Inbound Intents
Inbound
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/ "metadata": { "name": "<>" // unique name for each intent "description": "connectivity intent for inbound communication" "userdata1": <>, "userdata2": <> } "spec": { "application": "<app1>", "servicename": "httpbin" //actual name of the client service "externalName": "httpbin.k8s.com" // Can be IP address also "port" : "80", // port on which service is exposed "serviceMesh": "istio", // SIMPLE - No Istio "istio" : { "sidecar-proxy": "yes", "mutualTLS": "MUTUAL", // default is simple. Option MUTUAL will enforce mtls // Traffic management fields below are valid only if the sidecar-proxy is set to "yes" "loadbalancing" : { // LaodBalancing "loadbalancingType": "ConsistentHash", // "Simple" and "consistentHash" "loadBalancerMode": "httpCookie" // Modes for consistentHash - "httpHeaderName", "httpCookie", "useSourceIP", "minimumRingSize", Modes for simple - "LEAST_CONN", "ROUND_ROBIN", "RANDOM", "PASSTHROUGH" "httpCookie": "user1" // Name of the cookie to maintain sticky sessions }, "circuitBreaking": { "maxConnections": 10 //connection pool for tcp and http traffic "concurrenthttp2Requests": 1000 // concurent http2 requests which can be allowed "httpRequestPerConnection": 100 // number of http requests per connection. Valid only for http traffic "consecutiveErrors": 8 // Default is 5. Number of consecutive error before the host is removed "baseEjectionTime" : 15 // Default is 5 "intervalSweep": 5m, //time limit before the removed hosts are added back to the load balancing pool. } }, "external-support": "true" "external": { "cert-info": { "servicecertificate" : "" // Present actual certificate here. "servicePrivateKey" : "" // Present actual private key here. "caCertificate" : "" // present the trusted certificate to verify the client connection }, "auth-info": { // Authentication fields "externalAuthenticationissuer": "https://accounts.google.com", "externalAuthenticationjwksURI" : "https://www.googleapis.com/oauth2/v3/certs", } } "protocol": "HTTP", // Support for other protocols "headless": "false", // default is false. Option "True" will make sure all the instances of the headless service will have access to the client service }
ClientÂ
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/<intent-name>/clients POST BODY: { "metadata": { "name": <> // unique name for each intent "description": <> "userdata1": <>, "userdata2": <> } "spec" : { "application": "<app2>", "deployment": "sleep", "namespaces": [] // Workloads from this namespaces can access the inbound service } }
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/<intent-name>/clients/<client-name>/access-points POST BODY: { "metadata": { "name": "<>" // unique name for each intent "description": <> "userdata1": <>, "userdata2": <> }, "spec" : { "url": "/status", "access": ["GET"] } }
Outbound Intent
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/outbound-intent/ POST BODY: { "name": "<name>", "description": "<description>", "application": "<app1>", "microservice": "httpbin", "egressgateway": "true" , // Optional, default = false, All the outbound traffic from this service will flow through a dedicated egress gateway }
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/onbound-intent/<intent-name>/servers POST BODY: { "name": "<name>", "description": "<description>" "externalServiceName": "cnn.edition.com" // Only the FQDN of the service name is required "port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on "externalCaCertificate" : "<whole certificate>" // Present the actual client certificate "clientcertificate" : {serverCertificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL" "clientPrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL" "protocol": "HTTP", "mutualTLS": "MUTUAL", // Support 2 modes. SIMPLE, MUTUAL with external client. For inter and intra cluster, mtls is enabled by default // FW/SNAT }