I have 4 micro-service.
Only service-1 has two deployments behind it, so there has two pods behind service-1. You can call it blue green deployment.
Other three services has one deployment and one pod.
If I want to sent external traffic to server-1/pod-v2 then I can control it via subset into destination rules. Service-2's pod can call service-1's pods via service name.
How can I configure istio for service-2/pod can only call service-1/pod-v2 via service name and other service will only call service-1/pod-v1 via service name ?
This is not the way that I want to solve this problem. Basically I controlled incoming traffic of a pod, but I want to control outbound traffic of a pod. However, I post my hacky solution here.
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: handle-internal-traffic
namespace: demo
spec:
hosts:
- "service-1"
gateways:
- mesh
http:
- match:
- sourceLabels:
version: v1
uri:
exact: /
route:
- destination:
host: service-1
subset: v1
- match:
- uri:
exact: /api
rewrite:
uri: "/"
route:
- destination:
host: service-1
subset: v2
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: service-1
namespace: demo
spec:
host: service-1.demo.svc.cluster.local
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
Just filter the labels while a request came from other pods by mesh network.