Home Explore Blog CI



kubernetes
6th chunk of `content/en/blog/_posts/2017-10-00-Request-Routing-And-Policy-Management.md`
31364e0e388a3d40f6e372bea705d733f506143353e5686700000001000008c8
Once the v2 version has been thoroughly tested, we can use Istio to proceed with a canary test using the rule shown previously, or we can simply migrate all of the traffic from v1 to v2, optionally in a gradual fashion by using a sequence of rules with weights less than 100 (for example: 10, 20, 30, ... 100). This traffic control is independent of the number of pods implementing each version. If, for example, we had auto scaling in place, and high traffic volumes, we would likely see a corresponding scale up of v2 and scale down of v1 pods happening independently at the same time. For more about version routing with autoscaling, check out ["Canary Deployments using Istio"](https://istio.io/blog/canary-deployments-using-istio.html).  

In our case, we’ll send all of the traffic to v2 with one command:




 ```  
cat \<\<EOF | istioctl replace -f -

apiVersion: config.istio.io/v1alpha2

kind: RouteRule

metadata:

   name: reviews-default

spec:

   destination:

       name: reviews

   route:

   - labels:

           version: v2

       weight: 100

EOF
  ```

We should also remove the special rule we created for the tester so that it doesn’t override any future rollouts we decide to do:  



 ```  
istioctl delete routerule reviews-test-v2
  ```

In the Bookinfo UI, we’ll see that we are now exposing the v2 version of reviews to all users.  


## Policy enforcement
Istio provides policy enforcement functions, such as quotas, precondition checking, and access control. We can demonstrate Istio’s open and extensible framework for policies with an example: rate limiting.  

Let’s pretend that the Bookinfo ratings service is an external paid service--for example, [Rotten Tomatoes®](https://www.rottentomatoes.com/)--with a free quota of 1 request per second (req/sec). To make sure the application doesn’t exceed this limit, we’ll specify an Istio policy to cut off requests once the limit is reached. We’ll use one of Istio’s built-in policies for this purpose.  

To set a 1 req/sec quota, we first configure a **memquota** handler with rate limits:




 ```  
cat \<\<EOF | istioctl create -f -

apiVersion: "config.istio.io/v1alpha2"

kind: memquota

metadata:

 name: handler

 namespace: default
Title: Policy Enforcement with Istio: Rate Limiting
Summary
The text describes migrating traffic to the v2 version of a service using Istio and then introduces Istio's policy enforcement capabilities, specifically focusing on rate limiting. It illustrates how to configure a rate limit of 1 request per second for the Bookinfo ratings service, simulating an external paid service like Rotten Tomatoes®. This involves creating a 'memquota' handler to enforce the defined rate limits.