Traffic Controller API's
- Former user (Deleted)
- Manjunath Ranganathaiah (Deactivated)
Owned by Former user (Deleted)
Inbound Intents
Traffic group intents
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{composite-app-version}/deployment-intent-groups/{deployment-intent-group-name}/traffic-group-intent
POST BODY:
{
"metadata": {
"name": "<name>", //unique for each traffic group
"description": "<description>",
"userData1": "<user data>",
"userData2": "<user data>"
}
}
Inbound
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{composite-app-version}/deployment-intent-groups/{deployment-intent-group-name}/traffic-group-intent/{traffic-group-intent-name}/inbound-intents/
"metadata": {
"name": "<>" // unique name for each intent
"description": "connectivity intent for inbound communication"
"userdata1": <>,
"userdata2": <>
}
"spec": {
"application": "<app1>",
"servicename": "httpbin" //actual name of the client service
"externalName": "httpbin.k8s.com" // Can be IP address also
"port" : "80", // port on which service is exposed
"protocol": "TCP" //protocol of the exposed service
"serviceMesh": "istio", // SIMPLE - No Istio
"istio" : {
"sidecar-proxy": "yes",
"mutualTLS": "MUTUAL", // default is simple. Option MUTUAL will enforce mtls
// Traffic management fields below are valid only if the sidecar-proxy is set to "yes"
"loadbalancing" : {
// LaodBalancing
"loadbalancingType": "ConsistentHash", // "Simple" and "consistentHash"
"loadBalancerMode": "httpCookie" // Modes for consistentHash - "httpHeaderName", "httpCookie", "useSourceIP", "minimumRingSize", Modes for simple - "LEAST_CONN", "ROUND_ROBIN", "RANDOM", "PASSTHROUGH"
"httpCookie": "user1" // Name of the cookie to maintain sticky sessions
},
"circuitBreaking": {
"maxConnections": 10 //connection pool for tcp and http traffic
"concurrenthttp2Requests": 1000 // concurent http2 requests which can be allowed
"httpRequestPerConnection": 100 // number of http requests per connection. Valid only for http traffic
"consecutiveErrors": 8 // Default is 5. Number of consecutive error before the host is removed
"baseEjectionTime" : 15 // Default is 5
"intervalSweep": 5m, //time limit before the removed hosts are added back to the load balancing pool.
}
},
"external-support": "true"
"external": {
"cert-info": {
"servicecertificate" : "" // Present actual certificate here.
"servicePrivateKey" : "" // Present actual private key here.
"caCertificate" : "" // present the trusted certificate to verify the client connection
},
"auth-info": {
// Authentication fields
"externalAuthenticationissuer": "https://accounts.google.com",
"externalAuthenticationjwksURI" : "https://www.googleapis.com/oauth2/v3/certs",
}
}
"headless": "false", // default is false. Option "True" will make sure all the instances of the headless service will have access to the client service
// TODO: Add any FW/SNAT/LB specific fields
}
Client
POST
URL: /v2/projects/{project-name}/composite-apps/{composite-app-name}/{composite-app-version}/deployment-intent-groups/{deployment-intent-group-name}/traffic-group-intent/{traffic-group-intent-name}/inbound-intents/<intent-name>/clients
POST BODY:
{
"metadata": {
"name": <>
"description": <>
"userdata1": <>,
"userdata2": <>
}
"spec" : {
"application": "<app2>",
"servicename": "sleep",
"namespaces": [], // Workloads from this namespaces can access the inbound service
"ipRange": [<cidr>, <cidr>]
}
//Client certificate?
}POST
Outbound Intent
POST
POST
Network Policy
Based on the inbound intent as described above Network Policy will be created to allow traffic from the client to the service within the same cluster.
Action controller based on the client intent will create Network Policy as below in all the clusters where the applications are deployed. Check if the cluster is same for the service and client. If so add the Network Policy.
Open: Between clusters,