A service mesh often spans one environment— for instance, one Kubernetes cluster. And together, all the connected services in that environment form the management domain of that mesh, from which you can view metrics and set policies.
But what if you are also running services outside the cluster, or you depend on external APIs?
Have no fear. Istio provides a resource called a
ServiceEntry that lets you logically bring external services into your mesh – even services you don't own.
When you create a ServiceEntry for an external hostname, you can view metrics and traces reaching all the way to that external service. You can even set traffic policies like retry logic on those external services. Adding
ServiceEntries effectively expands the reach of your Istio management domain. Let's see an example.
Here, we're running a global store website with a
currency service, responsible for converting product prices based on a user's locality. We rely on an third-party currency conversion API, the European Central Bank, to provide realtime exchange rates.
We want to set a 3-second timeout on all calls from services inside the mesh to this external API. We'll need two Istio resources to do this.
ServiceEntry, which logically adds the European Central Bank's hostname,
ecb.europa.eu, to the mesh:
apiVersion: networking.istio.io/v1alpha3 kind: ServiceEntry metadata: name: currency-api spec: hosts: - www.ecb.europa.eu ports: - number: 80 name: http protocol: HTTP - number: 443 name: https protocol: HTTPS
VirtualService traffic rule, to set a timeout for calls to the API:
apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: currency-timeout spec: hosts: - www.ecb.europa.eu http: - timeout: 3s route: - destination: host: www.ecb.europa.eu weight: 100
Once we create a ServiceEntry for the currency API, we can automatically see
ecb.europa.eu in our Kiali service graph (and instantly know who‘s calling it):
And we also get an automatic Grafana dashboard for this external service, to view data like response codes and latency:
See the Istio docs to learn more about managing and securing external services.