MeshTCPRoute

This policy uses new policy matching algorithm. It’s recommended to migrate from TrafficRoute. See “Interactions with TrafficRoute” section for more information.

The MeshTCPRoute policy allows you to alter and redirect TCP requests depending on where the request is coming from and where it’s going to.

TargetRef support matrix

targetRefAllowed kinds
targetRef.kindMesh, MeshSubset
to[].targetRef.kindMeshService
targetRefAllowed kinds
targetRef.kindMesh, MeshGateway, MeshGateway with listener tags
to[].targetRef.kindMesh
targetRefAllowed kinds
targetRef.kindMesh, MeshSubset
to[].targetRef.kindMeshService

For more information, see the matching docs.

Configuration

Unlike other outbound policies, MeshTCPRoute doesn’t contain default directly in the to array. The default section is nested inside rules, so the policy structure looks like the following:

  1. spec:
  2.   targetRef: # top-level targetRef selects a group of proxies to configure
  3.     kind: Mesh|MeshSubset|MeshService|MeshServiceSubset 
  4.   to:
  5.     - targetRef: # targetRef selects a destination (outbound listener)
  6.         kind: MeshService
  7.         name: backend
  8.       rules:
  9.         - default: # configuration applied for the matched TCP traffic
  10.             backendRefs: [...]

Default configuration

The following describes the default configuration settings of the MeshTCPRoute policy:

  • backendRefs: (Optional) List of destinations for the request to be redirected to
    • kind: One of MeshService, MeshServiceSubset, MeshExtenalService
    • name: The service name
    • tags: Service tags. These must be specified if the kind is MeshServiceSubset.
    • weight: When a request matches the route, the choice of an upstream cluster is determined by its weight. Total weight is a sum of all weights in the backendRefs list.

Gateways

In order to route TCP traffic for a MeshGateway, you need to target the MeshGateway in spec.targetRef and set spec.to[].targetRef.kind: Mesh.

Interactions with MeshHTTPRoute

MeshHTTPRoute takes priority over MeshTCPRoute when both are defined for the same service, and the matching MeshTCPRoute is ignored.

Interactions with TrafficRoute

MeshTCPRoute takes priority over TrafficRoute when a proxy is targeted by both policies.

All legacy policies like Retry, TrafficLog, Timeout etc. only match on routes defined by TrafficRoute. All new recommended policies like MeshRetry, MeshAccessLog, MeshTimeout etc. match on routes defined by MeshTCPRoute and TrafficRoute.

If you don’t use legacy policies, it’s recommended to remove any existing TrafficRoute. Otherwise, it’s recommended to migrate to new policies and then removing TrafficRoute.

Examples

Traffic split

We can use MeshTCPRoute to split an TCP traffic between different MeshServices implementing A/B testing or canary deployments. If we want to split traffic between v1 and v2 versions of the same service, first we have to create MeshServices backend-v1 and backend-v2 that select backend application instances according to the version.

  1. apiVersion: kuma.io/v1alpha1
  2. kind: MeshTCPRoute
  3. metadata:
  4.   name: tcp-route-1
  5.   namespace: kuma-demo
  6.   labels:
  7.     kuma.io/mesh: default
  8. spec:
  9.   targetRef:
  10.     kind: MeshSubset
  11.     tags:
  12.       app: frontend
  13.   to:
  14.   - targetRef:
  15.       kind: MeshService
  16.       name: backend_kuma-demo_svc_3001
  17.     rules:
  18.     - default:
  19.         backendRefs:
  20.         - kind: MeshServiceSubset
  21.           name: backend_kuma-demo_svc_3001
  22.           weight: 90
  23.           tags:
  24.             version: v0
  25.         - kind: MeshServiceSubset
  26.           name: backend_kuma-demo_svc_3001
  27.           weight: 10
  28.           tags:
  29.             version: v1
  1. apiVersion: kuma.io/v1alpha1
  2. kind: MeshTCPRoute
  3. metadata:
  4.   name: tcp-route-1
  5.   namespace: kuma-demo
  6.   labels:
  7.     kuma.io/mesh: default
  8. spec:
  9.   targetRef:
  10.     kind: MeshSubset
  11.     tags:
  12.       app: frontend
  13.   to:
  14.   - targetRef:
  15.       kind: MeshService
  16.       name: backend
  17.       namespace: kuma-demo
  18.       sectionName: http
  19.     rules:
  20.     - default:
  21.         backendRefs:
  22.         - kind: MeshService
  23.           name: backend-v0
  24.           namespace: kuma-demo
  25.           port: 3001
  26.           weight: 90
  27.         - kind: MeshService
  28.           name: backend-v1
  29.           namespace: kuma-demo
  30.           port: 3001
  31.           weight: 10

I am using MeshService

  1. type: MeshTCPRoute
  2. name: tcp-route-1
  3. mesh: default
  4. spec:
  5.   targetRef:
  6.     kind: MeshSubset
  7.     tags:
  8.       app: frontend
  9.   to:
  10.   - targetRef:
  11.       kind: MeshService
  12.       name: backend
  13.     rules:
  14.     - default:
  15.         backendRefs:
  16.         - kind: MeshServiceSubset
  17.           name: backend
  18.           weight: 90
  19.           tags:
  20.             version: v0
  21.         - kind: MeshServiceSubset
  22.           name: backend
  23.           weight: 10
  24.           tags:
  25.             version: v1
  1. type: MeshTCPRoute
  2. name: tcp-route-1
  3. mesh: default
  4. spec:
  5.   targetRef:
  6.     kind: MeshSubset
  7.     tags:
  8.       app: frontend
  9.   to:
  10.   - targetRef:
  11.       kind: MeshService
  12.       name: backend
  13.       sectionName: http
  14.     rules:
  15.     - default:
  16.         backendRefs:
  17.         - kind: MeshService
  18.           name: backend-v0
  19.           port: 3001
  20.           weight: 90
  21.         - kind: MeshService
  22.           name: backend-v1
  23.           port: 3001
  24.           weight: 10

Traffic redirection

You can use MeshTCPRoute to redirect outgoing traffic from one service to another.

Here’s an example of a MeshTCPRoute that redirects outgoing traffic originating at frontend_kuma-demo_svc_8080 from backend_kuma-demo_svc_3001 to external-backend:

  1. apiVersion: kuma.io/v1alpha1
  2. kind: MeshTCPRoute
  3. metadata:
  4.   name: tcp-route-1
  5.   namespace: kuma-demo
  6.   labels:
  7.     kuma.io/mesh: default
  8. spec:
  9.   targetRef:
  10.     kind: MeshSubset
  11.     tags:
  12.       app: frontend
  13.   to:
  14.   - targetRef:
  15.       kind: MeshService
  16.       name: backend_kuma-demo_svc_3001
  17.     rules:
  18.     - default:
  19.         backendRefs:
  20.         - kind: MeshService
  21.           name: external-backend_kuma-demo_svc_8080
  1. apiVersion: kuma.io/v1alpha1
  2. kind: MeshTCPRoute
  3. metadata:
  4.   name: tcp-route-1
  5.   namespace: kuma-demo
  6.   labels:
  7.     kuma.io/mesh: default
  8. spec:
  9.   targetRef:
  10.     kind: MeshSubset
  11.     tags:
  12.       app: frontend
  13.   to:
  14.   - targetRef:
  15.       kind: MeshService
  16.       name: backend
  17.       namespace: kuma-demo
  18.       sectionName: http
  19.     rules:
  20.     - default:
  21.         backendRefs:
  22.         - kind: MeshService
  23.           name: external-backend
  24.           namespace: kuma-demo
  25.           port: 8080

I am using MeshService

  1. type: MeshTCPRoute
  2. name: tcp-route-1
  3. mesh: default
  4. spec:
  5.   targetRef:
  6.     kind: MeshSubset
  7.     tags:
  8.       app: frontend
  9.   to:
  10.   - targetRef:
  11.       kind: MeshService
  12.       name: backend
  13.     rules:
  14.     - default:
  15.         backendRefs:
  16.         - kind: MeshService
  17.           name: external-backend
  1. type: MeshTCPRoute
  2. name: tcp-route-1
  3. mesh: default
  4. spec:
  5.   targetRef:
  6.     kind: MeshSubset
  7.     tags:
  8.       app: frontend
  9.   to:
  10.   - targetRef:
  11.       kind: MeshService
  12.       name: backend
  13.       sectionName: http
  14.     rules:
  15.     - default:
  16.         backendRefs:
  17.         - kind: MeshService
  18.           name: external-backend
  19.           port: 8080

Route policies with different types targeting the same destination

If multiple route policies with different types (MeshTCPRoute and MeshHTTPRoute for example) target the same destination, only a single route type with the highest specificity will be applied.

In this example, both MeshTCPRoute and MeshHTTPRoute target the same destination:

  1. apiVersion: kuma.io/v1alpha1
  2. kind: MeshHTTPRoute
  3. metadata:
  4.   name: simple-http
  5.   namespace: kuma-demo
  6.   labels:
  7.     kuma.io/mesh: default
  8. spec:
  9.   targetRef:
  10.     kind: MeshSubset
  11.     tags:
  12.       app: frontend
  13.   to:
  14.   - targetRef:
  15.       kind: MeshService
  16.       name: backend_kuma-demo_svc_3001
  17.     rules:
  18.     - default:
  19.         backendRefs:
  20.         - kind: MeshService
  21.           name: other-tcp-backend_kuma-demo_svc_8080
  1. apiVersion: kuma.io/v1alpha1
  2. kind: MeshHTTPRoute
  3. metadata:
  4.   name: simple-http
  5.   namespace: kuma-demo
  6.   labels:
  7.     kuma.io/mesh: default
  8. spec:
  9.   targetRef:
  10.     kind: MeshSubset
  11.     tags:
  12.       app: frontend
  13.   to:
  14.   - targetRef:
  15.       kind: MeshService
  16.       name: backend
  17.       namespace: kuma-demo
  18.       sectionName: http
  19.     rules:
  20.     - default:
  21.         backendRefs:
  22.         - kind: MeshService
  23.           name: other-tcp-backend
  24.           namespace: kuma-demo
  25.           port: 8080

I am using MeshService

  1. type: MeshHTTPRoute
  2. name: simple-http
  3. mesh: default
  4. spec:
  5.   targetRef:
  6.     kind: MeshSubset
  7.     tags:
  8.       app: frontend
  9.   to:
  10.   - targetRef:
  11.       kind: MeshService
  12.       name: backend
  13.     rules:
  14.     - default:
  15.         backendRefs:
  16.         - kind: MeshService
  17.           name: other-tcp-backend
  1. type: MeshHTTPRoute
  2. name: simple-http
  3. mesh: default
  4. spec:
  5.   targetRef:
  6.     kind: MeshSubset
  7.     tags:
  8.       app: frontend
  9.   to:
  10.   - targetRef:
  11.       kind: MeshService
  12.       name: backend
  13.       sectionName: http
  14.     rules:
  15.     - default:
  16.         backendRefs:
  17.         - kind: MeshService
  18.           name: other-tcp-backend
  19.           port: 8080
  1. apiVersion: kuma.io/v1alpha1
  2. kind: MeshHTTPRoute
  3. metadata:
  4.   name: simple-http
  5.   namespace: kuma-demo
  6.   labels:
  7.     kuma.io/mesh: default
  8. spec:
  9.   targetRef:
  10.     kind: MeshSubset
  11.     tags:
  12.       app: frontend
  13.   to:
  14.   - targetRef:
  15.       kind: MeshService
  16.       name: backend_kuma-demo_svc_3001
  17.     rules:
  18.     - matches: 
  19.       path:
  20.         type: PathPrefix
  21.         value: "/"
  22.       default:
  23.         backendRefs:
  24.         - kind: MeshService
  25.           name: other-http-backend_kuma-demo_svc_8080
  1. apiVersion: kuma.io/v1alpha1
  2. kind: MeshHTTPRoute
  3. metadata:
  4.   name: simple-http
  5.   namespace: kuma-demo
  6.   labels:
  7.     kuma.io/mesh: default
  8. spec:
  9.   targetRef:
  10.     kind: MeshSubset
  11.     tags:
  12.       app: frontend
  13.   to:
  14.   - targetRef:
  15.       kind: MeshService
  16.       name: backend
  17.       namespace: kuma-demo
  18.       sectionName: http
  19.     rules:
  20.     - matches: 
  21.       path:
  22.         type: PathPrefix
  23.         value: "/"
  24.       default:
  25.         backendRefs:
  26.         - kind: MeshService
  27.           name: other-http-backend
  28.           namespace: kuma-demo
  29.           port: 8080

I am using MeshService

  1. type: MeshHTTPRoute
  2. name: simple-http
  3. mesh: default
  4. spec:
  5.   targetRef:
  6.     kind: MeshSubset
  7.     tags:
  8.       app: frontend
  9.   to:
  10.   - targetRef:
  11.       kind: MeshService
  12.       name: backend
  13.     rules:
  14.     - matches: 
  15.       path:
  16.         type: PathPrefix
  17.         value: "/"
  18.       default:
  19.         backendRefs:
  20.         - kind: MeshService
  21.           name: other-http-backend
  1. type: MeshHTTPRoute
  2. name: simple-http
  3. mesh: default
  4. spec:
  5.   targetRef:
  6.     kind: MeshSubset
  7.     tags:
  8.       app: frontend
  9.   to:
  10.   - targetRef:
  11.       kind: MeshService
  12.       name: backend
  13.       sectionName: http
  14.     rules:
  15.     - matches: 
  16.       path:
  17.         type: PathPrefix
  18.         value: "/"
  19.       default:
  20.         backendRefs:
  21.         - kind: MeshService
  22.           name: other-http-backend
  23.           port: 8080

Depending on the backend’s protocol:

  • MeshHTTPRoute will be applied if http, http2, or grpc are specified
  • MeshTCPRoute will be applied if tcp or kafka is specified, or when nothing is specified

All policy configuration settings