Example of External Backend Service

[kferrone]

I have yet to figure out how to actually use an external URL as a virtual service. When the mesh has an egressFilter of DROP_ALL then your app must use a virtual service within the mesh. Please provide an example of how to do this. I have some codes below which attempt to setup example.com as a virtual service.

kind: Namespace
apiVersion: v1
metadata:
  name: debugger
  labels:
    app: debugger
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: Mesh
metadata:
  name: debugger
spec:
  namespaceSelector:
    matchLabels:
      app: debugger
  egressFilter:
    type: DROP_ALL
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualNode
metadata:
  name: example
  namespace: debugger
spec:
  listeners:
    - portMapping:
        port: 80
        protocol: http
  serviceDiscovery:
    dns:
      hostname: example.com
---
kind: VirtualService
apiVersion: appmesh.k8s.aws/v1beta2
metadata:
  name: example
  namespace: debugger
spec:
  awsName: example.com
  provider:
    virtualNode:
      virtualNodeRef:
        name: example
---
apiVersion: appmesh.k8s.aws/v1beta2
kind: VirtualNode
metadata:
  name: debugger
  namespace: debugger
spec:
  podSelector:
    matchLabels:
      app: debugger
  backends:
  - virtualService:
      virtualServiceRef:
        name: example
---
kind: Pod
apiVersion: v1
metadata:
  name: debugger
  namespace: debugger
  labels:
    app: debugger
spec:
  containers:
    - name: debugger
      image: 'curlimages/curl:latest'
      command:
        - /bin/sh
        - '-c'
        - tail -f /dev/null
      resources:
        limits:
          cpu: 200m
          memory: 256Mi
      imagePullPolicy: IfNotPresent
      stdin: true
      tty: true
  restartPolicy: Always

[fawadkhaliq]

Related issue: aws/aws-app-mesh-roadmap#2

[fawadkhaliq]

hi @kferrone, an example #336 has been added to demonstrate mesh egress filter ALLOW_ALL and DROP_ALL (with external services)