Skip to main content
logoTetrate Service BridgeVersion: next

Announcing TSB 1.13

Introducing Tetrate Service Bridge (TSB) version 1.13.0 - TSB enhances enterprise service mesh capabilities with advanced gateway features, configuration management, and improved platform reliability.

This release introduces Ambient support (alpha), a new local rate limiting capability, centralised Gateway installation, extended high-availability capabilities, alongside enhanced troubleshooting features and UI improvements for better operational visibility.

Tetrate have moved towards a more incremental cadence of releases, using an Agile-like approach to deliver feature updates and fixes to customers in a steady stream. The 1.13.0 release is an incremental change from the previous 1.12.x release, and includes updates to core dependencies such as the included Istio distribution.

Here, we describe the most significant changes from the previous minor 1.12.0 release.

New Features and Improvements

  • Ambient Support (alpha)
    • Ambient Support was introduced as an Alpha Feature in release 1.12.1
    • Enable mountInternalWasmExtensions and identityPropagation by default in Ambient mode
    • Fix service state reporting in Ambient mode by XCP Edge
    • Fix metadata exchange filter configuration for Ambient mode with ISB enabled
    • Service Topology view for Ambient Clusters was enhanced to allow the user to view the graph with or without Waypoints and with ambient objects annotated
  • Local Rate Limiting
    • Local Rate limiting allows users to define rate limits that are applied individually at each Gateway instance. This removes the dependency on the Redis database for shared rate limits
  • Gateways
    • Added new Unified Gateway Installation allowing for centralised installation and configuration of Envoy Unified Gateways
    • Provide rich configuration status reporting for the deployment and service configuration for each installed gateway
  • gRPC API - protobufs
    • protobufs and related SDKs are now published for general use on buf.build. For documentation, refer to the 'official' tetrate documentation; this will be fully migrated to buf.build in due course
  • Status Reporting API
    • A new Component Status API can be used to check and troubleshoot the various TSB components
  • Management Plane High Availability
    • Added the ability to fail-back, re-using a previously-failed Management Plane instance if this instance is known to be intact. This allows for easier operation when failing over between data centers
    • Added Postgres metrics dashboard to monitor replication activity between active and standby Management Plane instances
  • Segmentation (alpha)
    • The Segmentation capability is currently an alpha feature. Please refer to Tetrate technical support for more information
    • Added support to annotate Organization, Clusters, Tenants, Workspaces, and Groups resources with segmentation membership
  • Multiple UI improvements:
    • Configuration Profiles for Workloads impact analysis
    • Component status reporting
    • Added a new Health tab to the workspace detail page, providing a more consistent and reliable view of service metrics
    • Performance improvements for data collection across the UI
  • Other:
    • Updates to the logging for OAS Spec Validation, providing more detailed internal logs
    • Added support for transitioning from control plane managed gateway installs to management plane managed gateway installs
    • Added path_prefix in external authorization configuration. This option allows prefixing a external authz call with a supplied path
    • Added allowed_upstream_headers in external authorization configuration. This option allows sending response headers from external authz response to upstream
    • Added support for discovering Kubernetes Gateway in OBSERVE mode
    • Enhanced HTTP ratelimit to be only called for configured hostnames on shared gateways
    • Add support for XCP managed selfSigned webhook certificates
    • Istio IsolationBoundary is now enabled by default
    • Add new API to list the config status related to a given FQDN. Available with tctl status --fqdn command
    • Add Hostname and External Addresses options to the search functionality in the Workspace Propagation view

Dependencies

TSB 1.13.x ships with Istio 1.26.3, and supports the following K8s and Openshift Platforms:

DistributionSupported Versions
Kubernetes1.31, 1.32, 1.33
OpenShift4.15, 4.16, 4.17, 4.18

Other platforms can be supported by special arrangement.

Additional Enhancements

Refer to TSB 1.13 Release Notes for complete list of additional improvements in TSB 1.13

Deprecations

FeatureDeprecation ReleaseEnd of Life ReleaseNotes
Tier 1 Gateway1.10.01.14.0Migrate to Unified Gateway
Ingress (Tier 2) Gateway1.10.01.14.0Migrate to Unified Gateway
Egress Gateway1.10.01.14.0Migrate to Unified Gateway
Security Domains1.12.01.14.0Migrate to Segmentation Policies
Applications1.11.01.13.0End-of-life

Upgrade Notes

TODO

Pre-Upgrade check needed

Starting from TSB 1.12, IsolationBoundary is a required component of TSB architecture. This feature enables multiple revision installations, allowing seamless control-plane upgrades while enforcing network segregation. For a comprehensive understanding of IsolationBoundary, refer to the IsolationBoundary Concept documentation.

If you're upgrading to TSB 1.12 from a non-revisioned deployment, we strongly recommend enabling IsolationBoundary in your cluster before proceeding with the upgrade. For migration guidance, follow our Non-revisioned to Revisioned upgrade documentation.

Get Started with Tetrate Service Bridge

To get started with Tetrate Service Bridge:

Don't hesitate to reach out to your Tetrate support contact if you have any questions.