Page Comparison

URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-intent-set/{set-name}/us-to-us-intents/

POST BODY:
{
	"metadata": {
	"name": "servicehttpbin<name>" // unique name for each intent
    "description": "connectivity intent for stateless micro-service to stateless micro-service communication"
	"userdata1": <>,
	"userdata2": <>
	}

	"spec": { // update the memory allocation for each field as per OpenAPI standards
	"application": "<app1>",
	"servicename": "httpbin01<name>" //actual name of the client service
	"protocol": "<>"HTTP",
, // HTTP, HTTPS, TCP and UDP 
	"headless": "false", // default is false. Option "True" will make sure all the instances of
the headless service will have access to the client service
	"mutualTLS": "MUTUAL<>", // Support 23 modes. SIMPLE, MUTUAL with external client. For inter and intra clusterISTIO_MUTUAL, mtlsMUTUAL is enabled by default(caCertificate required)
	"port" : "80<Port_Number>", // port on which service is exposed as through servicemesh, not the port it is actually running on
	"serviceMesh": "istio", // get it from cluster record. 
	// Traffic configurationCurrently only istio is supported
	"loadbalancingTypeistio-proxy": "ConsistenHash<value>", // "Simple"The and "consistentHash" are the two modes
	"loadBalancerMode": "httpCookie" // Modes for consistentHash - "httpHeaderName", "httpCookie", "useSourceIP", "minimumRingSize", Modes for simple - "LEAST_CONN", "ROUND_ROBIN", "RANDOM", "PASSTHROUGH" // choices of the mode must be explicit
	"httpHeader": john-user // Input for the hash when in "consistentHash" LB type and mode as "httpHeader"
	"httpCookie": user // Input for Hash in "ConsistenHash" LB and mode as "httpCookie" .features (mTLS, LB, Circuit breaking) are not avaialble to services without istio-proxy. Only inbound routing is possible.

	// Traffic configuration - Loadbalancing is applicable per service. The traffic to this service is distrbuted amongst the pods under it.
	"loadbalancingType": "<type>", // "Simple" and "consistentHash" are the two modes
	"loadBalancerMode": "<mode>" // Modes for consistentHash - "httpHeaderName", "httpCookie", "useSourceIP", "minimumRingSize", Modes for simple - "LEAST_CONN", "ROUND_ROBIN", "RANDOM", "PASSTHROUGH" 						
	"httpCookie": "<CookieName>" // Name of the cookie to maitain sticksticky sessions.

	// Circuit Breaking 
	"maxConnections": 10"" //connection pool for tcp and http traffic
	"timeOutconcurrenthttp2Requests" : 5"" // inconcurent Seconds.http2 Connectionrequests timeoutwhich forcan tcpbe andallowed idleTimeout(only for httpHTTP/S traffic)
	"httpRequestPerConnection": "" // credentialsnumber of http requests per connection. Valid only for http mTLStraffic
	"ServicecertificateconsecutiveErrors" : {serverCertificate.pem}"" // PresentDefault actualis certificate here5. Optional, default "", required only if mTLS is set to "MUTUAL"
	"ServicePrivateKey" : {serverPrivateKey.pem}Number of consecutive error before the host is removed from load balancing pool
	"baseEjectionTime" : "" // PresentDefault actualis private5, keytime here.for Requiredwhich onlythe ifhost mTLSwill isbe "MUTUAL"
	"caCertificate": {caCertificate.pem} // file should contain the public certificates for all root CAs that is trusted to authenticate your clients // not required for cluster level communication 
	
	}
}

RETURN STATUS: 201
RETURN BODY: 
{ 
  "name": "servicehttpbin"
  "Message": "Inbound service created"
}

removed from load balancing pool when it returns error for no of times more than "consecutiveErrors" limit
	"intervalSweep": "", //time limit before the removed hosts are added back to the load balancing pool.
	"connectTimeout": "" // only for TCP traffic
    

	// credentials for mTLS.
	"Servicecertificate" : "" // Present actual certificate here.
	"ServicePrivateKey" : "" // Present actual private key here.
	"caCertificate" : "" // present the trusted certificate to verify the client connection, Required only when mtls mode is MUTUAL

	// Access Control
	namespaces: [] // Workloads from this namespaces can access the inbound service
	serviceAccountAccess : {[ "<saName>": ["ACTION": "URI"], // for http
                              "<saName>" : ["PORT": "27017"]} / for tcp
	
	}
}

RETURN STATUS: 201
RETURN BODY: 
{ 
  "name": "<>"
  "Message": "inbound service created"
}

URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-intent-set/{set-name}/us-to-us-intentsintent/{intent-name}/clients/sleep01

RETURN STATUS: 204

POST BODY:

{
		"clientServiceName": "<name>", // Actual name of the client service.
}		

RETURN STATUS: 201
RETURN BODY:
{ 
  "name": "<name>"
  "Message": "Client created"
}

URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-intent-set/{set-name}/us-to-us-intents/{intent-name}/clients/sleep01/security/security-intent

{
	
	"userAccess": [{userName: "Todd", accessList:Action:["/health_check": GET, "/status/: GET, "/upload": POST]}, {userName: "Thor", accessList:["/health_check": GET, "/status/: GET, "/upload": POST]} ] // These are the user in k8s
}
/clients/sleep01
RETURN STATUS: 201
RETURN BODY:

	"clientService": {
		"clientServiceName": "<>", // if any then allow all the external applications to connect, check for serviceaccount level access
		"protocol": "<>" // Same as that of inbound service
		
	 }