Target proxies for Cloud Service Mesh
This document applies only to Cloud Service Mesh with the load balancing APIs. We strongly recommend that you use the service routing APIs to deploy Cloud Service Mesh.
When you configure Cloud Service Mesh, one of the resources that you configure is the target proxy. In the context of Cloud Service Mesh, target proxies serve two primary purposes:
Defining the protocol that Cloud Service Mesh clients use when they open a connection to the backends or endpoints associated with a service.
Working with forwarding rules and URL maps to create a routing rule map. The routing rule map provides additional capabilities, such as routing rules, depending on the type of target proxy. Invalid selections are either hidden in the user interface or rejected by the API.
Target proxy types and request protocols
Cloud Service Mesh generates different configurations for its clients based on the type of target proxy that you configure. When you configure a target proxy type, the Cloud Service Mesh client uses a specific request protocol.
| Target proxy | Request protocol |
|---|---|
| HTTPS | Clients initiate HTTPS connections |
| HTTP | Clients initiate HTTP connections |
| gRPC | Clients initiate gRPC connections |
| TCP | Clients initiate TCP connections |
You aren't restricted to choosing only one type. For example, your application might want to use HTTP when addressing some services but use TCP when addressing other services. For such a use case, you need to create both a target HTTP proxy and a target TCP proxy.
Valid resource combinations in a routing rule map
To avoid misconfigurations, Cloud Service Mesh only lets you create routing rule maps that look like the following:
- Forwarding rule > global target HTTPS proxy > URL map > one or more backend services
- Forwarding rule > global target HTTP proxy > URL map > one or more backend services
- Forwarding rule > global target gRPC proxy > URL map > one or more backend services
- Forwarding rule > global target TCP proxy > one backend service
If you're using the Google Cloud console to set up a target HTTP proxy, the target proxy is set up implicitly as part of your routing rule map configuration. TCP proxy setup is not yet supported in the Google Cloud console.
If you're using the Google Cloud CLI or the APIs, you need to configure the target proxy explicitly.
Traffic handling
The following sections describe ways to handle traffic depending on the type of target proxy that you use.
Using a target HTTP or HTTPS proxy
When you configure HTTP- or HTTPS-based services, each service instance generally has an Envoy proxy deployed alongside it. Cloud Service Mesh configures this Envoy proxy. It is part of your service mesh data plane and handles traffic as follows.
The Envoy proxy receives the outbound request. It then compares the request's destination IP address and port to the IP address and port configured in each forwarding rule that references a target HTTP or HTTPS proxy. If a match is found, the Envoy proxy evaluates the request according to the target proxy's corresponding URL map.
Using a target TCP proxy
When you configure TCP-based services, each service instance generally has an Envoy proxy deployed alongside it. Cloud Service Mesh configures this Envoy proxy. It is part of your service mesh data plane and handles traffic as follows.
The Envoy proxy receives the outbound request. It then compares the request's destination IP address and port to the IP address and port configured in each forwarding rule that references a target TCP proxy. Each forwarding rule routes TCP traffic to a target proxy that points to a default backend service. The backend service specifies a health check and determines the appropriate backend.
Using a target gRPC proxy
When you configure gRPC-based services, your service instances generally don't have Envoy proxies deployed alongside them. Instead, Cloud Service Mesh configures the gRPC library. The library is part of your service mesh data plane and handles traffic as follows.
The gRPC library compares the hostname[:port] specified in the URI to the host
rules in all URL maps that a target gRPC proxy references. If a match is
found, the gRPC library evaluates the request according to the path rules
associated with the matching host rule.
Target proxy resources
To add, delete, list, and get information about target proxies, you can use the REST API or the gcloud CLI.
In addition, to get information about a target proxy, you can use the following
gcloud commands:
gcloud compute [target-http-proxies | target-tcp-proxies | target-grpc-proxies] list
gcloud compute [target-http-proxies | target-tcp-proxies | target-grpc-proxies] describe TARGET_PROXY_NAME
APIs
For descriptions of the properties and methods available to you when working with target proxies through the REST API, see the following resources that Cloud Service Mesh supports:
gcloud CLI
For the Google Cloud CLI, see the following resources:
What's next
- To learn more about Cloud Service Mesh, see the Cloud Service Mesh overview.
- To deploy Cloud Service Mesh, see the Guide to Cloud Service Mesh deployment documentation.