The configuration mode used by a traffic, security or a gateway group.
Name | Number | Description |
BRIDGED | 0 | Indicates that the configurations to be added to the group will
use macro APIs that automatically generate Istio APIs under the
hood. |
DIRECT | 1 | Indicates that the configurations to be added to the group will
directly use Istio APIs. |
Request to create an Istio Object
Field | Description | Validation Rule |
parent | string REQUIRED Parent resource where the istio Object will be created. | string = { min_len: 1 }
|
name | string REQUIRED The short name for the Istio Object to be created. | string = { min_len: 1 }
|
object | tetrateio.api.tsb.types.v2.IstioObject REQUIRED Details of the Istio Object to be created. | message = { required: true }
|
Request to delete a Istio Object.
Field | Description | Validation Rule |
fqn | string REQUIRED Fully-qualified name of the Isto Object. | string = { min_len: 1 }
|
Request to retrieve a Istio Object.
Field | Description | Validation Rule |
fqn | string REQUIRED Fully-qualified name of the Istio Object. | string = { min_len: 1 }
|
Field | Description | Validation Rule |
apiVersion | string REQUIRED networking.istio.io/v1beta1, security.istio.io/v1beta1, etc. | string = { min_len: 1 }
|
kind | string REQUIRED VirtualService, Gateway, DestinationRule, Sidecar, etc. | string = { min_len: 1 }
|
name | string Short name associated with the object. The object name must be unique within the kind and the parent. For example, all workspaces under a tenant should have a unique name. Traffic groups under a workspace should have a unique name, while names are not required to be unique across traffic groups in different workspaces. | – |
namespace | string Namespace where the Istio object applies. | – |
labels | map<string, string> User specified labels to attach to the object. | |
annotations | map<string, string> Istio artifacts should contain 3 annotations tsb.tetrate.io/tenant, tsb.tetrate.io/workspace, tsb.tetrate.io/trafficGroup or tsb.tetrate.io/securityGroup or tsb.tetrate.io/gatewayGroup | |
Field | Description | Validation Rule |
type | string | – |
Request to list Istio Object.
Field | Description | Validation Rule |
parent | string REQUIRED Parent resource to list Istio Objects from. | string = { min_len: 1 }
|
NamespaceSelector
selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Field | Description | Validation Rule |
names | List of string REQUIRED - */ns1 implies ns1 namespace in any cluster under the tenant/workspace.
- c1/ns1 implies ns1 namespace from c1 cluster under tenant/workspace.
- c1/* implies all namespaces in c1 cluster under tenant/workspace.
- */* implies all namespaces in all clusters under the tenant/workspace. | repeated = { min_items: 1 items: {string:{pattern:^[^/]+/[^/]+$}} }
|
Format for all API objects in TSB as exposed in the CLI.
Field | Description | Validation Rule |
apiVersion | string REQUIRED api.tsb.tetrate.io/v2, traffic.tsb.tetrate.io/v2, security.tsb.tetrate.io/v2, gateway.tsb.tetrate.io/v2, networking.istio.io/v1beta1, security.istio.io/v1beta1, etc. | string = { min_len: 1 }
|
kind | string REQUIRED Workspace, Cluster, Tenant, Team, User, WorkspaceSetting, Group (under traffic.tsb.tetrate.io and security.tsb.tetrate.io), TrafficSetting, SecuritySetting, etc. | string = { min_len: 1 }
|
metadata | tetrateio.api.tsb.types.v2.ObjectMeta REQUIRED | – |
spec | google.protobuf.Any The API payload. | – |
status | map<string, string> Contains errors, tokens (in case of cluster onboarding, and other information). | |
Metadata associated with each API Object.
Field | Description | Validation Rule |
name | string Name associated with the object. The object name must be unique within the kind and the parent. For example, all workspaces under a tenant should have a unique name. Traffic groups under a workspace should have a unique name, while names are not required to be unique across traffic groups in different workspaces. | – |
namespace | string Applicable when using Istio objects. | – |
tenant | string The tenant to which the object belongs to. | – |
workspace | string The workspace to which the object belongs to. | – |
group | string The traffic/security/gateway group to which the object belongs to. | – |
resourceVersion | string Resource version is used internally to track propagation of resources to the data planes. | – |
labels | map<string, string> User specified labels to attach to the objects. This is only available for Istio resources when applying configuration in DIRECT mode. Labels applied to TSB resources will be ignored. | |
annotations | map<string, string> Istio artifacts should contain 3 annotations tsb.tetrate.io/tenant, tsb.tetrate.io/workspace, tsb.tetrate.io/trafficGroup or tsb.tetrate.io/securityGroup or tsb.tetrate.io/gatewayGroup This is only available for Istio resources when applying configuration in DIRECT mode. Labels applied to TSB resources will be ignored. | |
displayName | string User friendly name for the resource. | – |
description | string A description of the resource. | – |
WorkloadSelector
selects one or more workloads in a
namespace. WorkloadSelector
can be used in TrafficSetting,
SecuritySetting, and Gateway APIs in BRIDGED
mode to scope the
configuration to a specific set of workloads.
Field | Description | Validation Rule |
namespace | string REQUIRED The namespace where the workload resides. | string = { min_len: 1 }
|
labels | map<string, string> REQUIRED One or more labels that indicate a specific set of pods/VMs in the namespace. If omitted, the TrafficSetting or SecuritySetting configuration will apply to all workloads in the namespace. Labels are required for Gateway API resources. | |