Policy Agent REST API¶
About REST API¶
Policy agent REST API (“REST API”) enables you to interact with the policy agent instance using HTTP-requests.
REST API offers a read-only access to the policy agent operational data. Via REST API you can retrieve agent configuration, operational status of agent’s interfaces and connections, information on application’s network and service endpoints, records stored in agent’s DNS resolver database. All responses are returned in json.
Additionally, REST API allows you to add and delete network endpoints. This
functionality is used by Kubernetes CNI plugins to dynamically set up network
endpoint for each pod. As such, it is highly recommended to keep REST API bound
to the localhost interface, to which it is attached by default.
Fig. 165 FIG. Workload node with policy agent
Also, policy agent REST API works as an interface between Resolver and Policy Agent database with DNS records.
REST API is set up automatically when the agent starts on the workload node. By
default, REST API is exposed on 127.0.0.1:5500. You can change the interface
address and port number in the agent configuration file using a text editor or
agent’s ib-configure utility. To apply the new configuration you need to reload
the agent.
Configuring REST API¶
Configuration file¶
REST API configuration is stored in the ib-agent.conf file located on the workload node at:
~/etc/ib-agent.conf
The file contains REST API configuration details in the section titled
[rest]. To verify information in the configuration file, run the command:
]$ cat /etc/ib-agent.conf
[agent]
controller = controller-texas2270.texasinc.poc.bayware.io
location = azr1
local_domain = ib.loc
token_file = /opt/bayware/ib-agent/conf/tokens.dat
log_file = /var/log/ib-agent/ib-agent.log
log_level = INFO
[net_iface]
name = ib-fab0
address = 192.168.250.0/24
[ctl_iface]
name = ib-ctl0
[mirror_iface]
name = ib-mon0
[cert]
ca_cert = /opt/bayware/certs/ca.crt
node_cert = /opt/bayware/certs/node.crt
node_key = /opt/bayware/certs/node.key
[rest]
rest_ip = 127.0.0.1
rest_port = 5500
log_file = /var/log/ib-agent/ib-agent-rest.log
log_level = WARNING
[resolver]
log_file = /var/log/ib-agent/ib-agent-resolver.log
log_level = WARNING
file_size = 100000
backup_count = 5
dns_port = 5053
Configuration commands¶
To change REST API configuration, use the policy agent configuration tool
called ib-configure and located on the workload node at:
~/opt/bayware/ib-agent/bin/ib-configure
The tool enables you to change the IP address and/or TCP port on which Agent exposes its REST API.
The following commands require super-user privileges, so become root:
]$ sudo su -
Now, to bind the REST API to a different network interface on the node, run the command:
]# /opt/bayware/ib-agent/bin/ib-configure -a <IPv4_address>
To bind the REST API to a different TCP port on the same interface, run the command:
]# /opt/bayware/ib-agent/bin/ib-configure -r <TCP_port>
On a successful command execution, the tool will return the response as shown below:
]# /opt/bayware/ib-agent/bin/ib-configure -r 5500
agent configuration completed successfully
To apply the configuration changes, you need to reload the agent using the command:
]# systemctl reload ib-agent
Getting started with REST API¶
Making the first request¶
Here is an example of the REST API request and response (jq in this and other examples is used only for formatting):
]$ curl -s http://127.0.0.1:5500/api/v1/service/resolver | jq
{
"aws2-w02-texas2270.aws2.originator.weather-api.getaway-app.ib.loc": {
"hop_limit": 253,
"last_update": "2019-08-23 22:42:48.665033 GMT",
"service_domain_name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
"unicast_ip": "192.168.250.7"
},
"aws2.originator.weather-api.getaway-app.ib.loc": {
"hop_limit": 253,
"last_update": "2019-08-23 22:42:48.665033 GMT",
"service_domain_name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
"unicast_ip": "192.168.250.7"
},
"originator.weather-api.getaway-app.ib.loc": {
"hop_limit": 253,
"last_update": "2019-08-23 22:42:48.665033 GMT",
"service_domain_name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
"unicast_ip": "192.168.250.7"
}
}
Available resources¶
Policy agent REST API supports various categories of information, or various resources, that can be returned, such as:
- CERT
- CONNECTION
- IFACE
- NETWORK_ENDPOINT
- SERVICE
- STATUS
- /cert
- Certificate is used to verify a node certificate employed by the policy agent. You can only fetch data.
- /connection
- Connection is used to verify a current operational status of the logical connection between the workload and processor established by the policy agent. You can only fetch data.
- /iface
- Iface is used to verify a current operational status of the network interfaces managed by the policy agent. You can only fetch data.
- /network_endpoint
- Network endpoint is used to verify a current operational status of the network endpoints managed by the policy agent. You can only fetch data.
- /service
- Service is used to verify a current operational status of the service endpoints managed by the policy agent. You can only fetch data.
- /status
- Status is used to verify a current operational status of the policy agent. You can only fetch data.
Using REST API¶
Certificate object¶
Certificate object has only one endpoint.
GET /cert
Get the certificate.
HTTP request for this endpoint is shown below.
GET /api/v1/service/cert HTTP/1.1
Host: 127.0.0.1:5500
Here is an example of the REST API request and response:
]$ curl -s http://127.0.0.1:5500/api/v1/cert | jq -R 'split("\\n")'
[
"{\"result\":{\"x509\":\"Certificate:",
" Data:",
" Version: 3 (0x2)",
" Serial Number:",
" 1e:f6:87:56:6d:7f:97:d7:27:d7:50:70:50:d7:b8:b5:dc:da:13:de",
" Signature Algorithm: sha256WithRSAEncryption",
" Issuer: O=texasinc, DC=texas2270, CN=texas-c0",
" Validity",
" Not Before: Aug 14 21:10:35 2019 GMT",
" Not After : Aug 11 21:10:35 2029 GMT",
" Subject: O=texasinc, DC=texas2270, DC=workload, CN=azr1-w01-texas2270",
" Subject Public Key Info:",
" Public Key Algorithm: rsaEncryption",
" RSA Public-Key: (2048 bit)",
" Modulus:",
" 00:be:01:be:35:18:b7:85:fc:8e:c8:9d:da:d2:27:",
" 57:13:6b:8c:ab:cb:cf:39:15:f9:cf:b3:5d:d4:3e:",
" b3:9d:82:aa:1d:86:f5:b0:98:58:7f:32:18:50:f8:",
" 61:ae:60:f6:43:2a:28:3f:99:83:cc:15:dd:ec:aa:",
" 84:ac:c0:00:df:4d:a8:84:14:0a:94:ba:a8:37:3d:",
" 84:c6:9c:ad:d5:ac:43:01:d0:86:07:36:c7:b6:5c:",
" c5:78:4b:de:ca:a5:d9:83:60:a9:bb:c1:1d:05:b0:",
" e8:71:5e:7f:45:98:77:3d:07:58:42:16:f1:0e:79:",
" 5b:a4:22:95:0e:6c:cb:98:20:b7:d8:75:f6:69:1f:",
" 88:c3:07:5c:56:96:12:d0:6f:00:60:14:3e:33:cc:",
" 67:22:26:bf:ba:2e:59:a8:a2:e9:25:97:bc:6c:35:",
" 54:ee:ef:e7:c3:fd:26:dd:5f:8b:40:71:9a:f0:63:",
" 61:ac:b1:be:d2:3f:1e:98:50:6f:49:58:c9:12:51:",
" 1f:48:61:5a:50:9a:45:51:4b:8a:fe:39:01:8e:df:",
" 33:b3:68:34:da:a5:96:94:c1:16:4f:ae:d4:75:91:",
" 0b:fc:ca:b6:69:97:a2:e8:ba:98:17:e7:ef:e6:5d:",
" 1f:96:0c:58:d9:91:13:51:f6:4e:f9:9f:80:1d:c3:",
" 43:c9",
" Exponent: 65537 (0x10001)",
" X509v3 extensions:",
" X509v3 Key Usage: critical",
" Digital Signature, Key Encipherment",
" X509v3 Extended Key Usage: ",
" TLS Web Server Authentication, TLS Web Client Authentication",
" X509v3 Basic Constraints: critical",
" CA:FALSE",
" X509v3 Subject Key Identifier: ",
" 55:E5:A6:58:32:83:D6:D6:64:3A:E8:87:BC:BE:63:71:BC:72:B4:A6",
" X509v3 Authority Key Identifier: ",
" keyid:C1:F6:2F:CD:CF:70:9F:99:8B:2E:F8:B1:54:1E:08:C4:46:73:AA:19",
"",
" Signature Algorithm: sha256WithRSAEncryption",
" a1:3e:76:a6:d1:62:a3:c2:73:e4:2a:9d:b6:12:2a:22:48:1f:",
" 63:f5:f1:c4:f6:5f:e7:66:63:51:e4:9e:bc:02:87:a6:90:cd:",
" e7:39:04:ec:ac:9d:58:42:95:ff:f0:34:72:a2:f1:4a:67:bf:",
" f7:da:6f:ee:b9:bc:f8:51:27:5d:6e:e7:e9:89:c1:88:e9:f8:",
" 73:fd:b4:1c:fd:f8:41:66:5a:a7:51:bf:c8:dc:92:27:6a:e5:",
" d4:59:60:70:6e:c2:2b:3d:e5:47:55:67:44:69:5f:0a:61:8a:",
" 4a:03:43:70:67:61:ec:bc:00:e1:80:35:b1:2d:32:bb:ba:0a:",
" 40:e3:b0:f4:c0:fe:fb:23:9d:c3:80:2a:df:23:9a:e5:81:ce:",
" ea:22:1e:15:78:7b:4e:ab:2c:cd:b9:5e:cd:1e:57:89:07:f6:",
" be:fd:a1:a0:e3:99:c5:0f:8f:1f:58:d2:e2:6f:e4:e6:1d:05:",
" d0:1a:98:6e:ba:b5:b7:6e:90:67:c8:85:33:cd:7a:34:31:f6:",
" e4:17:8f:cf:f4:3a:1b:48:95:56:5f:a0:da:31:23:9e:22:da:",
" c8:f1:b8:8e:06:c7:23:7b:34:cb:12:a2:ca:42:17:65:12:2c:",
" 9b:a9:d9:6b:1e:e6:86:48:ed:41:4f:07:d8:6c:b5:2f:6d:da:",
" b7:7d:ee:7a:4e:6f:b4:b4:6b:da:dd:71:cd:6b:90:52:61:d8:",
" b6:8a:42:43:5c:29:75:fe:b8:e6:ec:73:80:35:66:72:32:e0:",
" 3e:a3:c0:84:bb:71:7e:34:d5:df:b8:de:7d:30:cb:fb:c7:1b:",
" 4d:60:0a:ca:d6:eb:cb:82:0b:5e:53:db:ad:4a:bc:8e:a3:f9:",
" b4:de:bb:72:78:8e:b2:ee:75:14:33:08:bf:f4:8d:ab:19:2c:",
" f9:a8:cf:1b:e0:79:05:e8:55:da:35:1b:c3:fe:c8:b6:ec:3a:",
" 37:e8:13:2b:15:90:c5:83:11:ae:38:a2:18:26:fb:50:8a:1c:",
" 2b:c4:83:54:10:8a:35:05:f9:18:f7:13:e3:a6:13:1d:10:b4:",
" ff:27:77:a8:f9:6e:81:f9:1d:d9:c5:b5:3f:78:82:ad:71:6f:",
" 82:74:89:76:ef:5e:91:8a:f7:fa:b4:ef:7f:a1:20:2f:15:bf:",
" 27:8a:85:1d:ae:f3:10:26:45:d1:fa:be:e6:69:94:e6:4d:3b:",
" 5c:53:76:32:8f:11:73:5b:2b:a4:82:45:74:4f:38:29:67:49:",
" f6:d2:6a:55:0f:c9:96:42:63:cb:75:3f:cf:93:60:26:96:76:",
" 59:10:d2:9d:3c:5a:39:3a:50:44:f3:e7:54:15:9b:9c:e2:e8:",
" 9e:ee:56:79:96:d6:e4:e8",
"\"}}"
]
Connection object¶
Connection object has only one endpoint.
GET /connection
Get information about the current connection status.
HTTP request for this endpoint is shown below.
GET /api/v1/connection HTTP/1.1
Host: 127.0.0.1:5500
Here is an example of the REST API request and response:
]$ curl -s http://127.0.0.1:5500/api/v1/connection | jq
{
"result": {
"304": {
"keepalive_timestamp": "Fri, 23 Aug 2019 22:29:21 GMT",
"local_conn": 304,
"local_port": 1,
"nonce_timestamp": "Fri, 23 Aug 2019 22:29:19 GMT",
"remote_address": "fd3210d7b78fea9d20c9c41f59347aed",
"remote_conn": 258,
"remote_mac": "16c2b80359c1",
"remote_node_role": "processor",
"remote_port": 32,
"remote_portname": "ib_0a000206",
"status": "active"
}
}
}
Iface object¶
Iface object has three endpoints.
Control interface¶
GET /iface/ctl_iface
Get information about the current control interface status.
HTTP request for this endpoint is shown below.
GET /api/v1/iface/ctl_iface HTTP/1.1
Host: 127.0.0.1:5500
Here is an example of the REST API request and response:
]$ curl -s http://127.0.0.1:5500/api/v1/iface/ctl_iface | jq -R 'split("\\n")'
[
"{\"result\":{\"ctl_iface\":\"",
"",
"203: ib-ctl0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel
state DOWN group default qlen 1000",
" link/ether 06:55:44:13:ff:35 brd ff:ff:ff:ff:ff:ff",
" RX: bytes packets errors dropped overrun mcast ",
" 0 0 0 0 0 0 ",
" TX: bytes packets errors dropped carrier collsns ",
" 0 0 0 0 0 0\"}}"
]
Mirror interface¶
GET /iface/mirror_iface
Get information about the current mirror interface status.
Note
The Rx bytes and packets counters will show non-zero values only if you have the port mirroring enabled in the specification of at least one contract role whose service endpoint(s) present on the node.
HTTP request for this endpoint is shown below.
GET /api/v1/iface/mirror_iface HTTP/1.1
Host: 127.0.0.1:5500
Here is an example of the REST API request and response:
]$ curl -s http://127.0.0.1:5500/api/v1/iface/mirror_iface | jq -R 'split("\\n")'
[
"{\"result\":{\"mirror_iface\":\"",
"",
"204: ib-mon0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UNKNOWN group default qlen 1000",
" link/ether 06:72:48:6c:8f:6d brd ff:ff:ff:ff:ff:ff",
" inet6 fe80::472:48ff:fe6c:8f6d/64 scope link ",
" valid_lft forever preferred_lft forever",
" RX: bytes packets errors dropped overrun mcast ",
" 0 0 0 0 0 0 ",
" TX: bytes packets errors dropped carrier collsns ",
" 12460 178 0 0 0 0\"}}"
]
Network interface¶
GET /iface/net_iface
Get information about the current network interface status.
HTTP request for this endpoint is shown below.
GET /api/v1/iface/net_iface HTTP/1.1
Host: 127.0.0.1:5500
Here is an example of the REST API request and response:
]$ curl -s http://127.0.0.1:5500/api/v1/iface/net_iface | jq -R 'split("\\n")'
[
"{\"result\":{\"net_iface\":\"",
"",
"207: ib-fab0@NONE: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1350 qdisc
fq_codel state UNKNOWN group default qlen 1000",
" link/ether 96:9e:eb:10:c7:31 brd ff:ff:ff:ff:ff:ff",
" inet 192.168.250.1/30 scope global ib-fab0",
" valid_lft forever preferred_lft forever",
" RX: bytes packets errors dropped overrun mcast ",
" 439537314 2251739 0 0 0 0 ",
" TX: bytes packets errors dropped carrier collsns ",
" 325448824 2091568 0 0 0 0\"}}"
]
Network endpoint object¶
Network endpoint object has multiple endpoints.
Network endpoint status¶
GET /network_endpoint
Get information about the current network endpoint status.
HTTP request for this endpoint is shown below.
GET /api/v1/network_endpoint HTTP/1.1
Host: 127.0.0.1:5500
Here is an example of the REST API request and response:
]$ curl -s http://127.0.0.1:5500/api/v1/network_endpoint | jq
{
"result": [
{
"cga": "fd32:10d7:b78f:7699:242e:1b2e:0e61:d882",
"cga_params": {
"ccount": 0,
"ext": "",
"modifier": 2.850508822951617e+38,
"prefix": "fd32:10d7:b78f:7699::"
},
"ip": "192.168.250.1",
"mac": "96:9e:eb:10:c7:31",
"name": "azr1-w01-texas2270",
"ne_id": 1554,
"ne_instance": "azr1-w01-texas2270"
}
]
}
Create network endpoint¶
PUT /network_endpoint/{ne_instance}
Create network endpoint. API is used by CNI plugin.
HTTP request for this endpoint is shown below.
PUT /api/v1/network_endpoint/instance123 HTTP/1.1
Host: 127.0.0.1:5500
Additional parameters must be sent in the request body in JSON format as shown in the example below.
{
"name":"nginx-deployment-77f588df6b-jck2q",
"ip_address":"10.10.110.82",
"mac":"6a:49:c9:11:4c:60",
"tokens":[
"2646f16e-0dec-4577-9e43-076b7be1b0ab"
]
}
Delete network endpoint¶
DELETE /network_endpoint/{ne_instance}
Delete network endpoint. API is used by CNI plugin.
DELETE /api/v1/network_endpoint/instance123 HTTP/1.1
Host: 127.0.0.1:5500
Service object¶
Service object has multiple endpoints.
Available local service endpoints¶
GET /service/available
Get information about the available local service endpoints.
HTTP request for this endpoint is shown below.
GET /api/v1/service/available HTTP/1.1
Host: 127.0.0.1:5500
Here is an example of the REST API request and response:
]$ curl -s http://127.0.0.1:5500/api/v1/service/available | jq
{
"azr1-w01-texas2270": {
"ne_cfg_hash": "0612947c582c4cf105ac3428c3f5b613a4a5",
"services": [
{
"contract": "weather-api",
"contract_id": 3221325477,
"contract_role": "Responder",
"domain": "getaway-app",
"endpoint_rules": [
{
"protocol": "icmp"
},
{
"ports": [
8080,
5201
],
"protocol": "tcp"
}
],
"is_multicast": false,
"port_mirror_enabled": false,
"propagation_interval": 5,
"remote_endpoint_rules": [
{
"protocol": "icmp"
},
{
"protocol": "tcp"
}
],
"role_index": 1,
"se_cfg_hash": "46eeb901fb5ad0a0027f4c2b9d351b85",
"service_rdn": "responder.weather-api.getaway-app",
"stat_enabled": false
}
],
"success": true,
"type": "serviceResponse"
}
}
Registered local service endpoints¶
GET /service/registered
Get information about the registered local service endpoints.
HTTP request for this endpoint is shown below.
GET /api/v1/service/registered HTTP/1.1
Host: 127.0.0.1:5500
Here is an example of the REST API request and response:
]$ curl -s http://127.0.0.1:5500/api/v1/service/registered | jq
{
"azr1-w01-texas2270": [
{
"contract": "weather-api",
"contract_role": "Responder",
"domain": "getaway-app",
"filtration": {
"bpf_maps": {
"MAP_F_IN_PORT": [
{
"key": "612a8633-5114-06",
"val": "00"
},
{
"key": "612a8633-901f-06",
"val": "00"
}
],
"MAP_F_IN_PROTO": [
{
"key": "612a8633-3a",
"val": "00"
}
],
"MAP_F_OUT_PROTO": [
{
"key": "612a8633-06",
"val": "00"
},
{
"key": "612a8633-01",
"val": "00"
}
],
"MAP_IN_UNI_SE": [
{
"key": "242e1b2e0e61d882-c00186a5",
"val": "612a8633-b0-c0a8fa01000000000000000000000000-969eeb10c731"
}
],
"MAP_OUT_V4_SE": [
{
"key": "c0a8fa01-400186a5",
"val": "612a8633-a0-fd3210d7b78f7699242e1b2e0e61d882-0a8633"
}
]
},
"endpoint_rules": {
"egress": [
{
"protocol": "icmp"
},
{
"protocol": "tcp"
}
],
"ingress": [
{
"protocol": "icmp"
},
{
"ports": [
8080,
5201
],
"protocol": "tcp"
}
]
}
},
"flow_label": 689715,
"flow_label_hex": "0xa8633",
"group_id": 3221325477,
"group_id_hex": "0xc00186a5",
"role_index": 1,
"service_resolve": "responder.weather-api.getaway-app"
}
]
}
Remote service endpoints¶
GET /service/remote
Get information about the current remote service endpoints.
HTTP request for this endpoint is shown below.
GET /api/v1/service/remote HTTP/1.1
Host: 127.0.0.1:5500
Here is an example of the REST API request and response:
]$ curl -s http://127.0.0.1:5500/api/v1/service/remote | jq
{
"remote_service_endpoints": [
{
"bpf_maps": {
"MAP_IN_UNI": [
{
"key": "fd3210d7b78fdb9530e6ae3ff3e72973-069e86",
"val": "c00186a5-c0a8fa07-00000000000000000000000000000000"
}
],
"MAP_OUT_V4_DST": [
{
"key": "c0a8fa07",
"val": "400186a5-fd3210d7b78fdb9530e6ae3ff3e72973-16c2b80359c1"
}
]
},
"hop_limit": 253,
"last_update": "2019-08-23 22:40:15.516714 GMT",
"local_group_id": 3221325477,
"remote_cga": "fd32:10d7:b78f:db95:30e6:ae3f:f3e7:2973",
"remote_flow_label": 433798,
"service_domain_name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
"unicast_ip": "192.168.250.7"
}
]
}
Fetch all resolver database records¶
GET /service/resolver
Get all records from the resolver database.
HTTP request for this endpoint is shown below.
GET /api/v1/service/resolver HTTP/1.1
Host: 127.0.0.1:5500
Here is an example of the REST API request and response:
]$ curl -s http://127.0.0.1:5500/api/v1/service/resolver | jq
{
"aws2-w02-texas2270.aws2.originator.weather-api.getaway-app.ib.loc": {
"hop_limit": 253,
"last_update": "2019-08-23 22:42:48.665033 GMT",
"service_domain_name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
"unicast_ip": "192.168.250.7"
},
"aws2.originator.weather-api.getaway-app.ib.loc": {
"hop_limit": 253,
"last_update": "2019-08-23 22:42:48.665033 GMT",
"service_domain_name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
"unicast_ip": "192.168.250.7"
},
"originator.weather-api.getaway-app.ib.loc": {
"hop_limit": 253,
"last_update": "2019-08-23 22:42:48.665033 GMT",
"service_domain_name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
"unicast_ip": "192.168.250.7"
}
}
Resolve name into IP address¶
GET /service/resolver/{service_RDN}.{local_domain}
Get IP address for the specified DNS name. API is used by the policy agent resolver.
HTTP request for this endpoint is shown below.
GET /api/v1/service/resolver/originator.weather-api.getaway-app.ib.loc HTTP/1.1
Host: 127.0.0.1:5500
Here is an example of the REST API request and response:
]$ curl -s http://127.0.0.1:5500/api/v1/service/resolver/originator.weather-api.getaway-app.ib.loc | jq
{
"host": "192.168.250.7",
"success": true
}
Service endpoint statistics¶
GET /service/stat
Get the current service endpoint statistics.
Note: To see statistics on a particular service endpoint you need to enable it in the specification of the contract role associated with the endpoint.
HTTP request for this endpoint is shown below.
GET /api/v1/service/stat HTTP/1.1
Host: 127.0.0.1:5500
Here is an example of the REST API request and response:
{
"stat": [
{
"name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
"bytes_in": 2300,
"bytes_out": 1200,
"pkts_in": 98,
"pkts_out": 123,
"drops_in": 0,
"drops_out": 8
}
]
}
eBPF Maps¶
GET /service/ebpfmaps
Get content of the eBPF maps.
HTTP request for this endpoint is shown below.
GET /api/v1/service/ebpfmaps HTTP/1.1
Host: 127.0.0.1:5500
Here is an example of the REST API request and response:
]$ curl -s http://127.0.0.1:5500/api/v1/service/ebpfmaps | jq
{
"MAP_CONFIG": [
{
"key": "01",
"val": "fd3210d7b78f7699"
},
{
"key": "06",
"val": "cc00000000000000"
},
{
"key": "05",
"val": "969eeb10c7310000"
},
{
"key": "07",
"val": "38f122bb7af79677"
},
{
"key": "02",
"val": "cb00000000000000"
},
{
"key": "04",
"val": "cf00000000000000"
},
{
"key": "03",
"val": "06554413ff350000"
}
],
"MAP_F_IN_PORT": [
{
"key": "612a8633-5114-06",
"val": "00"
},
{
"key": "612a8633-901f-06",
"val": "00"
}
],
"MAP_F_IN_PROTO": [
{
"key": "612a8633-3a",
"val": "00"
}
],
"MAP_F_OUT_PORT": [],
"MAP_F_OUT_PROTO": [
{
"key": "612a8633-01",
"val": "00"
},
{
"key": "612a8633-06",
"val": "00"
}
],
"MAP_IN_SSM": [],
"MAP_IN_SSM_SE": [],
"MAP_IN_SSM_T1": [],
"MAP_IN_UNI": [
{
"key": "fd3210d7b78fdb9530e6ae3ff3e72973-069e86",
"val": "c00186a5-c0a8fa07-00000000000000000000000000000000"
}
],
"MAP_IN_UNI_SE": [
{
"key": "242e1b2e0e61d882-c00186a5",
"val": "612a8633-b0-c0a8fa01000000000000000000000000-969eeb10c731"
}
],
"MAP_OUT_V4_DST": [
{
"key": "c0a8fa07",
"val": "400186a5-fd3210d7b78fdb9530e6ae3ff3e72973-16c2b80359c1"
}
],
"MAP_OUT_V4_SE": [
{
"key": "c0a8fa01-400186a5",
"val": "612a8633-a0-fd3210d7b78f7699242e1b2e0e61d882-0a8633"
}
],
"MAP_OUT_V6_DST": [],
"MAP_OUT_V6_SE": []
}
Status object¶
Status object has only one endpoint.
GET /status
Get information about the current policy agent status.
HTTP request for this endpoint is shown below.
GET /api/v1/status HTTP/1.1
Host: 127.0.0.1:5500
Here is an example of the REST API request and response:
]$ curl -s http://127.0.0.1:5500/api/v1/status | jq
{
"controller": "controller-texas2270.texasinc.poc.bayware.io",
"host_id": "fd3210d7b78f769938f122bb7af79677",
"hostname": "azr1-w01-texas2270",
"local_domain": "ib.loc",
"location": "azr1",
"ready": true,
"registered": true,
"version": "1.2.0"
}
Quick Reference¶
GET /cert
http://127.0.0.1:5500/api/v1/certificate
Get the certificate.
GET /connection
http://127.0.0.1:5500/api/v1/connection
Get information about the current connection status.
GET /iface/ctl_iface
http://127.0.0.1:5500/api/v1/iface/ctl_iface
Get information about the current control interface status.
GET /iface/mirror_iface
http://127.0.0.1:5500/api/v1/iface/mirror_iface
Get information about the current mirror interface status.
GET /iface/net_iface
http://127.0.0.1:5500/api/v1/iface/net_iface
Get information about the current network interface status.
GET /network_endpoint
http://127.0.0.1:5500/api/v1/network_endpoint
Get information about the current network endpoint status.
PUT /network_endpoint/{ne_instance}
http://127.0.0.1:5500/api/v1/network_endpoint/instance123
Create network endpoint.
DELETE /network_endpoint/{ne_instance}
http://127.0.0.1:5500/api/v1/network_endpoint/instance123
Delete network endpoint.
GET /service/available
http://127.0.0.1:5500/api/v1/service/available
Get information about the available local service endpoints.
GET /service/registered
http://127.0.0.1:5500/api/v1/service/registered
Get information about the registered local service endpoints.
GET /service/remote
http://127.0.0.1:5500/api/v1/service/remote
Get information about the current remote service endpoints.
GET /service/resolver
http://127.0.0.1:5500/api/v1/service/resolver
Get all records from the resolver database.
GET /service/resolver/{service_RDN}.{local_domain}
http://127.0.0.1:5500/api/v1/service/resolver/originator.weather-api.getaway-app.ib.loc
Get IP address for the specified DNS name.
GET /service/stat
http://127.0.0.1:5500/api/v1/service/stat
Get the current service endpoint statistics.
GET /service/ebpfmaps
http://127.0.0.1:5500/api/v1/service/ebpfmaps
Get content of the eBPF maps.
GET /status
http://127.0.0.1:5500/api/v1/status
Get information about the current policy agent status.