[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-04 (世界標準時間)。"],[],[],null,["# Set up proxyless gRPC services\n==============================\n\n| **Note:** This guide only supports Cloud Service Mesh with Google Cloud APIs and does not support Istio APIs. For more information see, [Cloud Service Mesh overview](/service-mesh/v1.25/docs/overview).\n\nThis guide demonstrates how to set up a proxyless gRPC service mesh with\n`Mesh` and `GRPCRoute` resources.\n[](/static/service-mesh/v1.25/docs/images/mesh-grpcroute.svg) Proxyless gRPC services with `GRPCRoute` and `Mesh` resources (click to enlarge)\n\nBefore you begin\n----------------\n\nMake sure that you read [Prepare to set up with Envoy and proxyless workloads](/service-mesh/v1.25/docs/onboarding/prepare-service-routing-envoy-proxyless) and complete the prerequisites described\nin that document.\n\nConfigure the `Mesh` resource\n-----------------------------\n\nWhen a proxyless gRPC application connects to an `xds:///hostname`, the gRPC\nclient library establishes a connection to Cloud Service Mesh. The client library\nuses the connection to obtain the routing configuration that is needed to route\nrequests for the hostname.\n\nMake sure that you note the name of the `Mesh` resource, which is the key that\nthe proxyless gRPC application uses to request the configuration associated with\nthis Mesh.\n\n1. Create the `Mesh` specification and save it in a file called mesh.yaml.\n\n ```yaml\n name: grpc-mesh\n ```\n2. Create the `Mesh` resource using the `mesh.yaml` specification:\n\n ```bash\n gcloud network-services meshes import grpc-mesh \\\n --source=mesh.yaml \\\n --location=global\n ```\n\nAfter the `Mesh` resource is created, Cloud Service Mesh is ready to serve the\nconfiguration, but because there are no services defined yet, the configuration\nis empty. In the next section, you define the services and attach them to the\n`Mesh` resource.\n\nConfigure the gRPC server\n-------------------------\n\nFor demonstration purposes, you create a backend service with autoscaled VMs\nin a [managed instance group](/compute/docs/instance-groups#managed_instance_groups). The VMs serve the\nphrase `hello world` using the gRPC protocol on port `50051`.\n\n1. Create the Compute Engine VM instance template with a\n `helloworld` gRPC service that is exposed on port `50051`:\n\n ```bash\n gcloud compute instance-templates create-with-container grpc-td-vm-template \\\n --container-image=grpc/java-example-hostname:1.73.0 \\\n --tags=allow-health-checks \\\n --scopes=https://www.googleapis.com/auth/cloud-platform\n \n ```\n2. Create a managed instance group based on the template:\n\n ```bash\n gcloud compute instance-groups managed create grpc-td-mig \\\n --zone=ZONE \\\n --size=2 \\\n --template=grpc-td-vm-template\n ```\n3. Create the named port for the gRPC service. The named port is the port\n on which the gRPC service listens for requests. In the following example, the\n named port is `50051`:\n\n ```bash\n gcloud compute instance-groups set-named-ports grpc-td-mig \\\n --named-ports=grpc-helloworld-port:50051 \\\n --zone=ZONE\n ```\n4. Create a gRPC health check. The services must implement the\n [gRPC health checking protocol](https://github.com/grpc/grpc/blob/master/doc/health-checking.md)\n so that gRPC health checks work properly. For more information, see\n [health checks](/load-balancing/docs/health-checks).\n\n ```bash\n gcloud compute health-checks create grpc grpc-helloworld-health-check \\\n --use-serving-port\n ```\n5. Create a firewall rule to allow health check connections to instances\n in your network:\n\n ```bash\n gcloud compute firewall-rules create grpc-vm-allow-health-checks \\\n --network=default \\\n --action=ALLOW \\\n --direction=INGRESS \\\n --source-ranges=\"35.191.0.0/16,130.211.0.0/22\" \\\n --target-tags=allow-health-checks \\\n --rules=tcp:50051\n ```\n6. Create a [global backend service](/load-balancing/docs/backend-service)\n with a load balancing scheme of `INTERNAL_SELF_MANAGED` and add the health\n check to the backend service. The port specified here is used to connect to\n the VMs in the managed instance group.\n\n ```bash\n gcloud compute backend-services create grpc-helloworld-service \\\n --global \\\n --load-balancing-scheme=INTERNAL_SELF_MANAGED \\\n --protocol=GRPC \\\n --port-name=grpc-helloworld-port \\\n --health-checks=grpc-helloworld-health-check\n ```\n7. Add the managed instance group to the backend service.\n\n ```bash\n gcloud compute backend-services add-backend grpc-helloworld-service \\\n --instance-group=grpc-td-mig \\\n --instance-group-zone=ZONE \\\n --global\n ```\n\nThe `Mesh` resource and services are configured. In the next section, you set\nup routing.\n\nSet up routing with `GRPCRoute`\n-------------------------------\n\nUse the following instructions to set up routing.\n\n1. Create the `GRPCRoute` specification and save it in a file called\n `grpc_route.yaml`.\n\n You can use either `PROJECT_ID` or `PROJECT_NUMBER`. \n\n ```yaml\n name: helloworld-grpc-route\n hostnames:\n - helloworld-gce\n meshes:\n - projects/\u003cvar translate=\"no\"\u003ePROJECT_NUMBER\u003c/var\u003e/locations/global/meshes/grpc-mesh\n rules:\n - action:\n destinations:\n - serviceName: projects/\u003cvar translate=\"no\"\u003ePROJECT_NUMBER\u003c/var\u003e/locations/global/backendServices/grpc-helloworld-service\n ```\n2. Create the `GrpcRoute` resource using the `grpc_route.yaml` specification:\n\n ```bash\n gcloud network-services grpc-routes import helloworld-grpc-route \\\n --source=grpc_route.yaml \\\n --location=global\n ```\n\nCloud Service Mesh is now configured to load balance traffic for the services\nspecified in the `GRPCRoute` resource across backends in the managed instance\ngroup.\n\nCreate a gRPC client\n--------------------\n\nYou can verify the configuration by instantiating a proxyless gRPC\napplication and connecting it to Cloud Service Mesh. In its bootstrap file, the\napplication must specify the VPC network indicated in the Mesh.\n\nAfter it is configured, the application can send a request to the instances\nor endpoints associated with `helloworld-gce` using the `xds:///helloworld-gce`\nservice URI.\n\nIn the following examples, you use the grpcurl tool to test the gRPC\nservice.\n\n1. Create a client VM.\n\n ```bash\n gcloud compute instances create grpc-client \\\n --zone=ZONE\\\n --scopes=https://www.googleapis.com/auth/cloud-platform \\\n --image-family=debian-12 \\\n --image-project=debian-cloud \\\n --metadata-from-file=startup-script=\u003c(echo '#!/bin/bash\n set -ex\n export GRPC_XDS_BOOTSTRAP=/run/td-grpc-bootstrap.json\n echo export GRPC_XDS_BOOTSTRAP=$GRPC_XDS_BOOTSTRAP | sudo tee /etc/profile.d/grpc-xds-bootstrap.sh\n curl -L https://storage.googleapis.com/traffic-director/td-grpc-bootstrap-0.16.0.tar.gz | tar -xz\n ./td-grpc-bootstrap-0.16.0/td-grpc-bootstrap --config-mesh=grpc-mesh | tee $GRPC_XDS_BOOTSTRAP')\n ```\n\nSet up the bootstrap file\n-------------------------\n\nThe client application must have a bootstrap configuration file. The startup\nscript in the previous section sets the `GRPC_XDS_BOOTSTRAP`\nenvironment variable and uses a helper script to generate the bootstrap file.\nThe values for `TRAFFICDIRECTOR_GCP_PROJECT_NUMBER` and zone in the\ngenerated bootstrap file are obtained from the metadata server that knows these\ndetails about your VM instances. You can provide these values to the helper\nscript manually using the `--gcp-project-number` option. You must\nprovide a mesh name matching the `Mesh` resource using the\n`--config-mesh` option.\n| **Note:** Per policy, we encourage users to check for updates of the TD gRPC bootstrap generator yearly.\n\nTo verify the configuration, sign in to the client VM and run the\nfollowing.\n\n1. SSH to the client VM.\n\n ```bash\n gcloud compute ssh grpc-client --zone=ZONE\n ```\n2. Download and install the `grpcurl` tool.\n\n ```bash\n curl -L https://github.com/fullstorydev/grpcurl/releases/download/v1.9.2/grpcurl_1.9.2_linux_x86_64.tar.gz | tar -xz\n ```\n3. Run the `grpcurl` tool with `xds:///helloworld-gce` as the service URI and\n `helloworld.Greeter/SayHello` as the service name and method to invoke. The\n parameters to the `SayHello` method are passed using the `-d` option.\n\n ```bash\n ./grpcurl --plaintext \\\n -d '{\"name\": \"world\"}' \\\n xds:///helloworld-gce helloworld.Greeter/SayHello\n ```\n\nYou should see output similar to the following, where `INSTANCE_HOSTNAME` is the\nname of one of the gRPC server VM instances:\n\n\u003cbr /\u003e\n\n```json\n {\n \"message\": \"Hello world, from INSTANCE_HOSTNAME\"\n }\n \n```\n\n\u003cbr /\u003e\n\nThe output verifies that the proxyless gRPC client successfully connected to\nCloud Service Mesh and learned about the backends for the\n`helloworld-gce` service using the `xds` name resolver.\nThe client sent a request to one of the service's backends without needing to\nknow about the IP address or performing DNS resolution.\n\nWhat's next\n-----------\n\n- For information about listing route resources associated with a `Mesh` or `Gateway` resource, see [List `Route` resources](/service-mesh/v1.25/docs/service-routing/list-route-resources)."]]
