Reachable Backends

Reachable Backends provides similar functionality to Reachable Services, but it applies to resources such as MeshService, MeshExternalService, and MeshMultiZoneService.

By default, each data plane proxy tracks all other data planes in the mesh, which can impact performance and use more resources. Configuring reachableBackends allows you to specify only the services your application actually needs to communicate with, improving efficiency.

Unlike Reachable Services, Reachable Backends uses a structured model to define the resources.

Model

• refs: Lists the resources your application needs to connect with, including:
  • kind: Type of resource. Options include:
    • MeshService
    • MeshExternalService
    • MeshMultiZoneService
  • name: Name of the resource.
  • namespace: (Kubernetes only) Namespace where the resource is located. Required if using namespace.
  • labels: A list of labels to match resources. You can define either labels or name.
  • port: (Optional) Port for the service, used with MeshService and MeshMultiZoneService.

apiVersion: apps/v1
kind: Pod
metadata:
  name: demo-app
  namespace: kuma-demo
  annotations:
    kuma.io/reachable-backends: |
      refs:
      - kind: MeshService
        name: redis
        namespace: kuma-demo
        port: 8080
      - kind: MeshMultiZoneService
        labels:
          kuma.io/display-name: test-server
      - kind: MeshExternalService
        name: mes-http
        namespace: kuma-system
...

name: {{ name }}
networking:
  address: {{ address }}
  inbound:
    - port: {{ port }}
      tags:
        kuma.io/service: demo-app
  transparentProxying:
    redirectPortInbound: 15006
    redirectPortOutbound: 15001
    reachableBackends:
      refs:
      - kind: MeshService
        name: redis
      - kind: MeshMultiZoneService
        labels:
          kuma.io/display-name: test-server
      - kind: MeshExternalService
        name: mes-http

Examples

demo-app communicates only with redis on port 6379

apiVersion: apps/v1
kind: Pod
metadata:
  name: demo-app
  namespace: kuma-demo
  annotations:
    kuma.io/reachable-backends: |
      refs:
      - kind: MeshService
        name: redis
        namespace: kuma-demo
        port: 6379
...

type: Dataplane
mesh: default
name: {{ name }}
networking:
  address: {{ address }}
  inbound:
  - port: {{ port }}
    tags:
      kuma.io/service: demo-app
  transparentProxying:
    redirectPortInbound: 15006
    redirectPortOutbound: 15001
    reachableBackends:
      refs:
      - kind: MeshService
        name: redis
        port: 6379

demo-app doesn’t need to communicate with any service

apiVersion: apps/v1
kind: Pod
metadata:
  name: demo-app
  namespace: kuma-demo
  annotations:
    kuma.io/reachable-backends: ""
...

type: Dataplane
mesh: default
name: {{ name }}
networking:
  address: {{ address }}
  inbound:
    - port: {{ port }}
      tags:
        kuma.io/service: demo-app
  transparentProxying:
    redirectPortInbound: 15006
    redirectPortOutbound: 15001
    reachableBackends: {}

demo-app communicates with all MeshServices in the kuma-demo namespace

apiVersion: apps/v1
kind: Deployment
metadata:
  name: demo-app
  namespace: kuma-demo
  annotations:
    kuma.io/reachable-backends: |
      refs:
      - kind: MeshService
        labels:
          k8s.kuma.io/namespace: kuma-demo
...