Configuration Inheritance
As briefly described in the Service Bridge Security section, TSB allows you to define policies and configurations at different levels of the hierarchy. This section will explain how TSB handles the inheritance of these policies and configurations.
Hierarchical Configuration
Organization
The Organization Setting object allows configuring global settings for the Organization. Settings such as network reachability or regional fail-over that apply globally to the organization are configured in the Organization Setting object.
Organization Setting is a global object that uniquely configures the organization, and there can be only one Organization Setting object defined for each organization. It also offers a way to provide default Traffic and Security settings for all of TSB, which can be overridden at the Tenant, Workspace, or Group level; if the Propagation Strategy permits.
Tenant
The Tenant Setting object allows configuring default traffic and security settings for a specific Tenant and will be applicable to all underlying Workspaces.
Workspace
The Workspace Setting object allows configuring default traffic and security settings for a specific Workspace and will be applicable to all underlying Groups.
Group
Four different Group types are available in TSB. Each group provide task specific configurations and policies, and each of them have their own settings objects:
The Istio Internal group is a special group that is available for customers needing direct access to specific Istio resources. It groups highly coupled and implementation-detailed oriented Istio resources together, that don't provide any TSB guarantees or backward forward compatibilities that other groups like traffic, security of gateway can provide. Therefore, this group is only meant to be used for users/administrators that are confident with those advanced features, knowing that the defined resources under this group will not interfere with the TSB provided mesh governance functionalities.
Example scenario
The example below shows how a Tenant setting object can be created at tenant research
, and attached at workspace research-frontend-ws
to govern the default settings for that particular Workspaces.
Configuration Profiles
The Configuration Profiles feature is in beta state for release 1.12. Please contact Tetrate if you have any questions or concerns.
The Configuration Profiles feature adds an enhanced configuration experience for larger-scale TSB deployments. At the core, Configuration Profiles allow for the creation of configuration objects that can be created at the Organization, Tenant, or Workspace level and be attached to multiple resources like Tenants, Workspaces, or Groups in a distinct hierarchical order.
Since there can be a difference between where a Configuration Profile is created and where it is attached, it allows for usage delegation patterns as well as removing the need for duplication of configuration settings amongst the resources needing it.
Click here to learn more about configuration profiles.