All Products
Search
Document Center

Alibaba Cloud Service Mesh:Manage service entries

Last Updated:Mar 27, 2024

You can add an entry for an external service to the internal service registry of a Service Mesh (ASM) instance so that services in the ASM instance can access the external service. A service entry describes the properties such as the domain name, port, protocol, and endpoint of a service. This topic describes how to create, modify, and delete a service entry.

Usage notes

  • To prevent port conflicts with sidecars, do not use the following ports that are used by Envoy when you create service entries.

    Port

    Protocol

    Used by

    Description

    15000

    TCP

    Envoy

    The admin port of Envoy.

    15001

    TCP

    Envoy

    The outbound port of Envoy.

    15006

    TCP

    Envoy

    The inbound port of Envoy.

    15020

    HTTP

    Envoy

    The port used for merged Prometheus telemetry from the Istio proxy, Envoy, and application.

    15021

    HTTP

    Envoy

    The port used for health checks.

    15090

    HTTP

    Envoy

    The port used for Envoy Prometheus telemetry.

  • The following table describes the conventions for naming ports in service entries for external services.

    Protocol

    Port name

    Port name with a suffix

    HTTP

    http

    http-<Suffix>

    HTTP2

    http2

    http2-<Suffix>

    HTTPS

    https

    https-<Suffix>

    TLS

    tls

    tls-<Suffix>

    gRPC

    grpc

    grpc-<Suffix>

    TCP

    tcp

    tcp-<Suffix>

    UDP

    UDP

    udp-<Suffix>

    Mongo

    mongo

    mongo-<Suffix>

    MySQL

    mysql

    mysql-<Suffix>

    Redis

    redis

    redis-<Suffix>

  • Take note of the following items if you use HTTP, HTTPS, TLS, or TCP:

    • If you use HTTP, HTTPS, or TLS, you must specify the host in a service entry.

      apiVersion: networking.istio.io/v1alpha3
      kind: ServiceEntry
      metadata:
        name: aliyun
      spec:
        hosts:
        - www.aliyun.com
        - aliyun.com
        ports:
        - number: 443
          name: https
          protocol: HTTPS
        resolution: DNS
        location: MESH_EXTERNAL
    • If you use TCP, you must specify the IP address range in a service entry.

      apiVersion: networking.istio.io/v1alpha3
      kind: ServiceEntry
      metadata:
        name: mysql-external
      spec:
        hosts:
        - mysql-01.foo.bar
        addresses:
        - 10.0.0.5/32
        - 10.0.0.6/32
        ports:
        - name: tcp
          number: 3306
          protocol: tcp
        location: MESH_EXTERNAL
  • If multiple external services share the same TCP port, you must distinguish the IP addresses of the services.

    • External service 1

      apiVersion: networking.istio.io/v1beta1
      kind: ServiceEntry
      metadata:
        name: external-svc-1
        namespace: default
      spec:
        hosts:
        - fqdna.fqdn.com
        addresses:
        - 10.0.0.0
        location: MESH_EXTERNAL
        ports:
        - name: TCP
          number: 3306
          protocol: TCP
        resolution: DNS
    • External service 2

      apiVersion: networking.istio.io/v1beta1
      kind: ServiceEntry
      metadata:
        name: external-svc-2
        namespace: default
      spec:
        hosts:
        - fqdnb.fqdn.com
        addresses:
        - 10.1.0.0
        location: MESH_EXTERNAL
        ports:
        - name: TCP
          number: 3306
          protocol: TCP
        resolution: DNS
  • By default, the entry that you create for an external service in an ASM instance is valid in all namespaces. To allow only services in the namespace in which you create an entry for an external service to access the external service, you can add the exportTo parameter and set the parameter to "." when you create the service entry.

    apiVersion: networking.istio.io/v1alpha3
    kind: ServiceEntry
    metadata:
      name: aliyun
    spec:
      hosts:
      - www.aliyun.com
      exportTo:
      - "."
      ports:
      - number: 443
        name: https
        protocol: HTTPS
      resolution: DNS
      location: MESH_EXTERNAL
  • We recommend that you enable Domain Name System (DNS) resolution. The DNS resolution feature ignores the original destination IP address, directs traffic to the specified host, and then performs a DNS query to obtain the IP address of the specified host.

    apiVersion: networking.istio.io/v1alpha3
    kind: ServiceEntry
    metadata:
      name: aliyun
    spec:
      hosts:
      - '*.aliyun.com'
      addresses:
       - 192.168.0.0
       - 172.16.0.0
      location: MESH_EXTERNAL
      ports:
      - number: 443
        protocol: https
        name: https
      resolution: DNS

    resolution: To enable DNS resolution, set this parameter to DNS. To disable DNS resolution, set this parameter to NONE.

Create a service entry

  1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

  2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose Cluster & Workload Management > External Service(ServiceEntry). On the page that appears, click Create from YAML.

  3. On the Create page, select a namespace and a scenario template, modify the configuration in the YAML code editor based on your business requirements, and then click Create.

    For more information about fields, see Service Entry.

Modify a service entry

  1. On the details page of the ASM instance, choose Cluster & Workload Management > External Service(ServiceEntry) in the left-side navigation pane.

  2. On the External Service(ServiceEntry) page, find the service entry that you want to modify and click YAML in the Actions column.

  3. In the Edit dialog box, modify the configurations of the service entry and click OK.

Delete a service entry

  1. On the details page of the ASM instance, choose Cluster & Workload Management > External Service(ServiceEntry) in the left-side navigation pane.

  2. On the External Service(ServiceEntry) page, find the service entry that you want to delete and click Delete in the Actions column.

  3. In the Submit message, click OK.