Skip to main content
Version: 1.2.x

Common Object Types

ConfigMode

The configuration mode used by a traffic, security or a gateway group.

NameNumberDescription

BRIDGED

0

Indicates that the configurations to be added to the group will use macro APIs that automatically generate Istio APIs under the hood.

DIRECT

1

Indicates that the configurations to be added to the group will directly use Istio APIs.

CreateIstioObjectRequest

Request to create an Istio Object

FieldDescriptionValidation Rule

parent

string
REQUIRED
Parent resource where the Istio Object will be created.

string = {
  min_len: 1
}

name

string
REQUIRED
The short name for the Istio Object to be created.

string = {
  min_len: 1
}

object

tetrateio.api.tsb.types.v2.IstioObject
REQUIRED
Details of the Istio Object to be created.

message = {
  required: true
}

DeleteIstioObjectRequest

Request to delete a Istio Object.

FieldDescriptionValidation Rule

fqn

string
REQUIRED
Fully-qualified name of the IstIo Object.

string = {
  min_len: 1
}

GetIstioObjectRequest

Request to retrieve a Istio Object.

FieldDescriptionValidation Rule

fqn

string
REQUIRED
Fully-qualified name of the Istio Object.

string = {
  min_len: 1
}

IstioObject

Wrapper for Istio direct mode objects with all the details needed to add it to the TSB resource hierarchy.

FieldDescriptionValidation Rule

metadata

tetrateio.api.tsb.types.v2.IstioObject.ConfigMeta
Metadata for the Istio object

spec

google.protobuf.Any
The Istio API object

ConfigMeta

FieldDescriptionValidation Rule

apiVersion

string
REQUIRED
networking.istio.io/v1beta1, security.istio.io/v1beta1, etc.

string = {
  min_len: 1
}

kind

string
REQUIRED
VirtualService, Gateway, DestinationRule, Sidecar, etc.

string = {
  min_len: 1
}

name

string
Short name associated with the object. The object name must be unique within the kind and the parent. For example, all workspaces under a tenant should have a unique name. Traffic groups under a workspace should have a unique name, while names are not required to be unique across traffic groups in different workspaces.

namespace

string
Namespace where the Istio object applies.

labels

map<string, string>
User specified labels to attach to the object.

annotations

map<string, string>
Istio artifacts should contain 3 annotations tsb.tetrate.io/tenant, tsb.tetrate.io/workspace, tsb.tetrate.io/trafficGroup or tsb.tetrate.io/securityGroup or tsb.tetrate.io/gatewayGroup

IstioObjectSpec

Contains the raw type of an Istio object. This is used to generate the documentation examples when showing the serialized form of Istio direct mode resources.

FieldDescriptionValidation Rule

type

string

ListIstioObjectsRequest

Request to list Istio Object.

FieldDescriptionValidation Rule

parent

string
REQUIRED
Parent resource to list Istio Objects from.

string = {
  min_len: 1
}

ListIstioObjectsResponse

List of Istio direct mode objects

FieldDescriptionValidation Rule

objects

List of tetrateio.api.tsb.types.v2.IstioObject

NamespaceSelector

NamespaceSelector selects a set of namespaces across one or more clusters in a tenant. Namespace selectors can be used at Workspace level to carve out a chunk of resources under a tenant into an isolated configuration domain. They can be used in a Traffic, Security, or a Gateway group to further scope the set of namespaces that will belong to a specific configuration group.

FieldDescriptionValidation Rule

names

List of string
REQUIRED
- */ns1 implies ns1 namespace in any cluster under the tenant/workspace.

- c1/ns1 implies ns1 namespace from c1 cluster under tenant/workspace.

- c1/* implies all namespaces in c1 cluster under tenant/workspace.

- */* implies all namespaces in all clusters under the tenant/workspace.

repeated = {
  min_items: 1
  items: {string:{pattern:^[^/]+/[^/]+$}}
}

Object

Format for all API objects in TSB as exposed in the CLI.

FieldDescriptionValidation Rule

apiVersion

string
REQUIRED
api.tsb.tetrate.io/v2, traffic.tsb.tetrate.io/v2, security.tsb.tetrate.io/v2, gateway.tsb.tetrate.io/v2, networking.istio.io/v1beta1, security.istio.io/v1beta1, etc.

string = {
  min_len: 1
}

kind

string
REQUIRED
Workspace, Cluster, Tenant, Team, User, WorkspaceSetting, Group (under traffic.tsb.tetrate.io and security.tsb.tetrate.io), TrafficSetting, SecuritySetting, etc.

string = {
  min_len: 1
}

metadata

tetrateio.api.tsb.types.v2.ObjectMeta
REQUIRED

spec

google.protobuf.Any
The API payload.

status

map<string, string>
Contains errors, tokens (in case of cluster onboarding, and other information).

ObjectMeta

Metadata associated with each API Object.

FieldDescriptionValidation Rule

name

string
Name associated with the object. The object name must be unique within the kind and the parent. For example, all workspaces under a tenant should have a unique name. Traffic groups under a workspace should have a unique name, while names are not required to be unique across traffic groups in different workspaces.

namespace

string
Applicable when using Istio objects.

tenant

string
The tenant to which the object belongs to.

workspace

string
The workspace to which the object belongs to.

group

string
The traffic/security/gateway group to which the object belongs to.

resourceVersion

string
Resource version is used internally to track propagation of resources to the data planes.

labels

map<string, string>
User specified labels to attach to the objects. This is only available for Istio resources when applying configuration in DIRECT mode. Labels applied to TSB resources will be ignored.

annotations

map<string, string>
Istio artifacts should contain 3 annotations tsb.tetrate.io/tenant, tsb.tetrate.io/workspace, tsb.tetrate.io/trafficGroup or tsb.tetrate.io/securityGroup or tsb.tetrate.io/gatewayGroup This is only available for Istio resources when applying configuration in DIRECT mode. Labels applied to TSB resources will be ignored.

displayName

string
User friendly name for the resource.

description

string
A description of the resource.

organization

string
The organization to which the object belongs to

application

string
The application to which the resource belongs to

api

string
The API to which the resource belongs to

RegionalFailover

Specify the traffic failover policy across regions. Since zone and sub-zone failover is supported by default this only needs to be specified for regions when the operator needs to constrain traffic failover so that the default behavior of failing over to any endpoint globally does not apply. This is useful when failing over traffic across regions would not improve service health or may need to be restricted for other reasons like regulatory controls.

FieldDescriptionValidation Rule

from

string
Originating region.

to

string
Destination region the traffic will fail over to when endpoints in the 'from' region become unhealthy.

WorkloadSelector

WorkloadSelector selects one or more workloads in a namespace. WorkloadSelector can be used in TrafficSetting, SecuritySetting, and Gateway APIs in BRIDGED mode to scope the configuration to a specific set of workloads.

FieldDescriptionValidation Rule

namespace

string
REQUIRED
The namespace where the workload resides.

string = {
  min_len: 1
}

labels

map<string, string>
REQUIRED
One or more labels that indicate a specific set of pods/VMs in the namespace. If omitted, the TrafficSetting or SecuritySetting configuration will apply to all workloads in the namespace. Labels are required for Gateway API resources.