K
Q

Can I use istio for services which access by nodeport in kubernetes?

4/8/2019

Question

I create two deployment in kubernetes with the same service which type is NodePort,

apiVersion: v1
kind: Service
metadata:
  name: devo-159239e607c694e08b146c855b393652
  namespace: devo-bsg-dev
  labels:
    app: devo
spec:
  ports:
  - name: http-app
    nodePort: 31012
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: devo-159239e607c694e08b146c855b393652
  type: NodePort

I can access my service by NodePort and kiali show traffic too

enter image description here

Then I want all traffic go to version v1, so I create an virtualservice and destinationrule,

[root@master104 beego2]# cat beego2-virtual-service.yml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: devo-159239e607c694e08b146c855b393652
  namespace: devo-bsg-dev
spec:
  hosts:
  - devo-159239e607c694e08b146c855b393652
  http:
  - route:
    - destination:
        host: devo-159239e607c694e08b146c855b393652
        subset: v1
[root@master104 beego2]# cat beego2-destination.yml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: devo-159239e607c694e08b146c855b393652
  namespace: devo-bsg-dev
spec:
  host: devo-159239e607c694e08b146c855b393652
  subsets:
  - name: v1
    labels:
      version: v1
  - name: v2
    labels:
      version: v2

but the result does not show as expected

The question is: Is my rules wrong or istio can not work with nodeport ?

Environment

kubernetes 1.13.3

istio 1.1.2

-- zhashuyu
istio
kubernetes

Similar Questions

In Kubernetes, do pods with "readiness checks" in a state of "Unhealthy" fail to resolve from other pods until they become ready?
What is the right way to manage changes in kubernetes manifests?
Kubernetes Killing Mongo Container
error validating data: ValidationError(Deployment.spec.template.spec.volumes[0]): unknown field "hostAliases" in io.k8s.api.core.v1.Volume
nginx with minikube and metallb
Hangfire dashboard url setup on kubernetes

1 Answer

4/8/2019

I don't see any Gateway configuration within your Istio setup. Istio Gateway represents External IP address in front of Kuberentes microservices that allows incoming traffic through specified ports, protocol and hosts. You can use default istio-ingressgateway in the general Gateway resource definition, and then bind corresponded VirtualService, i.e.:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: http-gateway
  namespace: devo-bsg-dev
spec:
  selector:
    istio: ingressgateway #Default Istio Ingressgateway controller
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - devo-159239e607c694e08b146c855b393652
---

kind: VirtualService
metadata:
  name: devo-159239e607c694e08b146c855b393652
  namespace: devo-bsg-dev
spec:
  hosts:
  - devo-159239e607c694e08b146c855b393652
  gateways:
  - http-gateway
  http:
  - route:
    - destination:
        host: devo-159239e607c694e08b146c855b393652
        subset: v1

In the above scenario, we want to allow HTTP traffic on Port 80, for host devo-159239e607c694e08b146c855b393652.

You can find more related practical materials about exposing Kubernetes micro services via Istio mesh within demo Booking application example.

-- mk_sta
Source: StackOverflow