Routes and traffic management

Note: This section describes the routing rules of ingress gateways. To configure routing rules for in-mesh services, see Routing.

One of the main reasons to use Istio gateways instead of native Kubernetes ingress is that you can use VirtualServices to configure the routing of incoming traffic, just like for in-mesh routes. You can apply Istio concepts to incoming requests, like redirects, rewrites, timeouts, retries, or fault injection.

Service Mesh Manager displays routes and their related configuration on the Gateways page, and gives you the ability to configure routing. Service Mesh Manager translates the inputs to Istio CRs (mainly VirtualServices), then validates and applies them to the cluster.

The MENU > GATEWAYS > <Gateway-to-inspect> > ROUTES page displays the following information about the routes of the gateway.

  • VIRTUAL SERVICE: The name of the VirtualService resource for the gateway. To display the YAML configuration of the VirtualService, click the Show YAML configuration icon next to its name.
  • GATEWAYS: The names of gateways and sidecars that apply these routes.
  • HOSTS: The host selector that determines which hosts are accessible using the route.
  • MATCH: The route applies only to requests matching this expression.
  • DESTINATION: The destinations of the routing rule.
  • ACTIONS: Any special action related to the route (for example, rewrite).
  • PROTOCOL: The protocol permitted in the route.

Istio ingress gateway routes Istio ingress gateway routes

  • To modify an existing route, click Edit .
  • To delete a route, click Delete .
  • To create a new route, click CREATE NEW.

Routing rule precedence

Note the following points about how Service Mesh Manager evaluates the routing rules:

  • Rules are evaluated in top-down order.
  • Rules that match on any traffic are always the last to help avoid rule shadowing.
  • Changing the order of rules is not supported in Service Mesh Manager.

When you specify multiple MATCH arguments, they have a logical OR relationship: the rule matches any request that fits one of the match rules. Within a match rule, you can specify multiple rules that have an AND relation. That way you can match requests against a specific URL and an HTTP method, for example.

Create a new route

To create a new route on the gateway, or to apply redirects, rewrites, or other changes to the incoming requests, complete the following steps.

Note: Rules are evaluated in top-down order. For more details, see Rule precedence.

  1. Navigate to MENU > GATEWAYS > <Gateway-to-modify> > ROUTES.

  2. Click CREATE NEW.

    Istio ingress gateway create new entry point Istio ingress gateway create new entry point

  3. Select the gateways that should apply this rule in the GATEWAYS field.

  4. By default, the new rule matches every incoming request. Click ADD CUSTOM MATCH to select only specific traffic for the rule based on scheme, method, URI, host, port, or authority.

    When you specify multiple MATCH arguments, they have a logical OR relationship: the rule matches any request that fits one of the match rules. Within a match rule, you can specify multiple rules that have an AND relation. That way you can match requests against a specific URL and an HTTP method, for example.

    For example, the following rule matches GET requests, and PUT requests received on port 8080.

    Match requests Match requests

  5. Set the action you want to execute on the matching requests.

    • You can Route the requests to a specific service. To route a portion of the traffic to a different destination, select ADD DESTINATION and use the WEIGHT parameter to split the traffic between multiple destination services.

      Multiple destinations Multiple destinations

      Note: If you want to mirror the traffic (that is, send the same requests to multiple destinations), see Mirroring.

    • Alternatively, you can Redirect the traffic to a specific URI. Redirect rules overwrite the Path portion of the URL with this value. Note that the entire path is replaced, irrespective of the request URI being matched as an exact path or prefix. To overwrite the Authority/Host portion of the URL, set the AUTHORITY FIELD as well.

      Redirect traffic Redirect traffic

  6. Set TIMEOUT and RETRY options as needed for your environment.

    Set timeout and retry parameters Set timeout and retry parameters

  7. Click Apply. The new rule appears on the ROUTES tab.

    You can later edit or delete the routing rule by clicking the Edit or Delete icons, respectively.