Target proxies for Cloud Service Mesh

This document applies only to Cloud Service Mesh with the load balancing APIs. We strongly recommend that you use the service routing APIs to deploy Cloud Service Mesh.

When you configure Cloud Service Mesh, one of the resources that you configure is the target proxy. In the context of Cloud Service Mesh, target proxies serve two primary purposes:

  • Defining the protocol that Cloud Service Mesh clients use when they open a connection to the backends or endpoints associated with a service.

  • Working with forwarding rules and URL maps to create a routing rule map. The routing rule map provides additional capabilities, such as routing rules, depending on the type of target proxy. Invalid selections are either hidden in the user interface or rejected by the API.

Target proxy types and request protocols

Cloud Service Mesh generates different configurations for its clients based on the type of target proxy that you configure. When you configure a target proxy type, the Cloud Service Mesh client uses a specific request protocol.

Target proxy Request protocol
HTTPS Clients initiate HTTPS connections
HTTP Clients initiate HTTP connections
gRPC Clients initiate gRPC connections
TCP Clients initiate TCP connections

You aren't restricted to choosing only one type. For example, your application might want to use HTTP when addressing some services but use TCP when addressing other services. For such a use case, you need to create both a target HTTP proxy and a target TCP proxy.

Valid resource combinations in a routing rule map

To avoid misconfigurations, Cloud Service Mesh only lets you create routing rule maps that look like the following:

  • Forwarding rule > global target HTTPS proxy > URL map > one or more backend services
  • Forwarding rule > global target HTTP proxy > URL map > one or more backend services
  • Forwarding rule > global target gRPC proxy > URL map > one or more backend services
  • Forwarding rule > global target TCP proxy > one backend service

If you're using the Google Cloud console to set up a target HTTP proxy, the target proxy is set up implicitly as part of your routing rule map configuration. TCP proxy setup is not yet supported in the Google Cloud console.

If you're using the Google Cloud CLI or the APIs, you need to configure the target proxy explicitly.

Traffic handling

The following sections describe ways to handle traffic depending on the type of target proxy that you use.

Using a target HTTP or HTTPS proxy

When you configure HTTP- or HTTPS-based services, each service instance generally has an Envoy proxy deployed alongside it. Cloud Service Mesh configures this Envoy proxy. It is part of your service mesh data plane and handles traffic as follows.

The Envoy proxy receives the outbound request. It then compares the request's destination IP address and port to the IP address and port configured in each forwarding rule that references a target HTTP or HTTPS proxy. If a match is found, the Envoy proxy evaluates the request according to the target proxy's corresponding URL map.

Using a target TCP proxy

When you configure TCP-based services, each service instance generally has an Envoy proxy deployed alongside it. Cloud Service Mesh configures this Envoy proxy. It is part of your service mesh data plane and handles traffic as follows.

The Envoy proxy receives the outbound request. It then compares the request's destination IP address and port to the IP address and port configured in each forwarding rule that references a target TCP proxy. Each forwarding rule routes TCP traffic to a target proxy that points to a default backend service. The backend service specifies a health check and determines the appropriate backend.

Using a target gRPC proxy

When you configure gRPC-based services, your service instances generally don't have Envoy proxies deployed alongside them. Instead, Cloud Service Mesh configures the gRPC library. The library is part of your service mesh data plane and handles traffic as follows.

The gRPC library compares the hostname[:port] specified in the URI to the host rules in all URL maps that a target gRPC proxy references. If a match is found, the gRPC library evaluates the request according to the path rules associated with the matching host rule.

Target proxy resources

To add, delete, list, and get information about target proxies, you can use the REST API or the gcloud CLI.

In addition, to get information about a target proxy, you can use the following gcloud commands:

gcloud compute [target-http-proxies | target-tcp-proxies | target-grpc-proxies] list
gcloud compute [target-http-proxies | target-tcp-proxies | target-grpc-proxies] describe TARGET_PROXY_NAME

APIs

For descriptions of the properties and methods available to you when working with target proxies through the REST API, see the following resources that Cloud Service Mesh supports:

gcloud CLI

For the Google Cloud CLI, see the following resources:

What's next