Lab virtual services

Hi, in the lab virtual services theres one question that asks to create a virtual service. However, a service is already created. My concern is that it’s not clear if the virtual service needs to be deployed on top of an existing service or it doesn’t.

Indeed, after deploying the virtual service I made a kubectl get all -A and a describe of the service and that returned me a service instead of the virtual service, which I didn’t find in the complete list of get all

I attach a screenshot of the doubt


Hi @hyakunin

I take it you are referring to Q7 in that lab, where it asks to create a virtual service from virtual-service.yml?

Yes, there is a standard ClusterIP service which is presenting the httpbin pod internally within the cluster on port 8000

We configure the VirtualService destination route to send traffic to the httpbin ClusterIP service on port 8000

When you get onto the following lectures you will learn how a virtual service can serve more than one underlying kubernetes service with things like destination rules.

Hi @Alistair_KodeKloud

yes, so to my understanding the way the virtual services works is:

Gateway-> virtual service-> clusterIP service-> Destination rules-> Pod or Deployment

so these new components that Istio provides through the Kubernetes CRDs have to work with the ClusterIP service of Kubernetes. They are a way to implement service mesh and to expand the capabilities of the Kubernetes ClusterIP service with, for example, the load balancing, circuit breaking, etc.

You’re almost there!

Gateway-> virtual service-> Destination rules -> 1 or more ClusterIP -> Workloads

Where workloads are pods, deployments, stateful sets (anything a k8s service can be in front of)

Hi Alistair,

thanks for you answer. I’m taking the course again to refresh the concepts. However, I’m still with the same doubt.

How can one need to put a ClusterIP service in front of a deployment if the destination rules already are doing the load balancing for each of the subsets (deployments or other kind of workload)?

the course tells apart using services and using virtual services + destination rules.

If we put a clusterIP service just in between the destination rules and the wokload the traffic policies would be not working, wouldn’t they?


I put the second image with the traffic policies that would not work if a service was placed just before the workloads. Even in this case, then there should be one service for each workload? I’m not understanding the clusterIP service in all this methodology

I stand corrected

The workloadSelector property of a destination rule will indeed select pods by label.

As it stands, I’m the only person that attempts to answer istio questions as i know a bit about it.

The course instructor is not associated with KK. Anyone can sign up to deliver a course for a fixed fee.

HI, thanks for your answer Alistair. However, in the examples of the course there’s no workloadSelector property used.

also if I reproduce the bookinfo sampel in an EKS cluster both the services and virtualservices are present at the same time when deploying the virtual services.

if I look at the service reviews:

apiVersion: v1
kind: Service
  name: reviews
    app: reviews
    service: reviews
  - port: 9080
    name: http
    app: reviews

there’s no label with version: v1, v2 or v3. So then the virtual service + destination rules already route to the pods of the deploymets. I don’t get why the services are still needed. Indeed, I’ve tried to delete the service reviews and then they are not loaded. I get this message on the web panel:

#### Error fetching product reviews!

Sorry, product reviews are currently unavailable for this book.

does anybody know why the service is still needed and at the same time it does not make any route with its round robin policy? how does the Vservce+Drules overlap with the service ?