Managing Applications
An Application in the Control Plane is a logical container that groups together all the API exposures, subscriptions, and event configurations for a single service or workload. Applications are created automatically when you apply a Rover file, but understanding the concept helps you structure your configurations.
What Is an Application?
Each Rover file maps to exactly one Application. When the Rover operator processes your file, it creates an Application resource that:
- Represents your service within the Control Plane
- Provisions an Identity Client so your application can authenticate with the platform
- Provisions a Gateway Consumer so your application can be identified at the API gateway
- Tracks which zone your application is deployed to (and optionally a failover zone)
Defining an Application in a Rover File
An application is identified by the Rover resource itself (metadata.name in your team namespace):
apiVersion: tcp.ei.telekom.de/v1
kind: Rover
metadata:
name: checkout-service
spec:
zone: dataplane1
Key Fields
| Field | Description |
|---|---|
zone | The deployment zone where your application runs. Must match a zone defined by the platform administrator. |
metadata.name | The logical application identifier used by downstream resources. |
IP Restrictions
IP restrictions are configured at the application level in the Rover resource. This allows you to define which source IP ranges are allowed to access your application through the gateway.
apiVersion: tcp.ei.telekom.de/v1
kind: Rover
metadata:
name: checkout-service
spec:
zone: dataplane1
ipRestrictions:
allow:
- 10.0.0.0/8
- 192.168.1.0/24
Key Fields
| Field | Description |
|---|---|
ipRestrictions.allow | List of CIDR ranges that are allowed. |
Zone and Failover
Rover itself defines the primary zone. Failover is configured on individual API exposures/subscriptions (not as spec.failoverZone on Rover).
External Identifiers
Rover files can carry business identifiers that tie an application back to upstream inventory systems. Today, due to backwards compatibility, two scalar fields are supported:
| Field | Description |
|---|---|
psiid | PSI system number identifier. Default format: PSI-###### (six digits). |
icto | ICTO identifier. Default format: icto-######. |
apiVersion: tcp.ei.telekom.de/v1
kind: Rover
metadata:
name: checkout-service
spec:
zone: dataplane1
psiid: PSI-103596
icto: icto-12345
Whether an identifier is required and the exact regex applied to its value are configured per zone by the platform administrator. If a zone has no policy for a scheme, supplying the field is optional and unvalidated. When a zone enforces a scheme, a Rover without that field (or with a malformed value) is rejected at admission time.
Next Steps
- Exposing APIs — Publish APIs from your application
- Exposing Events — Publish events from your application
- Subscribing to APIs — Consume APIs provided by other teams
- Subscribing to Events — Consume events published by other teams