You can define Istio resources for an Alibaba Cloud Service Mesh (ASM) instance. Istio resources support features such as traffic management, authentication, and security protection. This topic shows you how to define Istio resources, including a virtual service, a gateway, and a destination rule, to support traffic routing for an application.

Prerequisites

Step 1: Define a gateway

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
  4. On the details page of the ASM instance, choose Traffic Management > Gateway in the left-side navigation pane. On the Gateway rules page, click Create from YAML.
  5. In the Create panel, perform the following steps to define a gateway. Then, click OK.
    1. Select a namespace as required.
      In this example, the default namespace is used.
    2. In the code editor, define a gateway. For example, you can define a gateway by creating a YAML file that contains the following code. For more information, visit Istio example in GitHub.
      apiVersion: networking.istio.io/v1alpha3
      kind: Gateway
      metadata:
        name: bookinfo-gateway
      spec:
        selector:
          istio: ingressgateway # use istio default controller
        servers:
        - port:
            number: 80
            name: http
            protocol: HTTP
          hosts:
          - "*"
    On the Gateway tab, you can view the defined bookinfo-gateway gateway.

Step 2: Define a virtual service

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
  4. On the details page of the ASM instance, choose Traffic Management > VirtualService in the left-side navigation pane. On the Virtual service page, click Create from YAML.
  5. In the Create panel, perform the following steps to define a virtual service. Then, click OK.
    1. Select a namespace as required.
      In this example, the default namespace is used.
    2. In the code editor, define a virtual service. For example, you can define a virtual service by creating a YAML file that contains the following code. For more information, visit Istio example in GitHub.
      apiVersion: networking.istio.io/v1alpha3
      kind: VirtualService
      metadata:
        name: bookinfo
      spec:
        hosts:
        - "*"
        gateways:
        - bookinfo-gateway
        http:
        - match:
          - uri:
              exact: /productpage
          - uri:
              prefix: /static
          - uri:
              exact: /login
          - uri:
              exact: /logout
          - uri:
              prefix: /api/v1/products
          route:
          - destination:
              host: productpage
              port:
                number: 9080
    On the VirtualService tab, you can view the defined bookinfo virtual service.

Step 3: Access an application by using the ingress gateway service

  1. You can use the ASM console or the Container Service console to obtain the IP address of the ingress gateway service that is deployed in the cluster of the ASM instance. To obtain the IP address in the Container Service console, perform the following steps:
    1. Log on to the Container Service console.
    2. In the left-side navigation pane of the ACK console, click Clusters.
    3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster, or click Applications in the Actions column.
    4. In the left-side navigation pane of the details page, choose Network > Services.
    5. At the top of the Services page, select istio-system from the Namespace drop-down list. On the page that appears, view the value in the External Endpoint column of the ingress gateway service that is named istio-ingressgateway. The value is the IP address of the ingress gateway service.
    Note Alternatively, you can use the kubectl client to query the IP address of the ingress gateway service. For information about how to connect to a cluster from the kubectl client, see Connect to ACK clusters by using kubectl. Run the following command in the cluster where the ingress gateway service is deployed:
    kubectl get service istio-ingressgateway -n istio-system -o jsonpath="{.status.loadBalancer.ingress[*].ip}"
  2. In the address bar of your browser, enter an address in the following format: http://The IP address of the ingress gateway service/productpage. This operation allows you to check the current routing policy of the Bookinfo application.
    If no custom routing policy is defined for the Reviews microservice, traffic is routed to the three versions of the Reviews microservice in round-robin scheduling mode. You can refresh the page to view the effects of the three versions:
    • Version v1 does not call the Ratings microservice.
    • Version v2 calls the Ratings microservice and displays each rating as one to five black stars.
    • Version v3 calls the Ratings microservice and displays each rating as one to five red stars.

Step 4: Define a destination rule

Destination rules support load balancing for a microservice.

  1. On the details page of the ASM instance, choose Traffic Management > DestinationRule in the left-side navigation pane. On the Target rule page, click Create from YAML.
  2. In the Create panel, perform the following steps to define a destination rule. Then, click OK.
    1. Select a namespace as required.
      In this example, the default namespace is used.
    2. In the code editor, define a destination rule. For example, you can define a destination rule by creating a YAML file that contains the following code. For more information, visit Istio example in GitHub.
      In the following destination rule, different server load balancing polices are configured for different versions of the Reviews microservice. The policy for Version v1 is the default policy, namely, ROUND ROBIN. The policy for Version v2 is LEAST_CONN. The policy for Version v3 is RANDOM.
      apiVersion: networking.istio.io/v1alpha3
      kind: DestinationRule
      metadata:
        name: reviews
      spec:
        host: reviews
        subsets:
        - name: v1
          labels:
            version: v1
        - name: v2
          labels:
            version: v2
          trafficPolicy:
            loadBalancer:
              simple: LEAST_CONN  
        - name: v3
          labels:
            version: v3
          trafficPolicy:
            loadBalancer:
              simple: RANDOM
    On the DestinationRule tab, you can view the defined reviews destination rule.

Step 5: Define another virtual service

Define a virtual service to route traffic to the different microservice versions based on specified weights.

  1. On the details page of the ASM instance, choose Traffic Management > VirtualService in the left-side navigation pane. On the Virtual service page, click Create from YAML.
  2. In the Create panel, perform the following steps to define a virtual service. Then, click OK.
    1. Select a namespace as required.
      In this example, the default namespace is used.
    2. In the code editor, define the virtual service. For example, you can define a virtual service by creating a YAML file that contains the following code. For more information, visit Istio example in GitHub.
      In this example, half of inbound traffic to the Reviews microservice is routed to Version v2. The other half is routed to Version v3.
      apiVersion: networking.istio.io/v1alpha3
      kind: VirtualService
      metadata:
        name: reviews
      spec:
        hosts:
          - reviews
        http:
        - route:
          - destination:
              host: reviews
              subset: v2
            weight: 50
          - destination:
              host: reviews
              subset: v3
            weight: 50
    On the VirtualService tab, you can view the defined reviews virtual service.

Result

In the address bar of your browser, enter the address in the following format: http://The IP address of the ingress gateway service/productpage. If you repeatedly refresh the web page, black stars and red stars for ratings appear on the page by turns. This indicates that your requests are routed to the versions v2 and v3 of the Reviews microservice based on the specified weights, which are 50% and 50%.