Consul Connect as xDS server for proxyless gRPC?

I’m currently using Consul Connect to proxy our services and it has been working great. Envoy sidecars deploy, services can connect to each other, intentions are enforced, it works as expected.

However, some of our services utilize gRPC for their communication channels and we were hoping to minimize/eliminate latency through Envoy by instead utilizing gRPC Proxyless Service Mesh. This requires gRPC be able to connect to an xDS server to discover the other services. In the Consul documentation, it sounds like xDS (and in particular ADS) functionality that gRPC needs exists, but I’ve been having difficulty figuring out how to actually configure gRPC to connect with it. As a point of contrast, I also tried Istio’s support for gRPC proxyless service mesh to see what a functional example looked like, but I wasn’t able to transfer that experience over to Consul yet.

The first step in the process is the GRPC_XDS_BOOTSTRAP json file that points gRPC to the appropriate xDS server and I have yet to craft one that works successfully. I’ve generally been trying it with connecting to the host-local Consul Agent on the grpc port (8502) with creds set to “insecure”. It is able to connect and appears to do something, but the gRPC always fails initialization citing issues with Listener lookup. I took a peek at Envoy’s bootstrap configuration, but it is completely different and I couldn’t find anything immediately obvious that would resolve my issues.

Simple bootstrap json:

{ "xds_servers": [
    { "server_uri": "local-consul-client:8502",
      "channel_creds": [
        { "type": "insecure"
  "node": {
    "id": "service-id"
  "server_listener_resource_name_template": "grpc/server=xds.resource.listening_address=%s"
  1. Is it feasible to directly hook gRPC up to the Consul’s xDS server implementation?
  2. If so, what does a proper bootstrap file look like for Consul?
  3. Is there some other way to get Consul Connect to inject a gRPC proxyless ready bootstrap file?

Really appreciate any insights or feedback on this.

Hi @ryan.cobb,

Consul’s xDS server does not currently support proxyless gRPC. The last time I tried to set it up, my experimentation revealed that there were a number of changes needed in Consul’s xDS control plane in order to support proxyless clients.

We’re using the following GitHub issue to track interest in this feature Would you mind commenting on that issue with additional details about your use case, and perhaps approximate number of applications that you’re looking to integrate with the mesh using this proxyless method? That information will be helpful to us when considering how to prioritizing this request.


Thank you so much for the quick response @blake! Sad to hear that proxyless gRPC isn’t supported yet, but I will definitely be commenting on that GitHub issue because it is of great interest to the team. Hopefully we can see the feature introduced sometime in the near future.