The Networking API uses Kubernetes custom resources and relies on the Kubernetes Resource Model (KRM).
Create and manage networking in Google Distributed Cloud (GDC) air-gapped through the Networking API using the kubectl CLI.
Service endpoint
The Networking APIs are provided in two packages depending on zonal deployment or global deployment.
The API endpoints for the zonal and global Networking APIs are the following, respectively:
https://MANAGEMENT_API_SERVER_ENDPOINT/apis/networking.gdc.goog/v1https://MANAGEMENT_API_SERVER_ENDPOINT/apis/networking.global.gdc.goog/v1
Replace MANAGEMENT_API_SERVER_ENDPOINT with the endpoint of the
Management API server.
Discovery document
Use the kubectl proxy --port=8001 command to open a proxy to the API server on
your local machine. From there, you can access the discovery document at
the following URLs:
http://127.0.0.1:8001/apis/networking.gdc.goog/v1http://127.0.0.1:8001/apis/networking.global.gdc.goog/v1
Example ingress cross-project traffic policy
The following is an example of a ProjectNetworkPolicy object that enables workloads in the project-1 project to permit connections from workloads in the project-2 project, as well as the return traffic for the same flows:
apiVersion: networking.gdc.goog/v1
kind: ProjectNetworkPolicy
metadata:
namespace: project-1
name: allow-ingress-traffic-from-project-2
spec:
policyType: Ingress
subject:
subjectType: UserWorkload
ingress:
- from:
- projects:
matchNames:
- project-2