VirtualService Routing¶
Namespace model for routing¶
Use this normalized route pattern:
- External path:
/${ENTITY_NAMESPACE}/${APP_SLUG}/... - Example in this repo:
/france-titres/hello-world/...
Source: helm-hello-world-main/templates/virtualservice.yaml (prefix: /france-titres/hello-world/)
Implemented VirtualService¶
File: helm-hello-world-main/templates/virtualservice.yaml
Current static config:
- host:
api.playground.france-identite.gouv.local - gateway:
istio-system/api-gateway - uri prefix match:
/france-titres/hello-world/ - rewrite:
/ - destination host:
hello-world - destination port:
5173
Source: helm-hello-world-main/templates/virtualservice.yaml
Mapping to backend service and pod¶
- VirtualService routes to service port
5173. - Service forwards
5173 -> targetPort 80. - Pod container listens on
80.
Sources:
- helm-hello-world-main/templates/virtualservice.yaml
- helm-hello-world-main/templates/service.yaml
- helm-hello-world-main/templates/deployment.yaml
Value-to-template mapping (current chart)¶
| VirtualService field | Values-driven? | Current source |
|---|---|---|
metadata.name |
No | hardcoded in template |
spec.hosts |
No | hardcoded in template |
spec.gateways |
No | hardcoded in template |
spec.http.match.uri.prefix |
No | hardcoded in template |
spec.http.rewrite.uri |
No | hardcoded in template |
spec.http.route.destination.host |
No | hardcoded in template |
spec.http.route.destination.port.number |
No | hardcoded in template |
Source: helm-hello-world-main/templates/virtualservice.yaml
Generic request flow¶
- Request arrives at gateway for configured host.
- Path is matched on
/${ENTITY_NAMESPACE}/${APP_SLUG}/. - URI is rewritten to
/. - Traffic is sent to service
${APP_SLUG}:<service-port>. - Service forwards to container HTTP port.
Current example values are hardcoded in template.
Source: helm-hello-world-main/templates/virtualservice.yaml
Change safety and rollout guidance¶
Pre-change checks¶
helm template "$RELEASE_NAME" ./helm-hello-world-main | rg -n "^kind: VirtualService|hosts:|gateways:|prefix:|rewrite:|destination:|number:"
Validate these stay aligned:
- VS destination port == Service
port - Service
targetPort== container port
Sources:
- helm-hello-world-main/templates/virtualservice.yaml
- helm-hello-world-main/templates/service.yaml
- helm-hello-world-main/templates/deployment.yaml
Deploy and verify¶
helm upgrade --install "$RELEASE_NAME" ./helm-hello-world-main --namespace "$K8S_NAMESPACE"
kubectl -n "$K8S_NAMESPACE" get virtualservice hello-world -o yaml
curl -I "https://<host>/${ENTITY_NAMESPACE}/${APP_SLUG}/"
Assumptions¶
istio-system/api-gatewayexists and is configured for the host used by the VirtualService.
Why: gateway resource is referenced but not managed in this chart.