External service routing
Use external services to route to services outside your cluster.
Overview
In some cases, your gateways might need to route incoming requests to services that are external to your cluster. For example, you might want your gateway to serve endpoints in both a Kubernetes or OpenShift cluster and in your on-prem data center.
Because external endpoints cannot be automatically discovered by Gloo Mesh Gateway, you can leverage Gloo ExternalService custom resources to securely expose external endpoints. ExternalService resources set up service entries that the gateway uses to determine the routing rules to the external endpoint.
To learn how to set up routing to external services, see Route to external services.
For more information about external services, see the Gloo Mesh Gateway API docs for ExternalService.
Want to route to a serverless function? Try out the Gloo CloudProvider instead of an ExternalService custom resource. For more information, see AWS Lambda integration docs.
About external services
ExternalService resources are used to make external services known to the gateways in your Gloo cluster environment. These external services can refer to an external service that runs outside the cluster environment. Additionally, if you also ru an Istio service mesh in your Gloo environment, an external service can refer to a service outside the mesh but still within the cluster environment.
Consider an example where your ingress gateway needs to route incoming traffic requests to an external, on-prem database that is spread across multiple data centers. Each database instance is assigned a static IP address or hostname that you can use to connect to the instance. You can create an ExternalService resource and include the IP addresses, CIDR range, or hostnames to reach the database instances. Services in the mesh can now route traffic to these database instances by using the IP or hostname of the database instances directly. You also have the option to apply traffic policies to the ExternalService resource to control and manipulate the traffic before it is forwarded to these endpoints.
Example: Route to an IP or hostname directly
The following diagram shows how you can use an external service resource to route traffic to an endpoint by using the endpoint’s IP address, CIDR range, or hostname. To communicate with the external endpoint, the gateway must know the IP address or hostname of the external endpoint that it wants to reach. Note that no load balancing between external endpoints is provided. If the IP address or hostname of a database instance changes, you must update these values in the external service custom resource.
Apply overlapping external service configuration
In some cases, you might have overlapping configuration across multiple external service resources. Gloo Mesh Gateway validates the addresses that you specify in each external service, and does not translate an external service that defines the same address as an external service that already exists in your Gloo environment. However, you can apply external services that define the same address in different workspaces, if the workspaces do not import or export the external service resources between them. For example, you might represent the same database with the same address by applying an external service in a staging workspace and by applying an external service in a prod workspace. Because you do not import or export the external service resources between these two workspaces, the external service resources can be safely applied.