How to load balance a gRPC server through HAProxy¶
You can configure the ingress-configurator charm to expose a
gRPC backend through HAProxy.
gRPC load balancing requires the backend to support HTTP/2 over TLS. HAProxy
routes gRPC traffic through port 443 by default, or through a dedicated frontend
port configured via external-grpc-port.
Prerequisites¶
A HAProxy deployment with TLS configured. See the HAProxy getting started tutorial for setup instructions.
A gRPC backend reachable from the Juju model with TLS enabled. See the HAProxy operator’s gRPC load balancing guide for instructions on setting up a gRPC backend (the
flagdsection).
Deploy and configure the ingress-configurator charm¶
juju deploy ingress-configurator grpc-configurator --channel=latest/edge
Set the backend address, port, protocol, and hostname. The backend-protocol
must be https for gRPC backends:
GRPC_SERVER_ADDRESS=<backend-ip>
juju config grpc-configurator \
backend-addresses=$GRPC_SERVER_ADDRESS \
backend-ports=<backend-port> \
backend-protocol=https \
hostname=<grpc-hostname>
If you want gRPC traffic on a dedicated frontend port rather than port 443, also
set external-grpc-port:
juju config grpc-configurator external-grpc-port=<port>
Integrate with HAProxy¶
Use the haproxy-route interface, which operates at the HTTP level and supports
gRPC traffic.
juju integrate grpc-configurator:haproxy-route haproxy
Verify the connection¶
Once all charms are active, verify the gRPC server is reachable through HAProxy:
HAPROXY_IP=$(juju status --format json | jq -r '.applications.haproxy.units."haproxy/0"."public-address"')
grpcurl -insecure -d '{}' <grpc-hostname>:<port> <service-method>
A successful response returns the output from your gRPC service method with no connection errors.