feat: support management of multiple Istio VirtualService objects

docs/features/specification.md

@@ -289,10 +289,19 @@ spec:
 
         # Istio traffic routing configuration
         istio:
+          # Either virtualService or virtualServices can be configured.
           virtualService: 
             name: rollout-vsvc  # required
             routes:
             - primary # optional if there is a single route in VirtualService, required otherwise
+          virtualServices:
+          # One or more virtualServices can be configured
+          - name: rollouts-vsvc1  # required
+            routes:
+              - primary # optional if there is a single route in VirtualService, required otherwise
+          - name: rollouts-vsvc2  # required
+            routes:
+              - secondary # optional if there is a single route in VirtualService, required otherwise
 
         # NGINX Ingress Controller routing configuration
         nginx:

docs/getting-started/istio/index.md

@@ -30,9 +30,10 @@ spec:
       stableService: rollouts-demo-stable
       trafficRouting:
         istio:
-          virtualService:
-            # Reference to a VirtualService which the controller updates with canary weights
-            name: rollouts-demo-vsvc
+          virtualServices:
+          # One or more virtualServices can be configured
+          # Reference to a VirtualService which the controller updates with canary weights
+          - name: rollouts-demo-vsvc1
             # Optional if there is a single HTTP route in the VirtualService, otherwise required
             routes:
             - http-primary
@@ -44,18 +45,34 @@ spec:
               sniHosts:
               - reviews.bookinfo.com
               - localhost
+          - name: rollouts-demo-vsvc2
+            # Optional if there is a single HTTP route in the VirtualService, otherwise required
+            routes:
+              - http-secondary
+            # Optional if there is a single HTTPS/TLS route in the VirtualService, otherwise required
+            tlsRoutes:
+              # Below fields are optional but if defined, they should match exactly with at least one of the TLS route match rules in your VirtualService
+              - port: 443 # Only required if you want to match any rule in your VirtualService which contains this port
+                # Only required if you want to match any rule in your VirtualService which contain all these SNI hosts
+                sniHosts:
+                  - reviews.bookinfo.com
+                  - localhost
 ...
 ```
 
-The VirtualService and route referenced in `trafficRouting.istio.virtualService` are required
-to have either HTTP or TLS, or both route specs that splits between the stable and the canary
+The VirtualService and route referenced in either `trafficRouting.istio.virtualService` or
+`trafficRouting.istio.virtualServices`. `trafficRouting.istio.virtualServices` helps in adding
+one or more virtualServices unlike `trafficRouting.istio.virtualService` where only single virtualService can be added.
+This is required to have either HTTP or TLS, or both route specs that splits between the stable and the canary
 services referenced in the rollout. If the route is HTTPS/TLS, we can match it based on the
 given port number and/or SNI hosts. Note that both of them are optional and only needed if you
 want to match any rule in your VirtualService which contains these.
 
 In this guide, the two services are: `rollouts-demo-stable` and `rollouts-demo-canary` respectively.
 The weights for these two services should initially be set to 100% on the stable service and 0% on
 the canary service. During an update, these values will get modified by the controller.
+If there are multiple VirtualService then weight values for stable and canary service of each VirtualService
+will be modified by the controller simultaneously.
 
 Note that since we have both the HTTP and HTTPS routes in our rollout spec and they match the
 VirtualService specs, weights will get modified for both these routes.
@@ -64,25 +81,67 @@ VirtualService specs, weights will get modified for both these routes.
 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
-  name: rollouts-demo-vsvc
+  name: rollouts-demo-vsvc1
+spec:
+  gateways:
+  - rollouts-demo-gateway
+  hosts:
+  - rollouts-demo-vsvc1.local
+  http:
+  - name: http-primary  # Should match rollout.spec.strategy.canary.trafficRouting.istio.virtualServices.routes
+    route:
+    - destination:
+        host: rollouts-demo-stable  # Should match rollout.spec.strategy.canary.stableService
+        port:
+          number: 15372
+      weight: 100
+    - destination:
+        host: rollouts-demo-canary  # Should match rollout.spec.strategy.canary.canaryService
+        port:
+          number: 15372
+      weight: 0
+  tls:
+  - match:
+    - port: 443  # Should match the port number of the route defined in rollout.spec.strategy.canary.trafficRouting.istio.virtualServices.tlsRoutes
+      sniHosts: # Should match all the SNI hosts of the route defined in rollout.spec.strategy.canary.trafficRouting.istio.virtualServices.tlsRoutes
+      - reviews.bookinfo.com
+      - localhost
+    route:
+    - destination:
+        host: rollouts-demo-stable  # Should match rollout.spec.strategy.canary.stableService
+      weight: 100
+    - destination:
+        host: rollouts-demo-canary  # Should match rollout.spec.strategy.canary.canaryService
+      weight: 0
+```
+
+```yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: rollouts-demo-vsvc2
 spec:
   gateways:
   - rollouts-demo-gateway
   hosts:
-  - rollouts-demo.local
+  - rollouts-demo-vsvc2.local
   http:
-  - name: http-primary  # Should match rollout.spec.strategy.canary.trafficRouting.istio.virtualService.routes
+  - name: http-secondary  # Should match rollout.spec.strategy.canary.trafficRouting.istio.virtualServices.routes
     route:
     - destination:
         host: rollouts-demo-stable  # Should match rollout.spec.strategy.canary.stableService
+        port:
+          number: 15373
       weight: 100
     - destination:
         host: rollouts-demo-canary  # Should match rollout.spec.strategy.canary.canaryService
+        port:
+          number: 15373
       weight: 0
   tls:
   - match:
-    - port: 443  # Should match the port number of the route defined in rollout.spec.strategy.canary.trafficRouting.istio.virtualService.tlsRoutes
-      sniHosts: # Should match all the SNI hosts of the route defined in rollout.spec.strategy.canary.trafficRouting.istio.virtualService.tlsRoutes
+    - port: 443  # Should match the port number of the route defined in rollout.spec.strategy.canary.trafficRouting.istio.virtualServices.tlsRoutes
+      sniHosts: # Should match all the SNI hosts of the route defined in rollout.spec.strategy.canary.trafficRouting.istio.virtualServices.tlsRoutes
       - reviews.bookinfo.com
     route:
     - destination:
@@ -97,13 +156,13 @@ Run the following commands to deploy:
 
 * A Rollout
 * Two Services (stable and canary)
-* An Istio VirtualService
+* One or more Istio VirtualServices
 * An Istio Gateway
 
 ```shell
 kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-rollouts/master/docs/getting-started/istio/rollout.yaml
 kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-rollouts/master/docs/getting-started/istio/services.yaml
-kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-rollouts/master/docs/getting-started/istio/virtualsvc.yaml
+kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-rollouts/master/docs/getting-started/istio/multipleVirtualsvc.yaml
 kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-rollouts/master/docs/getting-started/istio/gateway.yaml
 ```
 
@@ -121,8 +180,9 @@ rollouts-demo-canary   ClusterIP   10.103.146.137   <none>        80/TCP    37s
 rollouts-demo-stable   ClusterIP   10.101.158.227   <none>        80/TCP    37s
 
 $ kubectl get virtualservice
-NAME                 GATEWAYS                  HOSTS                   AGE
-rollouts-demo-vsvc   [rollouts-demo-gateway]   [rollouts-demo.local]   54s
+NAME                  GATEWAYS                  HOSTS                         AGE
+rollouts-demo-vsvc1   [rollouts-demo-gateway]   [rollouts-demo-vsvc1.local]   54s
+rollouts-demo-vsvc2   [rollouts-demo-gateway]   [rollouts-demo-vsvc2.local]   54s
 
 $ kubectl get gateway
 NAME                    AGE
@@ -149,28 +209,71 @@ kubectl argo rollouts get rollout rollouts-demo
 
 At this point, both the canary and stable version of the Rollout are running, with 5% of the
 traffic directed to the canary. To understand how this works, inspect the VirtualService which
-the Rollout was referencing. When looking at the VirtualService, we see that the route destination
+the Rollout was referencing. When looking at both the VirtualService, we see that the route destination
 weights have been modified by the controller to reflect the current weight of the canary.
 
 ```yaml
 apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
 metadata:
-  name: rollouts-demo-vsvc
+  name: rollouts-demo-vsvc1
+  namespace: default
+spec:
+  gateways:
+  - rollouts-demo-gateway
+  hosts:
+  - rollouts-demo-vsvc1.local
+  http:
+  - name: http-primary
+    route:
+    - destination:
+        host: rollouts-demo-stable
+        port:
+          number: 15372
+      weight: 95
+    - destination:
+        host: rollouts-demo-canary
+        port:
+          number: 15372
+      weight: 5
+  tls:
+  - match:
+    - port: 443
+      sniHosts:
+      - reviews.bookinfo.com
+      - localhost
+    route:
+    - destination:
+        host: rollouts-demo-stable
+      weight: 95
+    - destination:
+        host: rollouts-demo-canary
+      weight: 5
+```
+
+```yaml
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: rollouts-demo-vsvc2
   namespace: default
 spec:
   gateways:
   - rollouts-demo-gateway
   hosts:
-  - rollouts-demo.local
+  - rollouts-demo-vsvc2.local
   http:
   - name: http-primary
     route:
     - destination:
         host: rollouts-demo-stable
+        port:
+          number: 15373
       weight: 95
     - destination:
         host: rollouts-demo-canary
+        port:
+          number: 15373
       weight: 5
   tls:
   - match:
@@ -187,4 +290,4 @@ spec:
 ```
 
 As the Rollout progresses through steps, the HTTP and/or TLS route(s) destination weights will be
-adjusted to match the current `setWeight` of the steps.
+adjusted to match the current `setWeight` of the steps.

docs/getting-started/istio/multipleVirtualsvc.yaml

@@ -0,0 +1,72 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: rollouts-demo-vsvc1
+spec:
+  gateways:
+  - rollouts-demo-gateway
+  hosts:
+  - rollouts-demo-vsvc1.local
+  http:
+  - name: primary
+    route:
+    - destination:
+        host: rollouts-demo-stable
+        port:
+          number: 15372
+      weight: 100
+    - destination:
+        host: rollouts-demo-canary
+        port:
+          number: 15372
+      weight: 0
+  tls:
+  - match:
+    - port: 3000
+      sniHosts:
+      - reviews.bookinfo.com
+      - localhost
+    route:
+    - destination:
+        host: rollouts-demo-stable
+      weight: 100
+    - destination:
+        host: rollouts-demo-canary
+      weight: 0
+
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: rollouts-demo-vsvc2
+spec:
+  gateways:
+  - rollouts-demo-gateway
+  hosts:
+  - rollouts-demo-vsvc2.local
+  http:
+  - name: secondary
+    route:
+    - destination:
+        host: rollouts-demo-stable
+        port:
+          number: 15373
+      weight: 100
+    - destination:
+        host: rollouts-demo-canary
+        port:
+          number: 15373
+      weight: 0
+  tls:
+  - match:
+    - port: 3000
+      sniHosts:
+      - reviews.bookinfo.com
+      - localhost
+    route:
+    - destination:
+        host: rollouts-demo-stable
+      weight: 100
+    - destination:
+        host: rollouts-demo-canary
+      weight: 0

docs/getting-started/istio/rollout.yaml

@@ -10,10 +10,13 @@ spec:
       stableService: rollouts-demo-stable
       trafficRouting:
         istio:
-          virtualService:
-            name: rollouts-demo-vsvc
+          virtualServices:
+          - name: rollouts-demo-vsvc1 # At least one virtualService is required
             routes:
             - primary # At least one route is required
+          - name: rollouts-demo-vsvc2
+            routes:
+            - secondary # At least one route is required
       steps:
       - setWeight: 5
       - pause: {}

manifests/crds/rollout-crd.yaml

@@ -558,8 +558,31 @@ spec:
                                 required:
                                 - name
                                 type: object
-                            required:
-                            - virtualService
+                              virtualServices:
+                                items:
+                                  properties:
+                                    name:
+                                      type: string
+                                    routes:
+                                      items:
+                                        type: string
+                                      type: array
+                                    tlsRoutes:
+                                      items:
+                                        properties:
+                                          port:
+                                            format: int64
+                                            type: integer
+                                          sniHosts:
+                                            items:
+                                              type: string
+                                            type: array
+                                        type: object
+                                      type: array
+                                  required:
+                                  - name
+                                  type: object
+                                type: array
                             type: object
                           nginx:
                             properties: