Overview of Networking API

The Networking API uses Kubernetes custom resources and relies on the Kubernetes Resource Model (KRM).

Create and manage networking in Google Distributed Cloud (GDC) air-gapped through the Networking API using the kubectl CLI.

Service endpoint

The following URL is the API endpoint for the Networking KRM API:

https://GDC_API_SERVER_ENDPOINT/apis/networking.gdc.goog/v1

Replace GDC_API_SERVER_ENDPOINT with the endpoint of the GDC API server.

Discovery document

Use the kubectl proxy --port=8001 command to open a proxy to the API server on your local machine. From there, you can access the discovery document at the following URL:

http://127.0.0.1:8001/apis/networking.gdc.goog/v1

Example ingress cross-project traffic policy

The following is an example of a ProjectNetworkPolicy object that enables workloads in the project-1 project to permit connections from workloads in the project-2 project, as well as the return traffic for the same flows:

apiVersion: networking.gdc.goog/v1
kind: ProjectNetworkPolicy
metadata:
  namespace: project-1
  name: allow-ingress-traffic-from-project-2
spec:
  policyType: Ingress
  subject:
    subjectType: UserWorkload
  ingress:
  - from:
    - projects:
        matchNames:
        - project-2