Application Protocol Selection
OSM is capable of routing different application protocols such as
gRPC differently. The following guide describes how to configure service ports to specify the application protocol to use for traffic filtering and routing.
Configuring the application protocol
Kubernetes services expose one or more ports. A port exposed by an application running the service can serve a specific application protocol such as HTTP, TCP, gRPC etc. Since OSM filters and routes traffic for different application protocols differently, a configuration on the Kubernetes service object is necessary to convey to OSM how traffic directed to a service port must be routed.
In order to determine the application protocol served by a service’s port, OSM expects the
appProtocol field on the service’s port to be set.
OSM supports the following application protocols for service ports:
http: For HTTP based filtering and routing of traffic
tcp: For TCP based filtering and routing of traffic
tcp-server-first: For TCP based filtering and routing of traffic where the server initiates communication with a client, such as mySQL, PostgreSQL, and others
gRPC: For HTTP2 based filtering and routing of gRPC traffic
The application protocol configuration described is applicable to both SMI and Permissive traffic policy modes.
Consider the following SMI traffic access and traffic specs policies:
tcp-routethat specifies the port TCP traffic should be allowed on.
http-routethat specifies the HTTP routes for which HTTP traffic should be allowed.
testthat allows pods in the service account
sa-2to access pods in the service account
sa-1for the specified TCP and HTTP rules.
kind: TCPRoute metadata: name: tcp-route spec: matches: ports: - 8080 --- kind: HTTPRouteGroup metadata: name: http-route spec: matches: - name: version pathRegex: "/version" methods: - GET --- kind: TrafficTarget metadata: name: test namespace: default spec: destination: kind: ServiceAccount name: sa-1 # There are 2 services under this service account: service-1 and service-2 namespace: default rules: - kind: TCPRoute name: tcp-route - kind: HTTPRouteGroup name: http-route sources: - kind: ServiceAccount name: sa-2 namespace: default
Kubernetes service resources should explicitly specify the application protocol being served by the service’s ports using the
service-1 backed by a pod in service account
http application traffic should be defined as follows:
kind: Service metadata: name: service-1 namespace: default spec: ports: - port: 8080 name: some-port appProtocol: http
service-2 backed by a pod in service account
sa-1 serving raw
tcp application traffic shold be defined as follows:
kind: Service metadata: name: service-2 namespace: default spec: ports: - port: 8080 name: some-port appProtocol: tcp
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.