Is ServiceEntry needed?

JrCs · May 25, 2020, 2:01pm

Hi all,

I have a pod that need to contact an external HTTPS service.
The pod can resolved the IP of the external HTTPS service.
So without istio injected in the namespace my pod can connect to the external service.
If i enable the injection of istio in the namespace my pod can’t connect to the extenal service: i need to create a ServiceEntry so it can work normally.
Why do i need a ServiceEntry even if the external service can be resolved by DNS ?

sergii-s · May 25, 2020, 2:10pm

It’s a default behavior to allow you to control the access to external services in the same way as you do it inside your mesh. If you don’t want to use istio for this purpose then you can set meshConfig.outboundTrafficPolicy.mode flag to ALLOW_ANY and in this case istio proxy will not intercept calls to external services.

Or you can create ServiceEntry.

JrCs · May 25, 2020, 2:12pm

Thanks a lot for the answer @sergii-s

Topic		Replies	Views
Can I use ServiceEntry to create an alias for an external service?	2	718	March 14, 2023
External access https not passing through istio-proxy Networking	0	469	March 13, 2020
Gateway for EXTERNAL_MESH Service Entry?	0	650	January 29, 2019
Istio to legacy non-injected pods Networking	0	397	October 29, 2019
DNS and ServiceEntry	3	838	November 6, 2020

Is ServiceEntry needed?

Related Topics