Route to external services
Enable services in your service mesh to route to endpoints that are located outside the service mesh.
In some cases, one of your Istio-managed apps might need to communicate with services that are external to the service mesh. For example, your app might need to contact a public API or an on-prem database. If you installed Istio with the REGISTRY_ONLY option, communication is allowed only between services in the mesh. Communication to services outside the mesh is prohibited. To allow services in the mesh to talk to services outside the mesh, you can leverage Gloo ExternalService and ExternalEndpoint custom resources. Gloo Mesh translates these resources into an Istio ServiceEntry.
To learn more about how to set up routing to external services, see the following guides:
-
Route to an external service directly: Allow services in the mesh to send traffic to an external IP address, CIDR, or hostname directly.
-
Create internal DNS entries for external endpoints: Create internal DNS entries that services in the mesh use to reach an external endpoint.
-
Block egress traffic with an egress gateway: Route all egress traffic for an external service through an egress gateway and ensure that only certain services in the mesh can send requests to the external endpoint that it serves.
For more information about external services and external endpoints, see the following resources:
- Routing to external services
- Gloo Mesh API docs for ExternalEndpoint
- Gloo Mesh API docs for ExternalService