Updated on 2024-10-08 GMT+08:00

Configuring Istio Resources Using YAML

You can modify all Istio resources (such as VirtualService and DestinationRule) of a service in YAML or JSON format on the Istio Resource Management page. You can also create new Istio resources.

Istio resource configurations created or modified using YAML may conflict with those you directly add on the console. As a result, console functions will be unavailable. If you want to configure Istio resources only using YAML, edit or create Istio resources by referring to this section. Otherwise, skip this section.

Modifying an Existing Istio Resource

  1. Log in to the ASM console and click the name of the target service mesh to go to its details page.
  2. In the navigation pane, choose Mesh Configuration. Then click the Istio Resource Management tab.
  3. In the drop-down list, select the Istio resource type (for example, Istio Resources: virtualservices) and the namespace to which the resource belongs.
  4. Click Edit in the Operation column. In the right pane, modify related configurations and click OK. By default, the message displayed at the bottom is selected, indicating that related console functions are no longer available.

    Console functions vary depending on the Istio resource type. For details about unavailable console functions, see Handling Policy of Resource Configuration Using YAML.

    The configuration file can be displayed in YAML or JSON format and can be downloaded to the local PC.

Creating an Istio Resource

  1. Log in to the ASM console and click the name of the target service mesh to go to its details page.
  2. In the navigation pane, choose Mesh Configuration. Then click the Istio Resource Management tab.
  3. Click Create in the upper left corner of the list.
  4. Edit the file in the right pane, or click Import File to upload the edited YAML or JSON file.
  5. Confirm the file content and click OK. By default, the message displayed at the bottom is selected, indicating that related console functions are no longer available.

    Console functions vary depending on the Istio resource type. For details about unavailable console functions, see Handling Policy of Resource Configuration Using YAML.

Istio Resource Description

Table 1 Istio resource description

Resource Type

Description

AuthorizationPolicy

Configures authorization policies.

DestinationRule

Defines the target service and traffic policy of a route. VirtualService and DestinationRule are the two most important resources for traffic control. DestinationRule defines the policies and rules for a Service in a mesh to provide external services, including the load balancing policy, exception monitoring, outlier detection control, and connection pool access.

EnvoyFilter

Provides more powerful extension capabilities for the service mesh control plane so that the Filter Chain in Envoy can be customized.

Gateway

Defines the unified ingress and egress for all HTTP/TCP traffic and describes a group of public ports, protocols, load balancing, and SNI configurations.

PeerAuthentication

Configures the mTLS mode for service communication. It is an Istio authentication policy.

RequestAuthentication

Configures the request authentication method of a service. It is an Istio authentication policy.

ServiceEntry

Adds external services to a mesh and manages their traffic.

Sidecar

Sets the sidecar proxies as a whole.

VirtualService

Set routes in a mesh. VirtualService and DestinationRule are the two most important resources for traffic control. VirtualService defines a group of routing rules. When traffic enters the mesh, the traffic is matched with the rules one by one. Once matched, the traffic is forwarded to the specified routing address.

WorkloadEntry

Abstracts VMs or bare metals so that they can be managed by a mesh. They are as important as pods in Kubernetes and provide traffic management, security management, and visualization.