Skip to main content
logoTetrate Service BridgeVersion: next

Install Gateway Template

An InstallGatewayTemplate defines a configuration template for installing gateways in TSB. It allows specifying gateway configurations that will be applied to gateways created in a defined part of the infrastructure. The following example creates an InstallGatewayTemplate named eks-template under the tetrate organization that enforces the use of a specific annotation for all gateways created in EKS clusters.

apiVersion: gateway.tsb.tetrate.io/v2
kind: InstallGatewayTemplate
metadata:
  name: aws-template
  organization: tetrate
spec:
  displayName: "AWS template"
  description: "Template for AWS EKS gateways"
  selector:
    environmentSelector:
      provider: "EKS"
  gatewaySpec:
    kubeSpec:
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-type: 'external'

ClusterSelector

A template selector based on Cluster details.

FieldDescriptionValidation Rule

name

string oneof _selector
Matches the name of the cluster.

labels

tetrateio.api.tsb.gateway.v2.LabelsSelector oneof _selector
Matches the minimum required set of labels defined in the cluster metadata.

namespaceSelector

List of tetrateio.api.tsb.gateway.v2.NamespaceSelector
Selector to target namespaces in the matching cluster. When empty, any Cluster namespace is matched.

EnvironmentSelector

A template selector based on environment details, such as the cloud provider (e.g GKE, EKS, AKS...)

FieldDescriptionValidation Rule

provider

string
REQUIRED
The provider name. It must match the Cluster State provider field.

string = {
  min_len: 1
}

GatewaySpec

GatewaySpec contains the desired state of the Gateway.

FieldDescriptionValidation Rule

connectionDrainDuration

google.protobuf.Duration
The amount of time the gateway will wait on shutdown for connections to complete before terminating the gateway. During this drain period, no new connections can be created but existing ones are allowed to complete.

revision

string
Specifies the Istio revision to reconcile with. If specified, the TSB Control Plane operator will reconcile this gateway only if the operator's revision matches the revision. The TSB Data Plane operator, which runs only when the TSB Control Plane operator has not configured a revision, will ignore the revision and will reconcile the gateway as usual. Internally, the revision specifies which Istio Control Plane configures the Gateway deployment. See https://istio.io/latest/docs/setup/upgrade/canary.

type

tetrateio.api.tsb.gateway.v2.GatewaySpec.Type
Type defines the type of gateway deployment created as part of this gateway install object. Possible values are UNIFIED, INGRESS, EGRESS and EASTWEST.

enum = {
  defined_only: true
}

concurrency

int32 oneof __concurrency
Number of Envoy worker threads to run. By default, it will be set automatically based on the gateway's CPU resource limits.

Set to -1 to use the legacy behavior of all cores on the machine.

kubeSpec

tetrateio.api.install.kubernetes.KubernetesComponentSpec
Configure Kubernetes specific settings.

InstallGatewayTemplate

InstallGatewayTemplate is defined at the Organization level. It applies to a portion of the infrastructure determined by selectors that match attributes such as provider, labels, or cluster names.

FieldDescriptionValidation Rule

deletionProtectionEnabled

bool
When set, prevents the resource from being deleted. In order to delete the resource this property needs to be set to false first.

priority

int32
Indicates when a template must be chosen in case of multiple selectors of the same type matching a single gateway configuration. Defaults to 0, the highest priority. When two templates have the same priority, they are sorted alphabetically by their names. Templates with different selector types will be resolved in the following order, regardless of the priority value:

  1. environment selectors
  2. cluster selectors with no namespace selectors
  3. cluster selectors with namespace selector
  4. workload selectors
  5. specific InstallGateway TSB resources

int32 = {
  gte: 0
}

environmentSelector

tetrateio.api.tsb.gateway.v2.EnvironmentSelector oneof _selector
Selects the gateways targeting the clusters based on environment details, such as the provider.

clusterSelector

tetrateio.api.tsb.gateway.v2.ClusterSelector oneof _selector
Selects the gateways targeting the clusters based on cluster specific details (e.g. cluster name or labels).

allClusters

bool oneof _selector
Selects all the onboarded clusters on TSB.

bool = {
  const: true
}

gatewayWorkloadSelector

tetrateio.api.tsb.gateway.v2.WorkloadSelector
Matches the workload selector defined by a Gateway configuration. Optional.

gatewaySpec

tetrateio.api.tsb.gateway.v2.GatewaySpec
REQUIRED
The gateway spec to apply to the created gateway.

LabelsSelector

A template selector based on label matching.

FieldDescriptionValidation Rule

labels

map<string, string>

map = {
  keys: {string:{min_len:1}}
}

NamespaceSelector

A template selector based on Cluster namespaces.

FieldDescriptionValidation Rule

name

string oneof _selector
The namespace name.

labels

tetrateio.api.tsb.gateway.v2.LabelsSelector oneof _selector
The minimum required namespace labels.

WorkloadSelector

A template selector for Gateway workloads.

FieldDescriptionValidation Rule

labels

tetrateio.api.tsb.gateway.v2.LabelsSelector
REQUIRED
The minimum required workload selector labels.

Type

Type defines the functionalities supported by the Gateway install. Each type configures gateway workloads for a particular use case. If not set, UNIFIED is set as default.

FieldNumberDescription

UNIFIED

0

UNIFIED represents the gateway type supporting all functionalities: INGRESS, EGRESS, and EASTWEST. Gateway workloads are configured with default ports 80 (HTTP), 443 (HTTPS), and 15443 (ISTIO_mTLS). The gateway is configured with a LoadBalancer type service by default.

INGRESS

1

INGRESS represents the gateway type configured for Ingress use cases. Gateway workloads are configured with default ports 80 (HTTP), 443 (HTTPS), and 15443 (ISTIO_mTLS). The gateway is configured with a LoadBalancer type service by default.

EGRESS

2

EGRESS represents the gateway type configured for Egress use cases. Gateway workloads are configured with the default ports 80 (HTTP), 443 (HTTPS), and 15443 (ISTIO_mTLS). The gateway is configured with a ClusterIP type service by default.

EASTWEST

3

EASTWEST represents the gateway type configured for East-West use cases. Gateway workloads are configured with the default port 15443 (ISTIO_mTLS). The gateway is configured with a LoadBalancer type service by default.