Workloads

LatticeExternalService

Represents an external service outside the cluster mesh. Internal LatticeServices declare dependencies on external services using type: external-service resources. The controller creates Istio ServiceEntry and Cilium egress policies.

group: lattice.dev version: v1alpha1 scope: namespaced

Examples

stripe.yaml

apiVersion: lattice.dev/v1alpha1
kind: LatticeExternalService
metadata:
  name: stripe
  namespace: platform
spec:
  endpoints:
    api: https://api.stripe.com
    webhook: https://hooks.stripe.com
  allowedRequesters:
    - payment-service
    - checkout-service
  resolution: dns
  description: Stripe payment API

database.yaml

apiVersion: lattice.dev/v1alpha1
kind: LatticeExternalService
metadata:
  name: legacy-db
  namespace: platform
spec:
  endpoints:
    primary: tcp://10.0.0.5:5432
    replica: tcp://10.0.0.6:5432
  allowedRequesters:
    - "*"
  resolution: static

Spec

LatticeExternalService spec fields
Field	Type	Description
`endpoints`	map<string, string>	Named endpoint URLs (e.g., `api: https://api.stripe.com`).
`allowedRequesters`	[]string	Services allowed to access this external service. Use `"*"` for all.
`resolution`	Resolution	Endpoint resolution strategy. Default: `dns`.
`description`	string?	Human-readable description of the external service.

Resolution

Determines how endpoint addresses are resolved by the Istio ServiceEntry.

dns Resolve via DNS lookup.

static Use static IP addresses.

Supported URL Formats

Supported URL formats
Format	Description
`https://host`	Default port 443.
`http://host:port`	HTTP with explicit port.
`tcp://host:port`	Raw TCP connection.
`grpc://host:port`	gRPC connection.
`host:port`	Defaults to TCP.

Usage with LatticeService

Reference a LatticeExternalService from a LatticeService by declaring a resource with type: external-service and direction: outbound.

lattice-service-resource.yaml

resources:
  stripe:
    type: external-service
    direction: outbound

Status

LatticeExternalService status fields
Field	Type	Description
`phase`	ExternalServicePhase	Current phase: `Pending`, `Ready`, or `Failed`.
`message`	string?	Human-readable status message.
`conditions`	[]Condition	Standard Kubernetes conditions.
`observedGeneration`	i64?	Last observed `metadata.generation`.

ExternalServicePhase

Pending External service is being configured.

Ready Istio ServiceEntry and Cilium egress policies are active.

Failed Configuration failed. Check message and conditions for details.