Skip to main content
logoTetrate Service BridgeVersion: next

Unified Gateway Installation & Management Centrally via MP

This document focuses on the new Unified Gateway installation & management centrally via TSB ManagementPlane using the new MP Gateway Install API.

Introduction

Managing Edge and Ingress Gateways across multiple clusters traditionally required manual effort, as Gateway Install resources had to be applied separately to each control plane cluster. Previously, this was a Kubernetes resource that needed to be deployed on each cluster individually.

With the latest enhancements, TSB Management Plane now allows users to apply Gateway Install APIs directly to MP as a TSB resource by specifying targetCluster and targetNamespace. This streamlines gateway deployment, enabling centralized management and reducing operational complexity.

New Gateway Install API Advantages

Scaling Edge and Ingress Gateways across multiple clusters can be challenging, especially during traffic surges due to planned product launches. Manually updating deployment manifests, HPA settings, and resource allocations for each gateway adds to operational overhead.

With the TSB Management Plane, these configurations can now be managed centrally using Gateway Install APIs. Platform teams can apply changes via TSB UI, tctl, REST API, or GitOps, and once validated, TSB MP propagates and translates the install resource into Kubernetes objects like gateway deployments, services etc across target clusters — ensuring seamless and efficient deployment.

How It Works?

We have introduced two additional properties to the Install API: targetCluster and targetNamespace. The Install API resource can now be annotated with TSB hierarchical constructs under the metadata field, allowing it to be scoped under TSB Tenant, Workspace, and Group constructs.

Gateway Install API

In the examples below, we use:

  • Namespace: tier1
  • Organization: tetrate
  • Tenant: tier1
  • Workspace: tier1-workspace
  • Gateway Group: tier1-gateway-group
apiVersion: install.tetrate.io/v1alpha1
kind: Gateway
metadata:
  name: tier1-gateway
  namespace: tier1
  annotations:
    tsb.tetrate.io/organization: tetrate
    tsb.tetrate.io/tenant: tier1
    tsb.tetrate.io/workspace: tier1-workspace
    tsb.tetrate.io/gatewayGroup: tier1-gateway-group
spec:
  type: UNIFIED
  targetCluster: cluster-1
  targetNamespace: tier1
  kubeSpec:
    deployment:
      labels:
        app: tier1-gateway
    service:
      type: LoadBalancer

This resource can be applied directly to the TSB Management Plane using tctl or as a Kubernetes resource via kubectl when GitOps is enabled in the cluster.

Gateway Deployment Labels

Please make sure you configure deployment.labels.app label when you create the Gateway Install resource. This label will be configured as the workloadSelector later when you create TSB Gateway configuration.

Using Gateway Workload in Gateway Configuration

Ensure that the workloadSelector in the Gateway configuration matches the deployment.labels in the Gateway Install resource to correctly associate the workload with the deployed gateway.

apiVersion: gateway.tsb.tetrate.io/v2
kind: Gateway
metadata:
  name: tier1-gateway
  namespace: tier1
  annotations:
    tsb.tetrate.io/organization: tetrate
    tsb.tetrate.io/tenant: tier1
    tsb.tetrate.io/workspace: tier1-workspace
    tsb.tetrate.io/gatewayGroup: tier1-gateway-group
spec:
  workloadSelector:
    namespace: tier1
    labels:
      app: tier1-gateway # Must match deployment.labels in Gateway Install resource
  http:
  - hostname: bookinfo.tetrate.io
    name: bookinfo
    port: 80

Monitor Gateway Resource Status via TSB UI

Once you apply the Gateway Install resource, it will be propagated to the target cluster and will be translated to the kubernetes resources like deployments, service, hpa etc.

# cluster-1

k get all -n tier1

NAME                                 READY   STATUS    RESTARTS   AGE
pod/tier1-gateway-6668fd654b-js8jr   1/1     Running   0          25h

NAME                    TYPE           CLUSTER-IP       EXTERNAL-IP     PORT(S)                                      AGE
service/tier1-gateway   LoadBalancer   172.24.162.167   34.29.226.243   15443:30514/TCP,80:32341/TCP,443:31082/TCP   25h

NAME                            READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/tier1-gateway   2/2     2            2           25h

NAME                                       DESIRED   CURRENT   READY   AGE
replicaset.apps/tier1-gateway-6668fd654b   2         2         2       25h

NAME                                                REFERENCE                  TARGETS       MINPODS   MAXPODS   REPLICAS   AGE
horizontalpodautoscaler.autoscaling/tier1-gateway   Deployment/tier1-gateway   cpu: 5%/75%   2         10        2          25h

You can also verify the status using config status UI.

config status UI