Common Object Types
Definition of objects shared by different APIs.
ConfigGenerationMetadata
ConfigGenerationMetadata
allows to setup extra metadata that will be added in the final Istio generated configurations.
Like new labels or annotations.
Defining the config generation metadata in tenancy resources (like organization, tenant, workspace or groups) works as default
values for those configs that belong to it.
Defining same config generation metadata in configuration resources (like ingress gateways, service routes, etc.) will replace the
ones defined in the tenancy resources.
Field | Description | Validation Rule |
---|---|---|
labels | map<string, string> | – |
annotations | map<string, string> | – |
FailoverSettings
Failover settings for all proxies connecting to a host exposed in this workspace/organization based on the settings definition scope. Note that this is a server side setting.
Field | Description | Validation Rule |
---|---|---|
topologyChoice | tetrateio.api.tsb.types.v2.FailoverSettings.TopologyChoice | enum = { |
failoverPriority | List of string For getting the labels to be populated on the endpoints generated by the TSB for multicluster and eastwest scenario,
you will need to label the kubernetes service of your gateway or east-west exposed service
using a label with prefix Example of failoverPriority using these labels:
Another way to label the endpoints for eastwest scenario is to create a ServiceRoute object for the service and specify the labels in the ServiceRoute object. If there is any pod with such label present in the remote cluster, the endpoints for it will have these labels and thus it could be used in failoverPriority API. For example: Suppose if one of your clusters has service reviews only with version v1 and a second cluster with reviews only with version v2, Then use the below serviceroute object to populate service labels to the endpoints dynamically:
Example of failoverPriority using these labels:
| repeated = { |
regionalFailover | List of tetrateio.api.tsb.types.v2.RegionalFailover Explicitly specify the region traffic will land on when endpoints in the local region become unhealthy. Should be used together with OutlierDetection to detect unhealthy endpoints. Note: if no OutlierDetection specified, this will not take effect. | – |
NamespaceSelector
NamespaceSelector
selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form cluster/namespace
where:
-
cluster must be a cluster name or an
*
to mean all clusters -
namespace must be a namespace name, an
*
to mean all namespaces or a prefix likens-*
to mean all those namespaces starting byns-
Field | Description | Validation Rule |
---|---|---|
names | List of string
| repeated = { |
PortSelector
PortSelector is the criteria for specifying if a policy can be applied to a listener having a specific port.
Field | Description | Validation Rule |
---|---|---|
number | uint32 | uint32 = { |
RegionalFailover
Specify the traffic failover policy across regions. Since zone and sub-zone failover is supported by default this only needs to be specified for regions when the operator needs to constrain traffic failover so that the default behavior of failing over to any endpoint globally does not apply. This is useful when failing over traffic across regions would not improve service health or may need to be restricted for other reasons like regulatory controls.
Field | Description | Validation Rule |
---|---|---|
from | string | – |
to | string | – |
ServiceSelector
ServiceSelector represents the match criteria to select services within a particular scope (namespace, workspace, cluster etc)
Field | Description | Validation Rule |
---|---|---|
serviceLabels | map<string, string> | map = { |
TrafficSelector
TrafficSelector provides a mechanism to select a specific traffic flow for which this Wasm Extension will be enabled. When all the sub conditions in the TrafficSelector are satisfied, the traffic will be selected.
Field | Description | Validation Rule |
---|---|---|
mode | tetrateio.api.tsb.types.v2.WorkloadMode | enum = { |
ports | List of tetrateio.api.tsb.types.v2.PortSelector If one of the given | – |
WasmExtensionAttachment
WasmExtensionAttachment defines the WASM extension attached to this resource including the name to identify the extension and also the specific configuration that will override the global extension configuration. Only those extensions globally enabled will be considered although they can be associated to the target resources. Match configuration allows you to specify which traffic is sent through the Wasm extension. Users can select the traffic based on different workload modes and ports.
apiVersion: gateway.tsb.tetrate.io/v2
kind: IngressGateway
metadata:
name: ingress-bookinfo
group: g1
workspace: w1
tenant: mycompany
organization: myorg
spec:
workloadSelector:
namespace: ns1
labels:
app: gateway
extension:
- fqn: hello-world # fqn of imported extensions in TSB
config:
foo: bar
match:
- ports:
- number: 80
mode: CLIENT_AND_SERVER
http:
- name: bookinfo
port: 80
hostname: bookinfo.com
routing:
rules:
- route:
host: ns1/productpage.ns1.svc.cluster.local
Field | Description | Validation Rule |
---|---|---|
fqn | string | string = { |
config | google.protobuf.Struct | – |
match | List of tetrateio.api.tsb.types.v2.TrafficSelector | – |
WorkloadSelector
WorkloadSelector
selects one or more workloads in a
namespace. WorkloadSelector
can be used in TrafficSetting,
SecuritySetting, and Gateway APIs in BRIDGED
mode to scope the
configuration to a specific set of workloads.
Field | Description | Validation Rule |
---|---|---|
namespace | string | string = { |
labels | map<string, string> | map = { |
Object
Format for all API objects in TSB as exposed in the CLI.
Field | Description | Validation Rule |
---|---|---|
apiVersion | string | string = { |
kind | string | string = { |
metadata | – | |
spec | google.protobuf.Any | – |
status | map<string, string> | – |
ObjectMeta
Metadata associated with each API Object.
Field | Description | Validation Rule |
---|---|---|
name | string The name field must:
| – |
namespace | string | – |
tenant | string | – |
workspace | string | – |
group | string | – |
resourceVersion | string | – |
labels | map<string, string> | – |
annotations | map<string, string> | – |
displayName | string | – |
description | string | – |
organization | string | – |
application | string | – |
api | string | – |
service | string | – |
telemetrySource | string | – |
fqn | string | – |
IstioObjectSpec
Contains the raw type of an Istio object. This is used to generate the documentation examples when showing the serialized form of Istio direct mode resources.
Field | Description | Validation Rule |
---|---|---|
type | – |
TypeInfo
TypeInfo provides metadata describing a message type.
Field | Description | Validation Rule |
---|---|---|
generatesConfig | bool | – |
aggregatesStatus | bool | – |
dependencies | List of string | – |
lastEventXcpAccepted | bool | – |
CreateIstioObjectRequest
Request to create an Istio Object
Field | Description | Validation Rule |
---|---|---|
parent | string | string = { |
name | string | string = { |
object | tetrateio.api.tsb.types.v2.IstioObject | message = { |
DeleteIstioObjectRequest
Request to delete a Istio Object.
Field | Description | Validation Rule |
---|---|---|
fqn | string | string = { |
GetIstioObjectRequest
Request to retrieve a Istio Object.
Field | Description | Validation Rule |
---|---|---|
fqn | string | string = { |
IstioObject
Wrapper for Istio direct mode objects with all the details needed to add it to the TSB resource hierarchy.
Field | Description | Validation Rule |
---|---|---|
metadata | tetrateio.api.tsb.types.v2.IstioObject.ConfigMeta | – |
spec | google.protobuf.Any | – |