search

fluxcd / flagger

Progressive delivery Kubernetes operator (Canary, A/B Testing and Blue/Green deployments)
https://docs.flagger.app
Apache License 2.0
4.91k stars 733 forks source link

Can flagger routes the traffic based on the istio ingress and mesh? #1206

Open sudhakar-cloudiq opened 2 years ago

sudhakar-cloudiq commented 2 years ago

Describe the bug

Can flagger routes the traffic based on the istio ingress and mesh? We have the request coming from external with uri prefix and we have the rewrite rule in Virtual service. When we create canary the rewrite rules apply both internal and external traffic. This will work only for external but internal traffic. Is there any solution to solve this?

To Reproduce

Virtual Service

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: taxapi
  namespace: stg
spec:
  gateways:
  - stg-ingress
  hosts:
  - svc.stg.abc.com
  http:
  - match:
    - uri:
        prefix: /tax/
    rewrite:
      uri: /
    route:
    - destination:
        host: taxapi
        port:
          number: 80

Canary:

apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
  name: taxapi
  namespace: stg
spec:
  # deployment reference
  targetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: taxapi
  # the maximum time in seconds for the canary deployment
  # to make progress before it is rollback (default 600s)
  progressDeadlineSeconds: 60
  service:
    # container port
    port: 80
    targetPort: 8080
    # Istio gateways (optional)
    gateways:
    - stg/stg-ingress
    - mesh
    # Istio virtual service host names (optional)
    hosts:
    - "svc.stg.abc.com"
    match:
      - uri:
          prefix: "/tax/"
    # HTTP rewrite (optional)
    rewrite:
      uri: /
    # Istio traffic policy (optional)
    trafficPolicy:
      tls:
        # use ISTIO_MUTUAL when mTLS is enabled
        mode: DISABLE
  analysis:
    # schedule interval (default 60s)
    interval: 1m
    # total number of iterations
    iterations: 5
    # max number of failed iterations before rollback
    threshold: 3
    # canary match condition
    match:
      - headers:
          ou-id:
            exact: "9876"

Expected behavior

Additional context

aryan9600 commented 2 years ago

Because of the entry "mesh" in .spec.service.gateways, Flagger will generate a VirtualService that would be applied to all the sidecars in the mesh, which would result in it being applied to internal traffic as well. You need to remove "mesh" from there, so that the VirtualService is bound only to your custom Gateway, and only external traffic is affected. Ref: https://istio.io/latest/docs/reference/config/networking/virtual-service/#VirtualService

sudhakar-cloudiq commented 2 years ago

thanks for the reply @aryan9600. The expectation is service should be working with URL prefix for external traffic and it should be working without URL prefix for internal traffic.

External: http://svc.stg.abc.com/tax/api/wa Internal: http://taxapi.svc.cluster.local/api/wa

How do I achieve this? Thanks in advance

chinaran commented 2 years ago

we have the same issue.