istio - using externalservice

External service provide an alias to a service that is located externally, elsewhere andd out of the cluster. For exampe, let's say we wanna provide an alias for httpbin.org and we want to call it, httpbin-local - then we can do that using external name.  


Lets quickly spin up an example. 

istioctl install --set profile=demo

kubectl label namespace default istio-injection=enabled

kubectl apply -f httpbin-gateway.yaml

kubectl apply -f sleep.yaml 


Let's create a httpbin external service

apiVersion: v1
kind: Service
metadata:
 name: externalbin
spec:
 type: ExternalName
 externalName: httpbin.org
 ports:
 - port: 80
   # important to set protocol name
   name: http

So we are creating external service to httpbin.org which we will use "externalbin" to reference it. 

kubectl exec -it sleep-868c754c4b-z8djr -c sleep -- /bin/sh

Then when we run curl, we will get the following output. 

curl http://externalbin/headers


Istio Egress supports only HTTP/HTTPS - that means all HTTP/HTTPS traffic route through envoy. 
Unless you say otherwise by using annotation - "traffic.sidecar.istio.io/includeOutboundIPRanges: "10.0.0.1/24"".


---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpbin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: httpbin
      version: v1
  template:
    metadata:
      labels:
        app: httpbin
        version: v1
      annotations:
        traffic.sidecar.istio.io/includeOutboundIPRanges: "10.0.0.1/24"
        sidecar.istio.io/inject: "false"
    spec:
      serviceAccountName: httpbin
      containers:
      - image: docker.io/mccutchen/go-httpbin:v2.15.0
        imagePullPolicy: IfNotPresent
        name: httpbin
        ports:
        - containerPort: 8080

More details about annotation can be found here:- 

https://istio.io/latest/docs/reference/config/annotations/



Comments

Post a Comment

Popular posts from this blog

gemini cli getting file not defined error

Image
 While trying to run gemini cli on my windows linux subsystem, i bump into this error here - "/Roaming/npm/node_modules/@google/gemini-cli/node_modules/undici/lib/web/webidl/index.js:512 webidl.is.File = webidl.util.MakeTypeAssertion(File)"  "ReferenceError: File is not defined" In Node.js, there’s no built-in File (until very recent Node 20+ with experimental WHATWG APIs). So, unless polyfilled, File is undefined, leading to the ReferenceError. And to resolve this, I had to upgrade to node 22 (might work for node 20) and then I was able to run it.
Read more

NodeJS: Error: spawn EINVAL in window for node version 20.20 and 18.20

Encounter this issue when running autorest (that uses nodejs).  I am using node version:  v18.20.2 After i revert to use node v18.12.0, then i was able to get my app to run without this error. Since i am working with Azure devops yaml, i was able to use the following to resolve my issue.  - task : NodeTool@0   inputs :     versionSource : 'spec'     versionSpec : '18.18.0'
Read more

vllm : Failed to infer device type

Trying to run vllm without gpu will typicaly lands you into this issue. To resolve this issue: we can use set these both. Setting one does not work for me. So i had to configure both settings below:- 1.  environment variable CUDA_VISIBLE_DEVICES = "" 2. in the command line, change to use device cpu and remove  tensor-parallel-size. For example, python3 -m vllm.entrypoints.openai.api_server --port 8080 --model deepseek-ai/DeepSeek-R1 --device cpu --trust-remote-code --max-model-len 4096" References https://docs.vllm.ai/en/latest/getting_started/troubleshooting.html#failed-to-infer-device-type
Read more