Service Entries

(as always, sorry for the lack of posts, blah blah, mea culpa, blah).

I’ve just been reminded that “ServiceEntries” are missing from my Istio course. Many apologies to anyone who has been invonvienced by this – it was I chapter I sadly chopped out as the release deadline was looming.

The next update of the course WILL definitely cover this (alongside mirroring, authentication/authorization and a few other things). But, for now, Service Entries are pretty simple…

If you are making calls to an external service outside the cluster – it can be anything, a database or just some REST endpoint from another provider – then you can create a “ServiceEntry” which you can just think of as an external service.

Although the session on ServiceEntries was lost from the course outline, you can see that I was planning it, because the warmup exercise actually has a service entry inside it. See lines 252-267 of the 4-application-full-stack.yaml (in warmup_exercise). It looks like this:

    kind: ServiceEntry
      name: fleetman-driver-monitoring
      location: MESH_EXTERNAL
      - number: 80
        name: http-port
        protocol: HTTP
      - number: 443
        name: https-port-for-tls-origination
        protocol: HTTPS
      resolution: DNS

This is declaring that our application is going to be calling a REST endpoint on port 80 at the address (the actual URL in the course code is a real domain, but pointing to a dummy external service I set up for the course – it’s meant to be a badly written, poorly performing service).

The advantage of this – you can now treat this service as if it were any other Istio service. So you can, for example, stop any traffic actually going to this service – this is exactly what we do in the course demo when we temporarily take the service out of action. And you will see the service appear in the monitoring such as Kiali.

It’s a very nice feature, and quite simple – just that block of yaml really.

But it should be on the course!