Manage egress rules

This topic tells you how to manage egress rules in a Space by using the egress.tanzu.vmware.com Capability and the EgressPoint resource. For more information about the Capability and the resource, see About Egress.

Before you begin

Before defining an EgressPoint resource:

  • Create a Space that includes the egress.tanzu.vmware.com Capability. For an example Space, see Create an application environment using Spaces.

  • Deploy an application to the Space that is configured to make HTTP or HTTPS requests to an endpoint outside the Space.

Manage EgressPoint resources

You can manage EgressPoint resources in Tanzu Platform hub. You can observe the egress rules for a Space from the Ingress and Egress tab on the Space Management page. This page also contains related networking configuration and details, such as Ingress.

To access the Egress Details menu:

  1. Go to Application Spaces > Spaces.
  2. Select the Space for which you want to define egress rules and then click View Details.
  3. On the Space details page, click the Ingress and Egress tab.
  4. On the Ingress and Egress tab, click Egress Details.

From the Egress view, you can create new egress points and view, edit, or delete existing egress points.

Create an EgressPoint

You can create an EgressPoint in Tanzu Platform hub or you can manually create EgressPoint resources to use by creating a YAML file.

Tanzu Platform hub
To create an EgressPoint from the Egress Details menu:

  1. Click Create Egress Point.

  2. In the Name field, enter the name you want for the EgressPoint. For example, example-egress.

  3. If you want the source to default to the entire Space, deactivate the SourceRef toggle. Otherwise, activate the SourceRef toggle and then fill in these fields:

    Field Example value
    api Group apps
    Kind Deployment
    Name account-service

    The SourceRef points to a Kubernetes resource within the Space. The only supported resources are ContainerApp (apps.tanzu.vmware.com) and Deployment (apps).

  4. Configure the Target Info section with the target you want to access. The target is an array. The EgressPoint can contain multiple targets. Fill in these fields:

    Field Example value
    Host api.openai.com
    Port 443
    Protocol HTTPS

  5. Click Add Target.

Traffic from the Space can now contact the intended target destination.

YAML file
To create EgressPoint resources manually by using a YAML file:

  1. Create a file named egresspoint.yaml. For example, to enable applications in your Space to access www.example.com, add the following content:

    apiVersion: networking.tanzu.vmware.com/v1alpha1
kind: EgressPoint
metadata:
 name: example
spec:
 targets:
 - hosts:
   - www.example.com
   port:
     number: 443
     protocol: HTTPS

    For more information about the fields you can configure for the EgressPoint resource, see EgressPoint API reference.

  2. Target your Space in your terminal by running:

    tanzu space use SPACE-NAME

    Where SPACE-NAME is the name of the Space for which you want to define egress rules.

  3. Get the path to the kubeconfig for your Space by running:

    tanzu context current

    From the output, record the value of Kube Config.

    Example output:

    Name:            my-context
Type:            tanzu
Organization:    my-org (ORG-ID)
Project:         my-project (PROJECT-ID)
Space:           my-space
Kube Config:     /path/to/kube/config
Kube Context:    tanzu-cli-my-context:my-project:my-space

  4. Apply the egresspoint.yaml file by running:

    kubectl --kubeconfig=PATH-TO-KUBE-CONFIG apply -f egresspoint.yaml

    Where PATH-TO-KUBE-CONFIG is the value of Kube Config that you recorded earlier.

Delete an EgressPoint

To delete an EgressPoint:

  1. From the Egress Details menu select the EgressPoint that you want to delete.
  2. Click Delete.
check-circle-line exclamation-circle-line close-line
Scroll to top icon