Skip to main content
logoTetrate Service BridgeVersion: 1.12.x

Configuration Inheritance

As briefly described in the Service Bridge Security section, TSB allows you to define policies and configurations at different levels of the hierarchy. This section will explain how TSB handles the inheritance of these policies and configurations.

Hierarchical Configuration

Organization

The Organization Setting object allows configuring global settings for the Organization. Settings such as network reachability or regional fail-over that apply globally to the organization are configured in the Organization Setting object.

Organization Setting is a global object that uniquely configures the organization, and there can be only one Organization Setting object defined for each organization. It also offers a way to provide default Traffic and Security settings for all of TSB, which can be overridden at the Tenant, Workspace, or Group level; if the Propagation Strategy permits.

Tenant

The Tenant Setting object allows configuring default traffic and security settings for a specific Tenant and will be applicable to all underlying Workspaces.

Workspace

The Workspace Setting object allows configuring default traffic and security settings for a specific Workspace and will be applicable to all underlying Groups.

Group

Four different Group types are available in TSB. Each group provide task specific configurations and policies, and each of them have their own settings objects:

note

The Istio Internal group is a special group that is available for customers needing direct access to specific Istio resources. It groups highly coupled and implementation-detailed oriented Istio resources together, that don't provide any TSB guarantees or backward forward compatibilities that other groups like traffic, security of gateway can provide. Therefore, this group is only meant to be used for users/administrators that are confident with those advanced features, knowing that the defined resources under this group will not interfere with the TSB provided mesh governance functionalities.

Example scenario

The example below shows how a Tenant setting object can be created at tenant research, and attached at workspace research-frontend-ws to govern the default settings for that particular Workspaces.

Example of configuration profiles in use.

Configuration Profiles

Beta feature

The Configuration Profiles feature is in beta state for release 1.12. Please contact Tetrate if you have any questions or concerns.

The Configuration Profiles feature adds an enhanced configuration experience for larger-scale TSB deployments. At the core, Configuration Profiles allow for the creation of configuration objects that can be created at the Organization, Tenant, or Workspace level and be attached to multiple resources like Tenants, Workspaces, or Groups in a distinct hierarchical order.

Since there can be a difference between where a Configuration Profile is created and where it is attached, it allows for usage delegation patterns as well as removing the need for duplication of configuration settings amongst the resources needing it.

Want to know more?

Click here to learn more about configuration profiles.