You can run a CLI command to retrieve the corresponding API specification from Tanzu Service Mesh SaaS. Based on the API specification, you can describe a configuration that creates a Tanzu Service Mesh object, such as a global namespace, or a policy, such as an access control policy, in a declarative manifest file.

The API specifications that you retrieve with the CLI are in the Kubernetes YAML manifest format. The CLI command that you use to retrieve an API specification from Tanzu Service Mesh SaaS requires that you specify the short name or the long name of the API. The following table identifies the available APIs and lists the long and short names of each API.

Table 1. Available APIs

API long name

API short name

accesscontrolpolicies.gns.tsm.vmware.com

accesscontrolpolicies

apidiscoveries.gns.tsm.vmware.com

apidiscoveries

·attackdiscoveries.gns.tsm.vmware.com

attackdiscoveries

autoscalingpolicies.autoscaling.tsm.vmware.com

autoscalingconfigs

certificateauthorities.ca.tsm.vmware.com

certificateauthorities

certificates.certificates.tsm.vmware.com

certificates

certificatestatuses.certificates.tsm.vmware.com

certificatestatuses

clusterappses.clusters.tsm.vmware.com

clusterapps

clusteronboardingmanifests.clusters.tsm.vmware.com

clusteronboardingmanifests

clusteronboardingurls.clusters.tsm.vmware.com

clusteronboardingurls

clusteronboardurls.clusters.tsm.vmware.com

clusteronboardurls

clusters.clusters.tsm.vmware.com

clusters

externalaccounts.externalaccounts.tsm.vmware.com

externalaccount

externalaccountstatuses.externalaccounts.tsm.vmware.com

externalaccountstatuses

externaldnsdelegateddomains.externaldns.tsm.vmware.com

externaldnsdomainses.externaldns.tsm.vmware.com

externaldnsdelegateddomains

externaldnss.externaldns.tsm.vmware.com

externaldnss

externaldnsstatuses.externaldns.tsm.vmware.com

externaldnsstatuses

externalservices.gns.tsm.vmware.com

externalservices

geodiscoveries.gns.tsm.vmware.com

geodiscovery

globalnamespacecapabilities.gns.tsm.vmware.com

globalnamespacecapabilities

globalnamespacememberses.gns.tsm.vmware.com

globalnamespacememberses

globalnamespaces.gns.tsm.vmware.com

globalnamespace

gnsroutingpolicies.gns.tsm.vmware.com

gnsservicegroupmembers.gns.tsm.vmware.com

gnsservicegroupmembers

gnsservicegroups.gns.tsm.vmware.com

gnsservicegroup

gnsservicelevelobjectives.gns.tsm.vmware.com

gnsservicelevelobjective

healthchecks.templates.tsm.vmware.com

healthchecks

jobdownloads.jobs.tsm.vmware.com

jobdownloads

jobs.jobs.tsm.vmware.com

jobs

jwkses.certificates.tsm.vmware.com

jwkses

piidiscoveries.gns.tsm.vmware.com

piidiscoveries

policyconfigs.acp.tsm.vmware.com

policyconfigs

projects.project.tsm.vmware.com

projects

publicservicedomainses.gns.tsm.vmware.com

publicservicedomainses

publicserviceroutes.gns.tsm.vmware.com

publicserviceroutes

publicserviceroutestatuses.gns.tsm.vmware.com

publicservicestatuses

publicservices.gns.tsm.vmware.com

publicservices

resourcegroupdetailedlists.resourcegroups.tsm.vmware.com

resourcegroupdetailedlists

resourcegroupmembers.resourcegroups.tsm.vmware.com

resourcegroupmembers

resourcegroups.resourcegroups.tsm.vmware.com

resourcegroup

schemaviolationdiscoveries.gns.tsm.vmware.com

schemaviolationdiscoveries

segmentationpolicies.gns.tsm.vmware.com

segmentationpolicies

servicelevelobjectives.slo.tsm.vmware.com

servicelevelobjectives

sharedservices.gns.tsm.vmware.com

sharedservice

supportedexternalaccounts.externalaccounts.tsm.vmware.com

supported-external-accounts

trafficroutingpolicies.gns.tsm.vmware.com

trafficroutingpolicy

userdiscoveries.gns.tsm.vmware.com

userdiscoveries

Note:

Some of the APIs don't have a short name.

To complete the configuration, you must save the specification to a YAML manifest file and then provide values for the fields in the manifest file.

Important:

To define a configuration for a global namespace or for an access control policy, you must combine more than one API specification in a declarative manifest file. For more information about creating a global namespace manifest file and an access control policy manifest file, see Create a Global Namespace and Create an Access Control Policy.

Note:

You can also create a manifest based on the configuration of an existing object or an existing policy. For more information, see Use an Existing Object or Policy Configuration to Create a Manifest.

Prerequisites

Procedure

  1. Run the following CLI command.
    tanzu sm get spec {API}

    sm is the alias for the Tanzu Service Mesh plugin in the Tanzu CLI. You can replace sm with service-mesh. {API} is the API short name or long name. Find the short or long name of the API you want in the Available APIs table above.

    To retrieve the API specification for a global namespace, you can run the following command. In this example, the command includes the short name of the API.

    tanzu sm get spec globalnamespaces

    The CLI returns the API specification in the Kubernetes YAML manifest format. For the example above, the CLI returns the following output.

    apiVersion: gns.tsm.vmware.com/v1
    kind: GlobalNamespace
    metadata:
      labels:
        projectId: string
      name: string
    spec:
      api_discovery_enabled: true
      ca: string
      ca_type: PreExistingCA
      color: string
      description: string
      display_name: string
      domain_name: string
      match_conditions:
        - cluster:
            match: string
            type: string
          namespace:
            match: string
            type: string
      mtls_enforced: true
      name: string
      use_shared_gateway: true
      version: string
    
  2. Copy the API specification to a YAML file.
  3. In the file, enter appropriate values for the fields in the configuration.
    Note:

    For information about the meaning of the fields in the configuration and what value to provide for each field, see the schema of the appropriate API in API Explorer in Tanzu Service Mesh. Perform the following steps:

    1. In Tanzu Service Mesh SaaS UI, click API Explorer on the bottom bar.

    2. Go to the appropriate API in API Explorer.

    3. In the API section, under Request Body, click Schema.

  4. Save the changes in the file.

What to do next

Add the manifest file to the Git repository where you maintain all your manifest files.