Hello I experimenting with spicedb-operator SpiceDB Operator make the job simpler But i have want to do load balance the gRPC with envoy proxy because for the reason mentioned in this blog post https://kubernetes.io/blog/2018/11/07/grpc-load-balancing-on-kubernetes-without-tears/ For this I want spicedb service as headless. Is there any options to tell spicedb operator to create headless service

SpiceDBClusters have a

patches

field that you can use to change the service settings, like:

apiVersion: authzed.com/v1alpha1
kind: SpiceDBCluster
metadata:
  name: dev
spec:
  config:
    datastoreEngine: memory
  secretName: dev-spicedb-config
  patches:
  - kind: Service
    patch:
      spec:
         clusterIP: "None"

That said, we use Envoy (via contour) to route to spicedb pods and don't bother with a headless service. Contour watches

Endpoints

and configures the envoy routes correctly as they change.

Thank you for guidance. This will help me a lot I have one doubt/question Contour and abouts its load balance working (I'm not expert in K8s so this might be stupid). By default SpiceDB-Operator creates service with ClusterIP, So all client request to SpiceDB will goes via k8s service, which is L4 load balancer. So Contour(envoy) is placed before k8s service, then How the contour(envoy) will do L7 load balancing ? Envoy --> k8s SpiceDB service (L4 LB) ---> any one pod Here K8s SpiceDB service (L4 LB) will connect to any one of pod with indefinite time since gRPC client connection indefinite unlike HTTP 1.1. So If client send huge number of request, then it will not split between pods and a single pod will get loaded.

When using contour, envoy doesn't talk to spicedb via the kube-dns service

Thank you @ecordell