...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{composite-app-version}/deployment-intent-groups/{deployment-intent-group-name}/traffic-group-intentsintent POST BODY: { "metadata": { "name": "<name>", //unique for each traffic group "description": "<description>", "userData1": "<user data>", "userData2": "<user data>" } } |
...
Code Block | ||
---|---|---|
| ||
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{composite-app-version}/deployment-intent-groups/{deployment-intent-group-name}/traffic-group-intentsintent/{traffic-group-intent-intentsname}/inbound-intents/ "metadata": { "name": "<>" // unique name for each intent "description": "connectivity intent for inbound communication" "userdata1": <>, "userdata2": <> } "spec": { "application": "<app1>", "servicename": "httpbin" //actual name of the client service "externalName": "httpbin.k8s.com" // Can be IP address also "port" : "80", // port on which service is exposed "serviceMesh": "istio", // SIMPLE - No Istio "istio" : { "sidecar-proxy": "yes", "mutualTLS": "MUTUAL", // default is simple. Option MUTUAL will enforce mtls // Traffic management fields below are valid only if the sidecar-proxy is set to "yes" "loadbalancing" : { // LaodBalancing "loadbalancingType": "ConsistentHash", // "Simple" and "consistentHash" "loadBalancerMode": "httpCookie" // Modes for consistentHash - "httpHeaderName", "httpCookie", "useSourceIP", "minimumRingSize", Modes for simple - "LEAST_CONN", "ROUND_ROBIN", "RANDOM", "PASSTHROUGH" "httpCookie": "user1" // Name of the cookie to maintain sticky sessions }, "circuitBreaking": { "maxConnections": 10 //connection pool for tcp and http traffic "concurrenthttp2Requests": 1000 // concurent http2 requests which can be allowed "httpRequestPerConnection": 100 // number of http requests per connection. Valid only for http traffic "consecutiveErrors": 8 // Default is 5. Number of consecutive error before the host is removed "baseEjectionTime" : 15 // Default is 5 "intervalSweep": 5m, //time limit before the removed hosts are added back to the load balancing pool. } }, "external-support": "true" "external": { "cert-info": { "servicecertificate" : "" // Present actual certificate here. "servicePrivateKey" : "" // Present actual private key here. "caCertificate" : "" // present the trusted certificate to verify the client connection }, "auth-info": { // Authentication fields "externalAuthenticationissuer": "https://accounts.google.com", "externalAuthenticationjwksURI" : "https://www.googleapis.com/oauth2/v3/certs", } } "protocol": "HTTP", // Support for other protocols "headless": "false", // default is false. Option "True" will make sure all the instances of the headless service will have access to the client service // TODO: Add any FW/SNAT/LB specific fields } |
...
Code Block | ||
---|---|---|
| ||
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{composite-app-version}/deployment-intent-groups/{deployment-intent-group-name}/traffic-group-intentsintent/{traffic-group-intent-intentsname}/inbound-intents/<intent-name>/clients POST BODY: { "metadata": { "name": <> "description": <> "userdata1": <>, "userdata2": <> } "spec" : { "application": "<app2>", "servicename": "sleep", "namespaces": [], // Workloads from this namespaces can access the inbound service "ipRange": [<cidr>, <cidr>] } //Client certificate? } |
...
Code Block | ||
---|---|---|
| ||
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{composite-app-version}/deployment-intent-groups/{deployment-intent-group-name}/traffic-group-intentsintent/{traffic-group-intent-intentsname}/inbound-intents/<intent-name>/clients/<client-name>/access-points POST BODY: { "metadata": { "name": "<>" "description": <> "userdata1": <>, "userdata2": <> }, "spec" : { "url": "/status", "access": ["GET"] } } |
...
Code Block | ||
---|---|---|
| ||
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{composite-app-version}/deployment-intent-groups/{deployment-intent-group-name}/traffic-group-intentsintent/{traffic-group-intent-intentsname}/outbound-intents/ POST BODY: { "metadata": { "name": "<>" // unique name for each intent "description": <> "userdata1": <>, "userdata2": <> }, "application": "<app1>", "microservice": "httpbin", "egressgateway": "true" , // Optional, default = false, All the outbound traffic from this service will flow through a dedicated egress gateway } |
...
Code Block | ||
---|---|---|
| ||
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{composite-app-version}/deployment-intent-groups/{deployment-intent-group-name}/traffic-group-intentsintent/{traffic-group-intent-intentsname}/outbound-intents/<intent-name>/server POST BODY: { "metadata": { "name": "<>" // unique name for each intent "description": <> "userdata1": <>, "userdata2": <> }, "externalServiceName": "cnn.edition.com" // Only the FQDN of the service name is required "port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on "externalCaCertificate" : "<whole certificate>" // Present the actual client certificate "clientcertificate" : {certificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL" "clientPrivateKey" : {privateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL" "protocol": "HTTP", "mutualTLS": "MUTUAL", // Support 2 modes. SIMPLE, MUTUAL with external client. For inter and intra cluster, mtls is enabled by default // TODO: Add any FW/SNAT/LB specific fields } |
...