Tetrate Service BridgeVersion: 1.11.x

Service Traffic Setting

ServiceTrafficSetting allows configuring traffic related properties such as resiliency, reachability, load balancing and egress proxy for a particular service in a traffic group. These settings will merge and overwrite the traffic group wide settings.

The following example creates a traffic group for the proxy workloads in ns1, ns2 and ns3 namespaces owned by its parent workspace w1 under tenant mycompany. It then defines a service traffic setting for the workloads selected by service foo.ns1.svc.cluster.local. This setting limits the workloads of foo.ns1.svc.cluster.local to only discover services in in ns1, ns2, ns3 and db namespace. It also configures that outbound traffic to a service or IP which is not a part of the mesh should be forwarded through through egress gateway deployed in istio-system namespace.

apiVersion: traffic.tsb.tetrate.io/v2
kind: Group
metadata:
  name: t1
  workspace: w1
  tenant: mycompany
  organization: myorg
spec:
  namespaceSelectors:
  - name: "*/ns1"
  - name: "*/ns2"
  - name: "*/ns3"
  configMode: BRIDGED

And the associated service traffic settings:

```yaml
apiVersion: traffic.tsb.tetrate.io/v2
kind: ServiceTrafficSetting
metadata:
  name: defaults
  group: t1
  workspace: w1
  tenant: mycompany
  organization: myorg
spec:
  service: ns1/foo.ns1.svc.cluster.local
  settings:
    outbound:
      reachability:
        mode: CUSTOM
        hosts:
        - "ns1/*"
        - "ns2/*"
        - "ns3/*"
        - "db/*"
      upstreamTrafficSettings:
      - hosts:
        - "*"
        settings:
          resilience:
            circuitBreakerSensitivity: MEDIUM
      egress:
        host: istio-system/istio-egressgateway

The following service traffic setting confines the reachability of the service foo.ns1.svc.cluster.local sidecar proxies in the traffic group t1 to other namespaces inside the group. The resilience and egress gateway settings will be inherited from the workspace wide traffic setting.

apiVersion: traffic.tsb.tetrate.io/v2
kind: ServiceTrafficSetting
metadata:
  name: defaults
  group: t1
  workspace: w1
  tenant: mycompany
  organization: myorg
spec:
  service: ns1/foo.ns1.svc.cluster.local
  settings:
    outbound:
      reachability:
        mode: GROUP

ServiceTrafficSetting

A service traffic setting applies configuration to a service in a traffic group. Unset fields will inherit values from the workspace-wide setting if any.

Field Description Validation Rule

Field	Description	Validation Rule
service	string REQUIRED The service on which the configuration is being applied. Must be in namespace/FQDN format. Only one service traffic setting can be given per service. Any conflicting configuration created later will be rejected by TSB.	string = { pattern: `^[^/]+/[^/]+$` }
settings	tetrateio.api.tsb.traffic.v2.TrafficSetting REQUIRED Traffic settings to apply to this service.	message = { required: `true` }
configGenerationMetadata	tetrateio.api.tsb.types.v2.ConfigGenerationMetadata Metadata values that will be add into the mesh-generated configurations. When using YAML APIs like `tctl` or `gitops`, put them into the `metadata.labels` or `metadata.annotations` instead. This field is only necessary when using gRPC APIs directly.	–

service

string
REQUIRED
The service on which the configuration is being applied. Must be in namespace/FQDN format.

Only one service traffic setting can be given per service. Any conflicting configuration created later will be rejected by TSB.

string = {
pattern: ^[^/]+/[^/]+$
}

settings

tetrateio.api.tsb.traffic.v2.TrafficSetting
REQUIRED
Traffic settings to apply to this service.

message = {
required: true
}

configGenerationMetadata

tetrateio.api.tsb.types.v2.ConfigGenerationMetadata
Metadata values that will be add into the mesh-generated configurations. When using YAML APIs like tctl or gitops, put them into the metadata.labels or metadata.annotations instead. This field is only necessary when using gRPC APIs directly.

–

ServiceTrafficSetting​

ServiceTrafficSetting