June 17, 2019 3 min read

Practical Istio - Virtual Services

Get the code for this post!

Practical Istio - Introduction
Practical Istio - Private Kubernetes Deployment
Practical Istio - Init & Install
Practical Istio - Ingress Gateway
Practical Istio - Virtual Services

Introduction

In this section we look at adding VirtualServices to connect the Gateways and Services within the cluster. A VirtualService works in a very similar way to Ingress components in normal Kubernetes work flows. They allow you to direct traffic to Services within the cluster based on request paths and ports.

Virtual Service Example

Take a look at the examples within the k8s/istio/virtual-services folder, specifically have a look at the Grafana one. We'll use this as the example (all the others are more or less identical).

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: istio-grafana
  namespace: istio-system # Namespace
spec:
  hosts:
  - gke.devopstar.com # Host, could be "*"
  gateways:
  - istio-grafana # Gateway, must match previous one we created
  http:
  - match:
    - port: 15031 # Port, must match what was used in Gateway
    route:
    - destination:
        host: grafana # Destination service, must match service name
        port:
          number: 3000 # Post of service, must match service port

This setup is very simple, the request is allowed by the istio-grafana gateway rule, then the VirtualService takes this request and forwards it onto the grafana service on port 3000.

The other example is in default-http.yaml and will be in-charge of forwarding requests on port 80 to the different services we deploy later on in this tutorial.

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: http-virtualservice
spec:
  hosts:
  - gke.devopstar.com # Host could also be "*"
  gateways:
  - http-gateway # Gateway that allows port 800
  http:
  - match:
    - uri:
        prefix: /prometheus
    route:
    - destination:
        host: prometheus-server # prometheus in the default namespace
        port:
          number: 80
  - match:
    - uri:
        prefix: /grafana/ # Prefix indicates the path might have more after it
    route:
    - destination:
        host: grafana
        port:
          number: 80
    rewrite:
      uri: / # Rewrite forces the path back to just '/'

The example above demonstrates how we are able to use the prefix and rewrite match options to change the path for grafana.

Apply Virtual Services

To apply the VirtualServices, we can simply run the following:

kubectl apply -f k8s/istio/virtual-services

Testing

You should now be able to access the four Istio services from their IP (or DNS entry). If you used my DNS entry (gke.devopstar.com), then you'll again need to make sure you have the Virtual Host extension setup with the correct LoadBalancer IP obtained from the istio-ingressgateway

Virtual Host extension for Ingress Gateway Host Header mask

Then you can simply access each service on the following endpoints:

Kiali - http://gke.devopstar.com:15029/kiali/console
Prometheus - http://gke.devopstar.com:15030
Grafana - http://gke.devopstar.com:15031
Jaeger - http://gke.devopstar.com:15032

Whats Next?

In the next section we'll begin looking at how to define Destination Rules and how we can white-list outbound requests.