The configuration mode used by a traffic, security or a gateway group.
| Name | Number | Description |
BRIDGED | 0 | Indicates that the configurations to be added to the group will
use macro APIs that automatically generate Istio APIs under the
hood. |
DIRECT | 1 | Indicates that the configurations to be added to the group will
directly use Istio APIs. |
Request to create an Istio Object
| Field | Description | Validation Rule |
parent | string
REQUIRED
Parent resource where the istio Object will be created. | string = {
min_len: 1
}
|
name | string
REQUIRED
The short name for the Istio Object to be created. | string = {
min_len: 1
}
|
object | tetrateio.api.tsb.types.v2.IstioObject
REQUIRED
Details of the Istio Object to be created. | message = {
required: true
}
|
Request to delete a Istio Object.
| Field | Description | Validation Rule |
fqn | string
REQUIRED
Fully-qualified name of the Isto Object. | string = {
min_len: 1
}
|
Request to retrieve a Istio Object.
| Field | Description | Validation Rule |
fqn | string
REQUIRED
Fully-qualified name of the Istio Object. | string = {
min_len: 1
}
|
| Field | Description | Validation Rule |
apiVersion | string
REQUIRED
networking.istio.io/v1beta1, security.istio.io/v1beta1, etc. | string = {
min_len: 1
}
|
kind | string
REQUIRED
VirtualService, Gateway, DestinationRule, Sidecar, etc. | string = {
min_len: 1
}
|
name | string
Short name associated with the object. The object name must be unique within the kind and the parent. For example, all workspaces under a tenant should have a unique name. Traffic groups under a workspace should have a unique name, while names are not required to be unique across traffic groups in different workspaces. | – |
namespace | string
Namespace where the Istio object applies. | – |
labels | map<string, string>
User specified labels to attach to the object. | |
annotations | map<string, string>
Istio artifacts should contain 3 annotations tsb.tetrate.io/tenant, tsb.tetrate.io/workspace, tsb.tetrate.io/trafficGroup or tsb.tetrate.io/securityGroup or tsb.tetrate.io/gatewayGroup | |
| Field | Description | Validation Rule |
type | string | – |
Request to list Istio Object.
| Field | Description | Validation Rule |
parent | string
REQUIRED
Parent resource to list Istio Objects from. | string = {
min_len: 1
}
|
NamespaceSelector selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
| Field | Description | Validation Rule |
names | List of string
REQUIRED
- */ns1 implies ns1 namespace in any cluster under the tenant/workspace.
- c1/ns1 implies ns1 namespace from c1 cluster under tenant/workspace.
- c1/* implies all namespaces in c1 cluster under tenant/workspace.
- */* implies all namespaces in all clusters under the tenant/workspace. | repeated = {
min_items: 1
items: {string:{pattern:^[^/]+/[^/]+$}}
}
|
Format for all API objects in TSB as exposed in the CLI.
| Field | Description | Validation Rule |
apiVersion | string
REQUIRED
api.tsb.tetrate.io/v2, traffic.tsb.tetrate.io/v2, security.tsb.tetrate.io/v2, gateway.tsb.tetrate.io/v2, networking.istio.io/v1beta1, security.istio.io/v1beta1, etc. | string = {
min_len: 1
}
|
kind | string
REQUIRED
Workspace, Cluster, Tenant, Team, User, WorkspaceSetting, Group (under traffic.tsb.tetrate.io and security.tsb.tetrate.io), TrafficSetting, SecuritySetting, etc. | string = {
min_len: 1
}
|
metadata | tetrateio.api.tsb.types.v2.ObjectMeta
REQUIRED | – |
spec | google.protobuf.Any
The API payload. | – |
status | map<string, string>
Contains errors, tokens (in case of cluster onboarding, and other information). | |
Metadata associated with each API Object.
| Field | Description | Validation Rule |
name | string
Name associated with the object. The object name must be unique within the kind and the parent. For example, all workspaces under a tenant should have a unique name. Traffic groups under a workspace should have a unique name, while names are not required to be unique across traffic groups in different workspaces. | – |
namespace | string
Applicable when using Istio objects. | – |
tenant | string
The tenant to which the object belongs to. | – |
workspace | string
The workspace to which the object belongs to. | – |
group | string
The traffic/security/gateway group to which the object belongs to. | – |
resourceVersion | string
Resource version is used internally to track propagation of resources to the data planes. | – |
labels | map<string, string>
User specified labels to attach to the objects. This is only available for Istio resources when applying configuration in DIRECT mode. Labels applied to TSB resources will be ignored. | |
annotations | map<string, string>
Istio artifacts should contain 3 annotations tsb.tetrate.io/tenant, tsb.tetrate.io/workspace, tsb.tetrate.io/trafficGroup or tsb.tetrate.io/securityGroup or tsb.tetrate.io/gatewayGroup This is only available for Istio resources when applying configuration in DIRECT mode. Labels applied to TSB resources will be ignored. | |
displayName | string
User friendly name for the resource. | – |
description | string
A description of the resource. | – |
WorkloadSelector selects one or more workloads in a
namespace. WorkloadSelector can be used in TrafficSetting,
SecuritySetting, and Gateway APIs in BRIDGED mode to scope the
configuration to a specific set of workloads.
| Field | Description | Validation Rule |
namespace | string
REQUIRED
The namespace where the workload resides. | string = {
min_len: 1
}
|
labels | map<string, string>
REQUIRED
One or more labels that indicate a specific set of pods/VMs in the namespace. If omitted, the TrafficSetting or SecuritySetting configuration will apply to all workloads in the namespace. Labels are required for Gateway API resources. | |