API
1) uService-uService Intent
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/
POST BODY:
{
"name": "<name>",
"description": "<description>",
"application": "<app1>",
"service": "httpbin",
"protocol": "HTTP",
"mutualTLS": "MUTUAL", // Support 2 modes. SIMPLE, MUTUAL with external client. For inter and intra cluster, mtls is enabled by default
"port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on
"accessPoints": ["/health", "/status"] // For Authorization Policy
}
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/<intent-name>/clients
POST BODY:
{
"name": "<name>",
"description": "<description>"
"application": "<app2>",
"deployment": "sleep"
}
2) Inbound Intent
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/
POST BODY:
{
"name": "<name>",
"description": "<description>",
"application": "<app1>",
"service": "httpbin",
"protocol": "HTTP",
"mutualTLS": "MUTUAL", // Support 2 modes. SIMPLE, MUTUAL with external client. For inter and intra cluster, mtls is enabled by default
"port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on
"accessPoints": ["/health", "/status"], // For Authorization Policy
// mTLS fields
"egressgateway": "true" , // Optional, default = false, All the outbound traffic from this service will flow through a dedicated egress gateway
"servicecertificate" : {serverCertificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL"
"servicePrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL"
// Authentication fields
"externalAuthenticationissuer": "https://accounts.google.com",
"externalAuthenticationjwksURI" : "https://www.googleapis.com/oauth2/v3/certs",
}
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/<intent-name>/clients
POST BODY:
{
"name": "<name>",
"description": "<description>"
"externalServiceName": "cnn.edition.com" // Only the FQDN of the service name is required
"externalCaCertificate" : "<whole certificate>" // Present the actual client certificate
//TODO - ADD USER INFORMATION??
//TODO - Add URL Access per User
}
3) Outbound Intent
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/outbound-intent/
POST BODY:
{
"name": "<name>",
"description": "<description>",
"application": "<app1>",
"service": "httpbin",
"protocol": "HTTP",
"mutualTLS": "MUTUAL", // Support 2 modes. SIMPLE, MUTUAL with external client. For inter and intra cluster, mtls is enabled by default
"port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on
// mTLS fields
"egressgateway": "true" , // Optional, default = false, All the outbound traffic from this service will flow through a dedicated egress gateway
"servicecertificate" : {serverCertificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL"
"servicePrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL"
}
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/<intent-name>/servers
POST BODY:
{
"name": "<name>",
"description": "<description>"
"externalServiceName": "cnn.edition.com" // Only the FQDN of the service name is required
"externalCaCertificate" : "<whole certificate>" // Present the actual client certificate
}