Automatic route creation

Automatic route creation

OpenShift routes for Istio Gateways are automatically managed within Maistra. This means that every time an Istio Gateway is created, updated or deleted inside the Mesh, an OpenShift route will be created, updated or deleted accordingly. This aims to make things easier when using Maistra, since handling routes is usually redundant, given all information for hostnames are already present in Istio Gateways anyway.

As an example, if the following Gateway is created:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: gateway1
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - www.bookinfo.com
    - bookinfo.example.com

Then the following OpenShift Routes are created automatically:

$ oc -n istio-system get routes
NAME              HOST/PORT                                            PATH      SERVICES               PORT      TERMINATION   WILDCARD
gateway1-lvlfn    bookinfo.example.com                                           istio-ingressgateway   <all>                   None
gateway1-scqhv    www.bookinfo.com                                               istio-ingressgateway   <all>                   None

If the Gateway above is deleted, Maistra will delete the routes. Routes created manually will never be touched by Maistra, however.

Catch-all domains

Catch-all domains ("*") are not supported. If one is found in the Gateway definition, Maistra will create the route, but will rely on OpenShift to create a default hostname. This means that the newly-created route will not be a catch all ("*") route, instead it will have a hostname in the form <route-name>[-<namespace>].<suffix>. Refer to the OpenShift documentation for more information on how default hostnames work and how a cluster administrator can customize it.

Subdomains

Subdomains (e.g.: "*.domain.com") are supported. However this ability doesn’t come enabled by default in OpenShift. This means that Maistra will create the route with the subdomain, but it will only be in effect if OpenShift is configured to enable it. Cluster administrators can refer to the OpenShift documentation for instructions on how to enable this feature.

TLS

TLS is supported as well. This means that, if the Gateway contains a tls section, the OpenShift Route will be configured to support TLS.

All OpenShift Routes created by Maistra are in the istio-system namespace.

Under the covers

This Gateway ↔ Route sincronization is done by a Maistra control plane component called IOR. It is deployed as part of the control plane by the Maistra installation process. For more information on IOR, refer to its project page at GitHub.