Overview of Networking API

Stay organized with collections Save and categorize content based on your preferences.

The Networking API uses Kubernetes custom resources and relies on the Kubernetes Resource Model (KRM).

Create and manage networking in Google Distributed Cloud (GDC) air-gapped through the Networking API using the kubectl CLI.

Service endpoint

The Networking APIs are provided in two packages depending on zonal deployment or global deployment.

The API endpoints for the zonal and global Networking APIs are the following, respectively:

• https://MANAGEMENT_API_SERVER_ENDPOINT/apis/networking.gdc.goog/v1
• https://MANAGEMENT_API_SERVER_ENDPOINT/apis/networking.global.gdc.goog/v1

Replace MANAGEMENT_API_SERVER_ENDPOINT with the endpoint of the Management API server.

Discovery document

Use the kubectl proxy --port=8001 command to open a proxy to the API server on your local machine. From there, you can access the discovery document at the following URLs:

• http://127.0.0.1:8001/apis/networking.gdc.goog/v1
• http://127.0.0.1:8001/apis/networking.global.gdc.goog/v1

Example ingress cross-project traffic policy

The following is an example of a ProjectNetworkPolicy object that enables workloads in the project-1 project to permit connections from workloads in the project-2 project, as well as the return traffic for the same flows:

apiVersion: networking.gdc.goog/v1
kind: ProjectNetworkPolicy
metadata:
  namespace: project-1
  name: allow-ingress-traffic-from-project-2
spec:
  policyType: Ingress
  subject:
    subjectType: UserWorkload
  ingress:
  - from:
    - projects:
        matchNames:
        - project-2