You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

API


1) Inbound Intent




POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/

"metadata": {
    "name": "<>" // unique name for each intent
    "description": "connectivity intent for inbound communication"
    "userdata1": <>,
    "userdata2": <>
    }
 
    "spec": { // update the memory allocation for each field as per OpenAPI standards
    	"application": "<app1>",
    	"servicename": "httpbin" //actual name of the client service - {istioobject - serviceEntry of client's cluster}
        "externalName": "httpbin.k8s.com" // Can be IP address also
        "port" : "80", // port on which service is exposed 
		"protocol": "HTTP",
        "headless": "false", // default is false. Option "True" will make sure all the instances of the headless service will have access to the client service
        "serviceMesh": "istio", // SIMPLE - No Istio
    	"sidecar-proxy": "yes", 
    	// Traffic management fields below are valid only if the sidecar-proxy is set to "yes"
    	"traffic-management-info" : {
    		// LaodBalancing
    		"loadbalancingType": "ConsistenHash", // "Simple" and "consistentHash" 
    		"loadBalancerMode": "httpCookie"      // Modes for consistentHash - "httpHeaderName", "httpCookie", "useSourceIP", "minimumRingSize", Modes for simple - "LEAST_CONN", "ROUND_ROBIN",    "RANDOM", "PASSTHROUGH" 
    		"httpCookie": "user1" // Name of the cookie to maitain sticky sessions 
 
	    	// Circuit Breaking
    		"maxConnections": 10 //connection pool for tcp and http traffic
    		"concurrenthttp2Requests": 1000 // concurent http2 requests which can be allowed 
    		"httpRequestPerConnection": 100 // number of http requests per connection. Valid only for http traffic 
    		"consecutiveErrors": 8 // Default is 5.  Number of consecutive error before the host is removed 
    		"baseEjectionTime" : 15 // Default is 5
    		"intervalSweep": 5m, //time limit before the removed hosts are added back to the load balancing pool.
    	}

	 "mutualTLS": "MUTUAL", // default is simple. Option MUTUAL will enforce mtls 
     // credentials for mTLS.
     "cert-info": {
	    "Servicecertificate" : "" // Present actual certificate here.
    	"ServicePrivateKey" : "" // Present actual private key here.
    	"caCertificate" : "" // present the trusted certificate to verify the client connection, Required only when mtls mode is MUTUAL
	 }
	 "egressgateway": "true" ,  // Optional, default = false, All the outbound traffic from this service will flow through a dedicated egress gateway
	 // Authentication fields
     "externalAuthenticationissuer": "https://accounts.google.com",
     "externalAuthenticationjwksURI" : "https://www.googleapis.com/oauth2/v3/certs",
 }


Client 


POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/<intent-name>/clients
POST BODY:
{
	"metadata": {
    	"name": "<>" // unique name for each intent
    	"description": "connectivity intent for inbound communication"
    	"userdata1": <>,
    	"userdata2": <>
    }
  "spec" : {
    "application": "<app2>",
    "deployment": "sleep",
    "accessPoints": [{"url": "/health","access": ["GET", "POST"]}, {"url": "/status","access": ["GET"]}]  // For Authorization Policy // Separate resource
	"namespaces": [] // Workloads from this namespaces can access the inbound service 
  }
    
}



2) Outbound Intent


POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/outbound-intent/
POST BODY:
{
	"name": "<name>",
	"description": "<description>",
    "application": "<app1>",
    "service": "httpbin",
    "protocol": "HTTP",
    "mutualTLS": "MUTUAL", // Support 2 modes. SIMPLE, MUTUAL with external client. For inter and intra cluster, mtls is enabled by default
    "port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on
    // mTLS fields
     "egressgateway": "true" ,  // Optional, default = false, All the outbound traffic from this service will flow through a dedicated egress gateway
    "servicecertificate" : {serverCertificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL"
    "servicePrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL"
   
}


POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/onbound-intent/<intent-name>/servers
POST BODY:
{
	"name": "<name>",
	"description": "<description>"
    "externalServiceName": "cnn.edition.com" // Only the FQDN of the service name is required
    "externalCaCertificate" : "<whole certificate>" // Present the actual client certificate
    
}






  • No labels