This is somewhat of a best practices question.
How far should I go with fully encapsulating a service within it’s bridge network?
The two specific situations I have are:
- A service querying Vault (to get RabbitMq credentials).
- A service connecting to MS SqlServer.
SqlServer and RMQ both sit outside my service mesh. Vault is registered in Consul (but I don’t think is Connect native?).
I have registered an agentless node and service for RMQ, and configured a terminating gateway for it, but I’m wondering if I should also be setting one up for SqlServer and Vault too?
Should I be using a terminating gateway for everything that my app wants to reach out to (overhead of managing the terminating gateways and consul registration of these external services)?
Or should I just connect from the service directly to the targets (overhead of managing and trusting their CA).
Thanks for your input