Hi - brand new to Istio and am investigating it for the purpose of canary releases. We’d like to initially deploy a production version of our api to a “dogfood”/beta test group and, once approved, make this the primary production version. The beta version would be deployed to a specific node pool in gke and all traffic routed to it. Is it possible to use Istio to route incoming traffic to specific nodes or node pools? It look like I can route traffic to the pods but haven’t seen anything as of yet that specifies something higher level like a specific VM group.
If I were you I would use two kinds of resources. One is Pods which have nodeSelector and the other is DestinationRule.
I guess you already have knowledge about DestinationRule and you could make a DestinationRule which routes one type of traffic to two different Deployments.
Then, you just need to define nodeSelectors of pods of the two Deployments.
Actually, I have never used GKE before, though, AFAIK, nodes in a node pool on GKE have label named ‘cloud.google.com/gke-nodepool’.
So, assuming these three,
- You have two node pools whose names are ‘development’ and ‘production’
- You have an application which have two versions named ‘devel’ and ‘prod’
- Your application’s service name is ‘reviews’
you could achieve your goal with resources like the following.
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- name: prod
labels:
version: prod
- name: devel
labels:
version: devel
---
apiVersion: v1
kind: Service
metadata:
name: reviews
labels:
app: reviews
service: reviews
spec:
ports:
- port: 9080
name: http
selector:
app: reviews
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-prod
labels:
app: reviews
version: prod
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: prod
template:
metadata:
labels:
app: reviews
version: prod
spec:
nodeSelector:
cloud.google.com/gke-nodepool: production
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v1:1.16.2
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-devel
labels:
app: reviews
version: devel
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: devel
template:
metadata:
labels:
app: reviews
version: devel
spec:
nodeSelector:
cloud.google.com/gke-nodepool: development
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v2:1.16.2
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}Exactly what I was thinking, thank you very much for the detailed response!
@Renee Actually one more question - would this ensure pods in the ‘development’ node pool cannot communicate with pods in the ‘production’ node pool?