Tetrate Service BridgeVersion: next

Announcing TSB 1.11

Introducing Tetrate Service Bridge (TSB) version 1.11.0 – TSB continues to empower enterprise connectivity with its latest advancements in segmentation, proxy reliability, and gateway failover.

With 1.11.0, platform, security, and application teams gain greater control over infrastructure through Segmentation Policies for resource and traffic isolation, seamless Kong Gateway migration with TSB Kong Extensions, and optimized gateway stability with Weighted Tier1 Gateway Failover. Additionally, TSB 1.11.0 enhances proxy adherence to Envoy Best Practices for improved security and reliability, alongside multiple UI and troubleshooting improvements to enhance user experience and simplify operations.

New Features and Improvements

Segmentation Policies - Alpha Functionality for Early Access:
- TSB 1.11.0 includes an Alpha early access preview of the Segmentation feature, which allows platform admins, and in a future release app developers, to manage service to service traffic authorization policies, making it easier to control platform, security, and application boundaries for different teams and organizational needs.
- This feature is in active development, and may change or be removed in future releases. To enable this capability in a non-production environment, please talk to your Tetrate support contact.
TSB Kong Extensions - Alpha Functionality for Early Access:
- TSB 1.11.0 includes an Alpha early access preview of TSB Kong Extension feature, which supports transitioning from Kong Gateway to TSB Gateway using the tetrate-kong-extender sidecar, providing a drop-in replacement for Kong libraries and user-defined plugins, with support for mounting custom plugins via ConfigMap and maintaining a similar configuration interface.
- This feature is in active development, and may change or be removed in future releases. To enable this capability in a non-production environment, please talk to your Tetrate support contact.
Configuration Profiles - Improved Alpha Functionality for Early Access:
- Configuration inheritance related issues found in the initial Alpha release of Configuration Profiles have been addressed, and the feature is now in an improved Alpha state.
  - Configuration Profiles enable the creation of pre-set configuration templates that can be defined and attached at various hierarchy levels (Organization, Tenant, Workspace, Group).
  - Configuration Profiles serve as default settings until overridden by more specific configurations down the TSB hierarchy. Next to defaults, Configuration Profile mandates allow settings to be enforced at a specific level in the hierarchy and prohibit overrides.
  - Configuration Profiles API will undergo breaking changes in TSB 1.12, so please use with extreme caution. To enable this capability in a non-production environment, please talk to your Tetrate support contact.
Enhanced Edge Gateway Weighted Distribution & Failover:
- The Weighted Tier1 Gateway Failover feature ensures seamless traffic failover to the next prioritized cluster if an endpoint fails, improving reliability for weighted Tier1 Unified Gateway configurations.
Enhanced Proxy Reliability with Envoy Best Practices:
- TSB Gateway proxies now follow Envoy Best Practices for edge configurations, enhancing security, reliability, and performance in line with recommended standards.
Support for Maximum Connection Duration settings:
- In compliance with NIST.SP.800-204A::SM-DR14 specification, Workspace Traffic Settings now allow for the setting of Maximum Connection Duration and Maximum Stream Duration for HTTP and TCP Traffic for securely handlling certificate reissue. These settings can be applied to any Sidecar or Gateway.
Troubleshooting Enhancements:
- Application Developers can now go through guided scenario based Troubleshooting workflows in the UI for common error conditions.
- UI users informed of any workspaces with configuration errors upon login
- User and System Audit events visualization is now available on the main topology view to quickly identify configuration changes.
- Cluster Proxy Tools have been updated to use Management Plane APIs to add a layer of access permissions for users.
- Service Tracing now has a Tree view for an alternate view of call traces
Multiple UI improvements: We have made several UI improvements to enhance user experience, including:
- Service Dependencies can be highlighted from the main topology.
- A new setting for simple popups showing only the core metrics has been added to main topology.
- Workspace Propagation is now also available at the Workspace level for a scoped view in large deployments.
- All columns in table views now have sorting capabilities.
- SPIFEE IDs for Services added as part of a Service's attributes in the Topology and Metrics views.

Additional Enhancements

Refer to TSB 1.11 Release Notes for complete list of additional improvements in TSB 1.11

Deprecations

Feature	Deprecation Release	End of Life Release	Notes
Tier 1 Gateway	`1.10.0`	`1.14.0`	Migrate to `Unified Gateway`
Ingress (Tier 2) Gateway	`1.10.0`	`1.14.0`	Migrate to `Unified Gateway`
Egress Gateway	`1.10.0`	`1.14.0`	Migrate to `Unified Gateway`
Applications	`1.11.0`	`1.13.0`	Discontinue use

Upgrade Notes

Get Started with Tetrate Service Bridge

To get started with Tetrate Service Bridge:

Review the Initial Requirements and identify the target platform
Determine if you wish to:
- follow a quick demo installation
- perform a more-involved production-ready installation (Management Plane, Cluster Onboarding)
- apply an upgrade to an existing Tetrate Service Bridge deployment

Don't hesitate to reach out to your Tetrate support contact if you have any questions.