K
Q

Canary deployment with istio and ingress nginx

7/24/2019

I have a kubernetes cluster on-premise. Inside the cluster I have two applications: A and B. The application A is exposed the outside by ingress nginx with hostNetwork: true. The domain of the application is foo.example.com. Application A is connecting to application B and application B is not exposed.

I would like to able to deploy application B by Canary deployment. My question is how can I use istio and ingress nginx to achive my goal? Is that even possible?

Any advice will be greatly apprecatied.

The diagram below presents situation which I would like to achive. enter image description here

-- k0chan
istio
kubernetes
nginx-ingress

Similar Questions

Invalid value: "The edited file failed validation": ValidationError(Service.spec): unknown field "nodePort" in io.k8s.api.core.v1.ServiceSpec
Kubelet in Windows 10
reference variables from pom.xml to deployment.yaml
How do metrics providers, such as metrics-server and prometheus-adapter, register it's api to kubernetes apiserver

1 Answer

7/29/2019

You can perform a Canary deployment by deploying a canary pod with the same labels as your production pods not using Istio, so it attaches to the same service, and handles 1/n of the traffic. You will not have such possibilities as creating traffics routes and how much traffics specific canary gets. In a Kubernetes cluster without Istio, the number of canary pods is directly affecting the traffic they get at any given point in time.

Useful blog about Canary deployment: canary-deployment.

To do Canary deployment using Istio please follow this instruction: istio-traffic-management.

Example Virtual Servide definition:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: my-vtl-svc
spec:
  hosts:
  - "*.my-co.org"
  http:
  - route:
    - destination:
        host: my-svc
        subset: v1

In the example, under spec, hosts lists the virtual service’s hosts. In this case, the hosts are *.my-co.org, where * is a wildcard prefix indicating that this virtual service handles routing for any DNS name ending with .my-co.org.

You can specify user-addressable hosts by using any DNS name or an internal mesh service name as long as the name resolves, implicitly or explicitly, to one or more fully qualified domain names (FQDN). To specify multiple hosts, you can use wildcards.

Also, note that under route, which specifies the routing rule’s configuration, and destination, which specifies the routing rule’s destination, host: my-svc specifies the destination’s host. If you are running on Kubernetes, then my-svc is the name of a Kubernetes service.

Example Destination rule definition:

apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: my-destination-rule
spec:
  host: my-svc
  trafficPolicy:
    loadBalancer:
      simple: RANDOM
  subsets:
  - name: v1
    labels:
      version: v1
  - name: v2
    labels:
      version: v2
    trafficPolicy:
      loadBalancer:
        simple: ROUND_ROBIN
  - name: v3
    labels:
      version: v3

You can specify multiple policies in a single destination rule. In this example, the default policy, defined above the subsets field, sets a simple random load balancer for the v1 and v3 subsets. A v2 specific policy, a round robin load balancer, is defined in the corresponding subset’s field.

-- MaggieO
Source: StackOverflow