How to call the services within a mesh in ISTIO?

4
votes

I am using service mesh https://istio.io/ installed on top of kubernetes and have installed the example https://istio.io/docs/examples/bookinfo/, that ISTIO provides on their website.

Assume, I've created a service FOO and would like to call the service ratings through the virtual service ratings.

enter image description here

  • How to call ratings within FOO? Which address do I have to provide the http client in the FOO service to call ratings. Do Ihave to create a virtual service for ratings? ratings should not be accessible outside of kubernetes cluser.

  • When FOO calls ratings, will the request go first through the own envoy proxy or it goes directly to ratings envoy proxy?

Follow-up question

Here are all virtual services installed on the kubernetes cluster:

[enter image description here2

The cluster IP address is:

enter image description here

The question is, how can I call the ratings service in FOO service? With the Cluster IP address?

3
kubernetesistio

3 Answers

9
votes

How to call RATINGS within FOO? Which address do I have to provide the http client in the FOO service to call RATINGS. Do I have to create a virtual service for RATINGS? RATINGS should not be accessible outside of kubernetes cluser.

You can still call other services the same way you would without istio. Since the service only needs to be accessible inside the cluster, you'll want to expose it with a clusterIP service. You can then call the service by name using Kubernetes DNS. In general, the service is available at http(s)://{namespace}.{service-name}. To call a service in the same namespace, you can leave the {namespace} out of the url.

While it is not necessary to create a VirtualService, it is advised by istio:

Although the default Istio behavior conveniently sends traffic from any source to all versions of a destination service without any rules being set, creating a VirtualService with a default route for every service, right from the start, is generally considered a best practice in Istio.

When FOO calls RATINGS, will the request go first through the own envoy proxy or it goes directly to RATINGS envoy proxy?

It will go through both envoy proxies. This is how istio can manage the routing of your requests and provide traffic insights like tracing.

The outbound envoy proxy can be bypassed though, with the traffic.sidecar.istio.io/includeOutboundIPRanges annotation.

0
votes

use "mesh" keyword in the list of gateways of a virtual service, inter service communication will also use these rules by the side cars and essentially leverage all additional rules configured for a particular service(like, retries)

-1
votes

I would suggest using Kubernetes DNS that is attached to a Kubernetes service that has the selectors for BOO service so that your traffic is redirected to BOO pods.