Istio Traffic Shifter (a.k.a istiops) is a tool to manage traffic for microservices deployed via Istio. It simplifies deployment strategies such as bluegreen or canary releases with no need of messing around with tons of yamls from kubernetes' resources.
- Architecture
- Running tests
- Building the CLI
- Prerequisites
- How it works ?
- Using CLI
- Global Flags
- Importing as a package
- Contributing
go test ./... -v
Or you can use Docker as well in order to not mess with your system
docker build . -f Dockerfile.test -t istiops-tests
docker run -t istiops-testsTo use istiops binary you can just go build it. It will generate a command line interface tool to work with.
./run or go get && build -o build/istiops main.go
You can then run it as: ./build/istiops version
goversion1.12+ (due to go modules usage)- A kubernetes config at
~/.kube/configwhich allows the binary toGET,PATCH,UPDATEandLISTresources:virtualservices&destinationrules. If you are running the binary with a custom kubernetes' service account you can use this RBAC template to append to your roles:
- apiGroups: ["networking.istio.io"]
resources: ["virtualservices", "destinationrules"]
verbs: ["get", "list", "patch","update"]Istiops creates routing rules into virtualservices & destination rules in order to manage traffic correctly. This is an example of a routing being managed by Istio, using as default routing rule any HTTP request which matches as URI the regular expression: '.+':
We call this '.+' rule as master-route, which it will be served as the default routing rule.
A deeper in the details
-
Find the needed kubernetes' resources based on given
labels-selector -
Create associate route rules based on
pod-selector(to match which pods the routing will be served) & destination information (such ashostnameandport) -
Attach to an existent route rule a
request-headersmatch if given
- Attach to an existent route rule a
weightif given. In case of aweight: 100the balance-routing will be skipped.
Get all current traffic rules (respecting routes order) for resources which matches label-selector
istiops traffic show \
--label-selector environment=pipeline-go \
--namespace defaultEx.
Resource: api-domain-virtualservice
client -> request to -> [api.domain.io]
\_ Headers
|- x-account-id: 3
|- x-cid: seu_madruga
\_ Destination [k8s service]
- api-domain:5000
\_ 100 % of requests for pods with labels
|- app: api-domain
|- build: PR-10
\_ regex:".+"
\_ Destination [k8s service]
- api-domain:5000
\_ 90 % of requests for pods with labels
|- build: PR-10
|- app: api-domain
- api-domain:5000
\_ 10 % of requests for pods with labels
|- app: api-domain
|- build: PR-10
The output can be configured as -o json/-o yaml int order to get an object to extract structured data.
- Clear traffic rules based on input modes
There are two modes (or "clear ways") for clear command:
soft(default)
It will remove every routing rule with no pods (from subset's deployment based on labels) to route forhard
It will remove every rule except the master-route one and routes with prefix rules
Example:
istiops traffic clear -l app=api-domain -n namespace
istiops traffic clear -l app=api-domain -n namespace -m hard
- Send requests with HTTP header
"x-cid: seu_madruga"to pods with labelsapp=api-domain,build=PR-10
istiops traffic shift \
--namespace "default" \
--destination "api-domain:5000" \
--build 3 \
--label-selector "app=api-domain" \
--pod-selector "app=api-domain,build=PR-10" \
--headers "x-cid=seu_madruga"By default header's value is an exact match, you can configure to it's value matches a regular expression passing the flag -r or --regexp.
Example for a rule which header x-id can be match by either 1, 2, 3 or 4.
istiops ... -r -H 'x-id=1|2|3|4'
- Send 20% of traffic to pods with labels
app=api-domain,build=PR-10
istiops traffic shift \
--namespace "default" \
--destination "api-domain:5000" \
--build 3 \
--label-selector "app=api-domain" \
--pod-selector "app=api-domain,build=PR-10" \
--weight 20You can specify a custom path to your kubeconfig file or a specific kube-context from it by using respective the global flags: --kubeconfig and --context:
istiops traffic show \
-l "app=api-domain" \
-n "default" \
--kubeconfig "/tmp/kube-config"
istiops traffic show \
-l "app=api-domain" \
-n "default" \
--context eks_eks-my-custom-context
You can assemble istiops as an interface for your own Golang code, to do it you just have to initialize the needed struct-dependencies and call the interface directly. You can see proper examples at ./examples
If you want to contribute to a project and make it better, your help is very welcome.
- Create a personal fork of the project on Github.
- Clone the fork on your local machine. Your remote repo on Github is called
origin. - Add the original repository as a remote called
upstream. - If you created your fork a while ago be sure to pull upstream changes into your local repository.
- Create a new branch to work on! Branch from
developif it exists, else frommaster. - Implement/fix your feature, comment your code.
- Follow the code style of the project, including indentation.
- If the project has tests run them!
- Write or adapt tests as needed.
- Add or change the documentation as needed.
- Squash your commits into a single commit with git's interactive rebase. Create a new branch if necessary.
- Push your branch to your fork on Github, the remote
origin. - From your fork open a pull request in the correct branch. Target the project's
developbranch if there is one, else go formaster! - …
- If the maintainer requests further changes just push them to your branch. The PR will be updated automatically.
- Once the pull request is approved and merged you can pull the changes from
upstreamto your local repo and delete your extra branch(es).
And last but not least: Always write your commit messages in the present tense. Your commit message should describe what the commit, when applied, does to the code – not what you did to the code.