Routing

Note: This section describes the routing rules of in-mesh services. To configure routing rules for ingress gateways, see Routes and traffic management with Virtual Services.

One of the top features of Service Mesh Manager is the ability to fully configure how traffic flows in the service mesh. This kind of routing works in the application layer, and lets you configure sophisticated rules based on URIs, ports, or headers.

In Istio, routing is mostly described in Virtual Services, and then translated to Envoy configuration. Service Mesh Manager covers almost everything that you can describe with Virtual Services, but comes with easy to use form-based traffic routing UI and YAML editor with templates for the more advanced routing needs.

The form-based approach is an easy way to get started with Istio resource management, it’s fast and convenient, but comes with usage limitations for example, you can only edit HTTP routes. In case of more advanced setups like setting TCP or TLS based VirtualServices, you can use the YAML editor. Using YAML editor needs advanced understanding of Istio CR syntax, but it provides all possible VirtualService settings for the user to configure and live validation as well.

You can add routing or redirect rules for requests that match certain criteria, and configure different rules like retry policies, request timeouts, or fault injection in VirtualServices resource using the templates provided.

Rule precedence

Note the following points about how Service Mesh Manager evaluates the routing rules:

  • Rules are evaluated in top-down order.
  • Rules that match on any traffic are always the last to help avoid rule shadowing.
  • Changing the order of rules is not supported in Service Mesh Manager.

When you specify multiple MATCH arguments, they have a logical OR relationship: the rule matches any request that fits one of the match rules. Within a match rule, you can specify multiple rules that have an AND relation. That way you can match requests against a specific URL and an HTTP method, for example.

Set routing using the UI

To create a new routing rule from the dashboard, complete the following steps. You can also edit or delete rules, and you can also view the full YAML configuration of the virtual service.

Note: Rules are evaluated in top-down order. For more details, see Rule precedence.

  1. Select the service on the MENU > SERVICES or the MENU > TOPOLOGY page.

  2. Select TRAFFIC MANAGEMENT > CREATE NEW.

    Configure routing routes Configure routing routes

    Note: This form can be used only to edit HTTP routes. For TCP, TLS configurations please use the YAML editor UI for creating Virtual Service resource, in the Istio-resources menu.

  3. By default, the new rule matches every incoming request. Click ADD CUSTOM MATCH to select only specific traffic for the rule based on scheme, method, URI, host, port, or authority.

    When you specify multiple MATCH arguments, they have a logical OR relationship: the rule matches any request that fits one of the match rules. Within a match rule, you can specify multiple rules that have an AND relation. That way you can match requests against a specific URL and an HTTP method, for example.

    For example, the following rule matches GET requests, or PUT requests received on port 8080.

    Match requests Match requests

  4. Set the action you want to execute on the matching requests.

    • You can Route the requests to a specific service. To route a portion of the traffic to a different destination, select ADD DESTINATION and use the WEIGHT parameter to split the traffic between multiple destination services.

      Multiple destinations Multiple destinations

      Note: If you want to mirror the traffic (that is, send the same requests to multiple destinations), see Mirroring.

    • Alternatively, you can Redirect the traffic to a specific URI. Redirect rules overwrite the Path portion of the URL with this value. Note that the entire path is replaced, irrespective of the request URI being matched as an exact path or prefix. To overwrite the Authority/Host portion of the URL, set the AUTHORITY FIELD as well.

      Redirect traffic Redirect traffic

  5. Set TIMEOUT and RETRY options as needed for your environment.

    Set timeout and retry parameters Set timeout and retry parameters

  6. Click Apply. The new rule appears on the TRAFFIC MANAGEMENT tab.

    Edit routing rule Edit routing rule

    You can later edit or delete the routing rule by clicking the Edit or Delete icons, respectively.

Set routing using YAML editor

When you create routing rules using the Traffic route form, you can only edit HTTP routes. For TCP, TLS configurations follow the instructions below to create Virtual Service resource from different templates, in the Istio-resources menu.

  1. Select MENU > ISTIO RESOURCES or alternatively click the YAML editor link on the top of the Traffic route form.

  2. Select the namespace in which you want to create the virtual service.

  3. Select CREATE NEW > VIRTUAL SERVICE.

  4. Select a template based on your need. Learn more about the VirtualServices resource templates here. Here, for demonstration purpose we show the HTTP templates that can be used for traffic routing.

    • By default, the new rule matches every incoming request. When you specify multiple match arguments, they have a logical OR relationship: the rule matches any request that fits one of the match rules. Within a match rule, you can specify multiple rules that have an AND relation. That way, you can match requests against a specific URL and an HTTP method, for example.

      For example, using the following template, you can create a rule that matches only requests where the URL path starts with /ratings/v2/ and the request contains a custom end-user header with the value jason. To add custom matches to select only specific traffic for the rule based on scheme, method, URI, host, port, or authority, use HTTP Request Template.

      HTTP request template

    • You can route the requests to a specific service. To route a portion of the traffic to a different destination, select HTTP Route Destination Template and use the weight parameter to split the traffic between multiple destination services.

      HTTP route destination

    • Alternatively, you can use the HTTP Redirect template to redirect the traffic to a specific URI. Redirect rules overwrite the Path portion of the URL with this value. Note that the entire path is replaced, irrespective of the request URI being matched as an exact path or prefix.

      HTTP redirect template

    • Set the timeout and retry options as needed for your environment using HTTP Retry Template.

      HTTP retry template

    • Set the rewrite option to rewrite specific parts of the HTTP request before forwarding the request to the destination using HTTP Rewrite Template.

      HTTP rewrite template

  5. Click Create. The new rule appears on the VIRTUAL SERVICES tab. You can later edit or delete the routing rule by clicking the Edit or Delete icons, respectively.

Virtual service templates

Read below to learn the usage for the different templates in VIRTUAL SERVICES.

Cors policy

To set the Cross-Origin Resource Sharing (CORS) policy, use the Cors policy template. With the CORS policy template, you can set parameters to allow a server to indicate any origins (domain, scheme, or port).

Cors policy

Delegate

To set routing rules to forward the traffic by a delegate VirtualService to a specific page, use the Delegate template.

Delegate template

Delegate route

The Delegate route template can be used to forward the traffic whose name is specified in the Delegate template.

Delegate route template

Destination route

To set the Destination or a service to which the requests are sent after processing a routing rule, use the Destination route template.

Destination route template

Fault injection abort

To inject faults in a service to test the resiliency by introducing HTTP abort fault, use the Fault injection abort template. To learn more, see Abort fault injection

Fault injection abort template

Fault injection delay

To inject faults in a service to test the resiliency by injecting delays in microservices, use the Fault injection delay template. To learn more, see Delay fault injection

Fault injection delay template

Header manipulation

To specify the header manipulation rules for route destinations, use the Header manipulation template.

Header manipulation template

HTTP direct response

To send fixed status with the body of requests and direct responses to the clients, use the HTTP direct response template.

HTTP direct response template

HTTP redirect

You can use the HTTP Redirect template to redirect the traffic to a specific URI. Redirect rules overwrite the Path portion of the URL with this value. Note that the entire path is replaced, irrespective of the request URI being matched as an exact path or prefix.

HTTP redirect template

HTTP request

The new rule matches every incoming request. When you specify multiple match arguments, they have a logical OR relationship: the rule matches any request that fits one of the match rules. Within a match rule, you can specify multiple rules that have an AND relation. That way, you can match requests against a specific URL and an HTTP method.

HTTP request template

HTTP retry

Set TIMEOUT and RETRY options as needed for your environment using HTTP Retry Template.

HTTP retry template

HTTP rewrite

Set rewrite option to rewrite specific parts of the HTTP request before forwarding the request to the destination using HTTP Rewrite Template. HTTP rewrite template

HTTP route destination

You can route the requests to a specific service. To route a portion of the traffic to a different destination, select HTTP Route Destination Template and use the weight parameter to split the traffic between multiple destination services. Learn more about the route destination here.

HTTP route destination

TCP route

To set match conditions and actions for routing TCP traffic, use ‘Tls Route Template’. Learn more about the Tls route here.

Tcp route template

TLS route

To create ingress with your own domain, use the Tls Route Template. Learn more about the Tls route here.

Tls rewrite template