service

Description

A network service defines a port number, a protocol, and protocol-specific options. Services are used to declare traffic flow between resources. On compute resources, applied services declare the type of network traffic allowed into that resource, and also allows automatic network configuration of other resources that consume the service or help deliver the service. On networking resources, applied services direct traffic flow.

Common Internet Ports and Protocols

Port

Protocol

Typical Usage

http

Unsecured web services

443

https

Secured web services

8080

http

Internal or staged unsecure web services

8443

https

Internal or staged secure web services

Required Properties

port (integer)

The internet port number.

protocol (string)

The data protocol name.

Allowed Values:

http
https

Optional Properties

certificate (▶ security.certificate)

The certificate to use. Required when the protocol is https.

health_check (dict)

Controls the behavior of health checks (also known as probes). Every back-end service has an associated health check. Each venue normally has different default behavior when it comes to health checks, however Tuono defines consistent defaults to normalize them.

healthy_attempts (integer)
The number of consecutive successful checks that must occur before an unhealthy target is considered healthy.
The default value if not specified is 5.
healthy_responses (string)
Sets the HTTP status codes that indicate a healthy response.
Example(s):
200
200, 201
200-202,302,303 - 304, 388
200-399
The default value if not specified is 200-399.
interval (integer)
The number of seconds between health check attempts.
The default value if not specified is 30.
path (string)
The request path for the health check.
The default value if not specified is /.
timeout (integer)
The number of seconds to wait for a response before considering the check attempt to have failed. This number should not be larger than the interval.
The default value if not specified is 5.
unhealthy_attempts (integer)
The number of consecutive failed checks that must occur before the target is considered unhealthy.
The default value if not specified is 2.

security_policy (dict)

The TLS policy to use to ensure that communication meets any compliance requirements. This policy can control the TLS protocol version and cipher suites used during a TLS handshake. Each venue uses a different naming strategy for their policies. Only pre-defined policies are not supported.

aws (string)
The Elastic Load Balancing security policy to use. If not specified, the default is managed by Amazon. For more information see https://amzn.to/3hldLpN
azure (string)
The Application Gateway security policy to use. If not specified, the default is managed by Azure. For more information see https://bit.ly/2zonomH

Common Properties

name (string)

The name of this service. The name can be different than the blueprint object name. When the name property is not present we apply automatic naming strategies to make resources easier to identify in each venue's management console. When the name property is specified we will use it exactly as specified.

readonly (boolean)

Indicates whether or not this service is read-only. If so, we verify only the existence and correctness of this service to its specification rather than creating or modifying it.

The default value if not specified is false.

Discovered Properties

These properties are populated and available in the inventory following a successful apply.

id (string)

The venue-specific identifier of this service.

Examples

Define a web service for port 80 http traffic with default health check:

networking:
  service:
    external-http:
      port: 80
      protocol: http

Define an internal web service with a custom health check:

networking:
  service:
    internal-http-dev:
      health_check:
        healthy_attempts: 3
        healthy_responses: 200-202,302,303 - 304, 388, 399
        interval: 20
        path: /about.php
        timeout: 5
        unhealthy_attempts: 3
      port: 8080
      protocol: http

Define a secure web service that negotiates at TLSv1.2 or better:

location:
  folder:
    example-folder:
      region: example-region
  region:
    example-region:
      area: west
      country: USA
networking:
  service:
    external-https:
      certificate: my-existing-cert
      port: 443
      protocol: https
      security_policy:
        aws: ELBSecurityPolicy-TLS-1-2-Ext-2018-06
        azure: AppGwSslPolicy20170401S
security:
  certificate:
    my-existing-cert:
      name: www.mycert.com
      readonly: true
      venue:
        azure:
          key_vault_name: MyKeyVault

Previousprotocol Nextsubnet

Last updated 4 years ago

Was this helpful?

service

Description

Required Properties

port (integer)

protocol (string)

Optional Properties

certificate (▶ security.certificate)

health_check (dict)

healthy_attempts (integer)

healthy_responses (string)

interval (integer)

path (string)

timeout (integer)

unhealthy_attempts (integer)