Skip to main content
logoTetrate Service BridgeVersion: 1.12.x

Overriding Gateway Proxy Configuration

Every TSB gateway pod runs an Envoy proxy whose behaviour is governed by an Istio ProxyConfig. By default, TSB generates this configuration automatically through XCP, applying mesh-wide defaults to every gateway it manages.

The spec.proxyConfigOverride field on the Gateway install resource lets you merge a partial ProxyConfig on top of those defaults for an individual gateway. Any field you specify in the overlay takes precedence over the XCP-generated value; fields you omit are left unchanged.

apiVersion: install.tetrate.io/v1alpha1
kind: Gateway
metadata:
  name: my-gateway
  namespace: my-namespace
spec:
  proxyConfigOverride:
    # any valid Istio ProxyConfig fields

The overlay is equivalent to annotating the gateway pods with proxy.istio.io/config, but is managed declaratively through the TSB API rather than directly on Kubernetes resources.

API reference

For a full list of configurable fields see the Gateway install spec and the upstream Istio ProxyConfig reference.

Use cases

Tuning worker thread concurrency

By default, Envoy runs with a small number of worker threads. For a gateway that handles a high volume of concurrent connections — for example, an edge gateway receiving all external traffic — you may want to increase this to match the number of CPU cores available to the pod.

apiVersion: install.tetrate.io/v1alpha1
kind: Gateway
metadata:
  name: edge-gateway
  namespace: tier1
spec:
  kubeSpec:
    deployment:
      resources:
        requests:
          cpu: "4"
        limits:
          cpu: "4"
  proxyConfigOverride:
    concurrency: 4

Setting concurrency to the same value as the CPU limit ensures Envoy fully utilises the allocated cores without over-subscribing the node.

tip

If you are using the Management Plane gateway template, you can set proxyConfigOverride there to apply the same concurrency tuning to all gateways deployed from that template.

Customising distributed tracing for a specific gateway

TSB configures tracing mesh-wide through the control plane. If you need a different sampling rate — for example, full 100% sampling on a staging gateway for debugging, or a reduced rate on a high-throughput production gateway to control costs — you can override the tracing settings for that gateway alone without affecting the rest of the mesh.

apiVersion: install.tetrate.io/v1alpha1
kind: Gateway
metadata:
  name: staging-gateway
  namespace: staging
spec:
  proxyConfigOverride:
    tracing:
      sampling: 100.0

For a production gateway where lower overhead is preferred:

apiVersion: install.tetrate.io/v1alpha1
kind: Gateway
metadata:
  name: prod-gateway
  namespace: production
spec:
  proxyConfigOverride:
    tracing:
      sampling: 1.0