Skip to content

Service Entries

Service entries allow you to add external services, web APIs, or virtual machines to the internal service registry of the service mesh. Once a service entry is added, the Envoy proxy can route traffic to that external service, and the service mesh can perform traffic management on that external service using virtual services and destination rules, just like any other service within the mesh.

The service mesh provides two ways to create service entries: guided creation and YAML creation.

Guided Creation

This method is straightforward and intuitive.

  1. After entering the selected mesh, click Traffic Management -> Service Entries in the left navigation bar, and then click the Create button at the top right corner.

    Create

  2. On the Create Service Entry page, configure the parameters and click OK . For the meaning of each parameter, please refer to the Parameter Description section.

    Configure Parameters

  3. Return to the service entry list, and you will see a message indicating successful creation.

  4. On the right side of the list, click the icon in the Actions column to perform more operations through the pop-up menu.

YAML Creation

  1. After entering the selected mesh, click Traffic Management -> Service Entries in the left navigation bar, and then click the YAML Creation button at the top right corner.

    YAML Creation

  2. Select a namespace, choose a template, modify the parameter values, or directly import an existing YAML file. After confirming the parameters are correct, click OK .

    YAML Parameter Configuration

  3. Return to the service entry list, and you will see a message indicating successful creation.

Here is an example of a standard service entry YAML:

apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: entry01
  namespace: istio-system
spec:
  addresses:
  - 127.10.18.65
  endpoints:
  - address: 127.10.18.78
    ports:
      test: 9980
  exportTo:
  - istio-system
  hosts:
  - test.service
  location: MESH_INTERNAL
  ports:
  - name: test
    number: 9980
    protocol: HTTP
  workloadSelector: {}
status: {}

Parameter Description

The meanings of the parameters in the above YAML file and the guided creation are briefly explained below.

  • Hosts

    The service name. It can be used to match the hosts field in traffic management policies (virtual services, destination rules, etc.).

    • In HTTP traffic, the service name will be the HTTP host or Authority header.
    • In HTTP or TLS traffic with SNI names, the service name will be the SNI name.

  • Addresses

    The service addresses. It is the virtual IP address associated with the service or a CIDR prefix.

    • If the Addresses field is set, it matches the service name and IP/CIDR of incoming HTTP traffic to determine if it belongs to this service.
    • If the Addresses field is empty, the traffic will be identified by the target port only. In this case, no other services in the mesh can share the same port, and the sidecar will forward all incoming traffic on that port to the specified target IP/host.

  • Ports

    The service ports. They are the ports associated with the service. If the endpoint is a Unix domain socket address, there must be a port.

  • Location

    The service location. It requires a valid IP address and indicates whether the service is within the mesh.

  • Resolution

    The resolution mode. It provides various ways to resolve service addresses:

    • NONE: Directly forwards traffic to the service address or service endpoint address (if it exists).
    • STATIC: Uses the static addresses in the service endpoint.
    • DNS: Attempts to resolve the IP address by asynchronously querying the environment DNS.
    • If no service endpoint is set and no wildcard is used, it resolves the DNS address specified in the service name field.
    • If a service endpoint is specified, it resolves the DNS address specified in the service endpoint. DNS resolution cannot be used with Unix domain socket endpoints.
    • DNS_ROUND_ROBIN: Similar to DNS mode, it also attempts to resolve the IP address by asynchronously querying the environment DNS. The difference is that DNS_ROUND_ROBIN mode only uses the first IP address returned after establishing the connection, rather than relying on the complete result of DNS resolution.

  • Endpoint

    The service endpoint. It contains information about the associated endpoints such as IP address, port, and service port name.

  • WorkloadSelector

    Workload selector labels. A key-value pair used to select the workload of internal services within the mesh. This option is mutually exclusive with service endpoints.

Comments