istio Gateway setting route

General index: istio from getting started to giving up series

1. Namespace injection sidecar

kubectl label namespaces test istio-injection=enabled

kubectl get ns test --show-labels

2. Resource file preparation

2.1 Deployment and Service

apiVersion: v1
kind: Service
metadata:
  name: test-service
  namespace: test
  labels:
    app: test
spec:
  ports:
  - name: http
    nodePort: 
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: test
  sessionAffinity: None
  type: NodePort
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: test-v1
  namespace: test
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: test
        version: v1
    spec:
      containers:
      - name: test
        image: docker.io/kubeguide/tomcat-app:v1
        imagePullPolicy: IfNotPresent #Always
        ports:
        - containerPort: 8080

Create deployment and service

2.2 gateway

First, you need to enable HTTP/HTTPS traffic for the service grid. To do this, we need to create a Gateway . Gateway describes a load balancer running on the edge of the network to receive incoming or outgoing HTTP / TCP connections.

Let's create a test gateway.yaml file:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: test-gateway
  namespace: test
spec:
  selector:
    istio: ingressgateway # use istio default controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"

Create Gateway

HTTP traffic has been enabled for the cluster. You need to map the Kubernetes service you created earlier to the Gateway. This operation will be performed using VirtualService.

2.3 VirtualService

    VirtualService Actually connect the Kubernetes service to the Istio gateway. It can also perform more operations, such as defining a set of traffic routing rules to apply when the host is addressed

Create a test-virtualservice.yaml file:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: test-virtualservice
  namespace: test
spec:
  hosts:
  - "*"
  gateways:
  - test-gateway
  http:
  - route:
    - destination:
        host: test-service

To create a VirtualService, note that the VirtualService is bound to a specific gateway and defines the host that references the Kubernetes service.

Test app v1 version

Now you can test the application. First, you need to get the external port of Istio Ingress Gateway.

kubectl get svc istio-ingressgateway -n istio-system

2.4 DestinationRule

At some point, you want to update the app to a new version. Maybe you want to split the traffic between the two versions. You need to create a DestinationRule To define those versions, called subsets in Istio.

First, update the test.yaml file to define the Deployment of v2 with the v2 version container

apiVersion: v1
kind: Service
metadata:
  name: test-service
  namespace: test
  labels:
    app: test
spec:
  ports:
  - port: 8080
    name: http
  selector:
    app: test
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: test-v1
  namespace: test
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: test
        version: v1
    spec:
      containers:
      - name: test
        image: docker.io/kubeguide/tomcat-app:v1
        imagePullPolicy: Always #IfNotPresent
        ports:
        - containerPort: 8080
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: test-v2
  namespace: test
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: test
        version: v2
    spec:
      containers:
      - name: test
        image: tomcat:8.0
        imagePullPolicy: IfNotPresent #Always
        ports:
        - containerPort: 8080

Create a new Deployment. If you refresh the browser, you can see that VirtualService switches between v1 and v2 versions:

What if you want to limit your service to v2 only? You can do this by referring to the subsets in the virtual service, but you need to define these subsets in the DestinationRules first. DestinationRule essentially maps tags to a subset of Istio.

Create a test-destinationrule.yaml file:

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: test-destinationrule
  namespace: test
spec:
  host: test-service
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL
  subsets:
  - name: v1
    labels:
      version: v1
  - name: v2
    labels:
      version: v2

To create a destinationrule, you can point to v2 subset in VirtualService:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: test-virtualservice
  namespace: test
spec:
  hosts:
  - "*"
  gateways:
  - test-gateway
  http:
  - route:
    - destination:
        host: test-service
        subset: v2

Update the VirtualService, refresh the browser now, you should only see the content of v2 version

Tags: Tomcat Kubernetes Docker network

Posted on Wed, 08 Apr 2020 03:23:08 -0700 by Horatiu