Traffic policies for virtual destinations

In the Locality Routing Guide, you created a VirtualDestination resource. As a quick reminder, a virtual destination is a virtual traffic destination composed of a list of 1-n services selected.

Now that your virtual destination is set up, you can create traffic policies to apply to the virtual destination. Gloo Mesh Enterprise can apply the following traffic policy types to virtual destinations: retries, timeouts, cors, header manipulation, fault injection, and traffic shift.

This feature is available in Gloo Mesh Enterprise versions v1.2.0-beta22 and later only.

Before you begin

Create a VirtualDestination resource by following the guide for Locality Routing.

Apply a traffic policy that selects the virtual destination

In the Locality Routing guide, you created the bookinfo-global.gloo-mesh virtual destination.

To apply a traffic policy to that virtual destination, create the following TrafficPolicy in your management cluster and specify bookinfo-global in the destinationSelector field.

# This TrafficPolicy applies retries, timeouts, fault injections, cors, and header manipulations
cat <<EOF | kubectl apply -f -
apiVersion: networking.mesh.gloo.solo.io/v1
kind: TrafficPolicy
metadata:
  name: virtual-destination-policy
  namespace: gloo-mesh
spec:
  destinationSelector:
    - virtualDestinationRefs:
        virtualDestinations:
          - name: bookinfo-global
            namespace: gloo-mesh
  policy:
    faultInjection:
      abort:
        httpStatus: 500
      percentage: 50
    requestTimeout: 5s
    retries:
      attempts: 5
      perTryTimeout: 5s
    corsPolicy:
      allowCredentials: true
      allowHeaders:
      - foo
      - bar
      allowMethods:
      - GET
      - POST
      allowOrigins:
      - exact: solo.io
      - exact: gloo.io
      exposeHeaders:
      - some-response-header
      maxAge: 600s
    headerManipulation:
      appendResponseHeaders:
        add-me: thank-you
EOF

Note that leaving the destinationSelector field empty does not select all virtual destinations by default. In order for a traffic policy to be applied, the virtual destination must be explicitly selected in either the virtualDestinationMatcher or virtualDestinaionRefs field.

View the applied traffic policies

Check the configuration of the VirtualDestination resource.

kubectl get virtualdestination -n gloo-mesh bookinfo-global -oyaml

In the status section, verify that the following appliedTrafficPolicies is listed.

status:
  appliedTrafficPolicies:
  - observedGeneration: 4
    ref:
      name: virtual-destination-policy
      namespace: gloo-mesh
    spec:
      destinationSelector:
      - virtualDestinationMatcher:
          namespaces:
          - gloo-mesh
      policy:
        faultInjection:
          abort:
            httpStatus: 500
          percentage: 50
        requestTimeout: 5s
        retries:
          attempts: 5
          perTryTimeout: 5s
        corsPolicy:
          allowCredentials: true
          allowHeaders:
          - foo
          - bar
          allowMethods:
          - GET
          - POST
          allowOrigins:
          - exact: solo.io
          - exact: gloo.io
          exposeHeaders:
          - some-response-header
          maxAge: 600s
        headerManipulation:
          appendResponseHeaders:
            add-me: thank-you

Demonstrate the change in traffic behavior

The hostname for the Virtual Destination is reviews.global, which can be curled:

curl http://ratings.global:9080/ratings/1 -v

You should see 500 responses about 50 percent of the time.

Next steps

In this guide, you successfully applied traffic policies to a virtual destination. To explore more of Gloo Mesh, check out the concepts section of the docs.