A public service is a service that you expose outside its global namespace to the Internet. You make a service public so that external users can make requests to it. You configure a public service in its global namespace.

For example, you have a sample e-commerce application where users can order online, and this application includes a frontend service. You want to make this service public at store.acme.com to receive and respond to user requests. When users type store.acme.com in their browsers and submit orders on your application website, the frontend service receives and handles the orders.

To create a public service in Tanzu Service Mesh, you must describe its configuration, including the URL at which it will be accessible, in its global namespace. If you want to make the service accessible at an HTTPS URL, you must specify the Transport Layer Security (TLS) certificate to use to secure incoming and outgoing traffic for the service.

If you want Tanzu Service Mesh to periodically check whether the public service is reachable and functional, you must define health-check settings in the configuration. If health checks are configured, Tanzu Service Mesh will periodically send HTTP or HTTPS requests to a specified port and, if provided, a specified URL path to determine whether the service is healthy.

Note:

You can configure a public service in a global namespace before adding that service to the global namespace. When you add the service to the global namespace, Tanzu Service Mesh will read its configuration and make it public according to the settings that you specified.

Prerequisites

Before you create a public service, verify the following prerequisites:

  • You have chosen the domain for the URL at which the service will be accessible.

  • You have created an integration account with the external DNS service that manages the domain that you want to use for the public service. For more information about creating integration accounts, see Manage Integrations.

  • You have created an external DNS and specified in the external DNS the domain provider that manages the public service's domain. For more information, see Manage Domains.

  • If you want to use an HTTPS URL for your service, you have added a TLS certificate for the service. The certificate must match the domain you specify for the public service. This certificate will be used to encrypt incoming and outgoing traffic for the service. For more information, see Manage Certificates.

  • You have added the public service to an appropriate global namespace. For information about creating a global namespace and adding services to it, see Connect Services Across Clusters with a Global Namespace.

Procedure

  1. In the navigation pane on the left, click Inventory > Global Namespaces.
  2. On the Global Namespaces page, in the table, click the three vertical dots to the left of the name of the global namespace where you want to configure a public service and then click Edit on the menu.
  3. In the Edit Global Namespace wizard, go to the Public Services page by clicking Next on the General Details page and then on the Service Mapping page.
  4. On the Public Services page, click Configure Public Service(s) and perform these steps.
    1. In Service Name, select the service that you want to make public.

      The Service Name drop-down menu displays the names of the services in the global namespace.

      If you want to create a public service that is not in the global namespace yet, type the name of the service in Service Name. When the service is added to the global namespace, Tanzu Service Mesh will make it public according to the configuration.

    2. In Service Port, specify the port on which the service will be accessible.

      If a single port is defined for the service in the service configuration, that port is selected by default. If more than one port is defined, select the port that you want to use. You can also specify a port number that is not on the list.

      Note:

      The list in Service Port contains the ports exposed by the service. You can enter a port that is not on the list if, for example, you plan to change the service configuration later to have it expose that port. However, the public service will not work until a specified port is exposed by the service.

    3. Next to Public URL(s), specify the parts of the URL at which the service will be accessible: the protocol, subdomain, and domain.

      The domains that are available for selection depend on the DNS accounts that have been defined for your global namespace.

      Note:

      The subdomain can be up to 255 characters long.

      In our example of the frontend service in an e-commerce application, we would select https, type a subdomain of store , and select acme.com as the domain.

    4. If you select https, in Certificate, select the name of the certificate that you want to use for the service.

      You can select from the certificates that your administrator has defined.

      The URL that you have specified for the service appears at the bottom of the Public URL(s) area, to the right of The service will be available at, for example, https://store.acme.com.

    5. To define another URL for the public service, click Add Public URL and repeat steps c–d.
      Note:

      To delete a URL of the public service, in the upper-right corner of the URL section, click Delete.

    6. To configure each additional public service in the global namespace, click Add Public Service and repeat steps a–e.
  5. (Optional) To configure health checks for the public service, perform these steps.
    1. On the Public Services page, click Next.
    2. On the Health Checks page, to configure health checks for all or some of the public services in the global namespace, click Configure Service Health Checks.

      If you don't want to configure health checks for the public services in the global namespace, click No Service Health Checks and click Next.

      Note:
      • Currently, health checks are available only for the public services in a global namespace. If no public services are configured in the global namespace, the message no public services configured appears when you select Configure Service Health Checks.

      • If more than one public URL is specified for the service on the Public Services page, you can specify separate health-check settings for each URL.

      Under Global Load Balancing Health Checks, the name and URL of each public service configured in the global namespace is displayed. You can select from two health-check options for each service.

    3. Select a health-check option for each service.

      Option

      Description

      No Health Checks

      Select this option if you don't want to configure health checks for this service.

      Default TSM Health Checks

      Use the following default health-check settings for the service:

      • Protocol. The protocol (HTTPS or HTTP) to use for health-check requests. The default protocol matches the protocol specified for each public URL of the service on the Public Services page.

      • Port. The port to which Tanzu Service Mesh sends health-check requests. The default port is 80 for HTTP or 443 for HTTPS.

      • Relative Path. This optional setting specifies the URL path to which Tanzu Service Mesh sends health-check requests. The default value is None. The default value means that no relative path is used and that health-check requests are sent to the URL at which the public service is exposed.

      • Health Check Interval. The amount of time between health-check requests in seconds. The default interval is 30 seconds; that is, Tanzu Service Mesh sends health-check requests to the service every 30 seconds.

      • Health & Unhealthy Threshold. The number of consecutive failed health checks for the service to be considered unhealthy, or the number of consecutive successful health checks for the service to be considered healthy. The default threshold is 3. This means that Tanzu Service Mesh determines that the service is unhealthy after three consecutive failed health-check requests and then considers the service healthy after the subsequent three successful requests.

      Note:

      To view these default settings, point to the information icon to the right of Default TSM Health Checks.

  6. Click Next.

    The Configuration Summary page, under Public Services, displays the names of the configured public services and the URL at which each service is accessible.

  7. To save the public services you have configured in the global namespace, click Finish.

Results

To edit the configuration of a public service or configure additional public services in the global namespace, perform steps 1 –4 of this procedure.