Profile
The configuration profiles feature is in an alpha state, we will be making breaking changes to its API in release 1.12. Please contact Tetrate if you have any questions or concerns.
A Profile is a predefined configuration template that can be defined at the Organizations, Tenants, and Workspaces, and then can be attached to Organizations, Tenants, Workspaces and Groups. Profiles are intended for traffic-related settings and security policies that map to the resource itself, not for security policies (e.g. authorization policies) related to relationships between resources. They contain Default configurations, which can be overridden, and Mandates configurations, which can't be.
The following example creates a Profile named myprofile
that enforces mutual TLS authenticated connections across the whole tetrate
organization, also sets the default circuit breaking sensitivity to MEDIUM
.
It also configures the TCP KeepAlive as 300 seconds for all inbound connections to all the proxies in the tetrate
organization.
apiVersion: profile.tsb.tetrate.io/v2
kind: Profile
metadata:
name: myprofile
organization: tetrate
spec:
displayName: "mTLS enforcement and default circuit breaking"
mandates:
authenticationSettings:
trafficMode: "REQUIRED"
defaults:
trafficSettings:
inbound:
resilience:
connectionPool:
tcp:
keepAlive:
idleTime: 300s
outbound:
upstreamTrafficSettings:
- hosts:
- '*'
settings:
resilience:
circuitBreakerSensitivity: MEDIUM
Profile
A Profile
object can be created at Organization, Tenant, and Workspace levels. Once created, a profile can be
attached at its own level or down the hierarchy at Organization, Tenant, Workspace and Groups levels.
Once attached, all the configurations provided in the profile and compatible with the attachment point will be applied,
the others will be ignored.
Field | Description | Validation Rule |
---|---|---|
deletionProtectionEnabled | bool | – |
defaults | tetrateio.api.tsb.profile.v2.ProfileConfig | – |
mandates | tetrateio.api.tsb.profile.v2.ProfileConfig | – |
ProfileConfig
ProfileConfig holds the configuration objects that can be used as defaults or mandates.
Field | Description | Validation Rule |
---|---|---|
trafficSettings | tetrateio.api.tsb.traffic.v2.TrafficSetting | – |
authenticationSettings | tetrateio.api.tsb.security.v2.AuthenticationSettings | – |
wafSettings | tetrateio.api.tsb.security.v2.WAFSettings | – |
wasmExtensions | List of tetrateio.api.tsb.types.v2.WasmExtensionAttachment | – |
unsetFields | List of string
| repeated = { |