# Istio VirtualService + DestinationRule for blue/green traffic switching. # # Traffic flow: # Client → Istio Ingress Gateway → VirtualService → DestinationRule subset → Pod # # Two releases coexist at all times: # veylant-proxy-blue (helm release, slot=blue label) # veylant-proxy-green (helm release, slot=green label) # # Switch traffic atomically (rollback < 5s): # # Switch to green: # kubectl patch vs veylant-proxy -n veylant --type merge \ # -p '{"spec":{"http":[{"route":[{"destination":{"host":"veylant-proxy","subset":"green"},"weight":100}]}]}}' # # Roll back to blue: # kubectl patch vs veylant-proxy -n veylant --type merge \ # -p '{"spec":{"http":[{"route":[{"destination":{"host":"veylant-proxy","subset":"blue"},"weight":100}]}]}}' # # Managed automatically by deploy/scripts/blue-green.sh. --- apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: veylant-proxy namespace: veylant spec: hosts: - veylant-proxy - api.veylant.ai # external hostname (TLS terminated at Gateway) gateways: - veylant-gateway - mesh # also applies to in-cluster traffic http: - match: - uri: prefix: / route: # Default: 100% to blue slot. # blue-green.sh patches this to switch slots atomically. - destination: host: veylant-proxy subset: blue weight: 100 timeout: 35s # slightly > proxy WriteTimeout (30s) retries: attempts: 2 perTryTimeout: 15s retryOn: gateway-error,connect-failure,retriable-4xx --- apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: veylant-proxy namespace: veylant spec: host: veylant-proxy trafficPolicy: connectionPool: http: h2UpgradePolicy: UPGRADE idleTimeout: 90s outlierDetection: consecutiveGatewayErrors: 5 interval: 10s baseEjectionTime: 30s subsets: - name: blue labels: app.kubernetes.io/slot: blue - name: green labels: app.kubernetes.io/slot: green