Add HTTP match conditions to Canary service spec

[tzilist]

Could you show an example of how to use this with the istio ingress? I can't seem to figure out how to point to the correct service!

More specifically, is it possible to tell the istio ingress to route based on certain criteria (i.e. a uri prefix, etc?)

[stefanprodan]

Flagger generates the Istio Virtual Service based on the Canary service spec. For now, it only supports exposing a service outside the mesh on a domain/subdomain list.

For a Canary definition:

apiVersion: flagger.app/v1alpha3
kind: Canary
metadata:
  name: podinfo
  namespace: test
spec:
  service:
    port: 9898
    gateways:
    - public-gateway.istio-system.svc.cluster.local
    hosts:
    - app.istio.weavedx.com

It will generate a Virtual service:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: podinfo
  namespace: test
  ownerReferences:
  - apiVersion: flagger.app/v1alpha3
    blockOwnerDeletion: true
    controller: true
    kind: Canary
    name: podinfo
spec:
  gateways:
  - public-gateway.istio-system.svc.cluster.local
  - mesh
  hosts:
  - app.istio.weavedx.com
  - podinfo
  http:
  - route:
    - destination:
        host: podinfo-primary
        port:
          number: 9898
      weight: 100
    - destination:
        host: podinfo
        port:
          number: 9898
      weight: 0

I could add the URI prefix to the Canary service spec and use that when generating the Virtual Service. Is this what you are looking for?

[tzilist]

that would be great! We are using the istio ingress and have multiple services I'd like to be able to route to so being able to specify the 'match' somehow would be great. :)

[stefanprodan]

Ok, I'll get started on this next week. When I have something ready I'll let you know.

[tzilist]

Thank you!

[idanlevin]

@stefanprodan two clarifying questions regarding this one (not sure I understood) -

1. Does Flagger support Canary deployments within the cluster? e.g. service A talks to service B.
2. Will Flagger support custom HTTP Canary routing in addition to weight? e.g. specific HTTP header, cookie value, etc.

[stefanprodan]

Hi @idanlevin

1. Does Flagger support Canary deployments within the cluster? e.g. service A talks to service B.

Yes. You can create a Canary definition without specifying a gateway or a host and Flagger will expose that workload inside the mesh using the deployment name as the VirtualService host. Service A will call service B using B's ClusterIP address eg b-app.namespace.svc.cluster.local:8080 and you can do canary deployments for B.

2. Will Flagger support custom HTTP Canary routing in addition to weight? e.g. specific HTTP header, cookie value, etc.

The idea behind progressive delivery is that you gradually increase the traffic to validate the canary and this is only achievable with weighted routing.

I'm considering adding a new CRD type for A/B testing where you could specify routing based on headers or cookies. For the A/B test the traffic will stay the same for the whole analysis duration.

[tzilist]

@stefanprodan Thank you for writing this! As soon as 0.6.0 is released we will try to use it.

[stefanprodan]

@tzilist 0.6.0 is up, please let me know if it works for you.

[stefanprodan]

@idanlevin I've added support for canary routing based on headers and/or cookies. See #88

[mfarrokhnia]

@stefanprodan I am trying to deploy the istio canary deployment using flagger. I have specified the service port under spec and also a complete virtualservice.yaml with all the required routing in different ports and different match-uris, however I can not see the port numbers under virtualservice after deployment, it has only host and weight. I'm wondering if you know what it is missing?

[stefanprodan]

@mina69 Flagger generates/overrides the virtual service so creating one manually doesn't help. The ports are not specified in any of the Istio objects, Istio does its own port discovery and will apply the header match conditions to all ports/paths.

[mfarrokhnia]

@stefanprodan I see, thanks for quick reply. Do you know how can I add several match uri? that is what I've tried but it fails: (it is suppose to route different paths to different port numbers in the container)

spec:
  targetRef:
    apiVersion: apps/v1
    kind: Deployment
    name:  {{ .Values.project }}
  progressDeadlineSeconds: 60
  autoscalerRef:
    apiVersion: autoscaling/v2beta1
    kind: HorizontalPodAutoscaler
    name:  {{ .Values.project }}    
  service:
    port: 8080
    portDiscovery: true
    {{- if .Values.canary.istioIngress.enabled }}
    gateways:
    -  {{ .Values.canary.istioIngress.gateway }}
    hosts:
    - {{ .Values.canary.istioIngress.host }}
    {{- end }}
    trafficPolicy:
      tls:
        # use ISTIO_MUTUAL when mTLS is enabled
        mode: DISABLE
    # HTTP match conditions (optional)
    - name: r1
      match:
        - uri:
          prefix: /myservice
    # cross-origin resource sharing policy (optional)
      corsPolicy:
        allowOrigin:
          - "*"
        allowMethods:
          - GET
          - POST
          - PATCH
        allowCredentials: false
        allowHeaders:
          - X-Tenant-Identifier
          - Content-Type
          - Authorization
        maxAge: 24h
    - name: r2
      match:
        - uri:
          prefix: /myservice/monitor        

[stefanprodan]

That yaml is not valid, can you please open an issue so we don't spam the participants of this issue.

[mfarrokhnia]

That yaml is not valid, can you please open an issue so we don't spam the participants of this issue.

ok, I just created a new issue, here it is: #434