Routes and traffic management with Virtual Services

Note: This section describes the routing rules of ingress gateways. To configure routing rules for in-mesh services, see Routing.

One of the main reasons to use Istio gateways instead of native Kubernetes ingress is that you can use VirtualService to configure the routing of incoming traffic, just like for in-mesh routes. You can apply Istio concepts to incoming requests, like redirects, rewrites, timeouts, retries, or fault injection.

Calisti displays the VirtualServices and their related configuration on the Gateways page, and gives you the ability to configure routing. Calisti provides various Virtual Service templates for route rules and traffic management.

The MENU > GATEWAYS > <Gateway-to-inspect> > VIRTUAL SERVICES page displays the following information about the VirtualServices of the gateway.

  • VIRTUAL SERVICE: The name of the VirtualService resource for the gateway. To display the YAML configuration of the VirtualService, click the Show YAML configuration icon next to its name.
  • GATEWAYS: The names of gateways and sidecars that apply these routes.
  • HOSTS: The host selector that determines which hosts are accessible using the route.
  • MATCH: The route applies only to requests matching this expression.
  • DESTINATION: The destinations of the routing rule.
  • ACTIONS: Any special action related to the route (for example, rewrite).
  • PROTOCOL: The protocol permitted in the route.

Istio ingress gateway routes Istio ingress gateway routes

Create a virtual service

To create a new routing rule, create a new VirtualService from the dashboard, complete the following steps. You can also edit or delete VirtualServices, and you can also view the full YAML configuration of the virtual service. The new rule created with the VirtualService resource matches every incoming request.

Note: Rules are evaluated in top-down order. For more details, see Rule precedence.

  1. Navigate to MENU > GATEWAYS > <Gateway-to-inspect> > VIRTUAL SERVICES page.


  3. Select a template based on your need.

    • By default, the new rule matches every incoming request. When you specify multiple match arguments, they have a logical OR relationship: the rule matches any request that fits one of the match rules. Within a match rule, you can specify multiple rules that have an AND relation. That way, you can match requests against a specific URL and an HTTP method, for example.

      For example, using the following template, you can create a rule that matches only requests where the URL path starts with /ratings/v2/ and the request contains a custom end-user header with the value jason. To add custom matches to select only specific traffic for the rule based on scheme, method, URI, host, port, or authority, use HTTP Request Template.

      HTTP request template

    • You can route the requests to a specific service. To route a portion of the traffic to a different destination, select HTTP Route Destination Template and use the weight parameter to split the traffic between multiple destination services.

      HTTP route destination

    • Alternatively, you can use the HTTP Redirect template to redirect the traffic to a specific URI. Redirect rules overwrite the Path portion of the URL with this value. Note that the entire path is replaced, irrespective of the request URI being matched as an exact path or prefix.

      HTTP redirect template

    • Set the timeout and retry options as needed for your environment using HTTP Retry Template.

      HTTP retry template

    • Set the rewrite option to rewrite specific parts of the HTTP request before forwarding the request to the destination using HTTP Rewrite Template.

      HTTP rewrite template

  4. Click Create. The new rule appears on the VIRTUAL SERVICES tab.

Edit a virtual service

  1. To edit a particular virtual service in your service mesh, click the Edit Edit icon at the end of the row. Edit virtual service

  2. Modify the selected virtual service YAML, and validate the YAML.

  3. To apply the modifications to the YAML configuration, click Apply.

Delete a virtual service

  1. To delete a particular virtual service in your service mesh, click the Delete Delete icon at the end of the row.


  2. If you are absolutely sure that you want to delete the selected virtual service, click Delete on the pop-up.


    Deleting the resource is irreversible and cannot be undone, as Calisti doesn’t store the old resource files.

Ingress with your own domain

Once you have have completed the steps in Using Let’s Encrypt with your own domain name, create a Tls route virtual service using the templates provided. Complete the following steps.

  1. Navigate to MENU > GATEWAYS > <Gateway-to-inspect> > VIRTUAL SERVICES
  2. To create a new ingress VirtualService using your own domain, click CREATE NEW.
  3. Select the Tls Route Template from the Template dropdown. Now use the gateway, host, and port number you provided during setting up an encrypted HTTPS port under your own domain name for your services. Tls route
  4. Once you modify and enter the host, port number and other parameters in the template, validate the resource’s correctness.
  5. Click CREATE.