Routes and traffic management with Virtual Services
Note: This section describes the routing rules of ingress gateways. To configure routing rules for in-mesh services, see Routing.
One of the main reasons to use Istio gateways instead of native Kubernetes ingress is that you can use VirtualService to configure the routing of incoming traffic, just like for in-mesh routes. You can apply Istio concepts to incoming requests, like redirects, rewrites, timeouts, retries, or fault injection.
Calisti displays the VirtualServices and their related configuration on the Gateways page, and gives you the ability to configure routing. Calisti provides various Virtual Service templates for route rules and traffic management.
The MENU > GATEWAYS > <Gateway-to-inspect> > VIRTUAL SERVICES page displays the following information about the VirtualServices of the gateway.
- VIRTUAL SERVICE: The name of the VirtualService resource for the gateway. To display the YAML configuration of the VirtualService, click the icon next to its name.
- GATEWAYS: The names of gateways and sidecars that apply these routes.
- HOSTS: The host selector that determines which hosts are accessible using the route.
- MATCH: The route applies only to requests matching this expression.
- DESTINATION: The destinations of the routing rule.
- ACTIONS: Any special action related to the route (for example, rewrite).
- PROTOCOL: The protocol permitted in the route.
- To modify an existing route, click Edit icon.
- To delete a route, click Delete icon.
- To create a new VirtualService, click CREATE NEW.
Create a virtual service
To create a new routing rule, create a new VirtualService from the dashboard, complete the following steps. You can also edit or delete VirtualServices, and you can also view the full YAML configuration of the virtual service. The new rule created with the
VirtualService resource matches every incoming request.
Note: Rules are evaluated in top-down order. For more details, see Rule precedence.
Navigate to MENU > GATEWAYS > <Gateway-to-inspect> > VIRTUAL SERVICES page.
Select VIRTUAL SERVICE > CREATE NEW.
Select a template based on your need.
By default, the new rule matches every incoming request. When you specify multiple
matcharguments, they have a logical OR relationship: the rule matches any request that fits one of the match rules. Within a match rule, you can specify multiple rules that have an AND relation. That way, you can match requests against a specific URL and an HTTP method, for example.
For example, using the following template, you can create a rule that matches only requests where the URL path starts with
/ratings/v2/and the request contains a custom end-user header with the value
jason. To add custom matches to select only specific traffic for the rule based on scheme, method, URI, host, port, or authority, use HTTP Request Template.
You can route the requests to a specific service. To route a portion of the traffic to a different destination, select HTTP Route Destination Template and use the weight parameter to split the traffic between multiple destination services.
Alternatively, you can use the HTTP Redirect template to redirect the traffic to a specific URI. Redirect rules overwrite the Path portion of the URL with this value. Note that the entire path is replaced, irrespective of the request URI being matched as an exact path or prefix.
Set the timeout and retry options as needed for your environment using HTTP Retry Template.
Set the rewrite option to rewrite specific parts of the HTTP request before forwarding the request to the destination using HTTP Rewrite Template.
Click Create. The new rule appears on the VIRTUAL SERVICES tab.
Edit a virtual service
To edit a particular virtual service in your service mesh, click the Edit icon at the end of the row.
Modify the selected virtual service YAML, and validate the YAML.
To apply the modifications to the YAML configuration, click Apply.
Delete a virtual service
To delete a particular virtual service in your service mesh, click the Delete icon at the end of the row.
If you are absolutely sure that you want to delete the selected virtual service, click Delete on the pop-up.
CAUTION:Deleting the resource is irreversible and cannot be undone, as Calisti doesn’t store the old resource files.
Ingress with your own domain
Once you have have completed the steps in Using Let’s Encrypt with your own domain name, create a
Tls route virtual service using the templates provided. Complete the following steps.
- Navigate to MENU > GATEWAYS > <Gateway-to-inspect> > VIRTUAL SERVICES
- To create a new
ingressVirtualService using your own domain, click CREATE NEW.
- Select the Tls Route Template from the Template dropdown. Now use the gateway, host, and port number you provided during setting up an encrypted HTTPS port under your own domain name for your services.
- Once you modify and enter the host, port number and other parameters in the template, validate the resource’s correctness.
- Click CREATE.