Client Side Load Balancing with TSB
The following YAML file has three objects - a Workspace
for the application,
a Gateway group
so that you can configure the application ingress, and a
Traffic group
that will allow you to configure the canary release process.
apiversion: api.tsb.tetrate.io/v2
kind: Workspace
metadata:
organization: tetrate
tenant: default
name: helloworld-ws
spec:
namespaceSelector:
names:
- "*/helloworld"
---
apiVersion: gateway.tsb.tetrate.io/v2
kind: Group
metadata:
organization: tetrate
tenant: default
workspace: helloworld-ws
name: helloworld-gw
spec:
namespaceSelector:
names:
- "*/helloworld"
configMode: BRIDGED
---
apiVersion: traffic.tsb.tetrate.io/v2
kind: Group
metadata:
organization: tetrate
tenant: default
workspace: helloworld-ws
name: helloworld-trf
spec:
namespaceSelector:
names:
- "*/helloworld"
configMode: BRIDGED
Store the file as helloworld-ws-groups.yaml
, and apply with tctl
:
tctl apply -f helloworld-ws-groups.yaml
To deploy your application, start by creating the namespace and enable the Istio sidecar injection.
kubectl create namespace helloworld
kubectl label namespace helloworld istio-injection=enabled
Then deploy your application.
apiVersion: apps/v1
kind: Deployment
metadata:
name: helloworld-v1
namespace: helloworld
spec:
replicas: 3
selector:
matchLabels:
app: helloworld
version: v1
template:
metadata:
labels:
app: helloworld
version: v1
spec:
containers:
- name: hello
image: "gcr.io/google-samples/hello-app:1.0"
env:
- name: "PORT"
value: "8080"
---
apiVersion: v1
kind: Service
metadata:
name: helloworld
namespace: helloworld
spec:
selector:
app: helloworld
ports:
- protocol: TCP
port: 443
targetPort: 8080
Store as helloworld-1.yaml
, and apply with kubectl
:
kubectl apply -f helloworld-1.yaml
Note that you’re deploying 3 replicas for this deployment.
In this example, you’re going to expose the application using simple TLS at the gateway. You’ll need to provide it with a TLS certificate stored in a Kubernetes secret.
kubectl create secret tls -n helloworld helloworld-cert \
--cert /path/to/some/helloworld-cert.pem \
--key /path/to/some/helloworld-key.pem
Now you can deploy your ingress gateway.
apiVersion: install.tetrate.io/v1alpha1
kind: IngressGateway
metadata:
name: tsb-helloworld-gateway
namespace: helloworld
spec:
kubeSpec:
service:
type: LoadBalancer
Save as helloworld-ingress.yaml
, and apply with kubectl
:
kubectl apply -f helloworld-ingress.yaml
The TSB data plane operator in the cluster will pick up this configuration and deploy the gateway’s resources in your application namespace. Finally, configure the gateway so that it routes traffic to your application.
apiVersion: gateway.tsb.tetrate.io/v2
kind: IngressGateway
metadata:
name: helloworld-gateway
group: helloworld-gw
workspace: helloworld-ws
tenant: default
organization: tetrate
spec:
workloadSelector:
namespace: helloworld
labels:
app: tsb-helloworld-gateway
http:
- name: helloworld
port: 443
hostname: helloworld.senserrich-test.tk
tls:
mode: SIMPLE
secretName: helloworld-cert
routing:
rules:
- route:
host: helloworld/helloworld
Save as helloworld-gw.yaml
, and apply with tctl
:
tctl apply -f helloworld-gw.yaml
You can check that your application is reachable by opening your web browser and directing it to the gateway service IP or domain name (depending on your configuration).
At this point, your application will load balance using Round Robin by default. Now, configure client-side load balancing and use the source IP.
apiVersion: traffic.tsb.tetrate.io/v2
kind: ServiceRoute
metadata:
name: helloworld-client-lb
group: helloworld-trf
workspace: helloworld-ws
tenant: default
organization: tetrate
spec:
service: helloworld/helloworld
subsets:
- name: v1
labels:
version: v1
stickySession:
useSourceIp: true
Save as helloworld-client-lb.yaml
, and apply with tctl
:
tctl apply -f helloworld-client-lb.yaml
Now, the same pod is being used as a backend for all our requests coming from the same IP.
In this example you have used the source IP, but there are other methods allowed too; using the header of an HTTP request, or configuring an HTTP cookie.