Possible to route to specific node pool?

Hi - brand new to Istio and am investigating it for the purpose of canary releases. We’d like to initially deploy a production version of our api to a “dogfood”/beta test group and, once approved, make this the primary production version. The beta version would be deployed to a specific node pool in gke and all traffic routed to it. Is it possible to use Istio to route incoming traffic to specific nodes or node pools? It look like I can route traffic to the pods but haven’t seen anything as of yet that specifies something higher level like a specific VM group.

If I were you I would use two kinds of resources. One is Pods which have nodeSelector and the other is DestinationRule.
I guess you already have knowledge about DestinationRule and you could make a DestinationRule which routes one type of traffic to two different Deployments.
Then, you just need to define nodeSelectors of pods of the two Deployments.
Actually, I have never used GKE before, though, AFAIK, nodes in a node pool on GKE have label named ‘cloud.google.com/gke-nodepool’.

So, assuming these three,

  1. You have two node pools whose names are ‘development’ and ‘production’
  2. You have an application which have two versions named ‘devel’ and ‘prod’
  3. Your application’s service name is ‘reviews’

you could achieve your goal with resources like the following.

      kind: DestinationRule
metadata:
  name: reviews
spec:
  host: reviews
  subsets:
  - name: prod
    labels:
      version: prod
  - name: devel
    labels:
      version: devel
---
apiVersion: v1
kind: Service
metadata:
  name: reviews
  labels:
    app: reviews
    service: reviews
spec:
  ports:
  - port: 9080
    name: http
  selector:
    app: reviews
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: reviews-prod
  labels:
    app: reviews
    version: prod
spec:
  replicas: 1
  selector:
    matchLabels:
      app: reviews
      version: prod
  template:
    metadata:
      labels:
        app: reviews
        version: prod
    spec:
      nodeSelector:
         cloud.google.com/gke-nodepool: production
      containers:
      - name: reviews
        image: docker.io/istio/examples-bookinfo-reviews-v1:1.16.2
        imagePullPolicy: IfNotPresent
        env:
        - name: LOG_DIR
          value: "/tmp/logs"
        ports:
        - containerPort: 9080
        volumeMounts:
        - name: tmp
          mountPath: /tmp
        - name: wlp-output
          mountPath: /opt/ibm/wlp/output
      volumes:
      - name: wlp-output
        emptyDir: {}
      - name: tmp
        emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: reviews-devel
  labels:
    app: reviews
    version: devel
spec:
  replicas: 1
  selector:
    matchLabels:
      app: reviews
      version: devel
  template:
    metadata:
      labels:
        app: reviews
        version: devel
    spec:
      nodeSelector:
         cloud.google.com/gke-nodepool: development
      containers:
      - name: reviews
        image: docker.io/istio/examples-bookinfo-reviews-v2:1.16.2
        imagePullPolicy: IfNotPresent
        env:
        - name: LOG_DIR
          value: "/tmp/logs"
        ports:
        - containerPort: 9080
        volumeMounts:
        - name: tmp
          mountPath: /tmp
        - name: wlp-output
          mountPath: /opt/ibm/wlp/output
      volumes:
      - name: wlp-output
        emptyDir: {}
      - name: tmp
        emptyDir: {}

Exactly what I was thinking, thank you very much for the detailed response!

@Renee Actually one more question - would this ensure pods in the ‘development’ node pool cannot communicate with pods in the ‘production’ node pool?