Configure Traffic Management With Istio

Configure your Armory CD-as-a-Service deployment to use Istio for traffic management.

Before you begin

You are familiar with the following Istio concepts:
- Traffic Management
- Virtual Service configuration
You have installed Istio in your target cluster.
You know how to configure Istio’s VirtualService and associated DestinationRule.
You know how to create a CD-as-a-Service deployment config file.

CD-as-a-Service does not configure proxy sidecar injection.

How CD-as-a-Service shapes traffic

In the following example, you define a CD-as-a-Service deployment that uses a VirtualService and DestinationRoute:

CD-as-a-Service Deployment (deploy.yaml)


version: v1
kind: kubernetes
application: reviews
targets: 
  dev:
    account: dev
    namespace: istiodemo
		strategy: strategy1 
manifests:
  - path: manifests/reviews.yaml
  - path: manifests/istio-resources.yaml
strategies:
  strategy1:
    canary: 
      steps:
        - setWeight:
            weight: 10
        - pause:
            untilApproved: true
        - setWeight:
            weight: 90
        - pause:
            untilApproved: true
trafficManagement:
  - targets: ["dev"]
    istio:
    - virtualService: 
        name: reviews 
        httpRouteName: http-route-reviews
      destinationRule: 
        name: reviews 
        activeSubsetName: stable
        canarySubsetName: canary # does not exist yet

Istio Resources (istio-resources.yaml)


apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
    - reviews
  http:
  - route:
    - destination:
        host: reviews.istiodemo.svc.cluster.local
        subset: stable
    name: http-route-reviews
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: reviews
spec:
  host: reviews.istiodemo.svc.cluster.local
  subsets:
  - name: stable
    labels:
      app: reviews

Mapping

Deployment Field (deploy.yaml)	Deploy Line	Istio Resources Field (istio-resources.yaml)	Istio Line
virtualService.name	28	VirtualService.metadata.name	4
virtualService.httpRouteName	29	VirtualService.http.route.name	13
destinationRule.name	31	DestinationRule.metadata.name	18
destinationRule.activeSubsetName	32	VirtualService.http.route.destination.subset	12

When you deploy your app, CD-as-a-Service modifies your VirtualService and DestinationRule, setting weights for stable and canary subsets based on the weights specified in your deployment strategy. CD-as-a-Service also adds the armory-pod-template-hash label to the DestinationRule subsets for routing traffic to the pods of each ReplicaSet.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
    - reviews
  http:
  - route:
    - destination:
        host: reviews.istiodemo.svc.cluster.local
        subset: stable
      weight: 10
    - destination:
        host: reviews.istiodemo.svc.cluster.local
        subset: canary
      weight: 90
    name: http-route-reviews
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: reviews
spec:
  host: reviews.istiodemo.svc.cluster.local
  subsets:
  - name: stable
    labels:
      app: reviews
      armory-pod-template-hash: gc6647
  - name: canary
    labels:
      app: reviews
      armory-pod-template-hash: cd6648

At the end of the deployment, CD-as-a-Service removes the lines it added so the resources look the same as before the deployment began.

Additional capabilities

You have two options for deploying your VirtualService and DestinationRule Istio resources:
1. Separately, before your CD-as-a-Service deployment
2. As part of your CD-as-a-Service deployment, included in the same directory as your app manifest
You can use a VirtualService that has more than one route as long as the route is named within the resource and specified in your deployment file.
CD-as-a-Service supports both FQDN and short names in the host fields.

Create your Istio resources manifest

Create a manifest that defines your VirtualService and DestinationRule resources. Armory recommends one VirtualService with one DestinationRule for your deployment. CD-as-a-Service modifies these resources based on the canary strategy that you define in your deployment file. You can deploy these resources separately or as part of your CD-as-a-Service deployment.

Configure your CD-as-a-Service deployment

Configure your Istio resources in the trafficManagement.targets section of your deployment file.

trafficManagement:
  - targets: ["<target-name>"]
    istio:
    - virtualService:
        name: <VirtualService-metadata-name>
        httpRouteName: <VirtualService-http-route-name>
      destinationRule:
        name: <DestinationRule-metadata-name>               
        activeSubsetName: <VirtualService-http-route-destination-subset-name>
        canarySubsetName: <canary-subset-name>

targets: (Optional) comma-delimited list of deployment targets; if omitted, CD-as-a-Service applies the traffic management configuration to all targets.
istio.virtualService: (Required)
- istio.virtualService.name: The name of your VirtualService
- istio.virtualService.httpRouteName: The name of the HTTPRoute defined in your VirtualService. This field is optional if you define only one HTTPRoute.
istio.destinationRule: Optional if you only define only one DestinationRule.
- istio.destinationRule.name: The name of your DestinationRule
- istio.destinationRule.activeSubsetName: The name of the subset configured in your VirtualService HTTPRoute destination. This subset is running the current version of your app. activeSubsetName is optional if you define only one active subset.
- istio.destinationRule.canarySubsetName: (Optional) The name of the canary subset defined in your DestinationRule.

Example resources and deployment files

In this example, you deploy an app called “reviews”. You define your Istio resources in istio-resources.yaml and deploy that manifest as part of your app deployment.

CD-as-a-Service Deployment (deploy.yaml)


version: v1
kind: kubernetes
application: reviews
targets: 
  dev:
    account: dev
    namespace: istiodemo
		strategy: strategy1 
manifests:
  - path: manifests/reviews.yaml
  - path: manifests/istio-resources.yaml
strategies:
  strategy1:
    canary: 
      steps:
        - setWeight:
            weight: 10
        - pause:
            untilApproved: true
        - setWeight:
            weight: 90
        - pause:
            untilApproved: true
trafficManagement:
  - targets: ["dev"]
    istio:
    - virtualService: 
        name: reviews 
        httpRouteName: http-route-reviews
      destinationRule: 
        name: reviews 
        activeSubsetName: stable
        canarySubsetName: canary # does not exist yet

Istio Resources (istio-resources.yaml)


apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
spec:
  hosts:
    - reviews
  http:
  - route:
    - destination:
        host: reviews.istiodemo.svc.cluster.local
        subset: stable
    name: http-route-reviews
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: reviews
spec:
  host: reviews.istiodemo.svc.cluster.local
  subsets:
  - name: stable
    labels:
      app: reviews

Mapping

Deployment Field (deploy.yaml)	Deploy Line	Istio Resources Field (istio-resources.yaml)	Istio Line
virtualService.name	28	VirtualService.metadata.name	4
virtualService.httpRouteName	29	VirtualService.http.route.name	13
destinationRule.name	31	DestinationRule.metadata.name	18
destinationRule.activeSubsetName	32	VirtualService.http.route.destination.subset	12

What’s next

Traffic Management Config

Feedback

Was this page helpful?

Thank you for letting us know!

Sorry to hear that. Please tell us how we can improve.

Last modified July 28, 2023: (3f5e759)