Service Entries¶
Service entries allow you to add external services, web APIs, or virtual machines to the internal service registry of the service mesh. Once a service entry is added, the Envoy proxy can route traffic to that external service, and the service mesh can perform traffic management on that external service using virtual services and destination rules, just like any other service within the mesh.
The service mesh provides two ways to create service entries with wizard and YAML.
Create with Wizard¶
This method is straightforward and intuitive.
-
After entering the selected mesh, click Traffic Management -> Service Entries in the left navigation bar, and then click the Create button at the top right corner.
-
On the Create Service Entry page, configure the parameters and click OK . For the meaning of each parameter, refer to the Parameter Description section.
-
Return to the service entry list, and you will see a message indicating successful creation.
-
On the right side of the list, click the ┇ icon in the Actions column to perform more operations through the pop-up menu.
Create with YAML¶
-
After entering the selected mesh, click Traffic Management -> Service Entries in the left navigation bar, and then click the Create with YAML button at the top right corner.
-
Select a namespace, choose a template, modify the parameter values, or directly import an existing YAML file. After confirming the parameters are correct, click OK .
-
Return to the service entry list, and you will see a message indicating successful creation.
Here is an example of a standard service entry YAML:
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: entry01
namespace: istio-system
spec:
addresses:
- 127.10.18.65
endpoints:
- address: 127.10.18.78
ports:
test: 9980
exportTo:
- istio-system
hosts:
- test.service
location: MESH_INTERNAL
ports:
- name: test
number: 9980
protocol: HTTP
workloadSelector: {}
status: {}
Parameter Description¶
The meanings of the parameters in the above YAML file and the guided creation are briefly explained below.
-
Hosts
The service name. It can be used to match the
hosts
field in traffic management policies (virtual services and destination rules).- In HTTP traffic, the service name will be the HTTP host or Authority header.
- In HTTP or TLS traffic with SNI names, the service name will be the SNI name.
-
Addresses
The service addresses. It is the virtual IP address associated with the service or a CIDR prefix.
- If the
addresses
field is set, it matches the service name and IP/CIDR of incoming HTTP traffic to determine if it belongs to this service. - If the
addresses
field is empty, the traffic will be identified by the target port only. In this case, no other services in the mesh can share the same port, and the sidecar will forward all incoming traffic on that port to the specified target IP/host.
- If the
-
Ports
The service ports. They are the ports associated with the service. If the endpoint is a Unix domain socket address, there must be a port.
-
Location
The service location. It requires a valid IP address and indicates whether the service is within the mesh.
-
Resolution
The resolution mode. It provides various ways to resolve service addresses:
- NONE: Directly forwards traffic to the service address or service endpoint address (if it exists).
- STATIC: Uses the static addresses in the service endpoint.
- DNS: Attempts to resolve the IP address by asynchronously querying the environment DNS.
- If no service endpoint is set and no wildcard is used, it resolves the DNS address specified in the service name field.
- If a service endpoint is specified, it resolves the DNS address specified in the service endpoint. DNS resolution cannot be used with Unix domain socket endpoints.
- DNS_ROUND_ROBIN: Similar to DNS mode, it also attempts to resolve the IP address by asynchronously querying the environment DNS. The difference is that DNS_ROUND_ROBIN mode only uses the first IP address returned after establishing the connection, rather than relying on the complete result of DNS resolution.
-
Endpoint
The service endpoint. It contains information about the associated endpoints such as IP address, port, and service port name.
-
WorkloadSelector
Workload selector labels. A key-value pair used to select the workload of internal services within the mesh. This option is mutually exclusive with service endpoints.