I recently started looking into istio and got confused by the destination rule configuration.
Say I have a service A that have 10 pods running behind it. I pushed a destination rule that has two subsets with label version=v1 and version=v2.
So I'm wondering what will happen to the 10 pods under the hood? Will they be divided into two subsets automatically or just remain unlabeled? Or the subsets will only be valid when the pods themselves are labeled with version=v1 and version=v2?
Thanks a lot!
The general purpose is to set up DestinationRule
resource in order to specify how the network traffic will reach your underlying Kubernetes cluster Pods. Subsets
parameter in Istio defines labels that identify version specific instances.
The below example of Istio DestinationRule
configuration demonstrates how it works and can potentially reproduce your case:
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
Actually, label version: v1
indicates that only Pods in Kubernetes marked with the same label will receive network traffic; therefore the same approach will work for label version: v2
.
There are several resources available in Istio that can expand functionality for network management purposes as described in Official documentation.
A DestinationRule simply "defines" subsets of the underlying pods. Any pod that has the labels specified in a subset are considered part of that subset and can then be routed to in a VirtualService. If your pods don't have labels that correspond to any of the defined subsets, then they will not receive traffic that is routed to a particular subset. For example, if you set a rule in a VirtualService to send 100% of the traffic to subset v1, and you have no pods with the corresponding version=v1 label, then none of your pods will receive the traffic and client calls will fail. Note that you don't have to route traffic to subsets, you can also set rules to just route to any pod implementing the service. Subsets are used to distribute traffic when you have pods implementing more than one version of service running at the same time.