Can ServiceEntry be used to match by uri for external services?

Networking
1

Hi,

I am implementing a service that needs to talk to an external service without the need to specify the hostname in the application code. What I am trying to achieve is that I want to be able to just call the /api/getUsers from one of my services inside the service mesh and it should match this endpoint with VirtualService and route traffic to external service defined in ServiceEntry. This way we don’t need to specify the full host name in any of our services in service mesh. It’s like making external service part of the mesh. I don’t know if it is supported by Istio yet or if there is a plan on adding this kind of feature. I went through the examples and they only work with port/protocol matching and not by URI.

My ServiceEntry and VirtualService config is:

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: external-api-sve
spec:
  hosts:
    - external-service.elb.amazonaws.com
  location: MESH_EXTERNAL
  ports:
  - number: 80
    name: http
    protocol: HTTP
  resolution: DNS
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: external-api-svc
spec:
  hosts:
  - external-service.elb.amazonaws.com
  http:
  - match:
    - uri:
        exact: /api/getUsers
    route:
    - destination:
        host: external-service.elb.amazonaws.com

Thanks for your time!

2

I’m not sure I understand what you are trying to accomplish. In particular, what does it mean to “just call the /api/getUsers from one of my services”? In every HTTP library I’m aware of, you need to put something for the hostname before you can do an HTTP request, otherwise how would the networking know where to open a socket to? Can you give a bit more detail, maybe including some sample client code for how you would want it to work?

3

Thanks for the prompt response. I was able to get it to work.

In the VirtualService I had to specify the gateway. Then in my client applications, all I had to do was specify the $INGRESS_HOST:$INGRESS_PORT and all client app services made requests to http:// $INGRESS_HOST:$INGRESS_PORT/api/getUsers. So I don’t need to specify http://external-service.elb.amazonaws.com/api/getUsers anywhere in client app. It is automatically routed to that host based on uri match.

It was just for a use case where an external API, managed by same organization, needs to be part of the service mesh and host value is managed through istio.