Virtual load-balanced service object

We claim: 1 . A method of deploying a load balanced service performed by a set of machines in a set of one or more datacenters, the method comprising receiving an intent-based API (Application Programming Interface) request that maps a set of layer-4 (L4) ports and a protocol to the set of machines that perform the service; allocating a VIP (virtual Internet Protocol) address for the load-balanced service; distributing a set of one or more load balancing rules to one or more load balancer, each distributed load balancing rule including (i) a match criteria set that comprises the VIP, the port set, and protocol and (ii) an action criteria set that comprises a set of one or more identifiers that identify the set of machines that perform the service. 2 . The method of claim 1 , wherein the API specifies the service as a virtual service that is exposed along the L4 port set and protocol and that is performed by the set of machines. 3 . The method of claim 1 , wherein the API request maps the L4 port set and protocol to a dynamic group of machines that comprises the set of machines. 4 . The method of claim 3 , wherein the set of machines comprises a plurality of machines, and the identifier set in the action criteria comprises an identifier that identifies the dynamic group of machines, the load balancer set converting the identifier to a plurality of network addresses of the plurality of the machines. 5 . The method of claim 4 further comprising distributing to the load balancer set a definition of the dynamic group that comprises the dynamic group identifier and the plurality of network addresses. 6 . The method of claim 3 , wherein the set of machines comprises a plurality of machines, and the identifier set in the action criteria comprises an identifier that identifies the dynamic group of machines, the load balancer set converting the dynamic group identifier to a plurality of pairs of layers 3 and 4 network addresses, each pair comprising an IP address and a port address of one machine in the plurality of machines. 7 . The method of claim 6 further comprising distributing to the load balancer set a definition of the dynamic group that comprises the dynamic group identifier and the plurality of pairs of layers 3 and 4 network addresses. 8 . The method of claim 1 , wherein the identifier set in the action criteria comprises network addresses for a plurality of machines that are members of the set of machines. 9 . The method of claim 3 , wherein the group of endpoint machines is a dynamic group as machines are added and removed from the group without changing the dynamic group identifier by simply changing a definition that identifies the machines that are members of the group. 10 . A method of exposing a service provided by a set of machines in a set of one or more datacenters, the method comprising receiving a Custom Resource Definition (CRD) that defines the virtual service as a resource in the datacenter; receiving an intent-based API (Application Programming Interface) request referring to the CRD and defining a virtual service provided by the set of machines, the API mapping a set of one or more ports to the set of machines; performing an automated process to parse the API request and process the CRD to deploy the virtual service in the datacenter set. 11 . The method of claim 10 , wherein performing the automated process comprises configuring a set of one or more load balancers to distribute the data messages across the set of machines. 12 . The method of claim 11 , wherein the API further refers to a load balancing resource for providing a load balancing service for the virtual service, performing the automated process further comprises configuring the set of load balancers to implement the load balancing resource to provide the load balancing service. 13 . The method of claim 12 , wherein the virtual service is performed by a network, the set of load balancers is deployed at the north/south edge of the network. 14 . The method of claim 11 , wherein performing the automated process further comprises allocating a VIP (virtual Internet Protocol) address for the virtual service; creating a load balancing rule that includes (i) a match criteria set that comprises the VIP and the port set, and (ii) an action criteria set that comprises a set of one or more identifiers that identify the set of machines; providing the load balancing rule to the load balancer set. 15 . The method of claim 11 , wherein the API further defines the set of machines, which is to provide the virtual service, as an endpoint group that is a group of machines that has a dynamically adjustable set of members. 16 . The method of claim 15 , wherein the endpoint group comprises machines of different types, including virtual machines and containers. 17 . The method of claim 10 , wherein the API maps the port set to the machine set by mapping the port set and a protocol to the machine set. 18 . The method of claim 10 , wherein the set of machines are a set of workload machines, and the virtual service is one operation that is performed by each workload machine in the set of workload machines. 19 . The method of claim 10 , wherein the virtual service is a virtual middlebox service operation.