...
Code Block | ||
---|---|---|
| ||
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{composite-app-version}/deployment-intent-groups/{deployment-intent-group-name}/traffic-group-intent/{traffic-group-intent-name}/inbound-intents/
"metadata": {
"name": "<>" // unique name for each intent
"description": "connectivity intent for inbound communication"
"userdata1": <>,
"userdata2": <>
}
"spec": {
"application": "<app1>",
"servicename": "httpbin" //actual name of the client service
"externalName": "httpbin.k8s.com" // Can be IP address also
"port" : "80", // port on which service is exposed
"protocol": "TCP" //protocol of the exposed service
"serviceMesh": "istio", // SIMPLE - No Istio
"istio" : {
"sidecar-proxy": "yes",
"mutualTLS": "MUTUAL", // default is simple. Option MUTUAL will enforce mtls
// Traffic management fields below are valid only if the sidecar-proxy is set to "yes"
"loadbalancing" : {
// LaodBalancing
"loadbalancingType": "ConsistentHash", // "Simple" and "consistentHash"
"loadBalancerMode": "httpCookie" // Modes for consistentHash - "httpHeaderName", "httpCookie", "useSourceIP", "minimumRingSize", Modes for simple - "LEAST_CONN", "ROUND_ROBIN", "RANDOM", "PASSTHROUGH"
"httpCookie": "user1" // Name of the cookie to maintain sticky sessions
},
"circuitBreaking": {
"maxConnections": 10 //connection pool for tcp and http traffic
"concurrenthttp2Requests": 1000 // concurent http2 requests which can be allowed
"httpRequestPerConnection": 100 // number of http requests per connection. Valid only for http traffic
"consecutiveErrors": 8 // Default is 5. Number of consecutive error before the host is removed
"baseEjectionTime" : 15 // Default is 5
"intervalSweep": 5m, //time limit before the removed hosts are added back to the load balancing pool.
}
},
"external-support": "true"
"external": {
"cert-info": {
"servicecertificate" : "" // Present actual certificate here.
"servicePrivateKey" : "" // Present actual private key here.
"caCertificate" : "" // present the trusted certificate to verify the client connection
},
"auth-info": {
// Authentication fields
"externalAuthenticationissuer": "https://accounts.google.com",
"externalAuthenticationjwksURI" : "https://www.googleapis.com/oauth2/v3/certs",
}
}
"protocol": "HTTP", // Support for other protocols
"headless": "false", // default is false. Option "True" will make sure all the instances of the headless service will have access to the client service
// TODO: Add any FW/SNAT/LB specific fields
}
|
...