After Istio 1.1.0, support for TCP routing (Weight, Port) has been enhanced, since there are projects using TCP connections, so TCP routing has been explored.
Official website example
Official Reference: TCP Traffic Shifting
Example configurations for the official website:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: tcp-echo-v1
spec:
replicas: 1
template:
metadata:
labels:
app: tcp-echo
version: v1
spec:
containers:
- name: tcp-echo
image: istio/tcp-echo-server:1.1
imagePullPolicy: IfNotPresent
args: [ "9000", "one" ]
ports:
- containerPort: 9000
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: tcp-echo-v2
spec:
replicas: 1
template:
metadata:
labels:
app: tcp-echo
version: v2
spec:
containers:
- name: tcp-echo
image: istio/tcp-echo-server:1.1
imagePullPolicy: IfNotPresent
args: [ "9000", "two" ]
ports:
- containerPort: 9000
---
apiVersion: v1
kind: Service
metadata:
name: tcp-echo
labels:
app: tcp-echo
spec:
ports:
- name: tcp
port: 9000
selector:
app: tcp-echo
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: tcp-echo-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 31400
name: tcp
protocol: TCP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: tcp-echo
spec:
hosts:
- "*"
gateways:
- tcp-echo-gateway
tcp:
- match:
- port: 31400
route:
- destination:
host: tcp-echo
port:
number: 9000
subset: v1
weight: 80
- destination:
host: tcp-echo
port:
number: 9000
subset: v2
weight: 20
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: tcp-echo-destination
spec:
host: tcp-echo
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
There are several points to note above:
(1) Port 31340 in Gateway is the default tcp port bound by istio-ingressgateway and can be viewed through istio-system.service.istio-ingressgateway;
(2) Host in Gateway is defined as *, which means that all domain names are accepted, while host in VirtualService is *, which corresponds to host in Gateway;
(3) match.port in VirtualService is port 31340 listened on in Gateway, and maps Gateway port 31340 to target application destination port 9000 (application service actual port), that is, external port 31340 to specific tcp service port 9000;
Use other (non-31340) ports
Port 31340 is used by default in the official website example. If you want to use a port other than 31340 in Gateway (e.g. 28674, etc.), it is not mentioned in Istio's official website, referring to Ali Cloud Community's Istio Traffic Management Practice (1): Unified management of TCP inbound traffic routing through Istio rules , and after groping, it is concluded that if you want to use ports other than 31340, you need to add port definitions in the istio-system.service.istio-ingressgateway. For example, if I want to use port 28674 in the gateway, add the definition of port 28674 in the istio-system.service.istio-ingressgateway. The name is meaningful and does not repeat.Modify the following image:
This 28674 port can then be used in Gateway, otherwise undefined ports other than 31340 are not useful
Supplement: With regard to port definitions in Istio-ingressgateway, you can dynamically add port definitions, where port is the port listened on in Gateway and nodePort is the port entered by external services, such as port=80,nodePort=31380, then access to nodePort 31380 through domainName, but configure listening port to 80 in Gateway;
