Peering Rules
Peering rules let you declaratively define how you want the networks you manage to be wired up. These could be those managed by Wayfinder via ClusterNetwork or external/pre-existing networks that you want to hook into.
CLI Quick Reference
| Instruction | CLI Command |
|---|---|
| View a list of Peering rules | wf get peeringrules |
| View the yaml of a Peering rule | wf get peeringrules RULE-NAME -o yaml |
View Peering Rules
Use the wf get peeringrules command to view a list of peering rules.
NAME TYPE AGE
azure-private peering 8d
Use the wf get peeringrule RULE-NAME command with the -o yaml flag to view the output of the yaml file.
wf get peeringrule azure-private -o yaml
apiVersion: networking.appvia.io/v2beta1
kind: PeeringRule
metadata:
name: azure-private
spec:
cloudAccessConfigRef:
name: az-peering
namespace: sand
connection:
peering:
enableAutoApproval: true
network:
account: 12345678-abcd-458d-aa01-0123abcd1234
identifier: /subscriptions/12345678-abcd-458d-aa01-0123abcd1234/resourceGroups/wf-dev-envs-uksouth/providers/Microsoft.Network/virtualNetworks/ws-dev-envs
location: uksouth
type: peering
filters:
allocation:
type: all
selectors:
# target non-prod clusters with custom label 'clustergroup' with value 'az-private'
matchExpressions:
- key: appvia.io/stage
operator: In
values:
- nonprod
matchLabels:
appvia.io/provider: azure
clustergroup: az-private
In Wayfinder's web interface:
- Select Admin, then navigate to Kubernetes > Cluster Networking
- Select your Cloud Provider e.g., Microsoft Azure
- Select the Peering Rules tab
- A list of Peering Rules are displayed
Create a Peering Rule
In Wayfinder's web interface:
- Select Admin, then navigate to Kubernetes > Cluster Networking
- Select the + Peering Rule button
- Fill in the form as described in the Properties section
- Click Save
Properties
The following section outline the properties that you'll need to create a Peering Rule in Wayfinder. These properties are mirrored in the corresponding CRD manifests (in YAML format) generated by Wayfinder. CLI users can refer to the information in this section to understand how the settings from Wayfinder's web interface correlate with the respective YAML files.
Properties common to all providers
| Field | Description |
|---|---|
| Allocated to workspaces | The workspaces for which this peering rule will apply to Option(s): - All: Applies to all workspaces - Specified workspaces: Applies to the workspaces you selected - Do not allocate: Will not be applied to any workspaces |
| Name | Provide a meaningful name for this Peering Rule. It cannot be changed once you've clicked the save button. |
| Selectors | Narrow the selection of which clusters this peering rule will apply to by specifying labels that relevant clusters must have in order to be peered. |
| - Provider | Read only field. Specifies the Cloud Provider for which you're adding this Peering Rule Option(s): - Azure - AWS - GCP |
| - Stages | The stage(s) for which this peering rule applies to. |
| - Advanced Mode | Switch the toggle if you want to specify filters for the peering rule. The filters are matched to labels on cluster network resources. |
| -- Match labels | Enter a label key and the label value on which to match. You can specify multiple match labels. |
| -- Match expressions | Enter a match expression key, the condition (In, NotIn, Exists, DoesNotExist) and the values on which the condition applies. You can specify multiple match expressions. |
| Cloud Account | The cloud account that has permission to carry out the tasks required to fulfil peering or gateway attachments. See Cloud Access with access type 'peering'. |
| Type | The type of peering this rule applies to Option(s): - Peering - Gateway (AWS only) |
| Enable auto approval | Check the box to enable. Determines whether to automatically accept the peering connection on the other end of the peer. This requires a Cloud Access with the correct permissions. |
| Identifier | The full resource identify of the virtual network that Wayfinder is peering to. |
Properties specific to AWS
| Field | Description |
|---|---|
| Account | The accout Wayfinder is peering to. |
| Location | The region where the network that Wayfinder is peering to exists. |
| Routes | A collection of network ranges that are expose to the peered networks. Note that the route tables of the source networks are automatically amended to push these subnets down the peered connection. |
| Enable DNS | Enables DNS support via the gateway. Default value is 'true'. Type must be set to gateway |