- Practical Istio - Introduction
- Practical Istio - Private Kubernetes Deployment
- Practical Istio - Init & Install
- Practical Istio - Ingress Gateway
- Practical Istio - Virtual Services
In this section we look at adding VirtualServices to connect the Gateways and Services within the cluster. A VirtualService works in a very similar way to Ingress components in normal Kubernetes work flows. They allow you to direct traffic to Services within the cluster based on request paths and ports.
Take a look at the examples within the k8s/istio/virtual-services folder, specifically have a look at the Grafana one. We'll use this as the example (all the others are more or less identical).
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: istio-grafana namespace: istio-system # Namespace spec: hosts: - gke.devopstar.com # Host, could be "*" gateways: - istio-grafana # Gateway, must match previous one we created http: - match: - port: 15031 # Port, must match what was used in Gateway route: - destination: host: grafana # Destination service, must match service name port: number: 3000 # Post of service, must match service port
This setup is very simple, the request is allowed by the
istio-grafana gateway rule, then the VirtualService takes this request and forwards it onto the
grafana service on port
The other example is in default-http.yaml and will be in-charge of forwarding requests on port
80 to the different services we deploy later on in this tutorial.
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: http-virtualservice spec: hosts: - gke.devopstar.com # Host could also be "*" gateways: - http-gateway # Gateway that allows port 800 http: - match: - uri: prefix: /prometheus route: - destination: host: prometheus-server # prometheus in the default namespace port: number: 80 - match: - uri: prefix: /grafana/ # Prefix indicates the path might have more after it route: - destination: host: grafana port: number: 80 rewrite: uri: / # Rewrite forces the path back to just '/'
The example above demonstrates how we are able to use the prefix and rewrite match options to change the path for grafana.
To apply the VirtualServices, we can simply run the following:
kubectl apply -f k8s/istio/virtual-services
You should now be able to access the four Istio services from their IP (or DNS entry). If you used my DNS entry (gke.devopstar.com), then you'll again need to make sure you have the Virtual Host extension setup with the correct LoadBalancer IP obtained from the istio-ingressgateway
Then you can simply access each service on the following endpoints:
- Kiali - http://gke.devopstar.com:15029/kiali/console
- Prometheus - http://gke.devopstar.com:15030
- Grafana - http://gke.devopstar.com:15031
- Jaeger - http://gke.devopstar.com:15032
In the next section we'll begin looking at how to define Destination Rules and how we can white-list outbound requests.