By Safa Mulani
While we believe that this content benefits our community, we have not yet thoroughly reviewed it. If you have any suggestions for improvements, please let us know by clicking the “report an issue“ button at the bottom of the tutorial.
Hello, readers! This article talks about Traffic Management in Istio with its resources as a detailed explanation.
So, let us begin!!
Traffic management refers to the management of the traffic generated as a part of the data/browsing transfer or API calls.
When we have an application set up over the on-premise server or cloud, the traffic is generated when that application tries certain API calls or calls to the services of other 3rd party entities or data transfer over the internet.
The data is a crucial and vulnerable aspect of any application and the infrastructure is the root of the setup. It is necessary to monitor the traffic over the internet over the secured infrastructure. This leads to better security and management of the services over the same platform/infrastructure.
Moving ahead, we will be having a look at Istio as the tool for traffic management in the upcoming section.
Istio introduces us to traffic management through traffic routing rules offered by it. The application becomes more resilient to failure. Because all the monitoring of traffic that goes and comes to the application over the internet.
Istio configures an Envoy proxy as a sidecar to the application container. It monitors all the traffic that routes to and from the application pod for API calls/service engagement, etc.
By this, the underlying application service stays unaffected and the entire traffic monitoring is proxied through the Envoy sidecar for resilience and traffic management.
Having understood the working of Istio as a traffic management tool, let us know to explore the resources set by Istio.
With a Virtual Service, we can define the traffic routing rules that can help during the application hitting the load balancer. We define rules and the equivalent matching protocols for the end service. If the rule matches the criteria, the traffic diverts to the end service.
Virtual service enables us to manage the traffic load easily by decoupling the service requests through the traffic routing rules. We can specify and maintain the behavior of traffic for multiple hostnames within the same Virtual Service configuration.
Let us now understand the below example of a Virtual Service configuration.
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: demo-vs spec: hosts: - demo.vs.com http: - match: - headers: end-user: exact: /api route: - destination: host: /
With Gateway comes the flexibility to control and monitor the inbound as well as outbound traffic at a global (envoy) level. We can specify the kind of traffic (protocol/rules) we wish to let enter the Istio service mesh for further routing to the destination.
So, as soon as the application URL hits the load balancer, it searches for an equivalent gateway. As soon as it finds the entry, it allows the application host to enter the mesh.
Let us try to understand the working of a Gateway through the below example-
apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: name: demo-gtwy spec: selector: app: demo servers: - port: number: 443 name: https protocol: HTTPS hosts: - demo.vs.com tls: mode: SIMPLE credentialName: demo-tls-cert
With Sidecars, we can limit and manage the traffic reaching the Envoy proxies. In a generic manner, Istio configures an Envoy Proxy that accepts traffic on the ports associated with the Workload of the application. Placing a sidecar has the below advantages:
Let us now try to understand the concept of Sidecars using the below example-
apiVersion: networking.istio.io/v1alpha3 kind: Sidecar metadata: name: default namespace: default spec: egress: - hosts: - "./*" - "bookinfo/*"
By this, we have approached the end of this topic. Feel free to comment below, in case you come across any questions.
For more such posts related to Kubernetes, Stay tuned with us.
Till then, Happy Learning! :)
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.