Managing Virtual Service Route Tables with kubectl
With the kubectl command you can create, update, move, list, view, and delete a virtual service route table. The following topics detail how to manage these operations with kubectl.
Required IAM Policy for Virtual Service Route Table
To use a virtual service route table, an administrator must grant you the required type of access in a policy (IAM). Whether you're using the Console, the REST API with an SDK, the CLI, Kubernetes kubectl, or other tool, the correct permissions are required.
When an action produces a permission denied or unauthorized message, confirm a couple of settings with your administrator. The administrator must ensure that the correct type of access is granted and the correct compartment is specified.
For example, to allow users in the group MeshAdmins to create, update, and delete all virtual services in the compartment sales-app:
Allow group MeshAdmins to manage mesh-virtual-service-route-tables in compartment sales-appFor Service Mesh IAM policy reference details for each resource, see: Service Mesh IAM Policies.
For a step-by-step guide to set up all the required IAM policies for a Service Mesh, see: Set up Policies required for Service Mesh
View Kubernetes Configuration Options for Virtual Service Route Tables
You can view the Kubernetes CLI virtual service route table YAML configuration options by displaying the Custom Resource Definition (CRD). Use the following command:
kubectl get crd virtualserviceroutetables.servicemesh.oci.oracle.com -o yamlIn the CRD, you see the fields used in a YAML configuration file under spec:schema:openAPIV3Schema:properties:spec. CRD output also includes information about field types, ranges, and limits. The following section provides an example of a YAML configuration file.
Creating a Virtual Service Route Table
To create a virtual service route table, use the kubectl apply command. For example:
kubectl apply -f virtual-service-route-table.yamlResources can be created in different namespaces by specifying the metadata:namespace field in the YAML configuration file. By default, if a namespace is not provided, the command uses the current namespace. When specifying the mesh in the spec section of the YAML configuration file, you can either use the mesh ID or the mesh reference.
apiVersion: servicemesh.oci.oracle.com/v1beta1
kind: VirtualServiceRouteTable
metadata:
name: <name> # Name of virtual service route table
namespace: <namespace>
labels:
version: v1
spec:
compartmentId: ocid1.compartment.oc1..aaa...
name: <internalName> # Virtual service route table name inside the virtual service
description: My Virtual Service Route Table
virtualService:
ref:
name: <virtualServiceName> # Name of the virtual service. This should be the name that is used in the metadata name field for the virtual service resource.
namespace: <virtualServiceNamespace> # Namespace of the referenced CR. If unspecified, defaults to the referencing object's namespace.
routeRules:
- httpRoute:
destinations:
- virtualDeployment:
ref:
name: <virtualDeploymentName> # Name of the virtual deployment. This should be the name that is used in the metadata name field for the virtual deployment resource.
namespace: <virtualDeploymentNamespace> # Namespace of the referenced CR. If unspecified, defaults to the referencing object's namespace.
port: 9080
weight: 100
isGrpc: true
path: /
pathType: PREFIXapiVersion: servicemesh.oci.oracle.com/v1beta1
kind: VirtualServiceRouteTable
metadata:
name: <name> # Name of virtual service route table
namespace: <namespace>
labels:
version: v1
spec:
compartmentId: ocid1.compartment.oc1..aaa...
name: <internalName> # Virtual service route table name inside the virtual service
description: My Virtual Service Route Table
virtualService:
id: ocid1.meshvirtualservice.oc1..aaa...
routeRules:
- httpRoute:
destinations:
- virtualDeployment:
id: ocid1.meshvirtualserviceroutetable.oc1..aaa...
port: 9080
weight: 100
isGrpc: true
path: /
pathType: PREFIXRefer to Service Mesh Kubernetes Resource Conditions for details on Service Mesh Kubernetes custom resource statuses.
Where:
<name>(immutable): The name of the virtual service route table. The name must be unique within the same virtual service and can't be changed after creation. The name must start with a letter or underscore, followed by letters, numbers, hyphens, or underscores. Length can be 1–255 characters. Avoid entering confidential information.<compartmentId>(optional): The OCID of the compartment to which the virtual service route table belongs.<virtualService:id:>The OCID of the virtual service in which this virtual service route table is created.<description>(optional): The description of the virtual service route table. The field is changeable. Avoid entering confidential information.<priority>(optional): Sets the route table priority from 1 to 1000. The default is 500. Lower numbers are a higher priority. At the same priority, route tables are prioritized based on the time created with the most recent route table taking the highest priority.<routeRules>: Route conditions and destinations for the virtual service route table. A minimum of one route rule is required and each rule can specify the following:Choose between the
httpRoute,tcpRoute, ortlsPassthroughRoute. IftlsPassthroughRouteis selected, the proxy doesn't manage TLS. Encrypted data is passed "as is" to the application which manages TLS on its own.httpRoute:<path>: A path to this route, for example,/mypath. Specify no path value to default to root (“/”). When you specify a path without a root value, the rule prepends the root (“/”) to the path.<pathType>: The type of path provided. The defaultPREFIXoption treats the path as a prefix to an endpoint and is the only supported option. IfpathTypeis not specified, the default is used.<isGrpc>: If set to true, the rule checks that thecontent-typeheader containsapplication/grpcor one of the variousapplication/grpc+values.<destinations>: Defines the virtual deployment destinations for this route. A minimum of one destination is required.<virtualDeployment:id>: The OCID of the virtual deployment where the request is routed.<weight>: The weight for this destination. If only one destination is created, the value defaults to and must be 100. When multiple destinations are created, you can specify a value from 1-100 for each destination. When summed, the weights for all the destinations must total 100.<port>:Select a port in the range of 1-65535. The rule allows only one port. If you don't specify a port, the rule targets all the ports on the virtual deployment.Caution
Don’t use the following Service Mesh reserved ports in your mesh resource: 15000, 15003, 15006, and 9901.
Update a Virtual Service Route Table
kubectl: - Change the configuration file as needed.
- Save the file.
- Run the
applycommand again.
Move a Virtual Service Route Table
- Update the compartment OCID to the value of the target compartment.
- Save the file.
- Run the
applycommand again.
Get a List of Virtual Service Route Tables
To get a list of virtual service route tables in the namespace, use the following command:
kubectl get virtualserviceroutetables -n <namespace>View a Virtual Service Route Table
To view the details of a specific virtual service route table in the namespace, use the following command:
kubectl describe virtualserviceroutetable <name> -n <namespace>Delete a Virtual Service Route Table
To delete of a specific virtual service route table in the namespace, use the following command:
kubectl delete virtualserviceroutetable <name> -n <namespace>