Question 230734 in Nginx Question posted in
The official documentation can be found here.

Nginx – Istio: balance traffic across namespaces

I’m trying to set up balancing between applications in different namespaces with Istio. But I am always getting reply from one application in dev namespace. My point is get response from applications from same prefix, like: http://example.com – need to balance between namespaces dev, staging, production

I deployed VirtualService, DestinationRule and Gateway in different namespaces. Also I have tried to deploy one Gateway in the istio-system namespace and set correct path to it in the all of VirtualService.
Obviously I don’t understand how it works…
My VirtualService

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: istio-nginx-vs
  namespace: dev
spec:
  hosts:
  - xxx.elb.amazonaws.com
  gateways:
  - dev/istio-nginx-gw
  http:
  - route:
    - destination:
        host: istio-nginx.dev.svc.cluster.local
        port:
          number: 80
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: istio-nginx-vs
  namespace: staging
spec:
  hosts:
  - xxx.elb.amazonaws.com
  gateways:
  - staging/istio-nginx-gw
  http:
  - route:
    - destination:
        host: istio-nginx.staging.svc.cluster.local
        port:
          number: 80
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: istio-nginx-vs
  namespace: production
spec:
  hosts:
  - xxx.elb.amazonaws.com
  gateways:
  - production/istio-nginx-gw
  http:
  - route:
    - destination:
        host: istio-nginx.production.svc.cluster.local
        port:
          number: 80

Here is the DestinationRule

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: istio-nginx-dr
  namespace: dev
spec:
  host: istio-nginx.svc.dev.cluster.local
  trafficPolicy:
    loadBalancer:
      simple: ROUND_ROBIN
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: istio-nginx-dr
  namespace: staging
spec:
  host: istio-nginx.staging.svc.cluster.local
  trafficPolicy:
    loadBalancer:
      simple: ROUND_ROBIN
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: istio-nginx-dr
  namespace: production
spec:
  host: istio-nginx.production.svc.cluster.local
  trafficPolicy:
    loadBalancer:
      simple: ROUND_ROBIN

And the Gateway

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: istio-nginx-gw
  namespace: dev
spec:
  selector:
    app: istio-gateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - xxx.elb.amazonaws.com
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: istio-nginx-gw
  namespace: staging
spec:
  selector:
    app: istio-gateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - xxx.elb.amazonaws.com
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: istio-nginx-gw
  namespace: production
spec:
  selector:
    app: istio-gateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - xxx.amazonaws.com
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I did it. Might be useful to someone. I have create one gateway and one VirtualService in istio-system namespace

    apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: istio-nginx-gw
  namespace: istio-system
spec:
  selector:
    app: istio-gateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - xxx.elb.amazonaws.com
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: istio-nginx-vs
  namespace: istio-system
spec:
  hosts:
  - xxx.elb.amazonaws.com
  gateways:
  - istio-system/istio-nginx-gw
  http:
  - route:
    - destination:
        host: istio-nginx.dev.svc.cluster.local
        subset: v1
        port:
          number: 80
      weight: 33
    - destination:
        host: istio-nginx.staging.svc.cluster.local
        subset: v2
        port:
          number: 80
      weight: 33
    - destination:
        host: istio-nginx.production.svc.cluster.local
        subset: v3
        port:
          number: 80
      weight: 33

    And add three Destination rules

    apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: istio-nginx-dr
  namespace: dev
spec:
  host: istio-nginx.dev.svc.cluster.local
  subsets:
    - name: v1
      labels:
        app: istio-nginx
        version: v1
  trafficPolicy:
    loadBalancer:
      simple: ROUND_ROBIN
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: istio-nginx-dr
  namespace: staging
spec:
  host: istio-nginx.staging.svc.cluster.local
  subsets:
    - name: v2
      labels:
        app: istio-nginx
        version: v2
  trafficPolicy:
    loadBalancer:
      simple: ROUND_ROBIN
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: istio-nginx-dr
  namespace: production
spec:
  host: istio-nginx.production.svc.cluster.local
  subsets:
    - name: v3
      labels:
        app: istio-nginx
        version: v3
  trafficPolicy:
    loadBalancer:
      simple: ROUND_ROBIN

    My application in dev/staging/production namespaces has the version labels: v1/v2/v3 enter image description here


  2. 0

    As the hosts "xxx.elb.amazonaws.com" value in different gateway definitions of different namespace is same for the "istio-nginx" service. So only one routing rule would have got applied. So the requests would be serviced from single application. For more details on routing rule precedence can be referred in istio documentation

    Using ‘istioctl" tool you can verify the routes configured.

    istioctl pc routes deploy/istio-ingressgateway.istio-system | grep "istio-nginx"
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search