Skip to main content
Version: 1.3.x

Client Side Load Balancing with TSB

The following YAML file has three objects - a Workspace for the application, a Gateway group so that you can configure the application ingress, and a Traffic group that will allow you to configure the canary release process.

apiversion: api.tsb.tetrate.io/v2
kind: Workspace
metadata:
  organization: tetrate
  tenant: default
  name: helloworld-ws
spec:
  namespaceSelector:
    names:
      - "*/helloworld"
---
apiVersion: gateway.tsb.tetrate.io/v2
kind: Group
metadata:
  organization: tetrate
  tenant: default
  workspace: helloworld-ws
  name: helloworld-gw
spec:
  namespaceSelector:
    names:
      - "*/helloworld"
  configMode: BRIDGED
---
apiVersion: traffic.tsb.tetrate.io/v2
kind: Group
metadata:
  organization: tetrate
  tenant: default
  workspace: helloworld-ws
  name: helloworld-trf
spec:
  namespaceSelector:
    names:
      - "*/helloworld"
  configMode: BRIDGED

Store the file as helloworld-ws-groups.yaml, and apply with tctl:

tctl apply -f helloworld-ws-groups.yaml

To deploy your application, start by creating the namespace and enable the Istio sidecar injection.

kubectl create namespace helloworld
kubectl label namespace helloworld istio-injection=enabled

Then deploy your application.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: helloworld-v1
  namespace: helloworld
spec:
  replicas: 3
  selector:
    matchLabels:
      app: helloworld
      version: v1
  template:
    metadata:
      labels:
        app: helloworld
        version: v1
    spec:
      containers:
      - name: hello
        image: "gcr.io/google-samples/hello-app:1.0"
        env:
        - name: "PORT"
          value: "8080"
---
apiVersion: v1
kind: Service
metadata:
  name: helloworld
  namespace: helloworld
spec:
  selector:
    app: helloworld
  ports:
  - protocol: TCP
    port: 443
    targetPort: 8080

Store as helloworld-1.yaml, and apply with kubectl:

kubectl apply -f helloworld-1.yaml

Note that you’re deploying 3 replicas for this deployment.

In this example, you’re going to expose the application using simple TLS at the gateway. You’ll need to provide it with a TLS certificate stored in a Kubernetes secret.

kubectl create secret tls -n helloworld helloworld-cert \
    --cert /path/to/some/helloworld-cert.pem \
    --key /path/to/some/helloworld-key.pem

Now you can deploy your ingress gateway.

apiVersion: install.tetrate.io/v1alpha1
kind: IngressGateway
metadata:
  name: tsb-helloworld-gateway
  namespace: helloworld
spec:
  kubeSpec:
    service:
      type: LoadBalancer

Save as helloworld-ingress.yaml, and apply with kubectl:

kubectl apply -f helloworld-ingress.yaml

The TSB data plane operator in the cluster will pick up this configuration and deploy the gateway’s resources in your application namespace. Finally, configure the gateway so that it routes traffic to your application.

apiVersion: gateway.tsb.tetrate.io/v2
kind: IngressGateway
metadata:
  name: helloworld-gateway
  group: helloworld-gw
  workspace: helloworld-ws
  tenant: default
  organization: tetrate
spec:
  workloadSelector:
    namespace: helloworld
    labels:
      app: tsb-helloworld-gateway
  http:
  - name: helloworld
    port: 443
    hostname: helloworld.senserrich-test.tk
    tls:
      mode: SIMPLE
      secretName: helloworld-cert
    routing:
      rules:
      - route:
          host: helloworld/helloworld

Save as helloworld-gw.yaml, and apply with tctl:

tctl apply -f helloworld-gw.yaml

You can check that your application is reachable by opening your web browser and directing it to the gateway service IP or domain name (depending on your configuration).

At this point, your application will load balance using Round Robin by default. Now, configure client-side load balancing and use the source IP.

apiVersion: traffic.tsb.tetrate.io/v2
kind: ServiceRoute
metadata:
  name: helloworld-client-lb
  group: helloworld-trf
  workspace: helloworld-ws
  tenant: default
  organization: tetrate
spec:
  service: helloworld/helloworld
  subsets:
  - name: v1
    labels:
      version: v1
  stickySession:
    useSourceIp: true

Save as helloworld-client-lb.yaml, and apply with tctl:

tctl apply -f helloworld-client-lb.yaml

Now, the same pod is being used as a backend for all our requests coming from the same IP.

In this example you have used the source IP, but there are other methods allowed too; using the header of an HTTP request, or configuring an HTTP cookie.