Skip to main content
logoTetrate Service BridgeVersion: 1.9.x

traffic.tsb.tetrate.io/v2

Resource Types:

TrafficSetting

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtraffic.tsb.tetrate.io/v2true
kindstringTrafficSettingtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject
false
statusobject
false

TrafficSetting.spec

↩ Parent

NameTypeDescriptionRequired
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
egressobject
false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
rateLimitingobject

Configuration for rate limiting requests.

false
reachabilityobject
false
resilienceobject
false
upstreamTrafficSettings[]object
false

TrafficSetting.spec.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

TrafficSetting.spec.egress

↩ Parent

NameTypeDescriptionRequired
hoststring

Specifies the egress gateway hostname.

false
portinteger

Deprecated.


Format: int32

false

TrafficSetting.spec.rateLimiting

↩ Parent

Configuration for rate limiting requests.

NameTypeDescriptionRequired
externalServiceobject

Configure ratelimiting using an external ratelimit server.

false
settingsobject
false

TrafficSetting.spec.rateLimiting.externalService

↩ Parent

Configure ratelimiting using an external ratelimit server.

NameTypeDescriptionRequired
domainstring

The rate limit domain to use when calling the rate limit service.

false
failClosedboolean
false
rateLimitServerUristring

The URI at which the external rate limit server can be reached.

false
rules[]object

A set of rate limit rules.

false
timeoutstring

The timeout in seconds for the external rate limit server RPC.

false
tlsobject
false

TrafficSetting.spec.rateLimiting.externalService.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions that are to be applied for this rate limit configuration.

false

TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
destinationClusterobject

Rate limit on destination envoy cluster.

false
headerValueMatchobject

Rate limit on the existence of certain request headers.

false
remoteAddressobject

Rate limit on remote address of client.

false
requestHeadersobject

Rate limit on the value of certain request headers.

false
sourceClusterobject

Rate limit on source envoy cluster.

false

TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch

↩ Parent

Rate limit on the existence of certain request headers.

NameTypeDescriptionRequired
descriptorValuestring

The value to use in the descriptor entry.

false
dontMatchboolean

If set to true, the condition will be met when the header value does not match.

false
headersmap[string]object
false

TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index].requestHeaders

↩ Parent

Rate limit on the value of certain request headers.

NameTypeDescriptionRequired
descriptorKeystring

The key to use in the descriptor entry.

false
headerNamestring

The header name to be queried from the request headers.

false

TrafficSetting.spec.rateLimiting.externalService.tls

↩ Parent

NameTypeDescriptionRequired
filesobject

TLS key source from files.

false
modeenum

Enum: DISABLED, SIMPLE, MUTUAL

false
secretNamestring

TLS key source from a Kubernetes Secret.

false
subjectAltNames[]string
false

TrafficSetting.spec.rateLimiting.externalService.tls.files

↩ Parent

TLS key source from files.

NameTypeDescriptionRequired
caCertificatesstring
false
clientCertificatestring

Certificate file to authenticate the client.

false
privateKeystring

Private key file associated with the client certificate.

false

TrafficSetting.spec.rateLimiting.settings

↩ Parent

NameTypeDescriptionRequired
failClosedboolean
false
rules[]object

A list of rules for ratelimiting.

false
timeoutstring

The timeout in seconds for the rate limit server RPC.

false

TrafficSetting.spec.rateLimiting.settings.rules[index]

↩ Parent

NameTypeDescriptionRequired
dimensions[]object

A list of dimensions to define each ratelimit rule.

false
limitobject

The ratelimit value that will be configured for the above rules.

false

TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index]

↩ Parent

NameTypeDescriptionRequired
headerobject

Rate limit on certain HTTP headers.

false
remoteAddressobject

Rate limit on the remote address of client.

false

TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index].header

↩ Parent

Rate limit on certain HTTP headers.

NameTypeDescriptionRequired
dontMatchboolean

If set to true, the condition will be met when the header value does not match.

false
namestring

Name of the header to match on.

false
valueobject

Value of the header to match on if matching on a specific value.

false

TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index].header.value

↩ Parent

Value of the header to match on if matching on a specific value.

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index].remoteAddress

↩ Parent

Rate limit on the remote address of client.

NameTypeDescriptionRequired
valuestring

Ratelimit on a specific remote address.

false

TrafficSetting.spec.rateLimiting.settings.rules[index].limit

↩ Parent

The ratelimit value that will be configured for the above rules.

NameTypeDescriptionRequired
requestsPerUnitinteger

Specifies the value of the rate limit.


Minimum: 0
Maximum: 4.294967295e+09

false
unitenum

Specifies the unit of time for rate limit.


Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY

false

TrafficSetting.spec.reachability

↩ Parent

NameTypeDescriptionRequired
hosts[]string
false
modeenum

A short cut for specifying the set of services accessed by the workload.


Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, CUSTOM

false

TrafficSetting.spec.resilience

↩ Parent

NameTypeDescriptionRequired
circuitBreakerSensitivityenum

This field is DEPRECATED in favor of upstreamTrafficSettings.resilience.circuitBreakerSensitivity.


Enum: UNSET, LOW, MEDIUM, HIGH

false
httpRequestTimeoutstring

This field is DEPRECATED in favor of upstreamTrafficSettings.resilience.connectionPool.http.requestTimeout.

false
httpRetriesobject

This field is DEPRECATED in favor of upstreamTrafficSettings.resilience.connectionPool.http.retries.

false
keepAliveobject

Keep Alive Settings.

false
tcpKeepaliveboolean

Deprecated.

false

TrafficSetting.spec.resilience.httpRetries

↩ Parent

This field is DEPRECATED in favor of upstreamTrafficSettings.resilience.connectionPool.http.retries.

NameTypeDescriptionRequired
attemptsinteger

Number of retries for a given request.


Format: int32

false
perTryTimeoutstring

Timeout per retry attempt for a given request.

false
retryOnstring

Specifies the conditions under which retry takes place.

false

TrafficSetting.spec.resilience.keepAlive

↩ Parent

Keep Alive Settings.

NameTypeDescriptionRequired
tcpobject

TCP Keep Alive settings associated with the upstream and downstream TCP connections.

false

TrafficSetting.spec.resilience.keepAlive.tcp

↩ Parent

TCP Keep Alive settings associated with the upstream and downstream TCP connections.

NameTypeDescriptionRequired
downstreamobject

TCP Keep Alive Settings associated with the downstream (client) connection.

false
upstreamobject

This field is DEPRECATED in favor of upstreamTrafficSettings.resilience.connectionPool.tcp.keepAlive.

false

TrafficSetting.spec.resilience.keepAlive.tcp.downstream

↩ Parent

TCP Keep Alive Settings associated with the downstream (client) connection.

NameTypeDescriptionRequired
idleTimeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
intervalinteger

The number of seconds between keep-alive probes.


Minimum: 0
Maximum: 4.294967295e+09

false
probesinteger

Minimum: 0
Maximum: 4.294967295e+09

false

TrafficSetting.spec.resilience.keepAlive.tcp.upstream

↩ Parent

This field is DEPRECATED in favor of upstreamTrafficSettings.resilience.connectionPool.tcp.keepAlive.

NameTypeDescriptionRequired
idleTimeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
intervalinteger

The number of seconds between keep-alive probes.


Minimum: 0
Maximum: 4.294967295e+09

false
probesinteger

Minimum: 0
Maximum: 4.294967295e+09

false

TrafficSetting.spec.upstreamTrafficSettings[index]

↩ Parent

NameTypeDescriptionRequired
hosts[]string

List of hosts for which the settings will be created.

false
settingsobject

A single setting to be applied to all the clients connecting to the upstream hosts.

false

TrafficSetting.spec.upstreamTrafficSettings[index].settings

↩ Parent

A single setting to be applied to all the clients connecting to the upstream hosts.

NameTypeDescriptionRequired
loadBalancerobject

Load balancing settings for the clients.

false
resilienceobject

Resilience settings for the clients.

false

TrafficSetting.spec.upstreamTrafficSettings[index].settings.loadBalancer

↩ Parent

Load balancing settings for the clients.

NameTypeDescriptionRequired
consistentHashobject

Use consistent hash load balancing which can provide soft session affinity.

false
simpleenum

Use standard load balancing algorithms that require no tuning.


Enum: UNSPECIFIED, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST

false

TrafficSetting.spec.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash

↩ Parent

Use consistent hash load balancing which can provide soft session affinity.

NameTypeDescriptionRequired
httpCookieobject

Hash based on HTTP cookie.

false
httpHeaderNamestring

Hash based on a specific HTTP header.

false
httpQueryParameterNamestring

Hash based on a specific HTTP query parameter.

false
maglevobject

The Maglev load balancer implements consistent hashing to backend hosts.

false
ringHashobject

The ring/modulo hash load balancer implements consistent hashing to backend hosts.

false
useSourceIpboolean

Hash based on the source IP address.

false

TrafficSetting.spec.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash.httpCookie

↩ Parent

Hash based on HTTP cookie.

NameTypeDescriptionRequired
namestring

Name of the cookie.

false
pathstring

Path to set for the cookie.

false
ttlstring

Lifetime of the cookie.

false

TrafficSetting.spec.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash.maglev

↩ Parent

The Maglev load balancer implements consistent hashing to backend hosts.

NameTypeDescriptionRequired
tableSizeinteger

The table size for Maglev hashing.


Minimum: 0
Maximum: 4.294967295e+09

false

TrafficSetting.spec.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash.ringHash

↩ Parent

The ring/modulo hash load balancer implements consistent hashing to backend hosts.

NameTypeDescriptionRequired
minimumRingSizeinteger

Minimum: 0
Maximum: 4.294967295e+09

false

TrafficSetting.spec.upstreamTrafficSettings[index].settings.resilience

↩ Parent

Resilience settings for the clients.

NameTypeDescriptionRequired
circuitBreakerSensitivityenum

Enum: UNSET, LOW, MEDIUM, HIGH

false
connectionPoolobject

Configures tolerance and other settings for TCP/HTTP connections to the service.

false

TrafficSetting.spec.upstreamTrafficSettings[index].settings.resilience.connectionPool

↩ Parent

Configures tolerance and other settings for TCP/HTTP connections to the service.

NameTypeDescriptionRequired
httpobject
false
tcpobject
false

TrafficSetting.spec.upstreamTrafficSettings[index].settings.resilience.connectionPool.http

↩ Parent

NameTypeDescriptionRequired
maxRequestsinteger

Maximum number of active requests to the service.


Minimum: 0
Maximum: 4.294967295e+09

false
maxRequestsPerConnectioninteger

Maximum number of requests per connection to the service.


Minimum: 0
Maximum: 4.294967295e+09

false
requestTimeoutstring

Timeout for HTTP requests.

false
retriesobject

Retry policy for HTTP requests.

false

TrafficSetting.spec.upstreamTrafficSettings[index].settings.resilience.connectionPool.http.retries

↩ Parent

Retry policy for HTTP requests.

NameTypeDescriptionRequired
attemptsinteger

Number of retries for a given request.


Format: int32

false
perTryTimeoutstring

Timeout per retry attempt for a given request.

false
retryOnstring

Specifies the conditions under which retry takes place.

false

TrafficSetting.spec.upstreamTrafficSettings[index].settings.resilience.connectionPool.tcp

↩ Parent

NameTypeDescriptionRequired
connectTimeoutstring

TCP connection timeout.

false
keepAliveobject

Keep Alive Settings.

false
maxConnectionsinteger

Maximum number of HTTP1 /TCP connections to the service.


Minimum: 0
Maximum: 4.294967295e+09

false

TrafficSetting.spec.upstreamTrafficSettings[index].settings.resilience.connectionPool.tcp.keepAlive

↩ Parent

Keep Alive Settings.

NameTypeDescriptionRequired
idleTimeinteger

Minimum: 0
Maximum: 4.294967295e+09

false
intervalinteger

The number of seconds between keep-alive probes.


Minimum: 0
Maximum: 4.294967295e+09

false
probesinteger

Minimum: 0
Maximum: 4.294967295e+09

false

ServiceRoute

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtraffic.tsb.tetrate.io/v2true
kindstringServiceRoutetrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject
false
statusobject
false

ServiceRoute.spec

↩ Parent

NameTypeDescriptionRequired
configGenerationMetadataobject

Metadata values that will be add into the Istio generated configurations.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
httpRoutes[]object
false
portLevelSettings[]object

In order to support multi-protocol routing, a list of all port/protocol combinations is needed.

false
servicestring

The service on which the configuration is being applied.

false
stickySessionobject
false
subsets[]object
false
tcpRoutes[]object

TCPRoutes match TCP traffic based on port number.

false

ServiceRoute.spec.configGenerationMetadata

↩ Parent

Metadata values that will be add into the Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

ServiceRoute.spec.httpRoutes[index]

↩ Parent

NameTypeDescriptionRequired
destination[]object

Destination host:port and subset where HTTP traffic should be directed.

false
faultobject

Fault injection policy to apply on HTTP traffic at the client side.

false
flaggerobject

FlaggerDestination will route traffic based on a Flagger Canary resource.

false
match[]object
false
mirrors[]object
false
namestring

Name of the route.

false

ServiceRoute.spec.httpRoutes[index].destination[index]

↩ Parent

NameTypeDescriptionRequired
destinationHoststring

Service host where traffic should be routed to.

false
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
subsetstring
false
weightinteger

Minimum: 0
Maximum: 4.294967295e+09

false

ServiceRoute.spec.httpRoutes[index].fault

↩ Parent

Fault injection policy to apply on HTTP traffic at the client side.

NameTypeDescriptionRequired
abortobject
false
delayobject
false

ServiceRoute.spec.httpRoutes[index].fault.abort

↩ Parent

NameTypeDescriptionRequired
grpcStatusstring

GRPC status code to use to abort the request.

false
httpStatusinteger

HTTP status code to use to abort the HTTP request.


Format: int32

false
percentagenumber

Percentage of requests to be aborted with the error code provided.


Format: double

false

ServiceRoute.spec.httpRoutes[index].fault.delay

↩ Parent

NameTypeDescriptionRequired
fixedDelaystring

Add a fixed delay before forwarding the request.

false
percentagenumber

Percentage of requests on which the delay will be injected.


Format: double

false

ServiceRoute.spec.httpRoutes[index].flagger

↩ Parent

FlaggerDestination will route traffic based on a Flagger Canary resource.

NameTypeDescriptionRequired
canarystring

Name of the Canary resource that will manage the deployment.

false
namespacestring

Namespace of the Canary resource that will manage the deployment.

false

ServiceRoute.spec.httpRoutes[index].match[index]

↩ Parent

NameTypeDescriptionRequired
headersmap[string]object
false
namestring
false
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
uriobject
false

ServiceRoute.spec.httpRoutes[index].match[index].headers[key]

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

ServiceRoute.spec.httpRoutes[index].match[index].uri

↩ Parent

NameTypeDescriptionRequired
exactstring

Exact string match.

false
prefixstring

Prefix-based match.

false
regexstring

ECMAscript style regex-based match.

false

ServiceRoute.spec.httpRoutes[index].mirrors[index]

↩ Parent

NameTypeDescriptionRequired
hoststring

The host where traffic should be routed to.

false
percentagenumber

Percentage of the traffic to be mirrored.


Format: double

false
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
subsetstring
false

ServiceRoute.spec.portLevelSettings[index]

↩ Parent

NameTypeDescriptionRequired
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
stickySessionobject
false
trafficTypeenum

Enum: HTTP, TCP, TLS_PASSTHROUGH

false

ServiceRoute.spec.portLevelSettings[index].stickySession

↩ Parent

NameTypeDescriptionRequired
cookieobject

Hash based on HTTP cookie.

false
headerstring

Hash based on a specific HTTP header.

false
useSourceIpboolean

Hash based on the source IP address.

false

ServiceRoute.spec.portLevelSettings[index].stickySession.cookie

↩ Parent

Hash based on HTTP cookie.

NameTypeDescriptionRequired
namestring

Name of the cookie.

false
pathstring

Path to set for the cookie.

false
ttlstring

Lifetime of the cookie.

false

ServiceRoute.spec.stickySession

↩ Parent

NameTypeDescriptionRequired
cookieobject

Hash based on HTTP cookie.

false
headerstring

Hash based on a specific HTTP header.

false
useSourceIpboolean

Hash based on the source IP address.

false

ServiceRoute.spec.stickySession.cookie

↩ Parent

Hash based on HTTP cookie.

NameTypeDescriptionRequired
namestring

Name of the cookie.

false
pathstring

Path to set for the cookie.

false
ttlstring

Lifetime of the cookie.

false

ServiceRoute.spec.subsets[index]

↩ Parent

NameTypeDescriptionRequired
labelsmap[string]string

Labels apply a filter over the endpoints of a service in the service registry.

false
namestring

Name used to refer to the subset.

false
portLevelSettings[]object
false
weightinteger

Percentage of traffic to be sent to this subset.


Minimum: 0
Maximum: 4.294967295e+09

false

ServiceRoute.spec.subsets[index].portLevelSettings[index]

↩ Parent

NameTypeDescriptionRequired
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
stickySessionobject
false
trafficTypeenum

Enum: HTTP, TCP, TLS_PASSTHROUGH

false

ServiceRoute.spec.subsets[index].portLevelSettings[index].stickySession

↩ Parent

NameTypeDescriptionRequired
cookieobject

Hash based on HTTP cookie.

false
headerstring

Hash based on a specific HTTP header.

false
useSourceIpboolean

Hash based on the source IP address.

false

ServiceRoute.spec.subsets[index].portLevelSettings[index].stickySession.cookie

↩ Parent

Hash based on HTTP cookie.

NameTypeDescriptionRequired
namestring

Name of the cookie.

false
pathstring

Path to set for the cookie.

false
ttlstring

Lifetime of the cookie.

false

ServiceRoute.spec.tcpRoutes[index]

↩ Parent

NameTypeDescriptionRequired
destination[]object
false
match[]object
false
namestring
false

ServiceRoute.spec.tcpRoutes[index].destination[index]

↩ Parent

NameTypeDescriptionRequired
destinationHoststring

Service host where traffic should be routed to.

false
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false
subsetstring
false
weightinteger

Minimum: 0
Maximum: 4.294967295e+09

false

ServiceRoute.spec.tcpRoutes[index].match[index]

↩ Parent

NameTypeDescriptionRequired
namestring
false
portinteger

Minimum: 0
Maximum: 4.294967295e+09

false

Group

↩ Parent

NameTypeDescriptionRequired
apiVersionstringtraffic.tsb.tetrate.io/v2true
kindstringGrouptrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the metadata field.true
specobject
false
statusobject
false

Group.spec

↩ Parent

NameTypeDescriptionRequired
configGenerationMetadataobject

Default metadata values that will be propagated to the children Istio generated configurations.

false
configModeenum

Enum: BRIDGED, DIRECT

false
deletionProtectionEnabledboolean

When set, prevents the resource from being deleted.

false
descriptionstring

A description of the resource.

false
displayNamestring

User friendly name for the resource.

false
etagstring

The etag for the resource.

false
fqnstring

Fully-qualified name of the resource.

false
namespaceSelectorobject

Set of namespaces owned exclusively by this group.

false

Group.spec.configGenerationMetadata

↩ Parent

Default metadata values that will be propagated to the children Istio generated configurations.

NameTypeDescriptionRequired
annotationsmap[string]string

Set of key value paris that will be added into the metadata.annotations field of the Istio generated configurations.

false
labelsmap[string]string

Set of key value paris that will be added into the metadata.labels field of the Istio generated configurations.

false

Group.spec.namespaceSelector

↩ Parent

Set of namespaces owned exclusively by this group.

NameTypeDescriptionRequired
names[]string
false