Understanding HA and DR for the Tetrate Management Plane
This guide describes the DR scenarios and impact for the Tetrate Management Plane. It applies to both Tetrate Service Bridge (TSB) and Tetrate Service Express (TSE).
The design of the Tetrate Management Plane (and the distributed control plane architecture) provides the following attributes:
- Architecture is loosely coupled: Tetrate architecture by design is loosely coupled and self-healing, meaning that the 'blast radius' of failures is limited, and the platform quickly settles on a good configuration when components recover.
- All Tetrate components are stateless and can recover from failure: The only exceptions are the Postgres DB (configuration and audit logs) and ElasticSearch DB (metrics), plus secrets in the K8s cluster
- Apps and Services are not affected: Failures in any management or control plane component do not affect the correct operation or security of applications and services running in the workload clusters.
- High Availability: We recommend running workloads in a redundant, HA fashion. A redundant, HA management plane is possible, but brings limited benefits in Tetrate’s loosely-coupled architecture, at the cost of resource usage and additional complexity.