ExternalService and ZoneEgress
In scenarios when traffic to external services needs to be sent through a unique set of hosts you will configure ZoneEgress.
For example when there is:
- disabled passthrough mode
-
ZoneEgressdeployed -
ExternalServiceconfiguration that allows communicating withhttps://example.com.
When application makes a request to https://example.com, it will be first routed to ZoneEgress and then to https://example.com.
You can completely block your instances to communicate to things outside the mesh by disabling passthrough mode.
In this setup, applications will only be able to communicate with other applications in the mesh or external-services via the ZoneEgress.
The
ExternalServicewith the samekuma.io/servicename cannot mix dns names and IP addresses of the endpoint. Example:--- type: ExternalService mesh: default name: example-1 tags: kuma.io/service: example kuma.io/protocol: tcp networking: address: example.com:443 --- type: ExternalService mesh: default name: example-2 tags: kuma.io/service: example kuma.io/protocol: tcp networking: address: 192.168.0.1:443Copied!The above configuration is incorrect and configuration generation will fail.