...
| Types | Intent APIs | Functionality |
|---|
- intercluster communication
| /v2/project/{project-name}/rb/{rb-name}/{version}/intent/{intent-name}/connectivity/intercluster/ | communication between microservices deployed between two clusters |
| 2. external outbound service communication | /v2/project/{project-name}/rb/{rb-name}/{version}/intent/{intent-name}/connectivity/external/outbound/ | communication from microservice to external service |
| 3. intracluster communication | /v2/project/{project-name}/rb/{rb-name}/{version}/intent/{intent-name}/connectivity/intracluster/ | communication between microservices in the same cluster |
| 4. external inbound service communiation | /v2/project/{project-name}/rb/{rb-name}/{version}/intent/{intent-name}/connectivity/external/inbound/ | API for external service to access the microservices inside the mesh |
|
|
|
...
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | POST |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/
POST BODY:
{
"name": "servicehttpbin" //unique name for each intent
"description": "connectivity intent for microservice replication across multiple locations and clusters"
"inboundservicename": "httpbin01" //actual name of the client service
"descriptionprotocol": "bookinfo appHTTP",
"protocolheadless": "HTTPfalse", "externalName": "", // default Optional,is defaultfalse. =Option "True", This is will make sure all the prefixinstances usedof tothe exposeheadless thisservice servicewill outsidehave theaccess cluster,to notthe mandatoryclient forservice
"interclustermutualTLS": API"MUTUAL", But mandatory foe external inbound access
"headless": "false// Support 2 modes. SIMPLE, MUTUAL with external client. For inter and intra cluster, mtls is enabled by default
"port" : "80", // defaultport ison false.which Optionservice "True"is willexposed makeas surethrough all the instances of servicemesh, not the headlessport serviceit willis haveactually accessrunning to the client service
on
"mutualTLSserviceMesh": "MUTUAListio", // Supportget 2it modes.from SIMPLE,cluster MUTUALrecord
with // externalTraffic client. For inter and intra cluster, mtls is enabled by default
"port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on
"serviceMesh": "istio", // get it from cluster record
"loadbalancing": "true", // optional
"Servicecertificate" : {serverCertificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL"
"ServicePrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL"
"accessPoints": ["/health", "/status"] // APIs to be exposed from this inbound service
}
RETURN STATUS: 201
RETURN BODY:
{
"name": "servicehttpbin"
"Message": "Inbound service created"
} |
GET
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | GET |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/servicehttpbin
RETURN STATUS: 201
RETURN BODY:
{
"name": "servicehttpbin" //unique name for each intent
"description": "connectivity intent for microservice replication across multiple locations and clusters"
"inboundservicename": "httpbin" //actual name of the client service
"description": "bookinfo app",
"protocol": "HTTP",
"externalName": "", // Optional, default = "", This is the prefix used to expose this service outside the cluster, not mandatory for "intercluster" API, But mandatory for external inbound access
configuration
"loadbalancingType": "ConsistenHash", // "Simple" and "consistentHash" are the two modes
"loadBalancerMode": "httpCookie" // Modes for consistentHash - "httpHeaderName", "httpCookie", "useSourceIP", "minimumRingSize", Modes for simple - "LEAST_CONN", "ROUND_ROBIN", "RANDOM", "PASSTHROUGH"
"httpHeader": x-user // Input for the hash when in "consistentHash" LB type and mode as "httpHeader"
"httpCookie": user // Input for Hash in "ConsistenHash" LB and mode as "httpCookie" . Name of the cookie to maitain stick sessions.
"maxConnections": 10 //connection pool for tcp and http traffic
"timeOut" : 5 // in Seconds. Connection timeout for tcp and idleTimeout for http
// credentials for mTLS
"Servicecertificate" : {serverCertificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL"
"ServicePrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL"
"caCertificate": {caCertificate.pem} // file should contain the public certificates for all root CAs that is trusted to authenticate your clients // not required for cluster level communication
}
RETURN STATUS: 201
RETURN BODY:
{
"name": "servicehttpbin"
"Message": "Inbound service created"
} |
GET
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | GET |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/servicehttpbin
RETURN STATUS: 201
RETURN BODY:
{
"name": "servicehttpbin" //unique name for each intent
"description": "connectivity intent for microservice replication across multiple locations and clusters"
"inboundservicename": "httpbin01" //actual name of the client service
"protocol": "HTTP",
"headless": "false", // default is false. Option "True" will make sure all the instances of the headless service will have access to the client service
"mutualTLS": "MUTUAL", // Support 2 modes. SIMPLE, MUTUAL with external client,. forFor inter and intra cluster, mtls is enabled by default
"port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on
"serviceMesh": "istio", // get it from cluster record
// Traffic configuration
"loadbalancingloadbalancingType": "trueConsistenHash", // optional"Simple" and "consistentHash" are the two modes
"ServicecertificateloadBalancerMode" : {serverCertificate.pem}"httpCookie" // PresentModes actualfor certificateconsistentHash here. Optional, default- "httpHeaderName", "httpCookie", required only if mTLS is set to "MUTUAL"
"ServicePrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL"
"accessPoints": ["/health", "/status"] // APIs to be exposed from this inbound service
}
|
DELETE
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | DELETE |
|---|
| linenumbers | true |
|---|
|
DELETE
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/servicehttpbin
RETURN STATUS: 204
|
POST - with the client details
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | POST |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/clients
POST BODY:
"clientService": {
"clientServiceName": "sleep01", // Name of the client service.
"headless": "true", // default is false. Option "True" will generate the required configs for all the instances of headless service
"egressgateway": "true" , // Optional, default = false, All the outbound traffic from this service will flow through a dedicated egress gateway
}
RETURN STATUS: 201
RETURN BODY:
{
"name": "sleep01"
"Message": "Client created"
} |
GET - The Client resource
"useSourceIP", "minimumRingSize", Modes for simple - "LEAST_CONN", "ROUND_ROBIN", "RANDOM", "PASSTHROUGH"
"httpHeader": x-user // Input for the hash when in "consistentHash" LB type and mode as "httpHeader"
"httpCookie": user // Input for Hash in "ConsistenHash" LB and mode as "httpCookie" . Name of the cookie to maitain stick sessions.
"maxConnections": 10 //connection pool for tcp and http traffic
"timeOut" : 5 // in Seconds. Connection timeout for tcp and idleTimeout for http
// credentials for mTLS
"Servicecertificate" : {serverCertificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL"
"ServicePrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL"
"caCertificate": {caCertificate.pem} // file should contain the public certificates for all root CAs that is trusted to authenticate your clients // not required for cluster level communication
}
|
DELETE
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | DELETE |
|---|
| linenumbers | true |
|---|
|
DELETE
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/servicehttpbin
RETURN STATUS: 204
|
POST - with the client details
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | GETPOST |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/clients
RETURN STATUS: 201
RETURN POST BODY:
"clientService":
{
"clientServiceName": "sleep01", // if any then allow allName of the externalclient applications to connect, check for serviceaccount level access
service.
"headless": "true", // default is false. Option "True" will generate the required configs for all the instances of headless service
"egressgateway": "true" , // Optional, default = false, All the outbound traffic from this service will flow through a dedicated egress gateway
}
}"true" , // Optional, default = false, All the outbound traffic from this service will flow through a dedicated egress gateway
}
RETURN STATUS: 201
RETURN BODY:
{
"name": "sleep01"
"Message": "Client created"
} |
GET - The Client resource
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | GET |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/clients/sleep01
RETURN STATUS: 201
RETURN BODY:
"clientService": {
"clientServiceName": "sleep01", // if any then allow all the external applications to connect, check for serviceaccount level access
"headless": "true", // default is false. Option "True" will generate the required configs for all the instances of headless service
"egressgateway": "true" , // Optional, default = false, All the outbound traffic from this service will flow through a dedicated egress gateway
}
|
DELETE
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | GET |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/clients/sleep01
RETURN STATUS: 204
|
Security Resource
POST
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | GET |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/clients/sleep01/security/traffic-intent
{
"externalAuthenticationissuer": "https://accounts.google.com",
"externalAuthenticationjwksURI" : "https://www.googleapis.com/oauth2/v3/certs",
"userAccess": [{userName: "Todd", accessList:Action:["/health_check": GET, "/status/: GET, "/upload": POST]}, {userName: "Thor", accessList:["/health_check": GET, "/status/: GET, "/upload": POST]} ]
}
RETURN STATUS: 204
|
Traffic Resource
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | GET |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/clients/sleep01/traffic/traffic-intent
{
}
RETURN STATUS: 204
|
The above intent will generate the following configuration provided the service mesh is istio.
...
NOTE - Call this API only if the services are running in the same cluster, The default authorization policy must have with "deny-all" under spec as we need to disable all the communication between microservices during istio installation implement this API
2. microservice connectivity to an external service intent API -
...
Inbound access
NOTE - These are the services whose nature is not known. These services are assumed to have FQDN as a point of connectivity
...