Istio Traffic Management

VirtualService, DestinationRule.

Overview

Istio traffic management uses VirtualService and DestinationRule CRDs to control routing, retries, timeouts, and traffic splits between services. The CRDs replace ad-hoc nginx configs and per-service routing code with declarative YAML the cluster can review and version. Canary deploys, A/B tests, and fault injection all become configuration changes rather than code changes.

• VirtualService. Defines routes, retries, timeouts, and traffic-split percentages. The declarative routing layer.
• DestinationRule. Defines subsets, load-balancing policy, and connection-pool behaviour. Workload-shape configuration.
• Header-based routing. Route on header values. A/B testing and internal-user canaries fall out for free.
• Traffic split plus fault injection. Percentage-based traffic between subsets supports canary deploys; simulated 5xxs and delays support chaos engineering.

The approach

Three habits make Istio traffic management produce predictable routing: start with VirtualService for the basics, add DestinationRule when workload behaviour demands it, and monitor the mesh through Kiali to see the actual traffic flow.

• VirtualService for routing. Per-service routes, retries, timeouts. The declarative starting point.
• DestinationRule for workload behaviour. Subsets, load-balancing, circuit breaking. Match the rules to the workload shape.
• Header-based routing for canaries. Internal users hit the canary subset; everyone else stays on stable. Gradual rollout without traffic-split risk.
• Fault injection plus documented strategy. Inject 5xxs and delays for chaos testing; per-service the routing strategy lives in the runbook.

Why this compounds

Each VirtualService captures routing intent in a reviewable artefact. The team’s mesh fluency deepens; canary patterns spread across services; release safety improves alongside resilience.

• Release safety. Traffic split supports low-risk gradual rollout. Bad canaries get caught at 1 percent rather than 100.
• Resilience. Retries, timeouts, circuit breakers configured uniformly. Cascading failures get harder.
• Reusable patterns. Standard VirtualService templates capture conventions across services.
• Year-one investment, year-two habit. First VirtualService is heavy lift. By the third service, canary deploys are routine.