Use Istio to implement intelligent routing in Kubernetes

Edit in Github

Last Updated: Feb 13, 2019 Edit in Github

Alibaba Cloud Container Service for Kubernetes supports one-click deployment of Istio and multiple functions expanded on Istio. This topic describes how to implement intelligent routing through Istio. For information about Istio official documents, see Intelligent Routing.

Prerequisites

You have created a Kubernetes cluster. For more information, see Create a Kubernetes cluster.
You have deployed Istio. For more information, see Deploy Istio.

Note Istio used in this topic is V 1.0.2.
You have a local Linux environment in which you have configured the kubectl tool and used the tool to connect to the cluster. For more information, see Connect to a Kubernetes cluster by using kubectl.
You have downloaded the project code of an Istio version and run the relevant commands in the Istio file directory. See https://github.com/istio/istio/releases.

Install the Istio official sample application

Install the Istio official sample application, Bookinfo. For more information, see https://istio.io/docs/guides/bookinfo.

Quickly deploy the Bookinfo sample application

Label the default namespace with the istio-injection=enabled tag.

Note Kubernetes clusters running on Alibaba Cloud Container Service support one-click deployment of Istio and automatic sidecar injection.
```
$ kubectl label namespace default istio-injection=enabled
```
Run the following kubectl command to deploy the Bookinfo sample application:
```
$ kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
```
The preceding command starts all four microservices. All three Reviewsservice versions (v1, v2, and v3) are also started.
Run the following command to vefiry that all services and pods are properly defined and started:
```
$ kubectl get svc,pods
```
You need to access the application from the outside of your Kubernetes cluster, for example, a browser. You need to create an Istio Gateway. Define the ingress gateway for the application.
```
$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
```
Run the following command to verify that the gateway has been created:
```
$ kubectl get gateway
NAME               AGE
bookinfo-gateway   32s
```
Run the following command to check the IP address of istio-ingressgateway .
```
$ kubectl get svc istio-ingressgateway -n istio-system
```
You can also log on to the Container Service console to view the IP address of istio-ingressgateway. Specifically, choose Application > Service in the left-side navigation pane, select the target cluster and the Istio-system namespace.
Access the BookInfo home page. The access address is http://{EXTERNAL-IP}/productpage.

If you refresh the browser, different versions of the reviews are displayed on the productpage in a round-robin manner (starting with a red star, to a black star, to no star). This indicates that Istio is currently not being used to control the version routing.

Set a route for requests

You need to set a default route because three Reviews service versions are deployed for the BookInfo sample application. Otherwise, if you access the application multiple times, you will notice that sometimes the book review output contains star ratings and other times it does not. This is because you have not set a default route for the rating service versions, and Istio then randomly routes requests to all available versions in a round robin fashion.

You need to define available versions in the destination routing rule before using Istio to control the route to the service versions of the BookInfo application.

Create the default destination routing rule for the BookInfo service.

If you do not want to enable bidirectional TLS, run the following command:
```
$ kubectl apply -f samples/bookinfo/networking/destination-rule-all.yaml
```
If you want to enable bidirectional TLS, run the following command:
```
$ kubectl apply -f samples/bookinfo/networking/destination-rule-all-mtls.yaml
```
Wait for a few seconds until the destination routing rule takes effect. Run the following command to view the destination routing rule:
```
$ kubectl get destinationrules -o yaml
```

Set the default version of all microservices to v1

Run the following command to set the default version of all microservices to v1:

$ kubectl apply -f samples/bookinfo/networking/virtual-service-all-v1.yaml

Run the following command to display all the created routing rules:

kubectl get virtualservices -o yaml

It takes a period of time for the routing rule to be synchronized to all pods because the routing rule is distributed to the proxy in an asynchronized manner. Therefore, we recommend that you wait for a few seconds before accessing the application.

Open the URL of the Bookinfo application in your browser: http://{EXTERNAL-IP}/productpage.

On the product page of the BookInfo application, the displayed content does not contain the reviews with starts. This is because the reviews:v1 service does not access the ratings service.

Route the requests from a specific user to reviews:v2

Run the following command to route requests from the test user named jason to reviews:v2 to enable the ratings service:

$ kubectl apply -f samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml

Run the following command to check whether routing rules are created:

$ kubectl get virtualservice reviews -o yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: reviews
  ...
spec:
  hosts:
  - reviews
  http:
  - match:
    - headers:
        end-user:
          exact: jason
    route:
    - destination:
        host: reviews
        subset: v2
  - route:
    - destination:
        host: reviews
        subset: v1

After you confirm that the routing rule is created, open the URL of the BookInfo application in your browser:http://{EXTERNAL-IP}/productpage.

Log on to the product page as the jason user to verify that the rating information is displayed under each review record.

Note Both the logon account name and password for are jason..

Note In this example, two request routing rules have been changed. Firstly, all requests are routed to the v1 version of the Reviews service provided by the BookInfo application. Then, a new routing rule is set to route specific requests to the v2 version of the Reviews service according to the header of a request (for example, the user cookie).

Inject faults

To test the resiliency of the microservices application, namely, BookInfo, inject a 7-second delay between the reviews:v2 microservices and the ratings microservices for the jason user. Note that the reviews:v2 service has a 10-second hard-coded connection timeout for calls to the ratings service. Therefore, you can still expect the end-to-end flow to continue without any errors even you have set the 7-second delay .

Inject an HTTP delay fault

Create a fault injection rule to delay traffic coming from the jason user.

$ kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-delay.yaml

After you confirm that the rule is created, open the URL of the BookInfo application in your browser:http://{EXTERNAL-IP}/productpage.

Log on to the productpage as the jason user to view the following.

Note The reviews service fails because the timeout between the productpage and reviews services is shorter than the timeout between the reviews and ratings services, that is, (3 seconds + 1 retry = 6 seconds) is shorter than 10 seconds. Bugs like this can occur in typical enterprise applications where different teams develop different microservices independently. Istio’s fault injection rules help you identify such anomalies without impacting end users.

Inject an HTTP abort fault

Create a fault injection rule to send an HTTP abort

$ kubectl apply -f samples/bookinfo/networking/virtual-service-ratings-test-abort.yaml

After you confirm that the rule is created, open the URL of the BookInfo application in your browser:http://{EXTERNAL-IP}/productpage.

Log on to the productpage as the jason user to view the following.

Migrate traffic

In addition to the content-based routing rule, Istio also supports the weight-based routing rule.

Run the following command to route all traffic to the v1 version of all microservices.

$ kubectl replace -f samples/bookinfo/networking/virtual-service-all-v1.yaml

Run the following command to route 50% of traffic from the reviews v1 service to the reviews v3 service:

$ kubectl replace -f samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml

Refresh the productpage for multiple times in the browser. You have a 50% probability to see the review content marked with red stars on the page.

Note Note that this method is completely different from using the deployment feature of the container orchestration platform for version migration. The container orchestration platform uses the instance scaling method to manage the traffic. With istio, two versions of the reviews service can expand and shrink capacity independently, without affecting the distribution of traffic between the two versions of services.

Assuming you decide that the reviews:v3 microservice is stable, you can route 100% of the traffic to reviews:v3 to implement a gray release by running the following command:

$ kubectl replace -f samples/bookinfo/networking/virtual-service-reviews-v3.yaml

Conclusion

You can use Alibaba Cloud Container Service for Kubernetes to quickly build the open platform, that is, Istio, to connect, manage, and secure microservices, and to introduce and configure multiple relevant services for applications. This topic uses a sample application from Istio to detail how to use Istio functions such as traffic rouging, fault injection, and traffic migrating. We recommend that you use Alibaba Cloud Container Service for Kubernetes to quickly build Istio, an open management platform for microservices, and integrate Istio with the microservice development of your project.