GRPC load balancing on GKE (on L7, HTTP/2 + TLS)

4
votes

How to make load balancing for GRPC services on GKE on L7 (with Ingress over HTTP/2 + TLS)?

I know that I have the option to use L4 (TCP layer) to configure Service with "LoadBalancer" type. But I want to know if I can use Ingress + L7 load balancing over HTTP/2+TLS.

Also I see "HTTP/2 to backends is not supported for GKE." (on https://cloud.google.com/load-balancing/docs/backend-service#HTTP2-limitations). But I don't know it's actual or not.

1
kubernetesgoogle-cloud-platformgrpchttp2google-kubernetes-engine
This is not supported yet. You need to wait just a while to configure this through Ingress. :) But you can try to mimic what Ingress is actually doing on GCP network API objects and try recreating that with HTTP/2 port yourself but I don't recommend it. For now I recommend doing L4 for a short while. :)Ahmet Alp Balkan
@AhmetB-Google Is it now possible with Ingress? If yes would you have a pointer on the documentation for that? If not, would you have a pointer on doc for the L4 solution? That would be really helpfull as I don't find a way to get a working solution with GKE and GRPC + TLS.unludo

1 Answers

1
votes

GKE Ingress can now load balance with HTTP/2, when you use https.

To get HTTP/2 between the load balancer (ingress controller) and your pods, your service need an extra annotation:

apiVersion: v1
kind: Service
metadata:
  annotations:
    cloud.google.com/app-protocols: '{"my-port":"HTTP2"}'

In addition, your pods most use TLS and have ALPN h2 configured. This can be done e.g. with an HAProxy as a sidecar with http2 configuration. I have successfully used this setup on GKE.