When multiple versions of a service run simultaneously, you need to control how traffic behaves after it reaches the service -- which version receives requests, how load is distributed, and what happens when instances become unhealthy. Destination rules in Service Mesh (ASM) define these post-routing traffic policies, including load balancing, connection pool size from the sidecar, and outlier detection.
Virtual services control where traffic goes. Destination rules control how traffic behaves once it arrives. ASM evaluates virtual service routing rules first, then applies destination rule policies to the resolved destination.
DestinationRule fields
A destination rule consists of three core fields:
| Field | Type | Description |
|---|---|---|
host | string (required) | The service name from the Kubernetes service registry. Use fully qualified domain names (for example, reviews.default.svc.cluster.local) to avoid namespace ambiguity. |
trafficPolicy | TrafficPolicy | Policies applied to all traffic for the host, including load balancing, connection pool limits, and outlier detection. |
subsets | Subset[] | Named groups of service instances, typically differentiated by version labels. Each subset can override the default trafficPolicy. |
Subset-level policies only take effect when a virtual service routing rule explicitly directs traffic to that subset.
For the full DestinationRule spec, see Destination Rule in the Istio documentation.
Create a destination rule
Prerequisites
Before you begin, make sure that you have:
An ASM instance. For more information, see [Create an ASM instance]()
At least one service deployed in the data plane cluster managed by the ASM instance
Procedure
Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose Traffic Management Center > DestinationRule.
Create the destination rule using one of the following methods: The new destination rule appears in the list on the DestinationRule page.
Console form: Click Create, configure the parameters, and click Create.
YAML editor: Click Create from YAML. Select a namespace from the Namespace drop-down list and optionally a template from the Template drop-down list. Edit the YAML in the code editor, then click Create.
YAML examples
Define subsets by version
Group service instances into named subsets based on Kubernetes pod labels. A virtual service can then route traffic to specific subsets.
apiVersion: networking.istio.io/v1
kind: DestinationRule
metadata:
name: reviews-destination
namespace: default
spec:
host: reviews.default.svc.cluster.local
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
- name: v3
labels:
version: v3Configure load balancing
Set a default load balancing algorithm for the service and override it for a specific subset.
apiVersion: networking.istio.io/v1
kind: DestinationRule
metadata:
name: reviews-lb-policy
namespace: default
spec:
host: reviews.default.svc.cluster.local
trafficPolicy:
loadBalancer:
simple: LEAST_REQUEST # Default for all subsets
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN # Override for v2 onlyThe following load balancing algorithms are available:
| Algorithm | When to use |
|---|---|
LEAST_REQUEST | Distributes load to endpoints with the fewest outstanding requests. |
ROUND_ROBIN | Simple rotation across endpoints. Use only when all endpoints have equal capacity and no weighting is needed. |
RANDOM | Randomly selects a healthy host. |
PASSTHROUGH | Forwards directly to the address requested by the caller without any load balancing. |
Configure connection pooling and outlier detection
Limit connections to prevent cascading failures and automatically eject unhealthy hosts.
apiVersion: networking.istio.io/v1
kind: DestinationRule
metadata:
name: reviews-circuit-breaker
namespace: default
spec:
host: reviews.default.svc.cluster.local
trafficPolicy:
connectionPool:
tcp:
maxConnections: 100 # Max TCP connections to the service
http:
h2UpgradePolicy: DEFAULT
http1MaxPendingRequests: 100 # Max pending HTTP/1.1 requests
http2MaxRequests: 1000 # Max concurrent HTTP/2 requests
outlierDetection:
consecutive5xxErrors: 5 # Eject after 5 consecutive 5xx errors
interval: 30s # Health check interval
baseEjectionTime: 30s # Minimum ejection duration
maxEjectionPercent: 50 # Eject at most 50% of hostsEdit, roll back, or delete a destination rule
After you create a destination rule, the DestinationRule page lists all rules. The Actions column provides the following operations:
View or edit the YAML configuration: Click YAML. In the Edit dialog box, modify the configuration and click OK.
Roll back to a previous version: Click Version. In the Version dialog box, select a version and click Rollback.
Delete the destination rule: Click Delete. In the Submit message, click OK.
ImportantDeleting a destination rule removes the associated load balancing, circuit breaking, and throttling policies, and unexpected issues may occur. Exercise caution when you delete a destination rule.
Related topics
[Manage virtual services](): Configure routing rules that direct traffic to destination rule subsets.
Destination Rule reference: Full field specification in the Istio documentation.