...
| Code Block |
|---|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-groupintent-intentset
POST BODY:
{
"name": "john",
"description": "Traffic intent groups"
"set":[
{
"clustertoclusterservice":"abc"
},
{
"inbound":"abc"
},
{
"outbound":"abc"
},
{
"dnsproviders":"abc"
}
]
} |
...
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | POST |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-groupintent-intentset/uservice-to-uservice-intent/
POST BODY:
{
"name": "servicehttpbin" //unique name for each intent
"description": "connectivity intent for microservice replication across multiple locations and clusters"
"inboundservicename": "httpbin01" //actual name of the client service
"protocol": "HTTP",
"headless": "false", // default is false. Option "True" will make sure all the instances of the headless service will have access to the client service
"mutualTLS": "MUTUAL", // Support 2 modes. SIMPLE, MUTUAL with external client. For inter and intra cluster, mtls is enabled by default
"port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on
"serviceMesh": "istio", // get it from cluster record
// Traffic configuration
"loadbalancingType": "ConsistenHash", // "Simple" and "consistentHash" are the two modes
"loadBalancerMode": "httpCookie" // Modes for consistentHash - "httpHeaderName", "httpCookie", "useSourceIP", "minimumRingSize", Modes for simple - "LEAST_CONN", "ROUND_ROBIN", "RANDOM", "PASSTHROUGH"
"httpHeader": x-user // Input for the hash when in "consistentHash" LB type and mode as "httpHeader"
"httpCookie": user // Input for Hash in "ConsistenHash" LB and mode as "httpCookie" . Name of the cookie to maitain stick sessions.
"maxConnections": 10 //connection pool for tcp and http traffic
"timeOut" : 5 // in Seconds. Connection timeout for tcp and idleTimeout for http
// credentials for mTLS
"Servicecertificate" : {serverCertificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL"
"ServicePrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL"
"caCertificate": {caCertificate.pem} // file should contain the public certificates for all root CAs that is trusted to authenticate your clients // not required for cluster level communication
}
RETURN STATUS: 201
RETURN BODY:
{
"name": "servicehttpbin"
"Message": "Inbound service created"
} |
...
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | GET |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent=set/uservice-to-uservice-intent/servicehttpbin
RETURN STATUS: 201
RETURN BODY:
{
"name": "servicehttpbin" //unique name for each intent
"description": "connectivity intent for microservice replication across multiple locations and clusters"
"inboundservicename": "httpbin01" //actual name of the client service
"protocol": "HTTP",
"headless": "false", // default is false. Option "True" will make sure all the instances of the headless service will have access to the client service
"mutualTLS": "MUTUAL", // Support 2 modes. SIMPLE, MUTUAL with external client. For inter and intra cluster, mtls is enabled by default
"port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on
"serviceMesh": "istio", // get it from cluster record
// Traffic configuration
"loadbalancingType": "ConsistenHash", // "Simple" and "consistentHash" are the two modes
"loadBalancerMode": "httpCookie" // Modes for consistentHash - "httpHeaderName", "httpCookie", "useSourceIP", "minimumRingSize", Modes for simple - "LEAST_CONN", "ROUND_ROBIN", "RANDOM", "PASSTHROUGH"
"httpHeader": x-user // Input for the hash when in "consistentHash" LB type and mode as "httpHeader"
"httpCookie": user // Input for Hash in "ConsistenHash" LB and mode as "httpCookie" . Name of the cookie to maitain stick sessions.
"maxConnections": 10 //connection pool for tcp and http traffic
"timeOut" : 5 // in Seconds. Connection timeout for tcp and idleTimeout for http
// credentials for mTLS
"Servicecertificate" : {serverCertificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL"
"ServicePrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL"
"caCertificate": {caCertificate.pem} // file should contain the public certificates for all root CAs that is trusted to authenticate your clients // not required for cluster level communication
}
|
...
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | GET |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/clients/sleep01/security/traffic-intent
{
"externalAuthenticationissuer": "https://accounts.google.com",
"externalAuthenticationjwksURI" : "https://www.googleapis.com/oauth2/v3/certs",
"userAccess": [{userName: "Todd", accessList:Action:["/health_check": GET, "/status/: GET, "/upload": POST]}, {userName: "Thor", accessList:["/health_check": GET, "/status/: GET, "/upload": POST]} ] // These are the user in k8s
}
RETURN STATUS: 204
|
Traffic Resource??
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | GET |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/uservice-to-uservice-intent/clients/sleep01/traffic/traffic-intent
{
}
RETURN STATUS: 204
|
...
NOTE - Call this API only if the services are running in the same cluster, The default authorization policy must have with "deny-all" under spec as we need to disable all the communication between microservices during istio installation implement this API
2.
...
External service to access Inbound service - Inbound access
NOTE - These are the services whose nature is not known. These services are assumed to have FQDN as a point of connectivity
POST
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | POST |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/externalserviceinbound-intent/clients
POST BODY:
{
"name": "johndoe"<name> //unique name for each intent
"description": "connectivity<description> intent
for microservice replication across multiple locations and clusters"
"inboundservicename": "mysql" //actual name of the client service
"description": "bookinfo app",
"protocol": "HTTP",
"externalName": "", // Optional, default = "", Not required for Outbound access since the communication will be initialted from inboundservice
"headless": "false", // default is false. Option "True" will make sure all the instances of the headless service will have access to the client service
"mutualTLS": "true", // Setting this to true will create a dedicated egrees gateway for the service "httpbin01" on whichever cluster it is running on
"port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on
"serviceMesh": "istio", // get it from cluster record
"loadbalancing": "true", // optional
"inboundServicecertificate" : {serverCertificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL"
"inboundServicePrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL"
"externalAuthenticationissuer": "https://accounts.google.com",
"externalAuthenticationjwksURI" : "https://www.googleapis.com/oauth2/v3/certs",
"externalService": {
}
RETURN STATUS: 201
RETURN BODY:
{
"Message": "outbound coonectivity intent creation success "
"description": "Connectivity intent for inbound service to connect to external services"
} |
POST - External service to access inbound service
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | POST |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/<intent-name>/clients
POST BODY:
{
"name": <name> //unique name for each intent
"description": <description>
"externalServiceName": {cnn.edition.com} // Only the FQDN of the service name is required
"externalCaCertificate" : {clientCaCert.pem} // Present the actual client certificate
}
RETURN STATUS: 201
RETURN BODY:
{
"Message": "Success "
"description": "External service given access to inbound service"
} |
Security
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | GET |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/<intent-name>/clients/client01/security
{
"name": <name> //unique name for each intent
"description": <description>
"externalAuthenticationissuer": "https://accounts.google.com",
"externalAuthenticationjwksURI" : "https://www.googleapis.com/oauth2/v3/certs",
"userAccess": [{userName: "Todd", accessList:Action:["/health_check": GET, "/status/: GET, "/upload": POST]}, {userName: "Thor", accessList:["/health_check": GET, "/status/: GET, "/upload": POST]} ] // These are the external users
}
RETURN STATUS: 204
|
3. Outbound access
POST -
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | POST |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/outbound-intent/<intent-name>/clients/
POST BODY:
{
"name": "<name>" //unique name for each intent
"description": <description>
"inboundservicename": "httpbin01" //actual name of the client service
"protocol": "HTTP",
"headless": "false", // default is false. Option "True" will make sure all the instances of the headless service will have access to the client service
"mutualTLS": "MUTUAL", // Support 2 modes. SIMPLE, MUTUAL with external client. For inter and intra cluster, mtls is enabled by default
"port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on
"serviceMesh": "istio", // get it from cluster record
// Traffic configuration
"loadbalancingType": "ConsistenHash", // "Simple" and "consistentHash" are the two modes
"loadBalancerMode": "httpCookie" // Modes for consistentHash - "httpHeaderName", "httpCookie", "useSourceIP", "minimumRingSize", Modes for simple - "LEAST_CONN", "ROUND_ROBIN", "RANDOM", "PASSTHROUGH"
"httpHeader": x-user // Input for the hash when in "consistentHash" LB type and mode as "httpHeader"
"httpCookie": user // Input for Hash in "ConsistenHash" LB and mode as "httpCookie" . Name of the cookie to maitain stick sessions.
"maxConnections": 10 //connection pool for tcp and http traffic
"timeOut" : 5 // in Seconds. Connection timeout for tcp and idleTimeout for http
// credentials for mTLS
"Servicecertificate" : {serverCertificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL"
"ServicePrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL"
"caCertificate": {caCertificate.pem} // file should contain the public certificates for all root CAs that is trusted to authenticate your clients // not required for cluster level communication
}
RETURN STATUS: 201
RETURN BODY:
{
"name": "servicehttpbin"
"Message": "Inbound service created"
} |
POST - Provide access to an external service from inbound service
| Code Block |
|---|
| language | js |
|---|
| theme | Midnight |
|---|
| title | POST |
|---|
| linenumbers | true |
|---|
|
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/inbound-intent/
POST BODY:
{
"externalServiceName": {cnn.edition.com} // Only the FQDN of the service name is required
"externalCaCertificate" : {clientCaCert.pem} // Present the actual client certificate
}
}
RETURN STATUS: 201
RETURN BODY:
{
"Message": "outbound coonectivity intent creation success Success "
"description": "Connectivity intent for inboundExternal service togiven connectaccess to externalinbound servicesservice"
} |
| Keywords | Supported fields | Description |
|---|
| {connectivity-type} | intercluster/intracluster | types in API for {connectivity-type} |
| {connectivity-sub-type} | intermicroservice/internalapplication/externalmicroservice | sub-types in API for {connectivity-sub-type}
|
| name | name of the microservice/application depending on the context |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
...