Versions Compared

Old Version 17

changes.mady.by.user Pramod Raghavendra Jayathirth (Deactivated)

Saved on

compared with

New Version 18

changes.mady.by.user Pramod Raghavendra Jayathirth (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Description: - Connect multiple microservices on multiple logical clouds deployed across multiple clusters

...

Important Info - cert-chain.pem is Envoy’s cert that needs to be presented to the other side. key.pem is Envoy’s private key paired with Envoy’s cert in cert-chain.pem. root-cert.pem is the root cert to verify the peer’s cert. In this example, we only have one Citadel in a cluster, so all Envoys have the same root-cert.pem.

Add Inbound service 01

POST - traffic intent for the inbound service (service hosted behind the cluster)

...

Code Block
languagejs
themeMidnight
titlePOST
linenumberstrue
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/outbound-intents/
POST BODY:
{
	"metadata": {
	"name": "<name>" // unique name for each intent
    "description": "connectivity intent add client communication"
	"application": "<app1>",
	"userdata1": <>,
	"userdata2": <>
	}

	spec: {
		"clientServiceName": "sleep", // Name of the client service
		"type": "istio", // options are istio, k8s and external
		"inboundServiceName": "httpbin"
		"headless": "false", // default is false. Option "True" will generate the required configs for all the instances of headless service
	}
}

RETURN STATUS: 201
RETURN BODY:
{ 
  "name": "<name>"
  "Message": "Client created"
}

...

Code Block
languagejs
themeMidnight
titlePOST
linenumberstrue
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/outbound-intents/httpbin/
POST BODY:
{
	"metadata": {
	"name": "<name>" // unique name for each intent
    "description": "connectivity intent add client communication"
	"application": "<app1>",
	"userdata1": <>,
	"userdata2": <>
	}

	spec: {
		"clientServiceName": "sleep", // Name of the client service
		"type": "istio", // options are istio, k8s and external
		"headless": "false", // default is false. Option "True" will generate the required configs for all the instances of headless service
		"serviceAccountAccess: : {"cluster.local/ns/default/sa/sleep" : {"GET": "/api/v1/products"}} // {istioobject - authorizationPolicy, will be applied for the inbound service}
	}
}

RETURN STATUS: 201
RETURN BODY:
{ 
  "name": "<name>"
  "Message": "Client created"
}

...

Code Block
languagejs
themeMidnight
titlePOST
linenumberstrue
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{version}/traffic-group-intent/outbound-intents/httpbin
POST BODY:
{
	"metadata": {
	"name": "<name>" // unique name for each intent
    "description": "connectivity intent add client communication"
	"application": "<app1>",
	"userdata1": <>,
	"userdata2": <>
	}

	spec: {
		"clientServiceName": "bookinfo-user", // Name of the client service
		"type": "istio", // options are istio, k8s and external
		"headless": "false", // default is false. Option "True" will generate the required configs for all the instances of headless service
		"serviceAccountAccess: : {"cluster.local/ns/default/sa/sleep" : {"GET": "/api/v1/products"}} // {istioobject - authorizationPolicy, will be applied for the inbound service}
	}
}

RETURN STATUS: 201
RETURN BODY:
{ 
  "name": "<name>"
  "Message": "Client created"
}

...

Code Block
languageyml
themeEclipse
titleDestinationRule
linenumberstrue
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: sleep-dr
  namespace: namespace01
spec:
  host: "bookinfo-user"
  trafficPolicy:
    tls:
	  mode: MUTUAL
      serverCertificate: /etc/certs/cert-chain.pem
      privateKey: /etc/certs/key.pem
      caCertificates: /etc/certs/root-cert.pem


4.  DestinationRule for simple TLS, Loadbalancing and circuit breaking for httpbin - (logicalCloud02)
Code Block
languageyml
themeEclipse
titleDestinationRule
linenumberstrue
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: httpbin-dr
  namespace: namespace02
spec:
  host: "httpbin"
  trafficPolicy:
    tls:
      mode: MUTUAL
	  serverCertificate: /etc/certs/cert-chain.pem
      privateKey: /etc/certs/key.pem
      caCertificates: /etc/certs/root-cert.pem
    loadbalancer:
      consistentHash:
        httpCookie: "user1"
    connectionPool:
      tcp:
        maxConnections: 10
      http:
        http2MaxRequests: 1000
        maxRequestsPerConnection: 100
    outlierDetection:
      consecutiveErrors: 7
      interval: 5m
      baseEjectionTime: 15m

...