Tetrate Service BridgeVersion: next

Segmentation Membership

Alpha early access

The segmentation feature is in an early access alpha state. Before trying this in a non production environment, please reach out to Tetrate first.

The Segmentation Membership resource configures the resources that belong to particular zones in the different segmentation policies. Membership is defined statically, by using this Membership resource. Multiple Segmentation Membership resources can hold selectors for the same Segmentation Type Zones. The additive amalgamation of selectors will be used.

The following example shows how to statically define the resource that belong to the red zone in the ring segmentation policy.

apiVersion: segmentation.tsb.tetrate.io/v1
kind: SegmentationMembership
metadata:
  organization: myorg
  name: ring-membership
spec:
  policy: ring
  zones:
    - name: red
      fqnSelector:
        - "organizations/myorg/tenants/mytenant"
        - "organizations/myorg/tenants/mytenant/workspaces/myworkspace"
        - "organizations/myorg/tenants/mytenant/workspaces/ws1/securitygroups/sg1"

SegmentationMembership

The SegmentationMembership resource configures static resource membership for segmentation policies and zones.

Field	Description	Validation Rule
policy	string The segmentation policy to which the membership belongs.	–
zones	List of tetrateio.api.tsb.segmentation.v1.SegmentationMembership.ZoneMembership List of zone memberships that define the resources that belong to particular zones in the segmentation policy. Multiple Segmentation Membership resources can hold selectors for the same Segmentation Policy Zones. The additive amalgamation of selectors will be used.	–

ZoneMembership

Zone membership configures membership of resources to a particular zone in the segmentation policy. When the resource is applied, all resources that match the selectors in the zone membership will be considered to belong to the zone in the segmentation policy.

Field	Description	Validation Rule
name	string REQUIRED The name of the zone in the defined segmentation policy.	string = { min_len: `1` }
fqnSelector	List of string The list of fully-qualified names (FQNs) of the resources that belong to the zone. Resource FQNs must be in the form of `organizations/\{org\}/tenants/\{tenant\}/workspaces/\{workspace\}/securitygroups/\{securitygroup\}` where `org` is the organization name, `tenant` is the tenant name, `workspace` is the workspace name and `securitygroup` is the security group name. The FQN can also be a prefix like `organizations/org-/tenants/ten-/workspaces/ws-` to match multiple resources. The FQN names can also be `` to match all resources of a particular type such as `organizations//tenants//workspaces/*` to match all workspaces in all tenants in all organizations.	repeated = { items: `{string:{min_len:1}}` }
nsSelector	List of string The list of cluster/namespace selectors that belong to the zone. NsSelectors are cluster/namespace pairs that can select multiple resources in a cluster. Selectors must be in the form of `cluster/namespace` where `cluster` is the cluster name and `namespace` is the namespace name. Both cluster and namespace can be `` to match all clusters or namespaces respectively, they can also contain a prefix like `cluster-/` or `cluster-/namespace-*` to match multiple clusters or namespaces containing the prefix.	repeated = { items: `{string:{min_len:1}}` }

SegmentationMembership​

ZoneMembership​

SegmentationMembership

ZoneMembership