Skip to main content
logoTetrate Service BridgeVersion: next

Understanding Configuration Traceability

Understand how configuration generated by Tetrate Hosted Agent can be identified and traced

Gateway Configuration Metadata

Every TSB Gateway created by the agent includes configGenerationMetadata that provides complete traceability of the configuration source. This metadata tracks:

  • Source annotations: All gateway.tetrate.io/* annotations used to generate the gateway
  • Contributing services: Which services contributed to the gateway configuration
  • Generation details: When and by whom the gateway was generated

Note: Original annotation keys and values are preserved exactly as-is. Service source information is tracked using separate -source annotations.

Example Metadata

For a service with these annotations:

annotations:
  gateway.tetrate.io/host: "auth.demo.example.com"
  gateway.tetrate.io/jwt-issuers: |
    - issuer: "https://accounts.google.com"
      jwksUri: "https://www.googleapis.com/oauth2/v3/certs"
      audiences: ["your-client-id"]
  gateway.tetrate.io/path: "/secure"
  gateway.tetrate.io/protocol: "HTTPS"
  gateway.tetrate.io/tls-secret: "httpbin-tls"

The generated TSB Gateway will include:

{
  "configGenerationMetadata": {
    "annotations": {
      "gateway.tetrate.io/host": "auth.demo.example.com",
      "gateway.tetrate.io/host-source": "demo/service-name",
      "gateway.tetrate.io/jwt-issuers": "- issuer: \"https://accounts.google.com\"\n  jwksUri: \"https://www.googleapis.com/oauth2/v3/certs\"\n  audiences: [\"your-client-id\"]",
      "gateway.tetrate.io/jwt-issuers-source": "demo/service-name", 
      "gateway.tetrate.io/path": "/secure",
      "gateway.tetrate.io/path-source": "demo/service-name",
      "gateway.tetrate.io/protocol": "HTTPS", 
      "gateway.tetrate.io/protocol-source": "demo/service-name",
      "gateway.tetrate.io/tls-secret": "httpbin-tls",
      "gateway.tetrate.io/tls-secret-source": "demo/service-name",
      "generated-from-services": "demo/service-name",
      "generated-by": "tetrate-hosted-agent",
      "host": "auth.demo.example.com",
      "port": "443",
      "protocol": "HTTPS"
    }
  }
}

Benefits

  • Audit trail: Track which annotations created each gateway configuration
  • Debugging: Understand why a gateway was configured a certain way
  • Compliance: Maintain records of configuration sources for security audits
  • Multi-service gateways: See all services that contribute to shared gateways