Navigation :

Apply an L7 traffic policy

Apply a fault injection policy to the ratings app that aborts all incoming requests and sends back a 418 HTTP response code. To enforce the fault injection policy on Layer 7, a waypoint proxy is automatically created for you.

  1. Apply the gateway CRDs in your cluster that are required to create waypoint proxies.

    kubectl get crd gateways.gateway.networking.k8s.io &> /dev/null ||  (kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd/ref=v1.0.0" | kubectl apply -f -)

  2. Create a route table to define the ratings route.

    kubectl apply -f- <<EOF
apiVersion: networking.gloo.solo.io/v2
kind: RouteTable
metadata:
  name: ambient
  namespace: bookinfo
spec:
  hosts:
  - ratings
  http:
  - forwardTo:
      destinations:
      - ref:
          name: ratings
          namespace: bookinfo
    labels:
      route: ratings
  workloadSelectors:
  - {}
EOF

  3. Create a fault injection policy for the ratings app. The policy aborts all requests that are sent to ratings and returns a 418 HTTP response.

    kubectl apply -f- <<EOF
apiVersion: resilience.policy.gloo.solo.io/v2
kind: FaultInjectionPolicy
metadata:
  name: faultinjection
  namespace: bookinfo
spec:
  applyToRoutes:
  - route:
      labels:
        route: ratings
  config:
    abort:
      httpStatus: 418
EOF

  4. Verify that a waypoint proxy is automatically created for the ratings app.

    kubectl get pods -n bookinfo

    Example output:

    NAME                                               READY   STATUS    RESTARTS   AGE
bookinfo-ratings-istio-waypoint-6767cf7b46-n4ckz   1/1     Running   0          10m
details-v1-5ffd6b64f7-jgbgn                        1/1     Running   0          4h22m
productpage-v1-8b588bf6d-424rf                     1/1     Running   0          4h21m
ratings-v1-5f9699cfdf-h7wcb                        1/1     Running   0          4h21m
reviews-v1-569db879f5-r9dmr                        1/1     Running   0          4h21m
reviews-v2-65c4dc6fdc-94k2r                        1/1     Running   0          4h21m
reviews-v3-c9c4fb987-6dhvq                         1/1     Running   0          4h21m

  5. Send a request to the ratings app and verify that the 418 HTTP response code is returned.

    kubectl -n bookinfo debug -i pods/$(kubectl get pod -l app=reviews -A -o jsonpath='{.items[0].metadata.name}') --image=curlimages/curl -- curl -v http://ratings:9080/ratings/1

    Example output:

    ...
   
< HTTP/1.1 418 Unknown
< content-length: 18
< content-type: text/plain
< date: Wed, 02 Aug 2023 21:50:21 GMT
< server: istio-envoy
< x-envoy-decorator-operation: ratings.bookinfo.svc.cluster.local:9080/*
< 
{ [18 bytes data]
100    18  100    18    0     0   2000      0 --:--:-- --:--:-- --:--:--  2250
* Connection #0 to host ratings left intact
fault filter abort%

  6. View the logs of the waypoint proxy to verify that traffic was routed through the waypoint proxy.

    kubectl logs <bookinfo-ratings-waypoint-proxy-abc> -n bookinfo

    Example output:

    [2023-08-02T21:50:21.375Z] "GET /ratings/1 HTTP/1.1" 418 FI fault_filter_abort - "-" 0 18 0 - "-" "curl/8.2.1" "6aa75eb6-9343-4d72-b010-2990aa992efc" "ratings:9080" "-" inbound-vip|9080|http|ratings.bookinfo.svc.cluster.local - 10.52.7.236:9080 envoy://internal_client_address/ - -

  7. Optional: Remove the route table and fault injection policy that you created as part of this guide.

    kubectl delete routetable ambient -n bookinfo
kubectl delete faultinjectionpolicy faultinjection -n bookinfo

Congratulations! You successfully onboarded workloads to a sidecarless service mesh, and explored Gloo Mesh features, such as access and traffic policies.

Next