istio

package

v0.2.0 Latest Latest Go to latest Published: Feb 1, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/ingress2gateway

Links

Open Source Insights

README ¶

Istio Provider

The provider translates Istio API entities: Gateway and VirtualService to the K8S Gateway API: Gateway, HTTPRoute, TLSRoute, TCPRoute and ReferenceGrants.

The API translator converts the API fields that have a direct equivalent in the K8S Gateway API. If a certain field of the Istio API cannot be translated directly, this field would be logged and ignored during the translation. It's up to the user to handle such cases accordingly to their needs.

Examples

You can find the examples demonstrating how the resources are translated within the fixtures directory.

There are examples for:

Istio Gateway -> K8S API Gateway
VirtualService -> HTTPRoute
VirtualService -> TLSRoute
VirtualService -> TCPRoute
Creation of the K8S API ReferenceGrants for cross namespace references

Conversion of Ingress resources to Gateway API

Generated ReferenceGrants and xRoute.parentRefs

Translator verifies if the xRoute can be connected to the Gateway and if parentRefs to it should be generated.

It considers the following fields:

parentRefs would be generated if:

VirtualService can be exported to the Gateway's namespaces, values from virtualService.Spec.ExportTo
There's an overlap between Gateway's Server.Hosts and virtualService.Spec.Hosts

If Gateway and VirtualService are in the different namespaces, then a ReferenceGrant would be created to allow translated xRoute to reference translated Gateway.

Istio Gateway

K8S API Gateway Listener is generated for each host of each server of istio gateway.Spec.Server.

Listener names are generated in the following format: $PROTOCOL_NAME-protocol-$NAMESPACE-ns-$HOSTNAME". The format is chosen to ensure API compliance where all listener names MUST be unique within the Gateway.

Protocols

Istio supported protocols -> K8S Gateway Listener protocols

HTTP|HTTPS|TCP|TLS - converted as is
HTTP2|GRPC -> if tls is set then HTTPS else HTTP
MONGO -> TCP

TLS

Modes translation:

PASSTHROUGH and AUTO_PASSTHROUGH -> gw.TLSModePassthrough
SIMPLE and MUTUAL -> gw.TLSModeTerminate
other istio tls modes are not translated

Istio VirtualService

HTTP

The list of fields showing how istio.VirtualService.Http fields are converted to the HTTPRoute equivalents

match []HTTPMatchRequest -> []gw.HTTPRouteMatch
route []HTTPRouteDestination -> []gw.HTTPBackendRef
redirect HTTPRedirect -> gw.HTTPRequestRedirectFilter
rewrite HTTPRewrite -> gw.HTTPURLRewriteFilter
timeout Duration -> gw.HTTPRouteTimeouts.Request
mirror and mirrors -> []gw.HTTPRequestMirrorFilters
headers.request -> requestHeaderModifier gw.HTTPHeaderFilter
headers.response -> responseHeaderModifier gw.HTTPHeaderFilter

rewrite HTTPRewrite translation

In istio, the rewrite logic depends on the match URI parameters:

for prefix match, istio rewrites matched prefix to the given value.
for exact match and for regex match, istio rewrites full URI path to the given value.

Also, in K8S Gateway API only 1 HTTPRouteFilterURLRewrite is allowed per HTTPRouteRule https://github.com/kubernetes-sigs/gateway-api/blob/0ad0daffe8d47f97a293b2a947bb3b2ee658e967/apis/v1/httproute_types.go#L228

To take this all into consideration, translator aggregates prefix matches vs non-prefix matches for the istio virtualservice.HTTPRoute. And generates max 2 HTTPRoutes (one with prefix matches and ReplacePrefixMatch filter and the other if non-prefix matches and ReplaceFullPath filter). If any of the match group is empty, the corresponding HTTPRoute won't be generated. If all URI matches are empty, there would be HTTPRoute with HTTPRouteFilterURLRewrite of ReplacePrefixMatch type.

TLS

The list of fields showing how istio.VirtualService.Tls fields are converted to the TLSRoute equivalents

match.sniHosts -> TLSRouteSpec.Hostnames
route []RouteDestination -> []gw.BackendRef

TCP

The list of fields showing how istio.VirtualService.Tlc fields are converted to the TCPRoute equivalents

route []RouteDestination -> []gw.BackendRef

Documentation ¶

Index ¶

Constants
func NewProvider(conf *i2gw.ProviderConf) i2gw.Provider
type Provider

Constants ¶

View Source

const (
	APIVersion         = "networking.istio.io/v1beta1"
	GatewayKind        = "Gateway"
	VirtualServiceKind = "VirtualService"

	K8SGatewayClassName = "istio"
)

View Source

const ProviderName = "istio"

The ProviderName returned to the provider's registry.

Variables ¶

This section is empty.

Functions ¶

func NewProvider ¶

func NewProvider(conf *i2gw.ProviderConf) i2gw.Provider

NewProvider returns the istio implementation of i2gw.Provider.

Types ¶

type Provider ¶

type Provider struct {
	// contains filtered or unexported fields
}

func (*Provider) ReadResourcesFromCluster ¶

func (p *Provider) ReadResourcesFromCluster(ctx context.Context) error

func (*Provider) ReadResourcesFromFile ¶

func (p *Provider) ReadResourcesFromFile(ctx context.Context, filename string) error

func (*Provider) ToGatewayAPI ¶

func (p *Provider) ToGatewayAPI(_ i2gw.InputResources) (i2gw.GatewayResources, field.ErrorList)

ToGatewayAPI converts stored Istio API entities to i2gw.GatewayResources K8S Ingress resources are not needed, only Istio-based are converted

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL