flagger icon indicating copy to clipboard operation
flagger copied to clipboard
verified publisher icon fluxcd

Can flagger routes the traffic based on the istio ingress and mesh?

Open sudhakar-cloudiq opened this issue 3 years ago • 2 comments

Describe the bug

Can flagger routes the traffic based on the istio ingress and mesh? We have the request coming from external with uri prefix and we have the rewrite rule in Virtual service. When we create canary the rewrite rules apply both internal and external traffic. This will work only for external but internal traffic. Is there any solution to solve this?

To Reproduce

Virtual Service

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: taxapi
  namespace: stg
spec:
  gateways:
  - stg-ingress
  hosts:
  - svc.stg.abc.com
  http:
  - match:
    - uri:
        prefix: /tax/
    rewrite:
      uri: /
    route:
    - destination:
        host: taxapi
        port:
          number: 80

Canary:

apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
  name: taxapi
  namespace: stg
spec:
  # deployment reference
  targetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: taxapi
  # the maximum time in seconds for the canary deployment
  # to make progress before it is rollback (default 600s)
  progressDeadlineSeconds: 60
  service:
    # container port
    port: 80
    targetPort: 8080
    # Istio gateways (optional)
    gateways:
    - stg/stg-ingress
	- mesh
    # Istio virtual service host names (optional)
    hosts:
    - "svc.stg.abc.com"
    match:
      - uri:
          prefix: "/tax/"
    # HTTP rewrite (optional)
    rewrite:
      uri: /
    # Istio traffic policy (optional)
    trafficPolicy:
      tls:
        # use ISTIO_MUTUAL when mTLS is enabled
        mode: DISABLE
  analysis:
    # schedule interval (default 60s)
    interval: 1m
    # total number of iterations
    iterations: 5
    # max number of failed iterations before rollback
    threshold: 3
    # canary match condition
    match:
      - headers:
          ou-id:
            exact: "9876"

Expected behavior

Additional context

  • Flagger version:
  • Kubernetes version: v1.22.6
  • Service Mesh provider: Istio 1.13.4
  • Ingress provider: Istio 1.13.4

sudhakar-cloudiq avatar May 26 '22 22:05 sudhakar-cloudiq

Because of the entry "mesh" in .spec.service.gateways, Flagger will generate a VirtualService that would be applied to all the sidecars in the mesh, which would result in it being applied to internal traffic as well. You need to remove "mesh" from there, so that the VirtualService is bound only to your custom Gateway, and only external traffic is affected. Ref: https://istio.io/latest/docs/reference/config/networking/virtual-service/#VirtualService

aryan9600 avatar May 30 '22 05:05 aryan9600

thanks for the reply @aryan9600. The expectation is service should be working with URL prefix for external traffic and it should be working without URL prefix for internal traffic.

External: http://svc.stg.abc.com/tax/api/wa Internal: http://taxapi.svc.cluster.local/api/wa

How do I achieve this? Thanks in advance

sudhakar-cloudiq avatar May 31 '22 19:05 sudhakar-cloudiq

we have the same issue.

chinaran avatar Oct 26 '22 23:10 chinaran