You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Inbound Intents



Inbound
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/

   "metadata": {
    "name": "<>" // unique name for each intent
    "description": "connectivity intent for inbound communication"
    "userdata1": <>,
    "userdata2": <>
    }
 
    "spec": { 
    	"application": "<app1>",
    	"servicename": "httpbin" //actual name of the client service 
        "externalName": "httpbin.k8s.com" // Can be IP address also
        "port" : "80", // port on which service is exposed 
        "serviceMesh": "istio", // SIMPLE - No Istio
    	"istio" : {
			"sidecar-proxy": "yes", 
 			"mutualTLS": "MUTUAL", // default is simple. Option MUTUAL will enforce mtls 
			// Traffic management fields below are valid only if the sidecar-proxy is set to "yes"
			"loadbalancing" : {
    			// LaodBalancing
    			"loadbalancingType": "ConsistentHash", // "Simple" and "consistentHash" 
    			"loadBalancerMode": "httpCookie"      // Modes for consistentHash - "httpHeaderName", "httpCookie", "useSourceIP", "minimumRingSize", Modes for simple - "LEAST_CONN", "ROUND_ROBIN",    "RANDOM", "PASSTHROUGH" 
    			"httpCookie": "user1" // Name of the cookie to maintain sticky sessions 
			},
	    	"circuitBreaking": {
	    		"maxConnections": 10 //connection pool for tcp and http traffic
    			"concurrenthttp2Requests": 1000 // concurent http2 requests which can be allowed 
    			"httpRequestPerConnection": 100 // number of http requests per connection. Valid only for http traffic 
    			"consecutiveErrors": 8 // Default is 5.  Number of consecutive error before the host is removed 
    			"baseEjectionTime" : 15 // Default is 5
    			"intervalSweep": 5m, //time limit before the removed hosts are added back to the load balancing pool.
			}
    	},
	 "external-support": "true"
	 "external": {
     	"cert-info": {
	    	"servicecertificate" : "" // Present actual certificate here.
    		"servicePrivateKey" : "" // Present actual private key here.
    		"caCertificate" : "" // present the trusted certificate to verify the client connection
	 	},
	 	"auth-info": {
	 		// Authentication fields
     		"externalAuthenticationissuer": "https://accounts.google.com",
     		"externalAuthenticationjwksURI" : "https://www.googleapis.com/oauth2/v3/certs",
		}
	}
	"protocol": "HTTP",  // Support for other protocols
    "headless": "false", // default is false. Option "True" will make sure all the instances of the headless service will have access to the client service
 }


Client 

POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/<intent-name>/clients
POST BODY:
{
	"metadata": {
    	"name": <> // unique name for each intent
    	"description": <>
    	"userdata1": <>,
    	"userdata2": <>
    }
  "spec" : {
    "application": "<app2>",
    "deployment": "sleep",
	"namespaces": [] // Workloads from this namespaces can access the inbound service 
  }
    
}
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/<intent-name>/clients/<client-name>/access-points
POST BODY:
{
	"metadata": {
    	"name": "<>" // unique name for each intent
    	"description": <>
    	"userdata1": <>,
    	"userdata2": <>
    },
  "spec" : {
        "url": "/status",
		"access": ["GET"]
  }
    
}

Outbound Intent


POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/outbound-intent/
POST BODY:
{
	"name": "<name>",
	"description": "<description>",
    "application": "<app1>",
    "microservice": "httpbin",
    "egressgateway": "true" ,  // Optional, default = false, All the outbound traffic from this service will flow through a dedicated egress gateway
 
}


POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/onbound-intent/<intent-name>/servers
POST BODY:
{
	"name": "<name>",
	"description": "<description>"
    "externalServiceName": "cnn.edition.com" // Only the FQDN of the service name is required
	"port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on
    "externalCaCertificate" : "<whole certificate>" // Present the actual client certificate
	"clientcertificate" : {serverCertificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL"
    "clientPrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL"
	"protocol": "HTTP",
    "mutualTLS": "MUTUAL", // Support 2 modes. SIMPLE, MUTUAL with external client. For inter and intra cluster, mtls is enabled by default
    // FW/SNAT
    
}








  • No labels