5

I am watching a Pluralsight video on the Istio service mesh. One part of the presentation says this:

The VirtualService uses the Kubernetes service to find the IP addresses of all the pods. The VirtualService doesn't route any traffic through the [Kubernetes] service, but it just uses it to get the list of endpoints where the traffic could go.

And it shows this graphic (to show the pod discovery, not for traffic routing):

VirtualService uses Service to get IPs of pods

I am a bit confused by this because I don't know how an Istio VirtualService knows which Kubernetes Service to look at. I don't see any reference in the example Istio VirtualService yaml files to a Kubernetes Service.

I have theorized that the DestinationRules could have enough labels on them to get down to just the needed pods, but the examples only use the labels v1 and v2. It seems unlikely that a version alone will give only the needed pods. (Many different Services could be on v1 or v2.)

How does an Istio VirtualService know which Kubernetes Service to associate to?

or said another way,

How does an Istio VirtualService know how to find the correct pods from all the pods in the cluster?

Vaccano
  • 78,325
  • 149
  • 468
  • 850

2 Answers2

9

When creating a VitualService you define which service to find in route.destination section

port : service running on port

host : name of the service

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: test
spec:
  hosts:
  - "example.com"
  gateways:
  - test-gateway
  http:
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        port:
          number: 80
        host: app-service

so,

app-pod/s -> (managed by) app-service -> test virtual service

Arfat Binkileb
  • 641
  • 4
  • 18
  • I thought that the `route.destination` section was used to choose the `DestinationRule`. How then does the `VirtualService` associate to a `DestinationRule`? – Vaccano Mar 11 '21 at 22:07
  • 1
    same way we create a `kind` : `DestinationRule` which will pick up service and add routing rules Istio has amazing documentaion: https://istio.io/latest/docs/tasks/traffic-management/request-routing/ – Arfat Binkileb Mar 12 '21 at 06:35
6

Arfat's answer is correct.

I want to add the following part from the docs about the host, which should make things even more clear. https://istio.io/latest/docs/reference/config/networking/virtual-service/#VirtualService

[...] Note for Kubernetes users: When short names are used (e.g. “reviews” instead of “reviews.default.svc.cluster.local”), Istio will interpret the short name based on the namespace of the rule, not the service. A rule in the “default” namespace containing a host “reviews” will be interpreted as “reviews.default.svc.cluster.local”, irrespective of the actual namespace associated with the reviews service. To avoid potential misconfigurations, it is recommended to always use fully qualified domain names over short names.

So when you write host: app-service and the VirtualService is in the default namespace, the host is interpreted as app-service.default.svc.cluster.local, which is the FQDN of the kubernetes service. If the app-service is in another namespace, say dev, you need to set the host as host: app-service.dev.svc.cluster.local.

Same goes for DestinationRule, where the FQDN of a kubernetes service is defined as host, as well. https://istio.io/latest/docs/reference/config/networking/destination-rule/#DestinationRule

VirtualService and DestinationRule are configured for a host. Both are an abstraction for configuring Envoy running as the istio gateway/sidecar. The VirtualService defines where the traffic should go (eg host, weights for different versions, ...) and the DestinationRule defines, how the traffic should be handled, (eg load balancing algorithm and how are the versions defined.

So traffic is not routed like this

Gateway -> VirtualService -> DestinationRule -> Service -> Pod, but like

Gateway -> Service, considering the config from VirtualService and DestinationRule.

Chris
  • 5,109
  • 3
  • 19
  • 40