Skip to content
2023 API Summit Hackathon: Experiment with AI for APIs (August 28 - September 27) Learn More →
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
      Lightweight, fast, and flexible cloud-native API gateway
      Kong Konnect
      Single platform for SaaS end-to-end connectivity
      Kong Mesh
      Enterprise service mesh based on Kuma and Envoy
      decK
      Helps manage Kong’s configuration in a declarative fashion
      Kong Ingress Controller
      Works inside a Kubernetes cluster and configures Kong to proxy traffic
      Kong Gateway Operator
      Manage your Kong deployments on Kubernetes using YAML Manifests
      Insomnia
      Collaborative API development platform
      Kuma
      Open-source distributed control plane with a bundled Envoy Proxy integration
  • API Specs
  • Plugin Hub
    • Explore the Plugin Hub
      View all plugins View all plugins View all plugins arrow image
    • Functionality View all View all arrow image
      View all plugins
      Authentication's icon
      Authentication
      Protect your services with an authentication layer
      Security's icon
      Security
      Protect your services with additional security layer
      Traffic Control's icon
      Traffic Control
      Manage, throttle and restrict inbound and outbound API traffic
      Serverless's icon
      Serverless
      Invoke serverless functions in combination with other plugins
      Analytics & Monitoring's icon
      Analytics & Monitoring
      Visualize, inspect and monitor APIs and microservices traffic
      Transformations's icon
      Transformations
      Transform request and responses on the fly on Kong
      Logging's icon
      Logging
      Log request and response data using the best transport for your infrastructure
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
Kong Mesh
2.4.x (latest)
  • Home icon
  • Kong Mesh
  • Policies
  • Virtual Outbound
github-edit-pageEdit this page
report-issueReport an issue
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kong Ingress Controller
  • Kong Gateway Operator
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 2.4.x (latest)
  • 2.3.x
  • 2.2.x
  • 2.1.x
  • 2.0.x
  • 1.9.x
  • 1.8.x
  • 1.7.x
  • 1.6.x
  • 1.5.x
  • 1.4.x
  • 1.3.x
  • 1.2.x
enterprise-switcher-icon Switch to OSS
On this pageOn this page
  • Examples
    • Same as the default DNS
    • One hostname per version
    • Custom tag to define the hostname and port
    • One hostname per instance
  • All options

Virtual Outbound

This policy lets you customize hostnames and ports for communicating with data plane proxies.

Possible use cases are:

1) Preserving hostnames when migrating to service mesh. 2) Providing multiple hostnames for reaching the same service, for example when renaming or for usability. 3) Providing specific routes, for example to reach a specific pod in a service with StatefulSets on Kubernetes, or to add a URL to reach a specific version of a service. 4) Expose multiple inbounds on different ports.

Limitations:

  • When duplicate (hostname, port) combinations are detected, the virtual outbound with the highest priority takes over. For more information, see the documentation on how Kong Mesh chooses the right policy. All duplicate instances are logged.

conf.host and conf.port are processed as go text templates with a key-value pair derived from conf.parameters.

conf.selectors are used to specify which proxies this policy applies to.

For example a proxy with this definition:

type: Dataplane
mesh: default
name: backend-1
networking:
  address: 192.168.0.2
inbound:
  - port: 9000
    servicePort: 6379
    tags:
      kuma.io/service: backend
      version: v1
      port: 1800

and a virtual outbound with this definition:

type: VirtualOutbound
mesh: default
name: test
selectors:
  - match:
      kuma.io/service: "*"
conf:
  host: "{{.v}}.{{.service}}.mesh"
  port: "{{.port}}"
  parameters:
    - name: service
      tagKey: "kuma.io/service"
    - name: port
      tagKey: port
    - name: v
      tagKey: version

produce the hostname: v1.backend.mesh with port: 1800.

Additional requirements:

  • Transparent proxy .
  • Either data plane proxy DNS, or else the value of conf.host must end with the value of dns_server.domain (default value .mesh).
  • name must be alphanumeric. (Used as a go template key).
  • Each value of name must be unique.
  • kuma.io/service must be specified even if it’s unused in the template. (Prevents defining hostnames that spans services).

The default value of tagKey is the value of name.

For each virtual outbound, the Kong Mesh control plane processes all data plane proxies that match the selector. It then applies the templates for conf.host and conf.port and assigns a virtual IP address for each hostname.

Examples

The following examples show how to use virtual outbounds for different use cases.

Same as the default DNS

Kubernetes
Universal
apiVersion: kuma.io/v1alpha1
kind: VirtualOutbound
mesh: default
metadata:
    name: default
spec:
    selectors:
      - match:
          kuma.io/service: "*"
    conf:
      host: "{{.service}}.mesh"
      port: "80"
      parameters:
        - name: service
          tagKey: "kuma.io/service"
type: VirtualOutbound
mesh: default
name: default
selectors:
  - match:
      kuma.io/service: "*"
conf:
  host: "{{.service}}.mesh"
  port: "80"
  parameters:
    - name: service
      tagKey: "kuma.io/service"

One hostname per version

Kubernetes
Universal
apiVersion: kuma.io/v1alpha1
kind: VirtualOutbound
mesh: default
metadata:
  name: versioned
spec:
    selectors:
      - match:
          kuma.io/service: "*"
    conf:
      host: "{{.service}}.{{.version}}.mesh"
      port: "80"
      parameters:
        - name: service
          tagKey: "kuma.io/service"
        - name: version
          tagKey: "kuma.io/version"
type: VirtualOutbound
mesh: default
name: versioned
spec:
    selectors:
      - match:
          kuma.io/service: "*"
    conf:
      host: "{{.service}}.{{.version}}.mesh"
      port: "80"
      parameters:
        - name: service
          tagKey: "kuma.io/service"
        - name: version
          tagKey: "kuma.io/version"

Custom tag to define the hostname and port

Kubernetes
Universal
apiVersion: kuma.io/v1alpha1
kind: VirtualOutbound
mesh: default
metadata:
  name: host-port
spec:
    selectors:
      - match:
          kuma.io/service: "*"
    conf:
      host: "{{.hostname}}"
      port: "{{.port}}"
      parameters:
        - name: hostname
          tagKey: "my.mesh/hostname"
        - name: port
          tagKey: "my.mesh/port"
type: VirtualOutbound
mesh: default
name: host-port
selectors:
  - match:
      kuma.io/service: "*"
conf:
  host: "{{.hostname}}"
  port: "{{.port}}"
  parameters:
    - name: hostname
      tagKey: "my.mesh/hostname"
    - name: port
      tagKey: "my.mesh/port"
    - name: service

One hostname per instance

Enables reaching specific data plane proxies for a service. Useful for running distributed databases such as Kafka or Zookeeper.

Kubernetes
Universal
apiVersion: kuma.io/v1alpha1
kind: VirtualOutbound
mesh: default
metadata:
  name: instance
spec:
  selectors:
    - match:
        kuma.io/service: "*"
        statefulset.kubernetes.io/pod-name: "*"
  conf:
    host: "{{.svc}}.{{.inst}}.mesh"
    port: "8080"
    parameters:
      - name: "svc"
        tagKey: "kuma.io/service"
      - name: "inst"
        tagKey: "statefulset.kubernetes.io/pod-name"
type: VirtualOutbound
mesh: default
name: default
selectors:
  - match:
      kuma.io/service: "*"
      kuma.io/instance: "*"
conf:
  host: "inst-{{.instance}}.{{.service}}.mesh"
  port: "8080"
  parameters:
    - name: service
      tagKey: "kuma.io/service"
    - name: instance
      tagKey: "kuma.io/instance"

All options

Thank you for your feedback.
Was this page useful?
Too much on your plate? close cta icon
More features, less infrastructure with Kong Konnect. 1M requests per month for free.
Try it for Free
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023