCM_WEB|\/examples/kubernetes/servicemesh/envoy/test-application-proxy-loadbalancing.yaml 27 28 The test workloads consist of: 29 30 - one client deployment ``client`` 31 - one service ``echo-service`` with two backend pods. 32 33 View information about these pods: 34 35 .. code-block:: shell-session 36 37 $ kubectl get pods --show-labels -o wide 38 NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS 39 client-7dccb64ff6-t5gc7 1/1 Running 0 39s 10.244.0.125 minikube <none> <none> kind=client,name=client,pod-template-hash=7dccb64ff6 40 echo-service-744b6dd45b-487tn 2/2 Running 0 39s 10.244.0.71 minikube <none> <none> kind=echo,name=echo-service,other=echo,pod-template-hash=744b6dd45b 41 echo-service-744b6dd45b-mdjc2 2/2 Running 0 39s 10.244.0.213 minikube <none> <none> kind=echo,name=echo-service,other=echo,pod-template-hash=744b6dd45b 42 43 .. code-block:: shell-session 44 45 $ CLIENT=$(kubectl get pods -l name=client -o jsonpath='{.items[0].metadata.name}') 46 47 Start Observing Traffic with Hubble 48 =================================== 49 50 Enable Hubble in your cluster with the step mentioned in :ref:`hubble_setup`. 51 52 Start a second terminal, then enable hubble port forwarding and observe 53 traffic for the service ``echo-service``: 54 55 .. code-block:: shell-session 56 57 $ kubectl -n kube-system port-forward deployment/hubble-relay 4245:4245 & 58 $ hubble observe --service echo-service -f 59 60 61 You should be able to get a response from both of the backend services 62 individually from ``client``: 63 64 .. code-block:: shell-session 65 66 $ kubectl exec -it $CLIENT -- curl -v echo-service:8080/ 67 68 Notice that Hubble shows all the flows between the client pod and the backend pods 69 via ``echo-service`` service. 70 71 :: 72 73 Jan 16 04:28:10.690: default/client-7dccb64ff6-t5gc7 (ID:5152) <> default/echo-service:8080 (world) pre-xlate-fwd TRACED (TCP) 74 Jan 16 04:28:10.690: default/echo-service:8080 (world) <> default/client-7dccb64ff6-t5gc7 (ID:5152) post-xlate-rev TRANSLATED (TCP) 75 76 Add Proxy Load Balancing Annotations to the Services 77 ==================================================== 78 79 Adding a Layer 7 policy introduces the Envoy proxy into the path for this traffic. 80 81 .. code-block:: shell-session 82 83 $ kubectl annotate service echo-service service.cilium.io/lb-l7=enabled 84 service/echo-service annotated 85 86 Make a request to a backend service and observe the traffic with Hubble again: 87 88 .. code-block:: shell-session 89 90 $ kubectl exec -it $CLIENT -- curl -v echo-service:8080/ 91 92 The request is now proxied through the Envoy proxy and then flows to the backend. 93 94 :: 95 96 Jan 16 04:32:27.737: default/client-7dccb64ff6-t5gc7:56462 (ID:5152) -> default/echo-service:8080 (world) to-proxy FORWARDED (TCP Flags: SYN) 97 Jan 16 04:32:27.737: default/client-7dccb64ff6-t5gc7:56462 (ID:5152) <- default/echo-service:8080 (world) to-endpoint FORWARDED (TCP Flags: SYN, ACK) 98 Jan 16 04:32:27.737: default/client-7dccb64ff6-t5gc7:56462 (ID:5152) -> default/echo-service:8080 (world) to-proxy FORWARDED (TCP Flags: ACK) 99 Jan 16 04:32:27.737: default/client-7dccb64ff6-t5gc7:56462 (ID:5152) -> default/echo-service:8080 (world) to-proxy FORWARDED (TCP Flags: ACK, PSH) 100 Jan 16 04:32:27.739: default/client-7dccb64ff6-t5gc7:56462 (ID:5152) <- default/echo-service:8080 (world) to-endpoint FORWARDED (TCP Flags: ACK, PSH) 101 Jan 16 04:32:27.740: default/client-7dccb64ff6-t5gc7:56462 (ID:5152) -> default/echo-service:8080 (world) to-proxy FORWARDED (TCP Flags: ACK, FIN) 102 Jan 16 04:32:27.740: default/client-7dccb64ff6-t5gc7:56462 (ID:5152) <- default/echo-service:8080 (world) to-endpoint FORWARDED (TCP Flags: ACK, FIN) 103 Jan 16 04:32:27.740: default/client-7dccb64ff6-t5gc7:56462 (ID:5152) -> default/echo-service:8080 (world) to-proxy FORWARDED (TCP Flags: ACK) 104 105 Supported Annotations 106 ===================== 107 108 .. list-table:: 109 :widths: 40 25 25 25 110 :header-rows: 1 111 112 * - Name 113 - Description 114 - Applicable Values 115 - Default Value 116 * - ``service.cilium.io/lb-l7`` 117 - Enable L7 Load balancing for kubernetes service. 118 - ``enabled``, ``disabled`` 119 - Defaults to ``disabled`` 120 * - ``service.cilium.io/lb-l7-algorithm`` 121 - The LB algorithm to be used for services. 122 - ``round_robin``, ``least_request``, ``random`` 123 - Defaults to Helm option ``loadBalancer.l7.algorithm`` value.