...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-intent-set/{set-name}/inbound-intent/
POST BODY:
{
"name": <name> //unique name for each intent
"description": <description>
"inboundservicename": "mysql" //actual name of the client service
"description": "bookinfo app",
"protocol": "HTTP",
"externalName": "", // Optional, default = "", Not required for Outbound access since the communication will be initialted from inboundservice
"localDomain": "", // Optional, default = "", Update local network (cluster scope) DNS with records for '<externalName>.<localDomain>'
"publicDomain": "", // Optional, default = "", Update public network (logical cloud scope) DNS with records for '<externalName>.<publicDomain>'
"headless": "false", // default is false. Option "True" will make sure all the instances of the headless service will have access to the client service
"mutualTLS": "true", // Setting this to true will create a dedicated egrees gateway for the service "httpbin01" on whichever cluster it is running on
"port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on
"serviceMesh": "istio", // get it from cluster record
"loadbalancing": "true", // optional
}
RETURN STATUS: 201
RETURN BODY:
{
"Message": "outbound connectivity intent creation success "
"description": "Connectivity intent for inbound service to connect to external services"
} |
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-intent-set/{set-name}/inbound-intent/{intent-name}/clients/client01/security
{
"name": <name> //unique name for each intent
"description": <description>
"externalAuthenticationissuer": "https://accounts.google.com<>",
"externalAuthenticationjwksURI" : "https://www.googleapis.com/oauth2/v3/certs<>",
"userAccess": [{userName: "Todd<>", accessList:Action:["/health_check<URI>": GET"Action", "<URI>"/status/: GET, "/uploadAction":]} POST]}, {userName: "Thor", accessList:["/health_check": GET, "/status/: GET, "/upload": POST]} ] // These are the external users]// These are the external users and actions
}
RETURN STATUS: 204
|
3. Outbound access
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-intent-set/{set-name}/outbound-intent/{intent-name}/clients/
POST BODY:
{
"name": "<name>" //unique name for each intent
"description": <description>
"inboundservicename": "httpbin01<>" //actual name of the client service
"protocol": "HTTP<>",
"headless": "false", // default is false. Option "True" will make sure all the instances of the headless service will have access to the client service
"mutualTLS": "MUTUAL", // Support 2 modes. SIMPLE, MUTUAL with external client. For inter and intra cluster, mtls is enabled by default
"port" : "80", // port on which service is exposed as through servicemesh, not the port it is actually running on
"serviceMesh": "istio", // get it from cluster record
// Traffic configuration
"loadbalancingType": "ConsistenHash", // "Simple" and "consistentHash" are the two modes
"loadBalancerMode": "httpCookie" // Modes for consistentHash - "httpHeaderName", "httpCookie", "useSourceIP", "minimumRingSize", Modes for simple - "LEAST_CONN", "ROUND_ROBIN", "RANDOM", "PASSTHROUGH"
"httpHeader": x-user"" // Input for the hash when in "consistentHash" LB type and mode as "httpHeader"
"httpCookie": user"" // Input for Hash in "ConsistenHash" LB and mode as "httpCookie" . Name of the cookie to maitain stick sessions.
"maxConnections": 10"" //connection pool for tcp and http traffic
"timeOut" : 5"" // in Seconds. Connection timeout for tcp and idleTimeout for http
// credentials for mTLS
"Servicecertificate" : {serverCertificate.pem} // Present actual certificate here. Optional, default "", required only if mTLS is set to "MUTUAL"
"ServicePrivateKey" : {serverPrivateKey.pem} // Present actual private key here. Required only if mTLS is "MUTUAL"
"caCertificate": {caCertificate.pem} // file should contain the public certificates for all root CAs that is trusted to authenticate your clients // not required for cluster level communication
}
RETURN STATUS: 201
RETURN BODY:
{
"name": "servicehttpbin<name>"
"Message": "Inbound service created"
} |
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-intent-set/{set-name}/inbound-intent/
POST BODY:
{
"externalServiceName": {cnn.edition.com}"<name>" // Only the FQDN of the service name is required
}
RETURN STATUS: 201
RETURN BODY:
{
"Message": "Success "
"description": "External service given access to inbound service"
} |
...
types in API for {connectivity-type}
...
sub-types in API for {connectivity-sub-type}
...
Development
- go API library - https://github.com/gorilla/mux
- backend - mongo - https://github.com/onap/multicloud-k8s/tree/master/src/k8splugin/internal/db - Reference
- intent to config conversion - use go templates and admiral? https://github.com/istio-ecosystem/admiral
- writing the config to etcd - WIP
- Unit tests and Integration test - go tests
...