Skip to main content
logoTetrate Service BridgeVersion: next

Segmentation Membership

Alpha early access

The segmentation feature is in an early access alpha state. Before trying this in a non production environment, please reach out to Tetrate first.

The Segmentation Membership resource configures the resources that belong to particular zones in the different segmentation policies. Membership is defined statically, by using this Membership resource. Multiple Segmentation Membership resources can hold selectors for the same Segmentation Type Zones. The additive amalgamation of selectors will be used.

The following example shows how to statically define the resource that belong to the red zone in the ring segmentation policy.

apiVersion: segmentation.tsb.tetrate.io/v1
kind: SegmentationMembership
metadata:
organization: myorg
name: ring-membership
spec:
policy: ring
zones:
- name: red
fqnSelector:
- "organizations/myorg/tenants/mytenant"
- "organizations/myorg/tenants/mytenant/workspaces/myworkspace"
- "organizations/myorg/tenants/mytenant/workspaces/ws1/securitygroups/sg1"

SegmentationMembership

The SegmentationMembership resource configures static resource membership for segmentation policies and zones.

FieldDescriptionValidation Rule

policy

string
The segmentation policy to which the membership belongs.

zones

List of tetrateio.api.tsb.segmentation.v1.SegmentationMembership.ZoneMembership
List of zone memberships that define the resources that belong to particular zones in the segmentation policy. Multiple Segmentation Membership resources can hold selectors for the same Segmentation Policy Zones. The additive amalgamation of selectors will be used.

ZoneMembership

Zone membership configures membership of resources to a particular zone in the segmentation policy. When the resource is applied, all resources that match the selectors in the zone membership will be considered to belong to the zone in the segmentation policy.

FieldDescriptionValidation Rule

name

string
REQUIRED
The name of the zone in the defined segmentation policy.

string = {
  min_len: 1
}

fqnSelector

List of string
The list of fully-qualified names (FQNs) of the resources that belong to the zone. Resource FQNs must be in the form of organizations/\{org\}/tenants/\{tenant\}/workspaces/\{workspace\}/securitygroups/\{securitygroup\} where org is the organization name, tenant is the tenant name, workspace is the workspace name and securitygroup is the security group name. The FQN can also be a prefix like organizations/org-*/tenants/ten-*/workspaces/ws-* to match multiple resources. The FQN names can also be * to match all resources of a particular type such as organizations/*/tenants/*/workspaces/* to match all workspaces in all tenants in all organizations.

repeated = {
  items: {string:{min_len:1}}
}

nsSelector

List of string
The list of cluster/namespace selectors that belong to the zone. NsSelectors are cluster/namespace pairs that can select multiple resources in a cluster. Selectors must be in the form of cluster/namespace where cluster is the cluster name and namespace is the namespace name. Both cluster and namespace can be * to match all clusters or namespaces respectively, they can also contain a prefix like cluster-*/* or cluster-*/namespace-* to match multiple clusters or namespaces containing the prefix.

repeated = {
  items: {string:{min_len:1}}
}