Tuesday, May 12, 2020

Envoy with grpc Access logs

What is Envoy

Envoy is an L7 proxy and communication bus designed for large modern service oriented architectures. The project was born out of the belief that:

The network should be transparent to applications. When network and application problems do occur it should be easy to determine the source of the problem.

In practice, achieving the previously stated goal is incredibly difficult. Envoy attempts to do so by providing the following high level features:

More details about envoy documentation available at:  https://www.envoyproxy.io/docs/envoy/latest/about_docs

Now let's start implementing envoy as side-car along with our application containers and run it in a single pod:

This implementation is specific to kubernetes environment.

Envoy can be part of side car for any application and communication to application happens through envoy. Any inbound traffic will be done through envoy and envoy will have listeners , routing configured.

This can be done through grpcImplementations or with yaml configuration. These will be registered with envoy XDS Apis and envoy will know where to reach for communicating with application.

Here we will look at envoy yaml configuration:

envoy-grpcconfig.yaml

Here we have configured listeners , filters and routes.

Envoy Configuration:

Envoy is listening  at port 9902 in local host. This is where we can get /stats.

Application configuration:

In routes, we specified details of the cluster that matches with a pattern.

For each of the matching pattern envoy routes it to the cluster specified under virtual_hosts.Cluster details are specified under Clusters. The application will be served for this example with cluster name as service_c.

The host address and port details for service_c is where test application is served.

Grpc Access logs:

Under filters,we have specfied the configuration for access_log.

Here we are specifying it as envoy.http_grpc_access_log. Grpc Access logs details can. be found at

https://github.com/envoyproxy/envoy/blob/d90464cace696da61248d3999081c3c0d22a725b/api/envoy/data/accesslog/v2/accesslog.proto

More options on configuring access logs can be found at

https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/observability/access_logging

The yaml config emits access_logs for upstream systems.

Grpc AccessLogService Implementation:

For grpc we have to implement grpc server for AccessLogService.

Code is available at :https://github.com/sreesindhusruthiyadavalli/envoy-grpc/tree/master

Build the docker image and deploy it in a pod.

Please check kubernetes apply -f <deployment.yaml>/<service.yaml> for deployment and service configuration for any pod.I have given service name as 'envoy-grpc'.

Kubectl get services --> List of services available in kubernetes cluster.

It gives envoy-grpc as service name for grpc AccessLogService.

Now in envoy configuration we have to configure access logs which has to be communicated with the above service.

Under clusters give the service host address(envoy-grpc.default.svc.cluster.local) and add strict_dns to the access_log_cluster.

Build envoy with the yaml configuration and invoke an api inside the test application.

Enter into envoy pod: curl 127.0.0.1:8789/<resource>

This gives the response from the application.

Now check the logs of envoy-grpc pod.We will get to see the accesslog.