Import and export resources across workspaces
Continuing with the previous example, what if you want to share services across workspaces? For example, maybe you want your gateway in Team A's workspace to route traffic to a frontend service in Team B's workspace, but not to Team C's backend services.
You can share resources across workspaces by configuring the workspace settings and the selectors on your services. You have to configure several settings, which help to make sure that you don't export resources by mistake.
Export to and import from settings
Make sure that your importing and exporting settings match across your workspaces.
exportTomust be set in your workspace for each workspace that you want to export resources to.importFrommust be set in the other workspace, and match your workspace that you export from.
You can select your workspaces by using labels and names.
Labels: Use Kubernetes labels to select workspaces for importing or exporting. Each workspace must have the matching label. For example, you might use labels such as team: frontend, app: bookinfo, or env: prod. By using labels, any workspaces that are subsequently added are also selected.
Names: If you want more fine-grained control, you can select workspaces by name. The following types of matching are supported.
- Exact match, such as
name: frontendfor a workspace namedfrontend. - Simple regex, such as
name: frontend*for any workspaces with names that begin withfrontend.
Labels and names together: For more fine-grained control, you can combine labels and names together.
Selecting resources within workspaces
After setting up the workspaces to import from and export to, you can narrow sharing to a particular resource. Four kinds of resources are supported:
RouteTable, a Gloo Mesh custom resource.Service, a Kubernetes service that typically exposes a workload like a deployment.VirtualDestination, a Gloo Mesh custom resource for services in other workspaces or clustersExternalService, a Gloo Mesh custom resource for services that run in a mesh outside the cluster environment, such as on-prem virtual machines (VMs).
You can select resources by label, name, namespace, or cluster. For more information, see the API docs.
After importing a resource, Gloo Mesh generates subsequent resources like Istio translations. You can use the imported resources just as other resources in your workspace. As such, any namespace in the workspace can use the imported resource. You can't export a resource only to a select namespace within a different workspace.
Example scenarios for importing and exporting
For more information about how importing and exporting work, review the following figure, tabbed description, and example configuration file.
- Sharing the web app to Team A from Team B
- Sharing the recs app to Team B from Team C
- Other resources are not shared across workspaces
- Team A's workspace settings imports from Team B's workspace
- Team A's workspace settings imports all Kubernetes services with the label
app: webfrom Team B - Team B's workspace settings exports all Kubernetes services with the label
app: webto Team A's workspace
- Team B's workspace settings imports from Team C's workspace
- Team B's workspace settings imports all resources with the label
app: recsfrom Team C - Team C's workspace settings exports all resources with the label
app: recsto Team B's workspace
- Team A does not export any of its resources to the other workspaces.
- Team B does not export its
app: cartresources to the other workspaces. - Team C does not share any resources with Team A.
Click the following WorkspaceSettings example config to expand an example configuration file for each team's workspace settings. You create workspace settings resources in the workload cluster of your choice, as long as that cluster is part of the workspace. For more information, see the API docs.