Skip to main content
logoTetrate Service BridgeVersion: 1.13.x

Hosted and On-Premise Deployments

Tetrate Service Bridge (TSB) consists of three primary components:

  • The TSB Management Plane is either hosted by Tetrate on your behalf, or can be installed on-premise. The Management Plane provides UI, CLI and API access to manage your mesh configuration and visualize traffic and events

  • The TSB Control Plane is installed onto each kubernetes cluster that you wish to manage with the TSB Management Plane. These clusters are provided and managed by you. The Control Plane shares state to the central Management Plane, and it configures the mesh and gateways on the local cluster

  • The TSB Data Plane consists of Tetrate-managed gateways that are installed on your Kubernetes clusters. Gateways can function as one of:

    • Edge / Tier1 Gateway - An Edge Gateway is used to publish your services to external clients. A small number of Edge Gateways gives you a well-defined, easy-to-manage perimeter.
    • App / Tier2 Gateway - The App Gateways are installed on each of your workload clusters and are used to expose services from that cluster. App Gateways also function as intermediate gateways to expose adjacent services (VMs, bare metal servers etc).
    • Egress Gateways - The Egress Gateways are used to control traffic that leaves your cluster to external (non-mesh) services. The use of Egress Gateways is optional, but provides a point of control and a well-known egress point that can be easily secured
    • East-West Gateways - East-West gateways are used to manage traffic within the mesh, between clusters. With the use of East-West gateways, TSB can isolate each cluster to reduce the cross-cluster configuration and service registry information needed, while automatically orchestrating cross-cluster traffic and failover
    • Transit Gateway - where necessary, Transit Gateways can be deployed to bridge disconnected networks so that clusters can reach gateways on remote clusters

These components are used to reliably deliver applications and services to internal and external clients.

Comparing On-Premise and Hosted Deployments

Deployment ModelTetrate Management PlaneUser's Workload Clusters
Hosted Management PlaneHosted and managed by Tetrate in Tetrate's cloud environmentHosted and managed by the user in their cloud or on-prem environments
On-Premise Management PlaneHosted and managed by the user in a K8s clusterHosted and managed by the user in their cloud or on-prem environments

The primary difference between on-prem and hosted is that with hosted, Tetrate hosts the TSB Management Plane for you in a secured, compliant cloud platform. This reduces the complexity of owning and operating the TSB solution:

  • Tetrate Management Plane and associated configuration and metrics databases are deployed in per-user, dedicated kubernetes clusters.
  • Software updates and security fixes are applied by the Tetrate team, and any necessary maintenance windows are coordinated with the user
  • Tetrate manages scaling and availability incidents with our experienced SRE team

The Tetrate team does not have visibility of your configuration or metrics, and does not have administrative access to your TSB management plane. This can be enabled on a case-by-case basis when needed, coordinating with your own technical team, and may be used for debugging and support purposes:

Hosted Management Plane architecture

Hosted Management Plane architecture

Self-hosted (on-prem) Management Plane

Alternatively, you can deploy the TSB Management Plane yourself, on your own infrastructure. This approach is suitable for users who have specific governance or security policies that would prevent them from using such a sensitive system on external infrastructure.

Installation and Operation

Installation

The installation and configuration of the TSB Management Plane differs, depending on whether you are using the Hosted or an on-prem instance.

If you are using a Hosted instance, then the instructions to install, upgrade and configure the Management Plane are not relevant to you. The Tetrate team will perform installations and upgrades, and make the necessary configuration (such as integrating with your IdP, or enabling GitOps) on your behalf.

Operation

If you use the Tetrate-hosted Management Plane, you will be provided with the details of the Management Plane and the login credentials. If you do not have these, please contact your Account Representative or Tetrate Support.

The operation of the Tetrate Service Bridge solution is identical, whether you use the Hosted or On-Prem instance. Please refer to Tetrate Support if you need assistance identifying the management plane components (such as API endpoints and credentials).