On this page
ExternalService
ExternalService API reference.
Proto: external_service.proto
Package: networking.gloo.solo.io
Types:
ExternalServiceReport
| Field | Description |
|---|---|
workspaces | (repeated ExternalServiceReport.WorkspacesEntry) |
appliedDestinationPolicies | (repeated ExternalServiceReport.AppliedDestinationPoliciesEntry)A map of policy GVK to policy references for all the policies that are applied on this resource. |
selectedExternalEndpoints | (repeated common.gloo.solo.io.ObjectReference)The list of endpoints selected by this external service. |
ownerWorkspace | (string)The name of the workspace that owns the ExternalService. |
ExternalServiceReport.AppliedDestinationPoliciesEntry
| Field | Description |
|---|---|
key | (string) |
value | (common.gloo.solo.io.AppliedDestinationPortPolicies) |
ExternalServiceReport.WorkspacesEntry
| Field | Description |
|---|---|
key | (string) |
value | (common.gloo.solo.io.Report) |
ExternalServiceSpec
ExternalService defines a destination for routing which exist outside the mesh. This could for example be a web API or a set of virtual machines that are not running in Kubernetes. When an ExternalService is defined for a given workspace, it can be used as a Destination in Routes, as well as called directly via its specified hostname. Resolution of the IP addresses for external services can be done via DNS or provided statically using the ExternalEndpoint object.
| Field | Description |
|---|---|
hosts | (repeated string)(mutually exclusive with addresses): The List of hostnames which will resolve to this service. These hosts must be unique among all ExternalServices and VirtualHosts within a workspace. Both FQDN and wildcard prefix domains are supported. TLS origination to ExternalServices is supported with use of the ClientsideTls property. Warning: If you do not use an egress gateway to route all egress traffic through, and you use a wildcard prefix domain for the host without selecting any ExternalEndpoints, the REGISTRY_ONLY outbound traffic policy can be bypassed and traffic can be sent to any external service by using a TCP passthrough listener on the sidecar proxy. |
addresses | (repeated string)(mutually exclusive with hosts): The List of ipv4 or ipv6 addresses which will be associated to this service. Can be CIDR prefixes. These addresses must be unique among all ExternalServices within a workspace. |
ports | (repeated ExternalServiceSpec.Port)The associated ports of the external service. |
selector | (repeated ExternalServiceSpec.SelectorEntry)Selecting ExternalEndpoints will provide the addresses used for routing traffic to on the ExternalService’s hosts. An empty selector will not select any endpoints. If no endpoints are selected, requests will be routed to the provided hosts using dns resolution. |
subjectAltNames | (repeated string)A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate’s subject alt name matches one of the specified values. Only applicable when using TLS to communicate with the ExternalService. |
ExternalServiceSpec.Port
Port establishes a new port that will be exposed on an ExternalService.
| Field | Description |
|---|---|
number | (uint32)The port number. Must be a valid, non-negative integer port number. |
targetPort | (common.gloo.solo.io.PortSelector)(optional): The port number or name used to match the corresponding port on the ExternalService’s backing ExternalEndpoints. All of the backing ExternalEndpoints for this ExternalService must contain this port, matching by name or number. If no backing ExternalEndpoints are provided, a name selector is invalid, and requests will be routed to the provided hosts on the port number specified. If unspecified, will default to the value of the port number field above. |
name | (string)A label for the port, eg “http”. |
protocol | (string)The protocol used in communication with this destination MUST be one of the following: HTTP, HTTPS, GRPC, HTTP2, MONGO, TCP, TLS. |
clientsideTls | (ExternalServiceSpec.Port.TlsConfig)The tls config for the given port. If the protocol is HTTPS or TLS, the ExternalService will be configured to use TLS automatically. If used in conjunction with targetPort this can be used for TLS Origination. For example, port: 80, targetPort: 443, with ClientsideTls will cause port 80 traffic from workloads to be forwarded to 443 resulting in HTTPS traffic over the internet with TLS originating at the sidecar proxy. |
ExternalServiceSpec.Port.TlsConfig
| Field | Description |
|---|---|
sni | (string)SNI string to present to the server during TLS handshake. If there is a single host in the hosts list, this will be used as the SNI string. |
mode | (ExternalServiceSpec.Port.TlsConfig.tls_mode)tls mode passed to corresponding DestinationRules’ tls traffic policy MUST be one of the following: SIMPLE, MUTUAL, ISTIO_MUTUAL, DISABLED |
clientCertificate | (string)REQUIRED if mode is MUTUAL. Should be empty if mode is ISTIO_MUTUAL. The file path to the client-side TLS certificate to use, which should be mounted onto the proxy of the specific workload communicating with the external service. |
privateKey | (string)REQUIRED if mode is MUTUAL. Should be empty if mode is ISTIO_MUTUAL. The file path to the client’s private key, which should be mounted onto the proxy of the specific workload communicating with the external service. |
caCertificates | (string)Should be empty if mode is ISTIO_MUTUAL. The file path to the file containing CA certificates used to verify server certificates, which should be mounted onto the proxy of the specific workload communicating with the external service. If omitted, the proxy will not verify the server’s certificate. |
ExternalServiceSpec.SelectorEntry
| Field | Description |
|---|---|
key | (string) |
value | (string) |
ExternalServiceStatus
reflects the status of the ExternalService
| Field | Description |
|---|---|
common | (common.gloo.solo.io.Status) |
numAppliedDestinationPolicies | (repeated ExternalServiceStatus.NumAppliedDestinationPoliciesEntry)A map of policy GVK to policy references for all policies that are applied on this resource. |
numSelectedExternalEndpoints | (uint32)The number of external endpoints selected by this external service. |
ownedByWorkspace | (string)The name of the workspace that owns the external service. |
ExternalServiceStatus.NumAppliedDestinationPoliciesEntry
| Field | Description |
|---|---|
key | (string) |
value | (uint32) |
ExternalServiceSpec.Port.TlsConfig.tls_mode
| Name | Number | Description |
|---|---|---|
SIMPLE | 0 | |
DISABLE | 1 | |
MUTUAL | 2 | |
ISTIO_MUTUAL | 3 |