istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/archive/v1.3/blog/2019/multicluster-version-routing/index.html

376 lines
39 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html><html lang=en itemscope itemtype=https://schema.org/WebPage><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=theme-color content=#466BB0><meta name=title content="Version Routing in a Multicluster Service Mesh"><meta name=description content="Configuring Istio route rules in a multicluster service mesh."><meta name=author content="Frank Budinsky (IBM)"><meta name=keywords content=microservices,services,mesh,traffic-management,multicluster><meta property=og:title content="Version Routing in a Multicluster Service Mesh"><meta property=og:type content=website><meta property=og:description content="Configuring Istio route rules in a multicluster service mesh."><meta property=og:url content=/v1.3/blog/2019/multicluster-version-routing/><meta property=og:image content=/v1.3/img/istio-whitelogo-bluebackground-framed.svg><meta property=og:image:alt content="Istio Logo"><meta property=og:image:width content=112><meta property=og:image:height content=150><meta property=og:site_name content=Istio><meta name=twitter:card content=summary><meta name=twitter:site content=@IstioMesh><title>Istioldie 1.3 / Version Routing in a Multicluster Service Mesh</title><script async src="https://www.googletagmanager.com/gtag/js?id=UA-98480406-2"></script><script>window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments);}
gtag('js',new Date());gtag('config','UA-98480406-2');</script><link rel=alternate type=application/rss+xml title="Istio Blog" href=/v1.3/blog/feed.xml><link rel=alternate type=application/rss+xml title="Istio News" href=/v1.3/news/feed.xml><link rel=alternate type=application/rss+xml title="Istio Blog and News" href=/v1.3/feed.xml><link rel="shortcut icon" href=/v1.3/favicons/favicon.ico><link rel=apple-touch-icon href=/v1.3/favicons/apple-touch-icon-180x180.png sizes=180x180><link rel=icon type=image/png href=/v1.3/favicons/favicon-16x16.png sizes=16x16><link rel=icon type=image/png href=/v1.3/favicons/favicon-32x32.png sizes=32x32><link rel=icon type=image/png href=/v1.3/favicons/android-36x36.png sizes=36x36><link rel=icon type=image/png href=/v1.3/favicons/android-48x48.png sizes=48x48><link rel=icon type=image/png href=/v1.3/favicons/android-72x72.png sizes=72x72><link rel=icon type=image/png href=/v1.3/favicons/android-96x96.png sizes=96xW96><link rel=icon type=image/png href=/v1.3/favicons/android-144x144.png sizes=144x144><link rel=icon type=image/png href=/v1.3/favicons/android-192x192.png sizes=192x192><link rel=manifest href=/v1.3/manifest.json><meta name=apple-mobile-web-app-title content=Istio><meta name=application-name content=Istio><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Work+Sans:400|Chivo:400|Work+Sans:500,300,600,300italic,400italic,500italic,600italic|Chivo:500,300,600,300italic,400italic,500italic,600italic"><link rel=stylesheet href=/v1.3/css/all.css><script src=/v1.3/js/themes_init.min.js></script></head><body class="language-unknown archive-site"><script>const branchName="release-1.3";const docTitle="Version Routing in a Multicluster Service Mesh";const iconFile="\/v1.3/img/icons.svg";const buttonCopy='Copy to clipboard';const buttonPrint='Print';const buttonDownload='Download';</script><script src="https://www.google.com/cse/brand?form=search-form" defer></script><script src=/v1.3/js/all.min.js data-manual defer></script><header><nav><a id=brand href=/v1.3/><span class=logo><svg viewBox="0 0 300 300"><circle cx="150" cy="150" r="146" stroke-width="2" /><path d="M65 240H225L125 270z"/><path d="M65 230l60-10V110z"/><path d="M135 220l90 10L135 30z"/></svg></span><span class=name>Istioldie 1.3</span></a><div id=hamburger><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#hamburger"/></svg></div><div id=header-links><a title="Learn how to deploy, use, and operate Istio." href=/v1.3/docs/>Docs</a>
<span title="Posts about using Istio.">Blog</span>
<a title="Timely news about the Istio project." href=/v1.3/news/2019/announcing-1.2-eol/>News</a>
<a title="Frequently Asked Questions about Istio." href=/v1.3/faq/>FAQ</a>
<a title="Get a bit more in-depth info about the Istio project." href=/v1.3/about/>About</a><div class=menu><button id=gearDropdownButton class=menu-trigger title="Options and settings" aria-label="Options and Settings" aria-controls=gearDropdownContent><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#gear"/></svg></button><div id=gearDropdownContent class=menu-content aria-labelledby=gearDropdownButton role=menu><a tabindex=-1 role=menuitem class=active id=light-theme-item>Light Theme</a>
<a tabindex=-1 role=menuitem id=dark-theme-item>Dark Theme</a><div role=separator></div><a tabindex=-1 role=menuitem id=syntax-coloring-item>Color Examples</a><div role=separator></div><h6>Other versions of this site</h6><a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://istio.io/blog\/2019\/multicluster-version-routing\/');return false;">Current Release</a>
<a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://preliminary.istio.io/blog\/2019\/multicluster-version-routing\/');return false;">Next Release</a>
<a tabindex=-1 role=menuitem href=https://archive.istio.io>Older Releases</a></div></div><button id=search-show title="Search this site" aria-label=Search><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#magnifier"/></svg></button></div><form id=search-form name=cse role=search><input type=hidden name=cx value=013699703217164175118:iwwf17ikgf4>
<input type=hidden name=ie value=utf-8>
<input type=hidden name=hl value=en>
<input type=hidden id=search-page-url value=/v1.3/search>
<input id=search-textbox class=form-control name=q type=search aria-label="Search this site">
<button id=search-close title="Cancel search" type=reset aria-label="Cancel search"><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#cancel-x"/></svg></button></form></nav></header><main class=primary><div id=sidebar-container class="sidebar-container sidebar-offcanvas"><nav id=sidebar aria-label="Section Navigation"><div class=directory><div class=card><button class="header dynamic" id=card0 title="Blog posts for 2019." aria-controls=card0-body><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#blog"/></svg>2019 Posts</button><div class="body default" aria-labelledby=card0 role=region id=card0-body><ul role=tree aria-expanded=true class=leaf-section aria-labelledby=card0><li role=none><a role=treeitem title="Configure Istio ingress gateway to act as a proxy for external services." href=/v1.3/blog/2019/proxy/>Istio as a Proxy for External Services</a></li><li role=none><a role=treeitem title="How can you use Istio to monitor blocked and passthrough external traffic." href=/v1.3/blog/2019/monitoring-external-service-traffic/>Monitoring blocked and passthrough external service traffic</a></li><li role=none><a role=treeitem title="Using Istio to secure multi-cloud Kubernetes applications with zero code changes." href=/v1.3/blog/2019/app-identity-and-access-adapter/>App Identity and Access Adapter</a></li><li role=none><a role=treeitem title="Demonstrates a Mixer out-of-process adapter which implements the Knative scale-from-zero logic." href=/v1.3/blog/2019/knative-activator-adapter/>Mixer out-of-process adapter for Knative</a></li><li role=none><a role=treeitem title="Taking advantage of Kubernetes trustworthy JWTs to issue certificates for workload instances more securely." href=/v1.3/blog/2019/trustworthy-jwt-sds/>Change in Secret Discovery Service in Istio 1.3</a></li><li role=none><a role=treeitem title="The design principles behind Istio's APIs and how those APIs are evolving." href=/v1.3/blog/2019/evolving-istios-apis/>The Evolution of Istio&#39;s APIs</a></li><li role=none><a role=treeitem title="Comparison of alternative solutions to control egress traffic including performance considerations." href=/v1.3/blog/2019/egress-traffic-control-in-istio-part-3/>Secure Control of Egress Traffic in Istio, part 3</a></li><li role=none><a role=treeitem title="Use Istio Egress Traffic Control to prevent attacks involving egress traffic." href=/v1.3/blog/2019/egress-traffic-control-in-istio-part-2/>Secure Control of Egress Traffic in Istio, part 2</a></li><li role=none><a role=treeitem title="Tools and guidance for evaluating Istio's data plane performance." href=/v1.3/blog/2019/performance-best-practices/>Best Practices: Benchmarking Service Mesh Performance</a></li><li role=none><a role=treeitem title="Learn how to extend the lifetime of Istio self-signed root certificate." href=/v1.3/blog/2019/root-transition/>Extending Istio Self-Signed Root Certificate Lifetime</a></li><li role=none><a role=treeitem title="Attacks involving egress traffic and requirements for egress traffic control." href=/v1.3/blog/2019/egress-traffic-control-in-istio-part-1/>Secure Control of Egress Traffic in Istio, part 1</a></li><li role=none><a role=treeitem title="An overview of Istio 1.1 performance." href=/v1.3/blog/2019/istio1.1_perf/>Architecting Istio 1.1 for Performance</a></li><li role=none><span role=treeitem class=current title="Configuring Istio route rules in a multicluster service mesh.">Version Routing in a Multicluster Service Mesh</span></li><li role=none><a role=treeitem title="Announces the new Istio blog policy." href=/v1.3/blog/2019/sail-the-blog/>Sail the Blog!</a></li><li role=none><a role=treeitem title="De-mystify how Istio manages to plugin its data-plane components into an existing deployment." href=/v1.3/blog/2019/data-plane-setup/>Demystifying Istio&#39;s Sidecar Injection Model</a></li><li role=none><a role=treeitem title="Verifies the performance impact of adding an egress gateway." href=/v1.3/blog/2019/egress-performance/>Egress Gateway Performance Investigation</a></li><li role=none><a role=treeitem title="Addressing application startup ordering and startup latency using AppSwitch." href=/v1.3/blog/2019/appswitch/>Sidestepping Dependency Ordering with AppSwitch</a></li><li role=none><a role=treeitem title="Describes how to deploy a custom ingress gateway using cert-manager manually." href=/v1.3/blog/2019/custom-ingress-gateway/>Deploy a Custom Ingress Gateway Using Cert-Manager</a></li></ul></div></div><div class=card><button class="header dynamic" id=card1 title="Blog posts for 2018." aria-controls=card1-body><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#blog"/></svg>2018 Posts</button><div class=body aria-labelledby=card1 role=region id=card1-body><ul role=tree aria-expanded=true class=leaf-section aria-labelledby=card1><li role=none><a role=treeitem title="How to use Istio for traffic management without deploying sidecar proxies." href=/v1.3/blog/2018/incremental-traffic-management/>Incremental Istio Part 1, Traffic Management</a></li><li role=none><a role=treeitem title="Describes a simple scenario based on Istio's Bookinfo example." href=/v1.3/blog/2018/egress-mongo/>Consuming External MongoDB Services</a></li><li role=none><a role=treeitem title="Istio hosting an all day Twitch stream to celebrate the 1.0 release." href=/v1.3/blog/2018/istio-twitch-stream/>All Day Istio Twitch Stream</a></li><li role=none><a role=treeitem title="How HP is building its next-generation footwear personalization platform on Istio." href=/v1.3/blog/2018/hp/>Istio a Game Changer for HP&#39;s FitStation Platform</a></li><li role=none><a role=treeitem title="Automatic application onboarding and latency optimizations using AppSwitch." href=/v1.3/blog/2018/delayering-istio/>Delayering Istio with AppSwitch</a></li><li role=none><a role=treeitem title="Describe Istio's authorization feature and how to use it in various use cases." href=/v1.3/blog/2018/istio-authorization/>Micro-Segmentation with Istio Authorization</a></li><li role=none><a role=treeitem title="How to export Istio Access Logs to different sinks like BigQuery, GCS, Pub/Sub through Stackdriver." href=/v1.3/blog/2018/export-logs-through-stackdriver/>Exporting Logs to BigQuery, GCS, Pub/Sub through Stackdriver</a></li><li role=none><a role=treeitem title="Describes how to configure Istio for monitoring and access policies of HTTP egress traffic." href=/v1.3/blog/2018/egress-monitoring-access-control/>Monitoring and Access Policies for HTTP Egress Traffic</a></li><li role=none><a role=treeitem title="Introduction, motivation and design principles for the Istio v1alpha3 routing API." href=/v1.3/blog/2018/v1alpha3-routing/>Introducing the Istio v1alpha3 routing API</a></li><li role=none><a role=treeitem title="Describes how to configure Istio ingress with a network load balancer on AWS." href=/v1.3/blog/2018/aws-nlb/>Configuring Istio Ingress with AWS NLB</a></li><li role=none><a role=treeitem title="Using Kubernetes namespaces and RBAC to create an Istio soft multi-tenancy environment." href=/v1.3/blog/2018/soft-multitenancy/>Istio Soft Multi-Tenancy Support</a></li><li role=none><a role=treeitem title="An introduction to safer, lower-risk deployments and release to production." href=/v1.3/blog/2018/traffic-mirroring/>Traffic Mirroring with Istio for Testing in Production</a></li><li role=none><a role=treeitem title="Describes a simple scenario based on Istio's Bookinfo example." href=/v1.3/blog/2018/egress-tcp/>Consuming External TCP Services</a></li><li role=none><a role=treeitem title="Describes a simple scenario based on Istio's Bookinfo example." href=/v1.3/blog/2018/egress-https/>Consuming External Web Services</a></li></ul></div></div><div class=card><button class="header dynamic" id=card2 title="Blog posts for 2017." aria-controls=card2-body><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#blog"/></svg>2017 Posts</button><div class=body aria-labelledby=card2 role=region id=card2-body><ul role=tree aria-expanded=true class=leaf-section aria-labelledby=card2><li role=none><a role=treeitem title="Improving availability and reducing latency." href=/v1.3/blog/2017/mixer-spof-myth/>Mixer and the SPOF Myth</a></li><li role=none><a role=treeitem title="Provides an overview of Mixer's plug-in architecture." href=/v1.3/blog/2017/adapter-model/>Mixer Adapter Model</a></li><li role=none><a role=treeitem title="How Kubernetes Network Policy relates to Istio policy." href=/v1.3/blog/2017/0.1-using-network-policy/>Using Network Policy with Istio</a></li><li role=none><a role=treeitem title="Using Istio to create autoscaled canary deployments." href=/v1.3/blog/2017/0.1-canary/>Canary Deployments using Istio</a></li><li role=none><a role=treeitem title="Istio Auth 0.1 announcement." href=/v1.3/blog/2017/0.1-auth/>Using Istio to Improve End-to-End Security</a></li></ul></div></div></div></nav></div><div class=article-container><button tabindex=-1 id=sidebar-toggler title="Toggle the navigation bar"><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#pull"/></svg></button><nav aria-label=Breadcrumb><ol><li><a href=/v1.3/ title="Connect, secure, control, and observe services.">Istio</a></li><li><a href=/v1.3/blog/ title="Posts about using Istio.">Blog</a></li><li><a href=/v1.3/blog/2019/ title="Blog posts for 2019.">2019 Posts</a></li><li>Version Routing in a Multicluster Service Mesh</li></ol></nav><article aria-labelledby=title><div class=title-area><div><h1 id=title>Version Routing in a Multicluster Service Mesh</h1><p class=byline><span>By</span>
<span class=attribution>Frank Budinsky (IBM)</span><span> | </span><span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#calendar"/></svg><span>&nbsp;</span>February 7, 2019</span><span> | </span><span title="1561 words"><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#clock"/></svg><span>&nbsp;</span>8 minute read</span></p></div></div><nav class=toc-inlined aria-label="Table of Contents"><div><hr><ol><li role=none aria-label="Setup clusters"><a href=#setup-clusters>Setup clusters</a><li role=none aria-label="Deploy version v1 of the bookinfo application in cluster1"><a href=#deploy-version-v1-of-the-bookinfo-application-in-cluster1>Deploy version v1 of the <code>bookinfo</code> application in <code>cluster1</code></a><li role=none aria-label="Deploy bookinfo v2 and v3 services in cluster2"><a href=#deploy-bookinfo-v2-and-v3-services-in-cluster2>Deploy <code>bookinfo</code> v2 and v3 services in <code>cluster2</code></a><li role=none aria-label="Access the bookinfo application"><a href=#access-the-bookinfo-application>Access the <code>bookinfo</code> application</a><li role=none aria-label="Create a service entry and destination rule on cluster1 for the remote reviews service"><a href=#create-a-service-entry-and-destination-rule-on-cluster1-for-the-remote-reviews-service>Create a service entry and destination rule on <code>cluster1</code> for the remote reviews service</a><li role=none aria-label="Create a destination rule on both clusters for the local reviews service"><a href=#create-a-destination-rule-on-both-clusters-for-the-local-reviews-service>Create a destination rule on both clusters for the local reviews service</a><li role=none aria-label="Create a virtual service to route reviews service traffic"><a href=#create-a-virtual-service-to-route-reviews-service-traffic>Create a virtual service to route reviews service traffic</a><li role=none aria-label=Summary><a href=#summary>Summary</a><li role=none aria-label="See also"><a href=#see-also>See also</a></li></ol><hr></div></nav><p>If you&rsquo;ve spent any time looking at Istio, you&rsquo;ve probably noticed that it includes a lot of features that
can be demonstrated with simple <a href=/v1.3/docs/tasks/>tasks</a> and <a href=/v1.3/docs/examples/>examples</a>
running on a single Kubernetes cluster.
Because most, if not all, real-world cloud and microservices-based applications are not that simple
and will need to have the services distributed and running in more than one location, you may be
wondering if all these things will be just as simple in your real production environment.</p><p>Fortunately, Istio provides several ways to configure a service mesh so that applications
can, more-or-less transparently, be part of a mesh where the services are running
in more than one cluster, i.e., in a
<a href=/v1.3/docs/concepts/deployment-models/#multiple-clusters>multi-cluster deployment</a>.
The simplest way to setup a multi-cluster mesh, because it has no special networking requirements,
is using a replicated
<a href=/v1.3/docs/concepts/deployment-models/#control-plane-models>control plane model</a>.
In this configuration, each Kubernetes cluster contributing to the mesh has its own control plane,
but each control plane is synchronized and running under a single administrative control.</p><p>In this article we&rsquo;ll look at how one of the features of Istio,
<a href=/v1.3/docs/concepts/traffic-management/>traffic management</a>, works in a multicluster mesh with
a dedicated control plane topology.
We&rsquo;ll show how to configure Istio route rules to call remote services in a multicluster service mesh
by deploying the <a href=https://github.com/istio/istio/tree/release-1.3/samples/bookinfo>Bookinfo sample</a> with version <code>v1</code> of the <code>reviews</code> service
running in one cluster, versions <code>v2</code> and <code>v3</code> running in a second cluster.</p><h2 id=setup-clusters>Setup clusters</h2><p>To start, you&rsquo;ll need two Kubernetes clusters, both running a slightly customized configuration of Istio.</p><ul><li><p>Set up a multicluster environment with two Istio clusters by following the
<a href=/v1.3/docs/setup/install/multicluster/gateways/>replicated control planes</a> instructions.</p></li><li><p>The <code>kubectl</code> command is used to access both clusters with the <code>--context</code> flag.
Use the following command to list your contexts:</p><pre><code class=language-bash data-expandlinks=true data-repo=istio>$ kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* cluster1 cluster1 user@foo.com default
cluster2 cluster2 user@foo.com default
</code></pre></li><li><p>Export the following environment variables with the context names of your configuration:</p><pre><code class=language-bash data-expandlinks=true data-repo=istio>$ export CTX_CLUSTER1=&lt;cluster1 context name&gt;
$ export CTX_CLUSTER2=&lt;cluster2 context name&gt;
</code></pre></li></ul><h2 id=deploy-version-v1-of-the-bookinfo-application-in-cluster1>Deploy version v1 of the <code>bookinfo</code> application in <code>cluster1</code></h2><p>Run the <code>productpage</code> and <code>details</code> services and version <code>v1</code> of the <code>reviews</code> service in <code>cluster1</code>:</p><pre><code class=language-bash data-expandlinks=true data-repo=istio>$ kubectl label --context=$CTX_CLUSTER1 namespace default istio-injection=enabled
$ kubectl apply --context=$CTX_CLUSTER1 -f - &lt;&lt;EOF
apiVersion: v1
kind: Service
metadata:
name: productpage
labels:
app: productpage
spec:
ports:
- port: 9080
name: http
selector:
app: productpage
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: productpage-v1
spec:
replicas: 1
template:
metadata:
labels:
app: productpage
version: v1
spec:
containers:
- name: productpage
image: istio/examples-bookinfo-productpage-v1:1.10.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
---
apiVersion: v1
kind: Service
metadata:
name: details
labels:
app: details
spec:
ports:
- port: 9080
name: http
selector:
app: details
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: details-v1
spec:
replicas: 1
template:
metadata:
labels:
app: details
version: v1
spec:
containers:
- name: details
image: istio/examples-bookinfo-details-v1:1.10.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
---
apiVersion: v1
kind: Service
metadata:
name: reviews
labels:
app: reviews
spec:
ports:
- port: 9080
name: http
selector:
app: reviews
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: reviews-v1
spec:
replicas: 1
template:
metadata:
labels:
app: reviews
version: v1
spec:
containers:
- name: reviews
image: istio/examples-bookinfo-reviews-v1:1.10.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
EOF
</code></pre><h2 id=deploy-bookinfo-v2-and-v3-services-in-cluster2>Deploy <code>bookinfo</code> v2 and v3 services in <code>cluster2</code></h2><p>Run the <code>ratings</code> service and version <code>v2</code> and <code>v3</code> of the <code>reviews</code> service in <code>cluster2</code>:</p><pre><code class=language-bash data-expandlinks=true data-repo=istio>$ kubectl label --context=$CTX_CLUSTER2 namespace default istio-injection=enabled
$ kubectl apply --context=$CTX_CLUSTER2 -f - &lt;&lt;EOF
apiVersion: v1
kind: Service
metadata:
name: ratings
labels:
app: ratings
spec:
ports:
- port: 9080
name: http
selector:
app: ratings
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: ratings-v1
spec:
replicas: 1
template:
metadata:
labels:
app: ratings
version: v1
spec:
containers:
- name: ratings
image: istio/examples-bookinfo-ratings-v1:1.10.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
---
apiVersion: v1
kind: Service
metadata:
name: reviews
labels:
app: reviews
spec:
ports:
- port: 9080
name: http
selector:
app: reviews
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: reviews-v2
spec:
replicas: 1
template:
metadata:
labels:
app: reviews
version: v2
spec:
containers:
- name: reviews
image: istio/examples-bookinfo-reviews-v2:1.10.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: reviews-v3
spec:
replicas: 1
template:
metadata:
labels:
app: reviews
version: v3
spec:
containers:
- name: reviews
image: istio/examples-bookinfo-reviews-v3:1.10.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
EOF
</code></pre><h2 id=access-the-bookinfo-application>Access the <code>bookinfo</code> application</h2><p>Just like any application, we&rsquo;ll use an Istio gateway to access the <code>bookinfo</code> application.</p><ul><li><p>Create the <code>bookinfo</code> gateway in <code>cluster1</code>:</p><div><a data-skipendnotes=true style=display:none href=https://raw.githubusercontent.com/istio/istio/release-1.3/samples/bookinfo/networking/bookinfo-gateway.yaml>Zip</a><pre><code class=language-bash data-expandlinks=true data-repo=istio>$ kubectl apply --context=$CTX_CLUSTER1 -f @samples/bookinfo/networking/bookinfo-gateway.yaml@
</code></pre></div></li><li><p>Follow the <a href=/v1.3/docs/examples/bookinfo/#determine-the-ingress-ip-and-port>Bookinfo sample instructions</a>
to determine the ingress IP and port and then point your browser to <code>http://$GATEWAY_URL/productpage</code>.</p></li></ul><p>You should see the <code>productpage</code> with reviews, but without ratings, because only <code>v1</code> of the <code>reviews</code> service
is running on <code>cluster1</code> and we have not yet configured access to <code>cluster2</code>.</p><h2 id=create-a-service-entry-and-destination-rule-on-cluster1-for-the-remote-reviews-service>Create a service entry and destination rule on <code>cluster1</code> for the remote reviews service</h2><p>As described in the <a href=/v1.3/docs/setup/install/multicluster/gateways/#setup-dns>setup instructions</a>,
remote services are accessed with a <code>.global</code> DNS name. In our case, it&rsquo;s <code>reviews.default.global</code>,
so we need to create a service entry and destination rule for that host.
The service entry will use the <code>cluster2</code> gateway as the endpoint address to access the service.
You can use the gateway&rsquo;s DNS name, if it has one, or its public IP, like this:</p><pre><code class=language-bash data-expandlinks=true data-repo=istio>$ export CLUSTER2_GW_ADDR=$(kubectl get --context=$CTX_CLUSTER2 svc --selector=app=istio-ingressgateway \
-n istio-system -o jsonpath=&#34;{.items[0].status.loadBalancer.ingress[0].ip}&#34;)
</code></pre><p>Now create the service entry and destination rule using the following command:</p><pre><code class=language-bash data-expandlinks=true data-repo=istio>$ kubectl apply --context=$CTX_CLUSTER1 -f - &lt;&lt;EOF
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: reviews-default
spec:
hosts:
- reviews.default.global
location: MESH_INTERNAL
ports:
- name: http1
number: 9080
protocol: http
resolution: DNS
addresses:
- 240.0.0.3
endpoints:
- address: ${CLUSTER2_GW_ADDR}
labels:
cluster: cluster2
ports:
http1: 15443 # Do not change this port value
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews-global
spec:
host: reviews.default.global
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
subsets:
- name: v2
labels:
cluster: cluster2
- name: v3
labels:
cluster: cluster2
EOF
</code></pre><p>The address <code>240.0.0.3</code> of the service entry can be any arbitrary unallocated IP.
Using an IP from the class E addresses range 240.0.0.0/4 is a good choice.
Check out the
<a href=/v1.3/docs/setup/install/multicluster/gateways/#configure-the-example-services>gateway-connected multicluster example</a>
for more details.</p><p>Note that the labels of the subsets in the destination rule map to the service entry
endpoint label (<code>cluster: cluster2</code>) corresponding to the <code>cluster2</code> gateway.
Once the request reaches the destination cluster, a local destination rule will be used
to identify the actual pod labels (<code>version: v1</code> or <code>version: v2</code>) corresponding to the
requested subset.</p><h2 id=create-a-destination-rule-on-both-clusters-for-the-local-reviews-service>Create a destination rule on both clusters for the local reviews service</h2><p>Technically, we only need to define the subsets of the local service that are being used
in each cluster (i.e., <code>v1</code> in <code>cluster1</code>, <code>v2</code> and <code>v3</code> in <code>cluster2</code>), but for simplicity we&rsquo;ll
just define all three subsets in both clusters, since there&rsquo;s nothing wrong with defining subsets
for versions that are not actually deployed.</p><pre><code class=language-bash data-expandlinks=true data-repo=istio>$ kubectl apply --context=$CTX_CLUSTER1 -f - &lt;&lt;EOF
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews.default.svc.cluster.local
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
- name: v3
labels:
version: v3
EOF
</code></pre><pre><code class=language-bash data-expandlinks=true data-repo=istio>$ kubectl apply --context=$CTX_CLUSTER2 -f - &lt;&lt;EOF
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews.default.svc.cluster.local
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
- name: v3
labels:
version: v3
EOF
</code></pre><h2 id=create-a-virtual-service-to-route-reviews-service-traffic>Create a virtual service to route reviews service traffic</h2><p>At this point, all calls to the <code>reviews</code> service will go to the local <code>reviews</code> pods (<code>v1</code>) because
if you look at the source code you will see that the <code>productpage</code> implementation is simply making
requests to <code>http://reviews:9080</code> (which expands to host <code>reviews.default.svc.cluster.local</code>), the
local version of the service.
The corresponding remote service is named <code>reviews.default.global</code>, so route rules are needed to
redirect requests to the global host.</p><div><aside class="callout tip"><div class=type><svg class="large-icon"><use xlink:href="/v1.3/img/icons.svg#callout-tip"/></svg></div><div class=content>Note that if all of the versions of the <code>reviews</code> service were remote, so there is no local <code>reviews</code>
service defined, the DNS would resolve <code>reviews</code> directly to <code>reviews.default.global</code>. In that case
we could call the remote <code>reviews</code> service without any route rules.</div></aside></div><p>Apply the following virtual service to direct traffic for user <code>jason</code> to <code>reviews</code> versions <code>v2</code> and <code>v3</code> (<sup>50</sup>&frasl;<sub>50</sub>)
which are running on <code>cluster2</code>. Traffic for any other user will go to <code>reviews</code> version <code>v1</code>.</p><pre><code class=language-bash data-expandlinks=true data-repo=istio>$ kubectl apply --context=$CTX_CLUSTER1 -f - &lt;&lt;EOF
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews.default.svc.cluster.local
http:
- match:
- headers:
end-user:
exact: jason
route:
- destination:
host: reviews.default.global
subset: v2
weight: 50
- destination:
host: reviews.default.global
subset: v3
weight: 50
- route:
- destination:
host: reviews.default.svc.cluster.local
subset: v1
EOF
</code></pre><div><aside class="callout tip"><div class=type><svg class="large-icon"><use xlink:href="/v1.3/img/icons.svg#callout-tip"/></svg></div><div class=content>This 50/50 rule isn&rsquo;t a particularly realistic example. It&rsquo;s just a convenient way to demonstrate
accessing multiple subsets of a remote service.</div></aside></div><p>Return to your browser and login as user <code>jason</code>. If you refresh the page several times, you should see
the display alternating between black and red ratings stars (<code>v2</code> and <code>v3</code>). If you logout, you will
only see reviews without ratings (<code>v1</code>).</p><h2 id=summary>Summary</h2><p>In this article, we&rsquo;ve seen how to use Istio route rules to distribute the versions of a service
across clusters in a multicluster service mesh with a replicated control plane model.
In this example, we manually configured the <code>.global</code> service entry and destination rules needed to provide
connectivity to one remote service, <code>reviews</code>. In general, however, if we wanted to enable any service
to run either locally or remotely, we would need to create <code>.global</code> resources for every service.
Fortunately, this process could be automated and likely will be in a future Istio release.</p><nav id=see-also><h2>See also</h2><div class=see-also><div class=entry><p class=link><a data-skipendnotes=true href=/v1.3/blog/2019/proxy/>Istio as a Proxy for External Services</a></p><p class=desc>Configure Istio ingress gateway to act as a proxy for external services.</p></div><div class=entry><p class=link><a data-skipendnotes=true href=/v1.3/blog/2019/egress-traffic-control-in-istio-part-3/>Secure Control of Egress Traffic in Istio, part 3</a></p><p class=desc>Comparison of alternative solutions to control egress traffic including performance considerations.</p></div><div class=entry><p class=link><a data-skipendnotes=true href=/v1.3/blog/2019/egress-traffic-control-in-istio-part-2/>Secure Control of Egress Traffic in Istio, part 2</a></p><p class=desc>Use Istio Egress Traffic Control to prevent attacks involving egress traffic.</p></div><div class=entry><p class=link><a data-skipendnotes=true href=/v1.3/blog/2019/egress-traffic-control-in-istio-part-1/>Secure Control of Egress Traffic in Istio, part 1</a></p><p class=desc>Attacks involving egress traffic and requirements for egress traffic control.</p></div><div class=entry><p class=link><a data-skipendnotes=true href=/v1.3/blog/2019/data-plane-setup/>Demystifying Istio&#39;s Sidecar Injection Model</a></p><p class=desc>De-mystify how Istio manages to plugin its data-plane components into an existing deployment.</p></div><div class=entry><p class=link><a data-skipendnotes=true href=/v1.3/blog/2019/egress-performance/>Egress Gateway Performance Investigation</a></p><p class=desc>Verifies the performance impact of adding an egress gateway.</p></div></div></nav></article><nav class=pagenav><div class=left><a title="An overview of Istio 1.1 performance." href=/v1.3/blog/2019/istio1.1_perf/><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#left-arrow"/></svg>Architecting Istio 1.1 for Performance</a></div><div class=right><a title="Announces the new Istio blog policy." href=/v1.3/blog/2019/sail-the-blog/>Sail the Blog!<svg class="icon"><use xlink:href="/v1.3/img/icons.svg#right-arrow"/></svg></a></div></nav><div id=endnotes-container aria-hidden=true><h2>Links</h2><ol id=endnotes></ol></div></div><div class=toc-container><nav class=toc aria-label="Table of Contents"><div id=toc><ol><li role=none aria-label="Setup clusters"><a href=#setup-clusters>Setup clusters</a><li role=none aria-label="Deploy version v1 of the bookinfo application in cluster1"><a href=#deploy-version-v1-of-the-bookinfo-application-in-cluster1>Deploy version v1 of the <code>bookinfo</code> application in <code>cluster1</code></a><li role=none aria-label="Deploy bookinfo v2 and v3 services in cluster2"><a href=#deploy-bookinfo-v2-and-v3-services-in-cluster2>Deploy <code>bookinfo</code> v2 and v3 services in <code>cluster2</code></a><li role=none aria-label="Access the bookinfo application"><a href=#access-the-bookinfo-application>Access the <code>bookinfo</code> application</a><li role=none aria-label="Create a service entry and destination rule on cluster1 for the remote reviews service"><a href=#create-a-service-entry-and-destination-rule-on-cluster1-for-the-remote-reviews-service>Create a service entry and destination rule on <code>cluster1</code> for the remote reviews service</a><li role=none aria-label="Create a destination rule on both clusters for the local reviews service"><a href=#create-a-destination-rule-on-both-clusters-for-the-local-reviews-service>Create a destination rule on both clusters for the local reviews service</a><li role=none aria-label="Create a virtual service to route reviews service traffic"><a href=#create-a-virtual-service-to-route-reviews-service-traffic>Create a virtual service to route reviews service traffic</a><li role=none aria-label=Summary><a href=#summary>Summary</a><li role=none aria-label="See also"><a href=#see-also>See also</a></li></ol></div></nav></div></main><footer><div class=user-links><a class=channel title="Go download Istio 1.3.5 now" href=/v1.3/docs/setup#downloading-the-release aria-label="Download Istio"><span>download</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#download"/></svg>
</a><a class=channel title="Join the Istio discussion board to participate in discussions and get help troubleshooting problems" href=https://discuss.istio.io aria-label="Istio discussion board"><span>discuss</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#discourse"/></svg></a>
<a class=channel title="Stack Overflow is where you can ask questions and find curated answers on deploying, configuring, and using Istio" href=https://stackoverflow.com/questions/tagged/istio aria-label="Stack Overflow"><span>stack overflow</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#stackoverflow"/></svg></a>
<a class=channel title="Interactively discuss issues with the Istio community on Slack" href=https://istio.slack.com aria-label=slack><span>slack</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#slack"/></svg></a>
<a class=channel title="Follow us on Twitter to get the latest news" href=https://twitter.com/IstioMesh aria-label=Twitter><span>twitter</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#twitter"/></svg></a><div class=tag>for everyone</div></div><div class=info><p class=copyright>Istio Archive
1.3.5<br>&copy; 2019 Istio Authors, <a href=https://policies.google.com/privacy>Privacy Policy</a><br>Archived on November 14, 2019</p></div><div class=dev-links><a class=channel title="GitHub is where development takes place on Istio code" href=https://github.com/istio/community aria-label=GitHub><span>github</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#github"/></svg></a>
<a class=channel title="Access our team drive if you'd like to take a look at the Istio technical design documents" href=https://groups.google.com/forum/#!forum/istio-team-drive-access aria-label="team drive"><span>drive</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#drive"/></svg></a>
<a class=channel title="If you'd like to contribute to the Istio project, consider participating in our working groups" href=https://github.com/istio/community/blob/master/WORKING-GROUPS.md aria-label="working groups"><span>working groups</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#working-groups"/></svg></a><div class=tag>for developers</div></div></footer><div id=scroll-to-top-container aria-hidden=true><button id=scroll-to-top title="Back to top"><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#top"/></svg></button></div></body></html>
Reference in New Issue View Git Blame Copy Permalink