Clusters
Each Kubernetes cluster managed by Service Bridge should be onboarded first before configurations can be applied to the services in the cluster. Onboarding a cluster is a two step process. First, create a cluster object under the appropriate tenant. Once a cluster object is created, its status field should provide the set of join tokens that will be used by the Service Bridge agent on the cluster to talk to Service Bridge management plane. The second step is to deploy the Service Bridge agent on the cluster with the join tokens and deploy Istio on the cluster. The following example creates a cluster named c1 under the tenant mycompany, indicating that the cluster is deployed on a network "vpc-01" corresponding to the AWS VPC where it resides.
apiVersion: api.tsb.tetrate.io/v2
kind: Cluster
metadata:
name: c1
organization: myorg
labels:
env: uat-demo
spec:
tokenTtl: "1h"
network: vpc-01
Note that configuration profiles such as traffic, security and gateway groups will flow to the Bridge agents in the cluster as long their requested cluster exists in the Service Bridge hierarchy.
Cluster
A Kubernetes cluster managing both pods and VMs.
Field | Description | Validation Rule |
---|---|---|
tokenTtl | google.protobuf.Duration | – |
network | string | – |
tier1Cluster | google.protobuf.BoolValue | – |
locality | tetrateio.api.tsb.v2.Cluster.Locality | – |
trustDomain | string | – |
namespaceScope | tetrateio.api.tsb.v2.NamespaceScoping | – |
state | tetrateio.api.tsb.v2.Cluster.State | – |
Locality
The region the cluster resides. Used for failover based routing when configured in the workspace or global settings.
Field | Description | Validation Rule |
---|---|---|
region | string | string = { |
State
State represents the cluster info learned from the onboarded cluster
Field | Description | Validation Rule |
---|---|---|
lastSyncTime | google.protobuf.Timestamp | – |
provider | string | – |
istioVersions | List of string | – |
xcpVersion | string | – |
ClusterStatus
The status message for a cluster resource contains the set of join tokens that should be used by Service Bridge's agents on the cluster.
Field | Description | Validation Rule |
---|---|---|
tokens | – |
NamespaceScoping
Configure the default scoping of namespaces in this cluster.
Field | Description | Validation Rule |
---|---|---|
scope | tetrateio.api.tsb.v2.NamespaceScoping.Scope | – |
exceptions | List of string | – |
Port
Field | Description | Validation Rule |
---|---|---|
number | uint32 | – |
name | string | – |
kubernetesNodePort | uint32 | – |
Workload
Info about individual workload implementing the service.
Field | Description | Validation Rule |
---|---|---|
address | string | – |
name | string | – |
isVm | bool | – |
proxy | tetrateio.api.tsb.v2.Workload.Proxy | – |
Proxy
Info about proxy attached to a workload.
Field | Description | Validation Rule |
---|---|---|
controlPlaneAddress | string | – |
envoyVersion | string | – |
istioVersion | string | – |
status | map<string, string> | – |
Scope
Field | Number | Description |
---|---|---|
GLOBAL | 0 | Global configures namespaces in this cluster to be considered global. Namespaces that exist in other clusters with the same name will be considered to be the same logical namespace. |
LOCAL | 1 | Configures local scoping for namespaces, so that namespaces with the same name in different clusters will not be considered the same logical namespace. |