Request Routing

• Setup Istio by following the instructions in the Installation guide.

• Deploy the sample application.

• Review the Traffic Management concepts doc. Before attempting this task, you should be familiar with important terms such as destination rule, virtual service, and subset.

About this task

The Istio Bookinfo sample consists of four separate microservices, each with multiple versions. Three different versions of one of the microservices, , have been deployed and are running concurrently. To illustrate the problem this causes, access the Bookinfo app’s /productpage in a browser and refresh several times. You’ll notice that sometimes the book review output contains star ratings and other times it does not. This is because without an explicit default service version to route to, Istio routes requests to all available versions in a round robin fashion.

The initial goal of this task is to apply rules that route all traffic to v1 (version 1) of the microservices. Later, you will apply a rule to route traffic based on the value of an HTTP request header.

To route to one version only, you apply virtual services that set the default version for the microservices. In this case, the virtual services will route all traffic to v1 of each microservice.

If you haven’t already applied destination rules, follow the instructions in .

1. Run the following command to apply the virtual services:

   Zip

   Because configuration propagation is eventually consistent, wait a few seconds for the virtual services to take effect.

2. Display the defined routes with the following command:

   $ kubectl get virtualservices -o yaml
   - apiVersion: networking.istio.io/v1beta1
     kind: VirtualService
     ...
     spec:
       hosts:
       - details
       http:
       - route:
             host: details
             subset: v1
   - apiVersion: networking.istio.io/v1beta1
     kind: VirtualService
     ...
     spec:
       hosts:
       - productpage
       http:
         - destination:
             host: productpage
             subset: v1
   - apiVersion: networking.istio.io/v1beta1
     kind: VirtualService
     ...
     spec:
       hosts:
       - ratings
       http:
       - route:
         - destination:
             subset: v1
   - apiVersion: networking.istio.io/v1beta1
     kind: VirtualService
     ...
     spec:
       hosts:
       - reviews
       http:
       - route:
             host: reviews
             subset: v1

3. You can also display the corresponding subset definitions with the following command:

You have configured Istio to route to the v1 version of the Bookinfo microservices, most importantly the reviews service version 1.

Test the new routing configuration

You can easily test the new configuration by once again refreshing the /productpage of the Bookinfo app.

1. Notice that the reviews part of the page displays with no rating stars, no matter how many times you refresh. This is because you configured Istio to route all traffic for the reviews service to the version reviews:v1 and this version of the service does not access the star ratings service.

You have successfully accomplished the first part of this task: route traffic to one version of a service.

Next, you will change the route configuration so that all traffic from a specific user is routed to a specific service version. In this case, all traffic from a user named Jason will be routed to the service reviews:v2.

Note that Istio doesn’t have any special, built-in understanding of user identity. This example is enabled by the fact that the productpage service adds a custom end-user header to all outbound HTTP requests to the reviews service.

Remember, reviews:v2 is the version that includes the star ratings feature.

1. Run the following command to enable user-based routing:

   Zip

   $ kubectl apply -f @samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml@

2. Confirm the rule is created:

3. On the /productpage of the Bookinfo app, log in as user jason.

   Refresh the browser. What do you see? The star ratings appear next to each review.

4. Log in as another user (pick any name you wish).

   Refresh the browser. Now the stars are gone. This is because traffic is routed to reviews:v1 for all users except Jason.

You have successfully configured Istio to route traffic based on user identity.

Understanding what happened

In this task, you used Istio to send 100% of the traffic to the v1 version of each of the Bookinfo services. You then set a rule to selectively send traffic to version v2 of the reviews service based on a custom end-user header added to the request by the productpage service.

In the traffic shifting task, you will follow the same basic pattern you learned here to configure route rules to gradually send traffic from one version of a service to another.

1. Remove the application virtual services:

2. If you are not planning to explore any follow-on tasks, refer to the Bookinfo cleanup instructions to shutdown the application.

See also

Direct encrypted traffic from IBM Cloud Kubernetes Service Ingress to Istio Ingress Gateway

Configure the IBM Cloud Kubernetes Service Application Load Balancer to direct traffic to the Istio Ingress gateway with mutual TLS.

Automating Istio configuration for Istio deployments (clusters) that work as a single mesh.

Istio as a Proxy for External Services

Configure Istio ingress gateway to act as a proxy for external services.

Deploy environments that require isolation into separate meshes and enable inter-mesh communication by mesh federation.

Secure Control of Egress Traffic in Istio, part 3

Comparison of alternative solutions to control egress traffic including performance considerations.

Use Istio Egress Traffic Control to prevent attacks involving egress traffic.