A public service is a way to expose a service outside its global namespace to enable external end users to access the service.

Typically, you have an application deployed in a global namespace and want to expose one or more services in the application outside the global namespace so that external clients can connect to it.

You configure a public service within the global namespace, including whether it is exposed as a secure service (over HTTPS) or an unsecure service (over HTTP).

In a typical scenario, you expose a service, for example, a service named frontend, to the public Internet so that end users can make requests to it from their devices. A user types the URL of the service, for example, https://frontend.acme.com, in their browser to access it and then makes a request to the service. Because making a service public is a security risk, carefully consider what services you want to expose.

You can use your public service in round-robin load balancing scenarios. For example, you add a public service to a global namespace that connects services from three clusters and deploy instances of that public service on each of those clusters. The round-robin load balancing algorithm rotates requests to the service among the instances on the different clusters.

You can also define health checks for a public service. In this scenario, Tanzu Service Mesh monitors the health of the service and eliminates unhealthy instances from the load balancing policy. When those unhealthy instances become healthy again, Tanzu Service Mesh resumes sending requests to them.

For information about creating public services, see Create a Public Service in the Using Tanzu Service Mesh documentation.