You can define Istio resources for an Alibaba Cloud Service Mesh (ASM) instance. Istio resources support features such as traffic management, authentication, and security protection. This topic shows you how to define Istio resources, including two virtual services, an Istio gateway, and a destination rule, to support traffic routing for an application.

Prerequisites

Step 1: Define an Istio gateway

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
  4. On the details page of the ASM instance, choose Traffic Management > Gateway in the left-side navigation pane. On the Gateway page, click Create from YAML.
  5. On the Create page, perform the following steps to define an Istio gateway. Then, click Create.
    1. Select a namespace as required.
      In this example, the default namespace is used.
    2. In the code editor, define an Istio gateway. The following code shows a sample YAML file. For more information, visit GitHub.
      apiVersion: networking.istio.io/v1alpha3
      kind: Gateway
      metadata:
        name: bookinfo-gateway
      spec:
        selector:
          istio: ingressgateway # use istio default controller
        servers:
        - port:
            number: 80
            name: http
            protocol: HTTP
          hosts:
          - "*"
    On the Gateway page, you can view the defined Istio gateway named bookinfo-gateway.

Step 2: Define a virtual service

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
  4. On the details page of the ASM instance, choose Traffic Management > VirtualService in the left-side navigation pane. On the VirtualService page, click Create from YAML.
  5. On the Create page, perform the following steps to define a virtual service. Then, click Create.
    1. Select a namespace as required.
      In this example, the default namespace is used.
    2. In the code editor, define a virtual service. The following code shows a sample YAML file. For more information, visit GitHub.
      apiVersion: networking.istio.io/v1alpha3
      kind: VirtualService
      metadata:
        name: bookinfo
      spec:
        hosts:
        - "*"
        gateways:
        - bookinfo-gateway
        http:
        - match:
          - uri:
              exact: /productpage
          - uri:
              prefix: /static
          - uri:
              exact: /login
          - uri:
              exact: /logout
          - uri:
              prefix: /api/v1/products
          route:
          - destination:
              host: productpage
              port:
                number: 9080
    On the VirtualService page, you can view the defined virtual service named bookinfo.

Step 3: Access an application by using the ingress gateway service

  1. You can use the ASM console or the ACK console to obtain the IP address of the ingress gateway service that is deployed in the ACK cluster of the ASM instance. To obtain the IP address from the ACK console, perform the following steps:
    1. Log on to the ACK console.
    2. In the left-side navigation pane of the ACK console, click Clusters.
    3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster, or click Applications in the Actions column.
    4. In the left-side navigation pane of the details page, choose Network > Services
    5. In the upper part of the Services page, select istio-system from the Namespace drop-down list. On the Services page, find the ingress gateway service named istio-ingressgateway and view the value in the External Endpoint column. The value indicates the IP address of the ingress gateway service.
    Note Alternatively, you can use the kubectl client to query the IP address of the ingress gateway service. For information about how to connect to a cluster from the kubectl client, see Connect to ACK clusters by using kubectl. Run the following command in the cluster where the ingress gateway service is deployed:
    kubectl get service istio-ingressgateway -n istio-system -o jsonpath="{.status.loadBalancer.ingress[*].ip}"
  2. In the address bar of your browser, enter an address in the following format: http://{IP address of the ingress gateway service}/productpage. This operation allows you to check the current routing policy of the bookinfo application.
    If no custom routing policy is defined for the Reviews microservice, traffic is routed to the three versions of the Reviews microservice in round-robin scheduling mode. You can refresh the page to view the effects of the three versions:
    • Version 1 does not call the Ratings microservice.
    • Version 2 calls the Ratings microservice and rates a book with one to five black stars.
    • Version 3 calls the Ratings microservice and rates a book with one to five red stars.

Step 4: Define a destination rule

Destination rules support load balancing for a microservice.

  1. On the details page of the ASM instance, choose Traffic Management > DestinationRule in the left-side navigation pane. On the DestinationRule page, click Create from YAML.
  2. On the Create page, perform the following steps to define a destination rule. Then, click Create.
    1. Select a namespace as required.
      In this example, the default namespace is used.
    2. In the code editor, define a destination rule. The following code shows a sample YAML file. For more information, visit GitHub.
      In the following destination rule, different server load balancing polices are configured for different versions of the Reviews microservice. The policy for Version 1 is the default policy: ROUND ROBIN. The policy for Version 2 is LEAST_CONN. The policy for Version 3 is RANDOM.
      apiVersion: networking.istio.io/v1alpha3
      kind: DestinationRule
      metadata:
        name: reviews
      spec:
        host: reviews
        subsets:
        - name: v1
          labels:
            version: v1
        - name: v2
          labels:
            version: v2
          trafficPolicy:
            loadBalancer:
              simple: LEAST_CONN  
        - name: v3
          labels:
            version: v3
          trafficPolicy:
            loadBalancer:
              simple: RANDOM
    On the DestinationRule page, you can view the defined destination rule for the Reviews microservice.

Step 5: Define another virtual service

Define a virtual service to route traffic to the different microservice versions based on specified weights.

  1. On the details page of the ASM instance, choose Traffic Management > VirtualService in the left-side navigation pane. On the VirtualService page, click Create from YAML.
  2. On the Create page, perform the following steps to define a virtual service. Then, click Create.
    1. Select a namespace as required.
      In this example, the default namespace is used.
    2. In the code editor, define a virtual service. The following code shows a sample YAML file. For more information, visit GitHub.
      In this example, half of the inbound traffic to the Reviews microservice is routed to Version 2. The other half is routed to Version 3.
      apiVersion: networking.istio.io/v1alpha3
      kind: VirtualService
      metadata:
        name: reviews
      spec:
        hosts:
          - reviews
        http:
        - route:
          - destination:
              host: reviews
              subset: v2
            weight: 50
          - destination:
              host: reviews
              subset: v3
            weight: 50
    On the VirtualService page, you can view the defined virtual service for the Reviews microservice.

Result

In the address bar of your browser, enter an address in the following format: http://{IP address of the ingress gateway service}/productpage. If you repeatedly refresh the web page, black stars and red stars for ratings appear on the page by turns. This indicates that your requests are routed to Version 2 and Version 3 of the Reviews microservice based on the specified weights, which are 50% and 50%.