Automatic route creation

Automatic route creation

OpenShift routes for Istio Gateways are automatically managed within Maistra. Every time an Istio Gateway is created, updated, or deleted inside the Mesh, an OpenShift route is created, updated, or deleted accordingly. This aims to make things easier when using Maistra given that all information for hostnames is already present in the Istio Gateways.

As an example, if the following Gateway is created:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: gateway1
  annotations:
    kubernetes.io/tls-acme: "true"
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - www.bookinfo.com
    - bookinfo.example.com

Then the following OpenShift Routes are created automatically:

$ oc -n istio-system get routes
NAME              HOST/PORT                                            PATH      SERVICES               PORT      TERMINATION   WILDCARD
gateway1-lvlfn    bookinfo.example.com                                           istio-ingressgateway   <all>                   None
gateway1-scqhv    www.bookinfo.com                                               istio-ingressgateway   <all>                   None

If the Gateway is deleted, Maistra deletes the routes. Maistra does not modify routes that have been created manually.

Catch-all domains

Catch-all domains ("*") are not supported. If one is found in the Gateway definition, Maistra will create the route, but will rely on OpenShift to create a default hostname. This means that the newly created route will not be a catch all ("*") route, instead it will have a hostname in the form <route-name>[-<project>].<suffix>. Refer to the OpenShift documentation for more information about how default hostnames work and how a cluster administrator can customize it.

Route annotations

All annotations present in the Istio gateway definition, except those starting with kubectl.kubernetes.io will be copied over to the newly created OpenShift route. This will only occur when the route is created.

Subdomains

Subdomains (e.g.: "*.domain.com") are supported. However this ability doesn’t come enabled by default in OpenShift. This means that Maistra will create the route with the subdomain, but it will only be in effect if OpenShift is configured to enable it. Cluster administrators can refer to the OpenShift documentation for instructions on how to enable this feature.

TLS

TLS is supported as well. This means that, if the Gateway contains a tls section, the OpenShift Route will be configured to support TLS.

Disabling Automatic Route Creation

By default, Maistra control plane automatically synchronizes the gateway resources with OpenShift routes. If you do not wish this integration between Istio gateways and OpenShift Routes to happen, you can disable it by setting the gateways.openshiftRoute.enabled field to false in your ServiceMeshControlPlane. For example, see the following snippet:

spec:
  gateways:
    openshiftRoute:
      enabled: false