API
1) uService-uService Intent
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/ POST BODY: { "name": "<name>", "description": "<description>", "application": "<app1>", "service": "httpbin", "protocol": "HTTP", "mutualTLS": "MUTUAL", // Support 2 modes. SIMPLE, MUTUAL with external client. For inter and intra cluster, mtls is enabled by default "port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on "accessPoints": ["/health", "/status"] // For Authorization Policy }
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/<intent-name>/clients POST BODY: { "name": "<name>", "description": "<description>" "application": "<app2>", "deployment": "sleep" }
2) Inbound Intent
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/ POST BODY: { "name": "<name>", "description": "<description>", "application": "<app1>", "service": "httpbin", "protocol": "HTTP", "mutualTLS": "MUTUAL", // Support 2 modes. SIMPLE, MUTUAL with external client. For inter and intra cluster, mtls is enabled by default "port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on "accessPoints": ["/health", "/status"], // For Authorization Policy // mTLS fields "egressgateway": "true" , // Optional, default = false, All the outbound traffic from this service will flow through a dedicated egress gateway "servicecertificate" : {serverCertificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL" "servicePrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL" // Authentication fields "externalAuthenticationissuer": "https://accounts.google.com", "externalAuthenticationjwksURI" : "https://www.googleapis.com/oauth2/v3/certs", }
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/<intent-name>/clients POST BODY: { "name": "<name>", "description": "<description>" "externalServiceName": "cnn.edition.com" // Only the FQDN of the service name is required "externalCaCertificate" : "<whole certificate>" // Present the actual client certificate //TODO - ADD USER INFORMATION?? //TODO - Add URL Access per User }
3) Outbound Intent
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/outbound-intent/ POST BODY: { "name": "<name>", "description": "<description>", "application": "<app1>", "service": "httpbin", "protocol": "HTTP", "mutualTLS": "MUTUAL", // Support 2 modes. SIMPLE, MUTUAL with external client. For inter and intra cluster, mtls is enabled by default "port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on // mTLS fields "egressgateway": "true" , // Optional, default = false, All the outbound traffic from this service will flow through a dedicated egress gateway "servicecertificate" : {serverCertificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL" "servicePrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL" }
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/<intent-name>/servers POST BODY: { "name": "<name>", "description": "<description>" "externalServiceName": "cnn.edition.com" // Only the FQDN of the service name is required "externalCaCertificate" : "<whole certificate>" // Present the actual client certificate }