Skip to main content
logoTetrate Istio Subscription PlusVersion: Latest

Organization

The differences between TSB and Tetrate Istio Subscription Plus (TIS+)

Tetrate Istio Subscription Plus (TIS+) utilizes many of the same components as the Tetrate Service Bridge(TSB) product but has the several distinctions.

Organization is a root of the Istio Subscription Plus object hierarchy. Each organization is completely independent of the other with its own set of tenants, users, teams, clusters and workspaces.

Organizations in TIS+ are tied to an Identity Provider (IdP). Users and teams, representing the organizational structure, are periodically synchronized from the IdP into TIS+ in order to make them available for access policy configuration.

The following example creates an organization named myorg.

apiVersion: api.tsb.tetrate.io/v2
kind: Organization
metadata:
  name: myorg

Organization

Organization is the root of the Istio Subscription Plus object hierarchy.

FieldDescriptionValidation Rule

deletionProtectionEnabled

bool
When set, prevents the resource from being deleted. In order to delete the resource this property needs to be set to false first.

profiles

List of string
List of profiles attached to the Organization to be used to propagate default and mandatory configurations down to the children.

configGenerationMetadata

tetrateio.api.tsb.types.v2.ConfigGenerationMetadata
Default metadata values that will be propagated to the children Istio generated configurations. When using YAML APIs like tctl or gitops, put them into the metadata.labels or metadata.annotations instead. This field is only necessary when using gRPC APIs directly.

systemNamespaces

List of string
List of namespaces that will be considered as system namespaces for the organization and will not be able to be onboarded into TIS+ . System namespaces are namespaces that should not have sidecars injected and don't be configured with Istio injection. This is useful for namespaces that are used for infrastructure components like monitoring, logging, cloud provider components, etc. and that should not be managed by TIS+ in the cluster namespace onboarding workflows.