I have an external IBM MQ application and I want to access it from within the mesh being able to apply resilience features on top of it.
The way I thought to do it is:
-define a host for the external app: “external-mq”. I am doing it with a Service Entry that knows to map “external-mq” to an IP address or another external DNS.
-use the “external-mq” host name in consumer apps inside the mesh. So these apps inside the mesh don’t care and don’t know that this service is actually external. In practice I won’t have the “external” word in the host.
-create a virtual service that applies network resilience features for the “external-mq” host.
Is this scenario achievable in Istio?
I also opened an issue for this but I didnt receive yet a working solution: Service Entry not working · Issue #40190 · istio/istio · GitHub
Did you manage to solve this? I’m facing a similar problem, where I’d like to move a core application from it’s current cluster to an isolated one (for…reasons…) and I thought I could make the client applications continue to use the original, internal name while redirecting the requests using external service.
I did the same tests as you and also didn’t achieve anything…
@Iustin (and everyone else who may look for this):
I managed to solve this doing the following:
- keep/create a ClusterIP service pointing to nowhere (no need to have an deployment associated)
- Create a VirtualService to capture the above service and change it’s authority to the external hostname
- Create a DestinationRule to forward the request to the external service
- Create a ServiceEntry corresponding to the external service
Here is an example:
- name: http
- name: https
- name: http
In this case I’m redirecting a HTTP internal service to a HTTPS external service. But I hope this can put you on the right track.