Skip to main content
logoTetrate Service BridgeVersion: 1.10.x

Tetrate Service Bridge 1.10

Introducing Tetrate Service Bridge (TSB) version 1.10.0 - As an all-in-one enterprise application connectivity platform, TSB continuing to extend the service mesh capabilities efficiently for enterprise teams, environments and applications.

Building on the success of previous versions, TSB 1.10.0 marks a significant milestone with the introduction of enhanced security, availability, and access permission features. These advancements streamline the management of mesh infrastructure through the implementation of mesh-focused Persona Specific Roles, FIPS Compliance, templatized mesh configuration management via Config Profiles, and improved multi cluster failover capabilities for Gateway and Application workloads using Failover Setting

New Features and Improvements

  • Default Roles based on Personas:

    • Introduced Persona specific Roles in TSB to manage the user onboarding workflow and delegate resource access permissions based on user personas.
    • These Roles include Tenant Owner, Workspace Owner, Traffic Owner, Security Owner and the Operator Roles, allowing for more controlled management of TSB resources.

  • FIPS-validated build:

    • Tetrate Service Bridge (TSB) is now available as a FIPS-validated build. This build enhances security posture for organizations requiring strict compliance.

  • Configuration Profiles:

    • Introduced Configuration Profiles in TSB to enable the creation of pre-set configuration templates that can be defined and attached at various hierarchy levels (Organization, Tenant, Workspace, Group).
    • Configuration Profiles serve as a default settings until overridden by more specific configurations down the TSB hierarchy.

  • Gateway and Service level Failover:

    • Ability to configure failover between gateways directly on Gateway.
    • Ability to configure failover for individual services/hostnames using ServiceTrafficSetting.

  • Service level Traffic Settings:

    • Ability to configure resiliencey and loadBalancer settings for individual or group of services/hostnames.
    • Introduced both Inbound and Outbound configuration options for client side/server side use-cases.

  • Egress Authorization:

    • Ability to configure TSB hierarchical constructs like Tenant, Workspace, Group & Service Account as a source, while configuring egress access restrictions to external service endpoints.
    • Ability to configure access restrictions for both HTTP & TCP outbound traffic via Egress Gateway.

  • Gateway mTLS Enforcement:

    • Enforce Gateway to Services Communication over mTLS, irrespective of whether the upstream services are sidecar injected or non-injected.

  • Multiple UI improvements: We have made several UI improvements to enhance user experience, including:

    • New Features:
      • Istio Proxy Tools: Introduced Istio Proxy Tools in the TSB Admin UI, enabling users to quickly and effectively troubleshoot proxy configurations of application sidecars and gateways. This feature is not yet available for VM workloads.
      • Workspace Propagation View: Introduced a graphical representation of TSB configurations (Workspace, Traffic Group, Gateway Group, Security Groups) and their propagation to clusters and namespaces. Added config status info for troubleshooting invalid translations.
      • Topology Search: TSB Topology UI now supports searching for different nodes, such as service names, host names, subsets, clusters, and namespaces. This enables users to quickly identify the health of all instances or subsets of a service.
      • Embed Grafana Dashboard: TSB users can now embed their existing Grafana mesh dashboard URLs into TSB UI for quick access.

Additional Enhancements

Refer to TSB 1.10 Release Notes for complete list of additional improvements in TSB 1.10

Deprecations

  • Egress Gateway: TSB EgressGateway resource has been deprecated in favour of Unified Gateway
  • Ingress Gateway: TSB IngressGateway resource has been deprecated in favour of Unified Gateway
  • Tier1 Gateway: TSB Tier1Gateway resource has been deprecated in favour of Unified Gateway
  • Traffic Settings: TSB TrafficSetting API has been enhanced. Older settings are now moved to either Inbound or Outbound settings based on their behaviour, and the legacy configuration is set for deprecation. This makes it clear which settings apply when a service acts as a server (inbound) or as a client (outbound)
    • UpstreamTrafficSetting has been moved to Outbound.UpstreamTrafficSetting.
    • RateLimiting setting has been moved to Inbound.RateLimiting.
    • Reachability setting has been moved to Outbound.Reachability.
    • Resilience setting has been moved to Outbound.UpstreamTrafficSettings.

Upgrade Notes

  • In Istio 1.21, when using custom TLS settings in a DestinationRule, the default behavior is to verify the certificates using the OS CA certificates. The old behavior was to skip the verification. Please refer Istio 1.21.x Upgrade Notes for more details.
  • This impacts the TSB direct-mode behavior. If there are any DestinationRule defined with the custom TLS settings, the server certificates will be automatically verified using the OS CA certificates when not using a DestinationRule caCertificates field. To fallback to old behavior, use the insecureSkipVerfiy field in DestinationRule to skip the verification.
  • There is no impact on TSB bridged-mode behavior.

Get Started with Tetrate Service Bridge

To get started with Tetrate Service Bridge:

Don't hesitate to reach out to your Tetrate support contact if you have any questions.