Overview#

Deployment specifics#

Authentication via JWTs#

End-users of the SCL typically communicate with the Infrastructure Management API (IM API). The latter requires a valid Json Web Token (JWT) with embedded information about which Separation Context may be accessed.

Therefore, users need to obtain such token from the respective identity and access management (IAM) service. Contact your operator to learn more about the IAM that is configured for you SCL instance.

VM images#

VMs can be created with an initial image specified via a URL. Ask your operator to learn whether arbitrary URLs can be used or whether images must be selected from some sort of internal image registry.

How to interact with the SCL#

HTTP API#

See the OpenAPI specification of the IM API to learn more about what endpoints are available and how to use them.

An example for creating an SC named foo is provided below:

curl http://$IM_API/api/v1/scs --verbose --oauth2-bearer $TOKEN \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{ "vlanTag": 1, "name": "foo", "resourceVersion": 1, "deletionMark": null }'

SCL Terraform Provider#

An alternative to manual interaction with the HTTP API is to manage SCL resources with Terraform via the custom scl.scl-tf-provider.

After making the package available, the provider can be initialized like this:

terraform init -plugin-dir ${path-to-scl-tf-provider}

Note

All users must know and use their own allocated SCs to successfully manage SCL resources with Terraform. Only operators can create, update or delete SCs, but never resource's tenants. Therefore, only operators can provide users with their allocated SCs.

Refer to the scl-tf-provider reference to learn more about available resources and how to use them.

sclctl#

sclctl does currently not support JWTs and is thus limited to operators.