Home Explore Blog CI



kubernetes
3rd chunk of `content/en/blog/_posts/2017-10-00-Request-Routing-And-Policy-Management.md`
d121189f4329a9b97299ab991344113945de2bf2437dce48000000010000105d
To demonstrate, we’ll deploy v2 of the **reviews** service and use Istio to make it visible only for a specific test user. We can create a Kubernetes deployment, reviews-v2, with [this YAML file](https://raw.githubusercontent.com/istio/istio/master/samples/kubernetes-blog/bookinfo-reviews-v2.yaml):  




 ```  
apiVersion: extensions/v1beta1

kind: Deployment

metadata:

 name: reviews-v2

spec:

 replicas: 1

 template:

     metadata:

         labels:

             app: reviews

             version: v2

     spec:

         containers:

         - name: reviews

             image: istio/examples-bookinfo-reviews-v2:0.2.3

             imagePullPolicy: IfNotPresent

             ports:

             - containerPort: 9080
  ```

From a Kubernetes perspective, the v2 deployment adds additional pods that the reviews service selector includes in the round-robin load balancing algorithm. This is also the default behavior for Istio.  

Before we start reviews:v2, we’ll start the last of the four Bookinfo services, ratings, which is used by the v2 version to provide ratings stars corresponding to each review:



 ```  
kubectl apply -f \<(istioctl kube-inject -f bookinfo-ratings.yaml)
  ```

If we were to start **reviews:v2** now, we would see browser responses alternating between v1 (reviews with no corresponding ratings) and v2 (review with black rating stars). This will not happen, however, because we’ll use Istio’s traffic management feature to control traffic.  

With Istio, new versions don’t need to become visible based on the number of running pods. Version visibility is controlled instead by rules that specify the exact criteria. To demonstrate, we start by using Istio to specify that we want to send 100% of reviews traffic to v1 pods only.   

Immediately setting a default rule [for every service](https://github.com/istio/istio/blob/master/samples/bookinfo/kube/route-rule-all-v1.yaml) in the mesh is an Istio best practice. Doing so avoids accidental visibility of newer, potentially unstable versions. For the purpose of this demonstration, however, we’ll only do it for the reviews service:




 ```  
cat \<\<EOF | istioctl create -f -

apiVersion: config.istio.io/v1alpha2

kind: RouteRule

metadata:

   name: reviews-default

spec:

   destination:

       name: reviews

   route:

   - labels:

           version: v1

       weight: 100

EOF
  ```

This command directs the service mesh to send 100% of traffic for the reviews service to pods with the label “version: v1”. With this rule in place, we can safely deploy the v2 version without exposing it.




 ```  
kubectl apply -f \<(istioctl kube-inject -f bookinfo-reviews-v2.yaml)
  ```

Refreshing the Bookinfo web page confirms that nothing has changed.  

At this point we have all kinds of options for how we might want to expose **reviews:v2**. If for example we wanted to do a simple canary test, we could send 10% of the traffic to v2 using a rule like this:




 ```  
apiVersion: config.istio.io/v1alpha2

kind: RouteRule

metadata:

   name: reviews-default

spec:

   destination:

       name: reviews

   route:

   - labels:

           version: v2

       weight: 10

   - labels:

           version: v1

       weight: 90
  ```

A better approach for early testing of a service version is to instead restrict access to it much more specifically. To demonstrate, we’ll set a rule to only make reviews:v2 visible to a specific test user. We do this by setting a second, higher priority rule that will only be applied if the request matches a specific condition:




 ```  
cat \<\<EOF | istioctl create -f -

apiVersion: config.istio.io/v1alpha2

kind: RouteRule

metadata:

 name: reviews-test-v2

spec:

 destination:

     name: reviews

 precedence: 2

 match:

     request:

         headers:

             cookie:

                 regex: "^(.\*?;)?(user=jason)(;.\*)?$"

 route:

 - labels:

         version: v2

     weight: 100

EOF
  ```

Here we’re specifying that the request headers need to include a user cookie with value “tester” as the condition. If this rule is not matched, we fall back to the default routing rule for v1.
Title: Controlling Traffic to Service Versions with Istio
Summary
This section demonstrates how to control traffic to different versions of the 'reviews' service using Istio. It explains deploying the 'ratings' service and creating a default route rule to send all traffic to 'reviews:v1' to avoid exposing potentially unstable newer versions. It further showcases how to deploy 'reviews:v2' without immediate exposure and outlines scenarios like canary testing (sending 10% of traffic to v2) and restricting access to 'reviews:v2' for a specific test user based on a cookie, using Istio's traffic management features and route rules.