Light Dark Auto

Configure Application Edge Node for Mesh

Greymatter Version

  • v1.8.0

An application edge node is an instance of the greymatter data-plane proxy. Its role is to direct external traffic inside the mesh specific to your tenant project. We follow this pattern to treat mesh segmentation with highest priority.

Dashboard Metadata

For application edge nodes we typically use the fully qualified domain name (FQDN) for the API endpoints. For non-application edge nodes, these are typically relative paths from the greymatter core edge. This can be configured at the top level of the edge object like so:

Edge: gsl.#Service & {
	// A context provides global information from globals.cue
	// to your service definitions.
	context: Edge.#NewContext & globals

	name:              "edge-$PROJECT_NAME"
	display_name:      "Edge $PROJECT_NAME"
	version:           "v1.7.4"
	description:       "EDIT ME: Edge ingress for $PROJECT_NAME"
	api_endpoint:              "http://\(context.globals.edge_host)/services/$PROJECT_NAME/\(name)/"
	api_spec_endpoint:         "http://\(context.globals.edge_host)/services/$PROJECT_NAME/\(name)/"
	business_impact:           "high"


Note because many services require an api_endpoint and api_spec_endpoint, we configure the edge_host in the greymatter/globals.cue file like so:

globals: gsl.#DefaultContext & {
	edge_host:        ""

UI Configuration

Application edge nodes require at least one route and upstream registered for service-discovery to function correctly. It is common practice to define a route at the "/" path which directs traffic to the UI application of your project stack. This should be done in edge-$PROJECT_NAME ingress listener.

ingress: {
	// Edge -> HTTP ingress to your container
	"edge-$PROJECT_NAME": {
		port: 10809
		routes: "/": {
			upstreams: {
				"local": {
					instances: [
						{ host: "", port: 443 }, // host/port of your UI pod

Edge To Service Registration

If you’ve looked inside your <service.cue> file previously during the Add Service tutorial, you probably noticed the edge block found towards the bottom of the file.

We call this the Application Edge Node Registration Block. This configuration stanza serves as the glue between your projects dedicated edge node, and the data-plane instances paired with your custom services. You’ll want to note the path can be changed and TLS is pre-configured (meaning traffic is secured between edge -> service).

// route to service <app edge>/service

// Edge config for the Kiwi service.
// These configs are REQUIRED for your service to be accessible
// outside your cluster/mesh.
edge: {
	edge_name: "edge-$PROJECT_NAME"
	edge_ingress: "edge-$PROJECT_NAME"
	routes: "/services/$PROJECT_NAME/kiwi": upstreams: "\(name)": {

This configuration block denotes that when a request is made to the application edge node at the URI path of /services/$PROJECT_NAME/kiwi, traffic will be routed to the kiwi data-plane proxy.