The external service wildcard support in the Tanzu Service Mesh Global Namespace allows services inside Tanzu Service Mesh global namespace to connect to external servers whose hostnames are in wildcard format (e.g. *.google.com, *.wikipedia.com). With wildcard, you can choose exactly which servers to connect to among the set of wildcard servers, while the external service end points option load balances between external service endpoints.
Configuration Rules
If we configure HTTPS/TLS wildcard external service, the service port should not match any of the endpoint ports or External URL port.
From a service inside a Tanzu Service Mesh global namespace, an HTTPS wildcard external service can be accessed only through HTTP protocol (even though the External Server is HTTPS).
Access to TLS wildcard external service is only possible through TCP protocol from a service in a global namespace (even though the External Server is TLS).
Currently, Tanzu Service Mesh offers the option to use wildcards to match subdomains of external service hostnames.
Example hostname : www.wikipedia.org www - subdomain wikipedia - second level domain org - top level domain
In order for a wildcard external service to work, there must be a live www. subdomain server in the list of external servers.
Example wildcard server : www.google.com ----------> live www subdomain translate.google.com carrers.google.com
Configure Wildcard External Service
Go to the global namespace External Services configuration page.
Specify the subdomain of external service to * to represent the wildcard.
-
You may configure certificates (optional) for wildcard external servers if they are HTTPS/TLS servers. Choose the appropriate certificate from the certificate options, or upload a new certificate.
You can see that alias names and endpoints have been blocked because this will create access conflicts.
Access wildcard external traffic
Traffic Visibility and Monitoring
