This topic tells you how to manage egress rules in a Space by using the egress.tanzu.vmware.com
Capability and the EgressPoint
resource. For more information about the Capability and the resource, see About Egress.
Before defining an EgressPoint
resource:
Create a Space that includes the egress.tanzu.vmware.com
Capability. For an example Space, see Create an application environment using Spaces.
Deploy an application to the Space that is configured to make HTTP or HTTPS requests to an endpoint outside the Space.
EgressPoint
resourcesYou can manage EgressPoint
resources in Tanzu Platform hub. You can observe the egress rules for a Space from the Ingress and Egress tab on the Space Management page. This page also contains related networking configuration and details, such as Ingress.
To access the Egress Details menu:
From the Egress view, you can create new egress points and view, edit, or delete existing egress points.
EgressPoint
You can create an EgressPoint
in Tanzu Platform hub or you can manually create EgressPoint
resources to use by creating a YAML file.
EgressPoint
from the
Egress Details menu:
Click Create Egress Point.
In the Name field, enter the name you want for the EgressPoint
. For example, example-egress
.
If you want the source to default to the entire Space, deactivate the SourceRef toggle. Otherwise, activate the SourceRef toggle and then fill in these fields:
Field | Example value |
---|---|
api Group | apps |
Kind | Deployment |
Name | account-service |
The SourceRef
points to a Kubernetes resource within the Space. The only supported resources are ContainerApp (apps.tanzu.vmware.com)
and Deployment (apps)
.
Configure the Target Info section with the target you want to access. The target is an array. The EgressPoint
can contain multiple targets. Fill in these fields:
Field | Example value |
---|---|
Host | api.openai.com |
Port | 443 |
Protocol | HTTPS |
Click Add Target.
Traffic from the Space can now contact the intended target destination.
EgressPoint
resources manually by using a YAML file:
Create a file named egresspoint.yaml
. For example, to enable applications in your Space to access www.example.com
, add the following content:
apiVersion: networking.tanzu.vmware.com/v1alpha1
kind: EgressPoint
metadata:
name: example
spec:
targets:
- hosts:
- www.example.com
port:
number: 443
protocol: HTTPS
For more information about the fields you can configure for the EgressPoint
resource, see EgressPoint API reference.
Target your Space in your terminal by running:
tanzu space use SPACE-NAME
Where SPACE-NAME
is the name of the Space for which you want to define egress rules.
Get the path to the kubeconfig for your Space by running:
tanzu context current
From the output, record the value of Kube Config
.
Example output:
Name: my-context
Type: tanzu
Organization: my-org (ORG-ID)
Project: my-project (PROJECT-ID)
Space: my-space
Kube Config: /path/to/kube/config
Kube Context: tanzu-cli-my-context:my-project:my-space
Apply the egresspoint.yaml
file by running:
kubectl --kubeconfig=PATH-TO-KUBE-CONFIG apply -f egresspoint.yaml
Where PATH-TO-KUBE-CONFIG
is the value of Kube Config
that you recorded earlier.
EgressPoint
To delete an EgressPoint
:
EgressPoint
that you want to delete.