GVC (Global Virtual Cloud)

​

Overview

Refer to the GVC concepts page.

​

Create a GVC

Refer to the Create a GVC guide for additional details.

​

Switching between GVCs

Using the console, if an Org has multiple GVCs, there will be an angle bracket > to the right of the current GVC name in the left menu. Click the bracket to show and select a GVC.

​

GVC Namespace

The GVC namespace is used when constructing the canonical endpoint and individual location endpoints to avoid naming collision between workloads with the same name in different GVCs. The namespace is also used when performing service-to-service calls.

​

GVC Locations

The cloud provider locations that workloads will be served from are mapped to a GVC. At least one location is required. The global and canonical endpoints will use DNS to route the request to the nearest healthy location.

The available locations are scoped to an org and can be enabled/disabled globally. Any changes to the location at the org will be propagated to all GVCs using that location.

​

Dedicated Load Balancer

When a dedicated load balancer is enabled on a GVC, all inbound traffic is routed through a custom cloud load balancer for each enabled location. Enabling/disabling this option can cause a brief period when connectivity fails during the period of DNS propagation.

Additional charges apply when custom load balancing is enabled.

Any domains configured to route traffic to this GVC will also leverage the custom load balancer.

The following additional domain settings are available when using a custom load balancer:

1. Custom Ports : Allows domains to route TCP traffic and can be configured on a variety of ports.
2. Accept All Hosts : Allows the domain to accept traffic for any hostname.

​

Down Page Link for Workloads

When a dedicated load balancer is enabled on a GVC, you can specify a url to redirect users upon a 5xx upstream response.

spec:
  loadBalancer:
    dedicated: true
    redirect:
      class:
        status5xx: redirect.example.com

​

Dedicated IP Address

You can set up an IpSet to be used with a dedicated load balancer. This will attach the ip address to the load balancer, so it remains known and static.

spec:
  loadBalancer:
    dedicated: true
    ipSet: //ipset/example

​

Endpoint Naming Format

Workload canonical endpoints in this GVC can be prefixed with the org endpoint prefix. This adds the prefix as a subdomain to cpln.app. To configure which endpoint prefix to use, set the endpointNamingFormat field:

spec:
  endpointNamingFormat: org # can be "org" or "default"

​

Canonical Endpoint Formatting

• default: {workloadName}-{gvcAlias}.cpln.app
• org: {workloadName}-{gvcAlias}.{orgEndpointPrefix}.cpln.app

​

Tracing

OpenTelemetry traces are supported and can be configured with the native Control Plane tracing provider or sent to an OpenTelemetry collector endpoint by using the OpenTelemetry tracing provider.

​

Control Plane Tracing Provider

The Control Plane tracing provider is the default method for collecting OpenTelemetry traces. They will be accessible for exploration using Grafana by accessing Metrics in the sidebar menu of the Console.

To enable traces using the Console, navigate to your GVC, click on Tracing, and choose Control Plane as the metric provider. Then, configure the sampling percentage and, optionally, the Custom Tags.

Here is an example of a GVC with enabled tracing:

kind: gvc
name: online-boutique
spec:
  staticPlacement:
    locationLinks:
      - //location/aws-eu-central-1
      - //location/azure-eastus2
      - //location/gcp-us-west1
  tracing:
    provider:
      controlPlane: {}
    customTags: {}
    sampling: 100

​

OpenTelemetry Tracing Provider

Similarly, traces can be sent to an OTEL collector endpoint using the OpenTelemetry tracing provider.

For details, see the Online Boutique example.

​

Pull Secrets

Pull secrets are secrets that are assigned to a GVC and used by workloads when authentication is required when pulling an image from a private registry.

Only Docker, Amazon ECR, and GCP secrets types are supported for pull secrets.

Multiple pull secrets can be assigned to a GVC. A workload’s container will use the appropriate secret when pulling the image from a private registry. If there are multiple secrets, the container will cycle through each one.

If authentication fails, the deployment will not be updated and the image pull will have an exponential backoff retry starting at 10 seconds and ending at 5 minutes (e.g., 10 seconds, 20 seconds, 40 seconds, etc.).

​

Environment Variables

You may set environment variables at the GVC level, which can then be inherited by any of the GVC’s workloads. To inherit GVC environment variables, a container must have its inheritEnv property set to true. For more information about how environment variables work in Control Plane, please see the environment variables section of the workload reference page.

​

Sticky Sessions

Add the following tags and desired values to a GVC to enable sticky sessions for ALL Workloads within the GVC:

1. cpln/sessionCookie
   • The name of the session cookie.
2. cpln/sessionDuration
   • The Golang duration for the maximum session length (e.g., 300s, 30m, etc.).
   • Review this link for the proper Golang duration string format.

Once these tags are set, soft session affinity based on a cookie will consistently route requests to the same replica. The affinity to a particular replica will be lost if the replica restarts.

​

How to add Tags using the UI

1. Browse to the Console UI and select the desired GVC.
2. Click the Tags link in the middle context menu.
3. Click Edit Tags.
4. Enter the string cpln/sessionCookie in the Tag Key text box and enter the desired cookie name in the Tag Value text box. Click Add Tag.
5. Enter the string cpln/sessionDuration in the Tag Key text box and enter the desired duration in the Tag Value text box. Click Add Tag.
6. Click Save.

​

How to add Tags using the CLI

Execute the following CLI command (substitute the GVC_NAME, ORG_NAME, COOKIE_NAME, DURATION tokens) to add the requires Tags to a GVC:

cpln gvc tag GVC_NAME --tag cpln/sessionCookie=COOKIE_NAME --tag cpln/sessionDuration=DURATION --org ORG_NAME

​

Export GVC

Using the console UI, when a GVC is selected, an Export GVC link is available which will save (as a local multi-document YAML manifest file) the GVC and all associated resources (Identities, Volume Sets and Workloads).

Links to other resources are relative within the exported file. This allows the file to be easily used to backup and restore an entire GVC. It can also be used when promoting to other Orgs.

The export doesn’t contain any referenced Orgs resources, such as, Secrets, Cloud Accounts, and Agents. These resources would need to be exported separately.

​

Permissions

The permissions below are used to define policies together with one or more of the four principal types:

​

Access Report

Displays the permissions granted to principals for the GVC.

​

CLI

To view the CLI documentation for GVCs, click here.