Traffic Shifting
This task shows you how to gradually migrate traffic from one version of a microservice to another. For example, you might migrate traffic from an older version to a new version.
A common use case is to migrate traffic gradually from one version of a microservice to another. In Istio, you accomplish this goal by configuring a sequence of rules that route a percentage of traffic to one service or another. In this task, you will send 50% of traffic to reviews:v1
and 50% to reviews:v3
. Then, you will complete the migration by sending 100% of traffic to reviews:v3
.
Before you begin
Setup Istio by following the instructions in the Installation guide.
Deploy the Bookinfo sample application.
Review the Traffic Management concepts doc.
Apply weight-based routing
If you haven’t already applied destination rules, follow the instructions in Apply Default Destination Rules.
To get started, run this command to route all traffic to the
v1
version of each microservice.$ kubectl apply -f @samples/bookinfo/networking/virtual-service-all-v1.yaml@
Open the Bookinfo site in your browser. The URL is
http://$GATEWAY_URL/productpage
, where$GATEWAY_URL
is the External IP address of the ingress, as explained in the Bookinfo doc.Notice that the reviews part of the page displays with no rating stars, no matter how many times you refresh. This is because you configured Istio to route all traffic for the reviews service to the version
reviews:v1
and this version of the service does not access the star ratings service.Transfer 50% of the traffic from
reviews:v1
toreviews:v3
with the following command:$ kubectl apply -f @samples/bookinfo/networking/virtual-service-reviews-50-v3.yaml@
Wait a few seconds for the new rules to propagate.
Confirm the rule was replaced:
$ kubectl get virtualservice reviews -o yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
...
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
weight: 50
- destination:
host: reviews
subset: v3
weight: 50
Refresh the
/productpage
in your browser and you now see red colored star ratings approximately 50% of the time. This is because thev3
version ofreviews
accesses the star ratings service, but thev1
version does not.With the current Envoy sidecar implementation, you may need to refresh the
/productpage
many times –perhaps 15 or more–to see the proper distribution. You can modify the rules to route 90% of the traffic tov3
to see red stars more often.Assuming you decide that the
reviews:v3
microservice is stable, you can route 100% of the traffic toreviews:v3
by applying this virtual service:$ kubectl apply -f @samples/bookinfo/networking/virtual-service-reviews-v3.yaml@
Now when you refresh the
/productpage
you will always see book reviews with red colored star ratings for each review.
Understanding what happened
In this task you migrated traffic from an old to new version of the reviews
service using Istio’s weighted routing feature. Note that this is very different than doing version migration using the deployment features of container orchestration platforms, which use instance scaling to manage the traffic.
With Istio, you can allow the two versions of the reviews
service to scale up and down independently, without affecting the traffic distribution between them.
For more information about version routing with autoscaling, check out the blog article Canary Deployments using Istio.
Cleanup
Remove the application routing rules:
$ kubectl delete -f @samples/bookinfo/networking/virtual-service-all-v1.yaml@
If you are not planning to explore any follow-on tasks, refer to the Bookinfo cleanup instructions to shutdown the application.
See also
Direct encrypted traffic from IBM Cloud Kubernetes Service Ingress to Istio Ingress Gateway
Configure the IBM Cloud Kubernetes Service Application Load Balancer to direct traffic to the Istio Ingress gateway with mutual TLS.
Multicluster Istio configuration and service discovery using Admiral
Automating Istio configuration for Istio deployments (clusters) that work as a single mesh.
Istio as a Proxy for External Services
Configure Istio ingress gateway to act as a proxy for external services.
Multi-Mesh Deployments for Isolation and Boundary Protection
Deploy environments that require isolation into separate meshes and enable inter-mesh communication by mesh federation.
Secure Control of Egress Traffic in Istio, part 3
Comparison of alternative solutions to control egress traffic including performance considerations.
Secure Control of Egress Traffic in Istio, part 2
Use Istio Egress Traffic Control to prevent attacks involving egress traffic.