Search code examples
kubernetesopenshiftistiocanary-deployment

Istio: Blue/green deployment


Could I create an traffic strategy in order to route traffic between services running in different kubernetes' namespaces?

Currently, my testing service is located at staging namespace. By other hand, my service in production are on production namespace.

I'd like to balance traffic between service located in staging namespace and production namespace. So, 10% goes to staging:service and 90% goes to production:service.

Up to now, I've been able to create a virtual service and a destination rule, but both services running inside the same namespace.

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  creationTimestamp: null
  name: recommendation
  namespace: istio-project
spec:
  host: recommendation
  subsets:
  - labels:
      version: v1
    name: version-v1
  - labels:
      version: v2
    name: version-v2

And a VirtualService:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  creationTimestamp: null
  name: recommendation
  namespace: istio-project
spec:
  hosts:
  - recommendation
  http:
  - route:
    - destination:
        host: recommendation
        subset: version-v1
      weight: 75
    - destination:
        host: recommendation
        subset: version-v2
      weight: 25

This configuration is balancin between both services running inside istio-project namespace.

Any ideas?

EDIT

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  creationTimestamp: null
  name: recommendation
  namespace: istio-project
spec:
  hosts:
  - recommendation
  http:
  - route:
    - destination:
        host: recommendation
      weight: 75
    - destination:
        host: recommendation.istio-project-two.svc.cluster.local
      weight: 25
---

Solution

  • Any ideas?

    Did you try with FQDN to cover for cross-namespace pods. It is in format servicename.namespace.svc.cluster.local. In the istio documentation for VirtualServices this is referenced in their example as:

    spec:
      hosts:
      - ratings.prod.svc.cluster.local
    

    where ratings would be service name, prod would be namespace in that particular example. Also they list:

    ...
      namespace: foo
    spec:
      host: reviews # interpreted as reviews.foo.svc.cluster.local
    ...
    

    with cross namespace example:

    ...
    spec:
      hosts:
      - productpage.prod.svc.cluster.local # ignores rule namespace
    ...
    

    In the other part of documentation they specifically suggest usage of FQDN for Kubernetes users, quote:

    Note for Kubernetes users: When short names are used (e.g. “reviews” instead of “reviews.default.svc.cluster.local”), Istio will interpret the short name based on the namespace of the rule, not the service. A rule in the “default” namespace containing a host “reviews will be interpreted as “reviews.default.svc.cluster.local”, irrespective of the actual namespace associated with the reviews service. To avoid potential misconfigurations, it is recommended to always use fully qualified domain names over short names.

    If I understand your configuration correctly you would need: recommendation.staging.svc.cluster.local and recommendation.production.svc.cluster.local respectively as hosts to route across namespaces.

    Edit for comment:

    If you would like to route recommendation.istio-project.svc.cluster.local to pods running in that and recommendation.istio-project-two.svc.cluster.local services in said percentages then yes, this looks like valid config.