Tetrate Service BridgeVersion: 1.13.x

Install Gateway Template

Configurations to manage the gateways deployment templates and the auto-lifecycle of the install gateways affected by the template.

ClusterSelector

A template selector based on Cluster details.

Field	Description	Validation Rule
name	string ^{oneof _selector} Matches the name of the cluster.	–
labelsSelector	tetrateio.api.tsb.gateway.v2.LabelsSelector ^{oneof _selector} Matches the minimum required set of labels defined in the cluster metadata.	–
namespaceSelector	List of tetrateio.api.tsb.gateway.v2.NamespaceSelector Selector to target namespaces in the matching cluster. When empty, any Cluster namespace is matched.	–

EnvironmentSelector

A template selector based on environment details, such as the cloud provider (e.g GKE, EKS, AKS...)

Field	Description	Validation Rule
provider	string REQUIRED The provider name to match against the Cluster State provider field (case-insensitive match).	string = { min_len: `1` }

GatewaySpec

GatewaySpec contains the desired state of the Gateway.

Field	Description	Validation Rule
connectionDrainDuration	google.protobuf.Duration The amount of time the gateway will wait on shutdown for connections to complete before terminating the gateway. During this drain period, no new connections can be created but existing ones are allowed to complete.	–
revision	string Specifies the Istio revision to reconcile with. If specified, the TSB Control Plane operator will reconcile this gateway only if the operator's revision matches the revision. The TSB Data Plane operator, which runs only when the TSB Control Plane operator has not configured a revision, will ignore the revision and will reconcile the gateway as usual. Internally, the revision specifies which Istio Control Plane configures the Gateway deployment. See https://istio.io/latest/docs/setup/upgrade/canary.	–
type	tetrateio.api.tsb.gateway.v2.GatewaySpec.Type Type defines the type of gateway deployment created as part of this gateway install object. Possible values are UNIFIED, INGRESS, EGRESS and EASTWEST.	enum = { defined_only: `true` }
concurrency	int32 ^{oneof __concurrency} Number of Envoy worker threads to run. By default, it will be set automatically based on the gateway's CPU resource limits. Set to `-1` to use the legacy behavior of all cores on the machine.	–
kubeSpec	tetrateio.api.install.kubernetes.KubernetesComponentSpec Configure Kubernetes specific settings.	–

InstallGatewayTemplate

Alpha early access

The install gateway template feature is in an early access alpha state. Before trying this in a non production environment, please reach out to Tetrate first.

An InstallGatewayTemplate defines a configuration template for installing gateways in TSB. It allows specifying gateway configurations that will be applied to gateways created in a defined part of the infrastructure determined by selectors that match attributes such as provider, labels, or cluster names. The following example creates an InstallGatewayTemplate named eks-template under the tetrate organization. It enforces the use of a specific annotation for all gateways created in EKS clusters.

apiVersion: gateway.tsb.tetrate.io/v2
kind: InstallGatewayTemplate
metadata:
  name: aws-template
  organization: tetrate
spec:
  displayName: "AWS template"
  description: "Template for AWS EKS gateways"
  environmentSelector:
    provider: "EKS"
  gatewaySpec:
    kubeSpec:
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-type: 'external'

Another example creates an InstallGatewayTemplate named mem-template under the tetrate organization. By using a cluster selector, it is scoped to clusters labelled with managed-by: a-team. Furthermore, the scope is narrowed down thanks to the gateway workload selector to only the gateways with the label memory: high-limits that are part of the beforementioned clusters. The template enforces memory limits for the selected gateways.

apiVersion: gateway.tsb.tetrate.io/v2
kind: InstallGatewayTemplate
metadata:
  name: mem-template
  organization: tetrate
spec:
  displayName: "memory template"
  description: "Template for setting memory limits for some specific labelled gateways"
  clusterSelector:
    labelsSelector:
      labels:
        managed-by: "a-team"
  gatewayWorkloadSelector:
    labelsSelector:
      labels:
        memory: "high-limits"
  gatewaySpec:
    kubeSpec:
      deployment:
        resources:
          limits:
            memory: 2Gi

Field	Description	Validation Rule
deletionProtectionEnabled	bool When set, prevents the resource from being deleted. In order to delete the resource this property needs to be set to `false` first.	–
priority	int32 Indicates when a template must be chosen in case of multiple selectors of the same type matching a single gateway configuration. Defaults to 0, the highest priority. When two templates have the same priority, they are sorted alphabetically by their names. Templates with different selector types will be resolved in the following order, regardless of the priority value: environment selectors cluster selectors with no namespace selectors cluster selectors with namespace selector matching labels cluster selectors with namespace selector matching name specific InstallGateway TSB resources	int32 = { gte: `0` }
environmentSelector	tetrateio.api.tsb.gateway.v2.EnvironmentSelector ^{oneof _selector} Selects the gateways targeting the clusters based on environment details, such as the provider.	–
clusterSelector	tetrateio.api.tsb.gateway.v2.ClusterSelector ^{oneof _selector} Selects the gateways targeting the clusters based on cluster specific details (e.g. cluster name or labels).	–
allClustersSelector	bool ^{oneof _selector} Selects all the onboarded clusters on TSB.	bool = { const: `true` }
gatewayWorkloadSelector	tetrateio.api.tsb.gateway.v2.WorkloadSelector Matches the workload selector defined by a Gateway configuration. Optional.	–
gatewaySpec	tetrateio.api.tsb.gateway.v2.GatewaySpec REQUIRED The gateway spec to apply to the created gateway.	–

LabelsSelector

A template selector based on label matching.

Field	Description	Validation Rule
labels	map<string, string>	map = { keys: `{string:{min_len:1}}` }

NamespaceSelector

A template selector based on Cluster namespaces.

Field	Description	Validation Rule
name	string ^{oneof _selector} The namespace name.	–
labelsSelector	tetrateio.api.tsb.gateway.v2.LabelsSelector ^{oneof _selector} The minimum required namespace labels.	–

WorkloadSelector

A template selector for Gateway workloads.

Field	Description	Validation Rule
labelsSelector	tetrateio.api.tsb.gateway.v2.LabelsSelector REQUIRED The minimum required workload selector labels.	–

Type

Type defines the functionalities supported by the Gateway install. Each type configures gateway workloads for a particular use case. If not set, UNIFIED is set as default.

Field	Number	Description
UNIFIED	0	UNIFIED represents the gateway type supporting all functionalities: INGRESS, EGRESS, and EASTWEST. Gateway workloads are configured with default ports 80 (HTTP), 443 (HTTPS), and 15443 (ISTIO_mTLS). The gateway is configured with a LoadBalancer type service by default.
INGRESS	1	INGRESS represents the gateway type configured for Ingress use cases. Gateway workloads are configured with default ports 80 (HTTP), 443 (HTTPS), and 15443 (ISTIO_mTLS). The gateway is configured with a LoadBalancer type service by default.
EGRESS	2	EGRESS represents the gateway type configured for Egress use cases. Gateway workloads are configured with the default ports 80 (HTTP), 443 (HTTPS), and 15443 (ISTIO_mTLS). The gateway is configured with a ClusterIP type service by default.
EASTWEST	3	EASTWEST represents the gateway type configured for East-West use cases. Gateway workloads are configured with the default port 15443 (ISTIO_mTLS). The gateway is configured with a LoadBalancer type service by default.

ClusterSelector​

EnvironmentSelector​

GatewaySpec​

InstallGatewayTemplate​

LabelsSelector​

NamespaceSelector​

WorkloadSelector​

Type​