Overview
agent
auditctx
cloudaccount
- GETGet a cloud account by name
- DELDelete an cloud account by name
- PATCHPerform a Patch on a cloud account by name
- GETGet all cloud accounts
- POSTCreate a cloud account
- POSTGet all cloud accounts based on a query
- GETGet the access report for a cloud account by name
- GETGet available permissions for a cloud account resource type
domain
group
gvc
identity
- GETGet an identity by GVC and name
- DELDelete an identity by GVC and name
- PATCHPerform a Patch on an identity by name
- GETGet all identities in a GVC
- POSTCreate an identity
- GETGet all identities from all GVCs
- POSTGet all GVC identities based on a query
- GETGet the access report for an identity by GVC and name
- GETGet available permissions for an identity
image
location
org
policy
quota
secret
- GETGet a secret by name
- DELDelete a secret by name
- PATCHPerform a Patch on an IP Set by name
- GETGet all secrets
- POSTCreate a secret
- GETGet the sensitive content of a secret by name
- POSTGet all secrets based on a query
- GETGet the access report for a secret by name
- GETGet available permissions for a secret resource type
serviceaccount
- GETGet a service account by name
- DELDelete a service account by name
- PATCHPerform a Patch on a service account by name
- GETGet all service accounts
- POSTCreate a service account
- POSTGet all service accounts based on a query
- GETGet the access report for a service account by name
- POSTAdd a key to a service account
- GETGet available permissions for a service account resource type
task
user
volumeset
- GETGet a volumeset by GVC and name
- DELDelete a volumeset by name
- PATCHPerform a Patch on a volumeset by name
- GETList volumesets in a GVC you are authorized to view
- POSTCreate a volumeset
- GETGet all volumesets
- POSTGet all volumesets based on a query
- GETGet the access report for a volumeset by GVC and name
- GETGet available permissions for a volumeset resource type
workload
- GETGet a workload by GVC and name
- DELDelete a workload by name
- PATCHPerform a Patch on a workload by name
- GETGet a deployment by GVC, workload and name
- GETList workloads in a GVC you are authorized to view
- POSTCreate a workload
- GETGet all workloads
- GETList deployments in a workload
- POSTGet all workloads based on a query
- GETGet the access report for a workload by GVC and name
- GETGet available permissions for a workload resource type
Perform a Patch on a domain by name
curl --request PATCH \
--url https://api.cpln.io/org/{org}/domain/{name} \
--header 'Content-Type: application/json' \
--data '{
"$drop": [
"description"
],
"description": "<string>",
"tags": {},
"$replace/tags": {},
"name": "<string>",
"spec": {
"$drop": [
"dnsMode"
],
"dnsMode": "cname",
"gvcLink": "<string>",
"acceptAllHosts": true,
"ports": [
{
"number": 123,
"protocol": "http2",
"routes": [
{
"replacePrefix": "<string>",
"regex": "<string>",
"prefix": "<string>",
"workloadLink": "<string>",
"port": 123,
"hostPrefix": "<string>",
"headers": {
"request": {
"set": {}
}
}
}
],
"cors": {
"allowOrigins": [
{
"exact": "<string>"
}
],
"allowMethods": [
"<string>"
],
"allowHeaders": [
"<string>"
],
"exposeHeaders": [
"<string>"
],
"maxAge": "<string>",
"allowCredentials": true
},
"tls": {
"minProtocolVersion": "TLSV1_2",
"cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"clientCertificate": {
"secretLink": "<string>"
},
"serverCertificate": {
"secretLink": "<string>"
}
}
}
],
"$drop/ports": [
"<string>"
],
"$append/ports": [
{
"number": 123,
"protocol": "http2",
"routes": [
{
"replacePrefix": "<string>",
"regex": "<string>",
"prefix": "<string>",
"workloadLink": "<string>",
"port": 123,
"hostPrefix": "<string>",
"headers": {
"request": {
"set": {}
}
}
}
],
"cors": {
"allowOrigins": [
{
"exact": "<string>"
}
],
"allowMethods": [
"<string>"
],
"allowHeaders": [
"<string>"
],
"exposeHeaders": [
"<string>"
],
"maxAge": "<string>",
"allowCredentials": true
},
"tls": {
"minProtocolVersion": "TLSV1_2",
"cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"clientCertificate": {
"secretLink": "<string>"
},
"serverCertificate": {
"secretLink": "<string>"
}
}
}
],
"$patch/ports": [
{
"$drop": [
"number"
],
"number": 123,
"protocol": "http2",
"routes": [
{
"replacePrefix": "<string>",
"regex": "<string>",
"prefix": "<string>",
"workloadLink": "<string>",
"port": 123,
"hostPrefix": "<string>",
"headers": {
"request": {
"set": {}
}
}
}
],
"$drop/routes": [
"<string>"
],
"$append/routes": [
{
"replacePrefix": "<string>",
"regex": "<string>",
"prefix": "<string>",
"workloadLink": "<string>",
"port": 123,
"hostPrefix": "<string>",
"headers": {
"request": {
"set": {}
}
}
}
],
"$patch/routes": [
{
"$drop": [
"replacePrefix"
],
"replacePrefix": "<string>",
"regex": "<string>",
"prefix": "<string>",
"workloadLink": "<string>",
"port": 123,
"hostPrefix": "<string>",
"headers": {
"$drop": [
"request"
],
"request": {
"$drop": [
"set"
],
"set": {},
"$replace/set": {}
},
"$replace/request": {
"set": {}
}
},
"$replace/headers": {
"request": {
"set": {}
}
}
}
],
"$retain/routes": [
"<string>"
],
"cors": {
"$drop": [
"allowOrigins"
],
"allowOrigins": [
{
"exact": "<string>"
}
],
"$drop/allowOrigins": [
"<string>"
],
"$append/allowOrigins": [
{
"exact": "<string>"
}
],
"$patch/allowOrigins": [
{
"$drop": [
"exact"
],
"exact": "<string>"
}
],
"$retain/allowOrigins": [
"<string>"
],
"allowMethods": [
"<string>"
],
"$drop/allowMethods": [
"<string>"
],
"$append/allowMethods": [
"<string>"
],
"$retain/allowMethods": [
"<string>"
],
"allowHeaders": [
"<string>"
],
"$drop/allowHeaders": [
"<string>"
],
"$append/allowHeaders": [
"<string>"
],
"$retain/allowHeaders": [
"<string>"
],
"exposeHeaders": [
"<string>"
],
"$drop/exposeHeaders": [
"<string>"
],
"$append/exposeHeaders": [
"<string>"
],
"$retain/exposeHeaders": [
"<string>"
],
"maxAge": "<string>",
"allowCredentials": true
},
"$replace/cors": {
"allowOrigins": [
{
"exact": "<string>"
}
],
"allowMethods": [
"<string>"
],
"allowHeaders": [
"<string>"
],
"exposeHeaders": [
"<string>"
],
"maxAge": "<string>",
"allowCredentials": true
},
"tls": {
"$drop": [
"minProtocolVersion"
],
"minProtocolVersion": "TLSV1_2",
"cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"$drop/cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"$append/cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"$retain/cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"clientCertificate": {
"$drop": [
"secretLink"
],
"secretLink": "<string>"
},
"$replace/clientCertificate": {
"secretLink": "<string>"
},
"serverCertificate": {
"$drop": [
"secretLink"
],
"secretLink": "<string>"
},
"$replace/serverCertificate": {
"secretLink": "<string>"
}
},
"$replace/tls": {
"minProtocolVersion": "TLSV1_2",
"cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"clientCertificate": {
"secretLink": "<string>"
},
"serverCertificate": {
"secretLink": "<string>"
}
}
}
],
"$retain/ports": [
"<string>"
]
},
"$replace/spec": {
"dnsMode": "cname",
"gvcLink": "<string>",
"acceptAllHosts": true,
"ports": [
{
"number": 123,
"protocol": "http2",
"routes": [
{
"replacePrefix": "<string>",
"regex": "<string>",
"prefix": "<string>",
"workloadLink": "<string>",
"port": 123,
"hostPrefix": "<string>",
"headers": {
"request": {
"set": {}
}
}
}
],
"cors": {
"allowOrigins": [
{
"exact": "<string>"
}
],
"allowMethods": [
"<string>"
],
"allowHeaders": [
"<string>"
],
"exposeHeaders": [
"<string>"
],
"maxAge": "<string>",
"allowCredentials": true
},
"tls": {
"minProtocolVersion": "TLSV1_2",
"cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"clientCertificate": {
"secretLink": "<string>"
},
"serverCertificate": {
"secretLink": "<string>"
}
}
}
]
}
}'{
"id": "<string>",
"kind": "<string>",
"version": 123,
"description": "<string>",
"tags": {},
"created": "2023-11-07T05:31:56Z",
"lastModified": "2023-11-07T05:31:56Z",
"links": [
{
"rel": "<string>",
"href": "<string>"
}
],
"name": "<string>",
"spec": {
"dnsMode": "cname",
"gvcLink": "<string>",
"acceptAllHosts": true,
"ports": [
{
"number": 123,
"protocol": "http2",
"routes": [
{
"replacePrefix": "<string>",
"regex": "<string>",
"prefix": "<string>",
"workloadLink": "<string>",
"port": 123,
"hostPrefix": "<string>",
"headers": {
"request": {
"set": {}
}
}
}
],
"cors": {
"allowOrigins": [
{
"exact": "<string>"
}
],
"allowMethods": [
"<string>"
],
"allowHeaders": [
"<string>"
],
"exposeHeaders": [
"<string>"
],
"maxAge": "<string>",
"allowCredentials": true
},
"tls": {
"minProtocolVersion": "TLSV1_2",
"cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"clientCertificate": {
"secretLink": "<string>"
},
"serverCertificate": {
"secretLink": "<string>"
}
}
}
]
},
"status": {
"endpoints": [
{
"url": "<string>",
"workloadLink": "<string>"
}
],
"status": "initializing",
"warning": "<string>",
"locations": [
{
"name": "<string>",
"certificateStatus": "initializing"
}
],
"fingerprint": "<string>",
"dnsConfig": [
{
"type": "<string>",
"ttl": 123,
"host": "<string>",
"value": "<string>"
}
]
}
}Authorizations
Service account key can be used as API keys
Body
description, tags, spec 250dnsMode, gvcLink, acceptAllHosts, ports In 'cname' dnsMode, Control Plane will configure workloads to accept traffic for the domain but will not manage DNS records for the domain. End users configure CNAME records in their own DNS pointed to the canonical workload endpoint. Currently 'cname' dnsMode requires that a tls.serverCertificate is configured when subdomain based routing is used. In 'ns' dnsMode, Control Plane will manage the subdomains and create all necessary DNS records. End users configure an NS record to forward DNS requests to the Control Plane managed DNS servers.
cname, ns One of gvcLink and routes may be provided. When gvcLink is configured each workload in the GVC will receive a subdomain in the form ${workload.name}.${domain.name}
http, http2, tcp A list of mappings to workloads.
When provided, the URI prefix will be replaced with this string before the request is sent to the workload.
Used to match URI paths. One of prefix OR regex may be provided. Uses the google re2 regex syntax
This option allows forwarding traffic for different host headers to different workloads. This will only be used when the target GVC has dedicated load balancing enabled and the Domain is configure for wildcard support. Contact your account manager for details.
Used for TLS connections for this Domain. End users are responsible for certificate updates.
TLSV1_3, TLSV1_2, TLSV1_1, TLSV1_0 ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-RSA-AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-GCM-SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, DES-CBC3-SHA, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA When clientCertificate is defined, requests may optionally supply a client certificate. The certificate details are included in the x-forwarded-client-cert header.
The secret will include a client certificate authority cert in PEM format used to verify requests which include client certificates. The key subject must match the domain and the key usage properties must be configured for client certificate authorization. The secret type must be keypair.
Configure an optional custom server certificate for the domain. When the port number is 443 and this is not supplied, a certificate is provisioned automatically.
When provided, this is used as the server certificate authority. The secret type must be keypair and the content must be PEM encoded.
http, http2, tcp A list of mappings to workloads.
When provided, the URI prefix will be replaced with this string before the request is sent to the workload.
Used to match URI paths. One of prefix OR regex may be provided. Uses the google re2 regex syntax
This option allows forwarding traffic for different host headers to different workloads. This will only be used when the target GVC has dedicated load balancing enabled and the Domain is configure for wildcard support. Contact your account manager for details.
Used for TLS connections for this Domain. End users are responsible for certificate updates.
TLSV1_3, TLSV1_2, TLSV1_1, TLSV1_0 ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-RSA-AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-GCM-SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, DES-CBC3-SHA, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA When clientCertificate is defined, requests may optionally supply a client certificate. The certificate details are included in the x-forwarded-client-cert header.
The secret will include a client certificate authority cert in PEM format used to verify requests which include client certificates. The key subject must match the domain and the key usage properties must be configured for client certificate authorization. The secret type must be keypair.
Configure an optional custom server certificate for the domain. When the port number is 443 and this is not supplied, a certificate is provisioned automatically.
When provided, this is used as the server certificate authority. The secret type must be keypair and the content must be PEM encoded.
number, protocol, routes, cors, tls http, http2, tcp A list of mappings to workloads.
When provided, the URI prefix will be replaced with this string before the request is sent to the workload.
Used to match URI paths. One of prefix OR regex may be provided. Uses the google re2 regex syntax
This option allows forwarding traffic for different host headers to different workloads. This will only be used when the target GVC has dedicated load balancing enabled and the Domain is configure for wildcard support. Contact your account manager for details.
When provided, the URI prefix will be replaced with this string before the request is sent to the workload.
Used to match URI paths. One of prefix OR regex may be provided. Uses the google re2 regex syntax
This option allows forwarding traffic for different host headers to different workloads. This will only be used when the target GVC has dedicated load balancing enabled and the Domain is configure for wildcard support. Contact your account manager for details.
replacePrefix, regex, prefix, workloadLink, port, hostPrefix, headers When provided, the URI prefix will be replaced with this string before the request is sent to the workload.
Used to match URI paths. One of prefix OR regex may be provided. Uses the google re2 regex syntax
This option allows forwarding traffic for different host headers to different workloads. This will only be used when the target GVC has dedicated load balancing enabled and the Domain is configure for wildcard support. Contact your account manager for details.
allowOrigins, allowMethods, allowHeaders, exposeHeaders, maxAge, allowCredentials minProtocolVersion, cipherSuites, clientCertificate, serverCertificate TLSV1_3, TLSV1_2, TLSV1_1, TLSV1_0 ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-RSA-AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-GCM-SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, DES-CBC3-SHA, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-RSA-AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-GCM-SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, DES-CBC3-SHA, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-RSA-AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-GCM-SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, DES-CBC3-SHA, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-RSA-AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-GCM-SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, DES-CBC3-SHA, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA secretLink The secret will include a client certificate authority cert in PEM format used to verify requests which include client certificates. The key subject must match the domain and the key usage properties must be configured for client certificate authorization. The secret type must be keypair.
When clientCertificate is defined, requests may optionally supply a client certificate. The certificate details are included in the x-forwarded-client-cert header.
The secret will include a client certificate authority cert in PEM format used to verify requests which include client certificates. The key subject must match the domain and the key usage properties must be configured for client certificate authorization. The secret type must be keypair.
Configure an optional custom server certificate for the domain. When the port number is 443 and this is not supplied, a certificate is provisioned automatically.
When provided, this is used as the server certificate authority. The secret type must be keypair and the content must be PEM encoded.
Used for TLS connections for this Domain. End users are responsible for certificate updates.
TLSV1_3, TLSV1_2, TLSV1_1, TLSV1_0 ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-RSA-AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-GCM-SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, DES-CBC3-SHA, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA When clientCertificate is defined, requests may optionally supply a client certificate. The certificate details are included in the x-forwarded-client-cert header.
The secret will include a client certificate authority cert in PEM format used to verify requests which include client certificates. The key subject must match the domain and the key usage properties must be configured for client certificate authorization. The secret type must be keypair.
Configure an optional custom server certificate for the domain. When the port number is 443 and this is not supplied, a certificate is provisioned automatically.
When provided, this is used as the server certificate authority. The secret type must be keypair and the content must be PEM encoded.
In 'cname' dnsMode, Control Plane will configure workloads to accept traffic for the domain but will not manage DNS records for the domain. End users configure CNAME records in their own DNS pointed to the canonical workload endpoint. Currently 'cname' dnsMode requires that a tls.serverCertificate is configured when subdomain based routing is used. In 'ns' dnsMode, Control Plane will manage the subdomains and create all necessary DNS records. End users configure an NS record to forward DNS requests to the Control Plane managed DNS servers.
cname, ns One of gvcLink and routes may be provided. When gvcLink is configured each workload in the GVC will receive a subdomain in the form ${workload.name}.${domain.name}
http, http2, tcp A list of mappings to workloads.
When provided, the URI prefix will be replaced with this string before the request is sent to the workload.
Used to match URI paths. One of prefix OR regex may be provided. Uses the google re2 regex syntax
This option allows forwarding traffic for different host headers to different workloads. This will only be used when the target GVC has dedicated load balancing enabled and the Domain is configure for wildcard support. Contact your account manager for details.
Used for TLS connections for this Domain. End users are responsible for certificate updates.
TLSV1_3, TLSV1_2, TLSV1_1, TLSV1_0 ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-RSA-AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-GCM-SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, DES-CBC3-SHA, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA When clientCertificate is defined, requests may optionally supply a client certificate. The certificate details are included in the x-forwarded-client-cert header.
The secret will include a client certificate authority cert in PEM format used to verify requests which include client certificates. The key subject must match the domain and the key usage properties must be configured for client certificate authorization. The secret type must be keypair.
Configure an optional custom server certificate for the domain. When the port number is 443 and this is not supplied, a certificate is provisioned automatically.
When provided, this is used as the server certificate authority. The secret type must be keypair and the content must be PEM encoded.
Response
250In 'cname' dnsMode, Control Plane will configure workloads to accept traffic for the domain but will not manage DNS records for the domain. End users configure CNAME records in their own DNS pointed to the canonical workload endpoint. Currently 'cname' dnsMode requires that a tls.serverCertificate is configured when subdomain based routing is used. In 'ns' dnsMode, Control Plane will manage the subdomains and create all necessary DNS records. End users configure an NS record to forward DNS requests to the Control Plane managed DNS servers.
cname, ns One of gvcLink and routes may be provided. When gvcLink is configured each workload in the GVC will receive a subdomain in the form ${workload.name}.${domain.name}
http, http2, tcp A list of mappings to workloads.
When provided, the URI prefix will be replaced with this string before the request is sent to the workload.
Used to match URI paths. One of prefix OR regex may be provided. Uses the google re2 regex syntax
This option allows forwarding traffic for different host headers to different workloads. This will only be used when the target GVC has dedicated load balancing enabled and the Domain is configure for wildcard support. Contact your account manager for details.
Used for TLS connections for this Domain. End users are responsible for certificate updates.
TLSV1_3, TLSV1_2, TLSV1_1, TLSV1_0 ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-RSA-AES128-GCM-SHA256, AES256-GCM-SHA384, AES128-GCM-SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, DES-CBC3-SHA, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, AES256-SHA When clientCertificate is defined, requests may optionally supply a client certificate. The certificate details are included in the x-forwarded-client-cert header.
The secret will include a client certificate authority cert in PEM format used to verify requests which include client certificates. The key subject must match the domain and the key usage properties must be configured for client certificate authorization. The secret type must be keypair.
Configure an optional custom server certificate for the domain. When the port number is 443 and this is not supplied, a certificate is provisioned automatically.
When provided, this is used as the server certificate authority. The secret type must be keypair and the content must be PEM encoded.
initializing, ready, pendingDnsConfig, pendingCertificate, usedByGvc, warning curl --request PATCH \
--url https://api.cpln.io/org/{org}/domain/{name} \
--header 'Content-Type: application/json' \
--data '{
"$drop": [
"description"
],
"description": "<string>",
"tags": {},
"$replace/tags": {},
"name": "<string>",
"spec": {
"$drop": [
"dnsMode"
],
"dnsMode": "cname",
"gvcLink": "<string>",
"acceptAllHosts": true,
"ports": [
{
"number": 123,
"protocol": "http2",
"routes": [
{
"replacePrefix": "<string>",
"regex": "<string>",
"prefix": "<string>",
"workloadLink": "<string>",
"port": 123,
"hostPrefix": "<string>",
"headers": {
"request": {
"set": {}
}
}
}
],
"cors": {
"allowOrigins": [
{
"exact": "<string>"
}
],
"allowMethods": [
"<string>"
],
"allowHeaders": [
"<string>"
],
"exposeHeaders": [
"<string>"
],
"maxAge": "<string>",
"allowCredentials": true
},
"tls": {
"minProtocolVersion": "TLSV1_2",
"cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"clientCertificate": {
"secretLink": "<string>"
},
"serverCertificate": {
"secretLink": "<string>"
}
}
}
],
"$drop/ports": [
"<string>"
],
"$append/ports": [
{
"number": 123,
"protocol": "http2",
"routes": [
{
"replacePrefix": "<string>",
"regex": "<string>",
"prefix": "<string>",
"workloadLink": "<string>",
"port": 123,
"hostPrefix": "<string>",
"headers": {
"request": {
"set": {}
}
}
}
],
"cors": {
"allowOrigins": [
{
"exact": "<string>"
}
],
"allowMethods": [
"<string>"
],
"allowHeaders": [
"<string>"
],
"exposeHeaders": [
"<string>"
],
"maxAge": "<string>",
"allowCredentials": true
},
"tls": {
"minProtocolVersion": "TLSV1_2",
"cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"clientCertificate": {
"secretLink": "<string>"
},
"serverCertificate": {
"secretLink": "<string>"
}
}
}
],
"$patch/ports": [
{
"$drop": [
"number"
],
"number": 123,
"protocol": "http2",
"routes": [
{
"replacePrefix": "<string>",
"regex": "<string>",
"prefix": "<string>",
"workloadLink": "<string>",
"port": 123,
"hostPrefix": "<string>",
"headers": {
"request": {
"set": {}
}
}
}
],
"$drop/routes": [
"<string>"
],
"$append/routes": [
{
"replacePrefix": "<string>",
"regex": "<string>",
"prefix": "<string>",
"workloadLink": "<string>",
"port": 123,
"hostPrefix": "<string>",
"headers": {
"request": {
"set": {}
}
}
}
],
"$patch/routes": [
{
"$drop": [
"replacePrefix"
],
"replacePrefix": "<string>",
"regex": "<string>",
"prefix": "<string>",
"workloadLink": "<string>",
"port": 123,
"hostPrefix": "<string>",
"headers": {
"$drop": [
"request"
],
"request": {
"$drop": [
"set"
],
"set": {},
"$replace/set": {}
},
"$replace/request": {
"set": {}
}
},
"$replace/headers": {
"request": {
"set": {}
}
}
}
],
"$retain/routes": [
"<string>"
],
"cors": {
"$drop": [
"allowOrigins"
],
"allowOrigins": [
{
"exact": "<string>"
}
],
"$drop/allowOrigins": [
"<string>"
],
"$append/allowOrigins": [
{
"exact": "<string>"
}
],
"$patch/allowOrigins": [
{
"$drop": [
"exact"
],
"exact": "<string>"
}
],
"$retain/allowOrigins": [
"<string>"
],
"allowMethods": [
"<string>"
],
"$drop/allowMethods": [
"<string>"
],
"$append/allowMethods": [
"<string>"
],
"$retain/allowMethods": [
"<string>"
],
"allowHeaders": [
"<string>"
],
"$drop/allowHeaders": [
"<string>"
],
"$append/allowHeaders": [
"<string>"
],
"$retain/allowHeaders": [
"<string>"
],
"exposeHeaders": [
"<string>"
],
"$drop/exposeHeaders": [
"<string>"
],
"$append/exposeHeaders": [
"<string>"
],
"$retain/exposeHeaders": [
"<string>"
],
"maxAge": "<string>",
"allowCredentials": true
},
"$replace/cors": {
"allowOrigins": [
{
"exact": "<string>"
}
],
"allowMethods": [
"<string>"
],
"allowHeaders": [
"<string>"
],
"exposeHeaders": [
"<string>"
],
"maxAge": "<string>",
"allowCredentials": true
},
"tls": {
"$drop": [
"minProtocolVersion"
],
"minProtocolVersion": "TLSV1_2",
"cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"$drop/cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"$append/cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"$retain/cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"clientCertificate": {
"$drop": [
"secretLink"
],
"secretLink": "<string>"
},
"$replace/clientCertificate": {
"secretLink": "<string>"
},
"serverCertificate": {
"$drop": [
"secretLink"
],
"secretLink": "<string>"
},
"$replace/serverCertificate": {
"secretLink": "<string>"
}
},
"$replace/tls": {
"minProtocolVersion": "TLSV1_2",
"cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"clientCertificate": {
"secretLink": "<string>"
},
"serverCertificate": {
"secretLink": "<string>"
}
}
}
],
"$retain/ports": [
"<string>"
]
},
"$replace/spec": {
"dnsMode": "cname",
"gvcLink": "<string>",
"acceptAllHosts": true,
"ports": [
{
"number": 123,
"protocol": "http2",
"routes": [
{
"replacePrefix": "<string>",
"regex": "<string>",
"prefix": "<string>",
"workloadLink": "<string>",
"port": 123,
"hostPrefix": "<string>",
"headers": {
"request": {
"set": {}
}
}
}
],
"cors": {
"allowOrigins": [
{
"exact": "<string>"
}
],
"allowMethods": [
"<string>"
],
"allowHeaders": [
"<string>"
],
"exposeHeaders": [
"<string>"
],
"maxAge": "<string>",
"allowCredentials": true
},
"tls": {
"minProtocolVersion": "TLSV1_2",
"cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"clientCertificate": {
"secretLink": "<string>"
},
"serverCertificate": {
"secretLink": "<string>"
}
}
}
]
}
}'{
"id": "<string>",
"kind": "<string>",
"version": 123,
"description": "<string>",
"tags": {},
"created": "2023-11-07T05:31:56Z",
"lastModified": "2023-11-07T05:31:56Z",
"links": [
{
"rel": "<string>",
"href": "<string>"
}
],
"name": "<string>",
"spec": {
"dnsMode": "cname",
"gvcLink": "<string>",
"acceptAllHosts": true,
"ports": [
{
"number": 123,
"protocol": "http2",
"routes": [
{
"replacePrefix": "<string>",
"regex": "<string>",
"prefix": "<string>",
"workloadLink": "<string>",
"port": 123,
"hostPrefix": "<string>",
"headers": {
"request": {
"set": {}
}
}
}
],
"cors": {
"allowOrigins": [
{
"exact": "<string>"
}
],
"allowMethods": [
"<string>"
],
"allowHeaders": [
"<string>"
],
"exposeHeaders": [
"<string>"
],
"maxAge": "<string>",
"allowCredentials": true
},
"tls": {
"minProtocolVersion": "TLSV1_2",
"cipherSuites": [
[
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-GCM-SHA256"
]
],
"clientCertificate": {
"secretLink": "<string>"
},
"serverCertificate": {
"secretLink": "<string>"
}
}
}
]
},
"status": {
"endpoints": [
{
"url": "<string>",
"workloadLink": "<string>"
}
],
"status": "initializing",
"warning": "<string>",
"locations": [
{
"name": "<string>",
"certificateStatus": "initializing"
}
],
"fingerprint": "<string>",
"dnsConfig": [
{
"type": "<string>",
"ttl": 123,
"host": "<string>",
"value": "<string>"
}
]
}
}