As an all-inclusive application connectivity platform, Tetrate Service Bridge (TSB) offers businesses a streamlined approach to securely connecting services across a variety of Kubernetes clusters, along with virtual machines and bare-metal workloads.
With the advent of the 1.7 release, TSB expands its capabilities in terms of security, availability, and observability. This fosters an environment where remote clusters are tightly interwoven, simplifying administration and promoting scalable operations:
New Features and Improvements
Unified Gateway: TSB now offers a unified gateway configuration that can be used to configure both Tier-1 (cluster routing) and Tier-2 (service routing) configurations in a single Gateway resource. This enhances Tier-1 gateway with the Ingress gateway features and simplifies the overall configuration.
L7 to L3/L4 Network Policy Recommendations: TSB now offers L7 to L3/L4 Kubernetes network policy recommendations, allowing you to easily configure network policies for your services using TSB configuration. This feature can be enabled on each control plane cluster, and the recommended kubernetes network policies are stored inside a configmap in the control plane cluster.
Deletion Protection: We've added an extra layer of security with deletion protection for Organizations, Tenants, Workspaces, and Groups, thereby reducing the risk of accidental data loss.
WASM now GA: WASM (WebAssembly) support now enters its GA phase, allowing you to use WASM plugins for gateways and services proxies. We improve WASM experience in TSB by:
EastWest failover is now GA: TSB EastWest failover feature has now entered its GA phase. This marks another step towards providing enhanced availability and resiliency.
Isolation Boundaries is now Beta: Isolation Boundaries feature has now entered its beta phase. This marks another step towards providing strong network isolation by running multiple Istio installations in a single Kubernetes cluster and ability to perform seamless TSB control plane upgrade.
Improved Identity propagation: We improved identity propagation with ability by automatically mount required plugins to proxies and gateways that runs in Kubernetes instead of asking users to manually configure them. This improves the overall user experience and reduces the risk of misconfiguration.
Improved WAF support: We have updated TSB WAF plugins to the latest version and ability to automatically mount required WAF plugins to proxies and gateways that runs in Kubernetes.
Labels and Annotations propagation for TSB managed Istio resources: We have added support propagating custom labels and annotations from Organization, Tenant, Workspace, Config Groups and TSB configurations to generated Istio resources. This allows you to easily identify the resources created by TSB.
Automated Certificate Issuance: Tetrate Service Bridge (TSB) now can automatically manage both TLS certificates for TSB and Istio intermediate CA certificates for your application clusters, easing certificate management processes.
AUTO mode for internal certificate provider: TSB will check if a pre-existing cert-manager installation is found in the cluster and only install and manage cert-manager if it is not found. The pre-installed cert-manager should support signing requests raised through Kubernetes CSR.
TCP Keep-Alive Support: We have introduced TCP keep-alive support in TSB front-envoy and ingress gateways. This feature helps in maintaining persistent connections and enhancing overall network performance.
Health Check for VM workloads: The system now supports health checks during workload onboarding, ensuring smooth and error-free system integration.
Multiple UI improvements: We have made several UI improvements to enhance user experience, including:
- Discovered Region in Cluster UI: The UI now automatically displays the discovered region, eliminating the need for users to set the region manually. This enhancement simplifies user interactions with the system.
- Cluster read permission is not required for dashboard and service: TSB UI now works without cluster read permission, allowing better permission control by platform admin. Note that registry reader is still required to get services that user has access to. In some controls, UI gracefully downgrade the experience when cluster read permission is not granted.
- Simplified new cluster onboarding: We have simplified the new cluster onboarding flow by using Helm based instruction and ability to download control plane helm values.
Refer to TSB 1.7 Release Notes for complete list of additional improvements in TSB 1.7
Get Started with Tetrate Service Bridge
To get started with Tetrate Service Bridge:
- Review the Initial Requirements and identify the target platform
- Determine if you wish to:
- follow a quick demo installation
- perform a more-involved production-ready installation (Management Plane, Cluster Onboarding)
- apply an upgrade to an existing Tetrate Service Bridge deployment
Don't hesitate to reach out to your Tetrate support contact if you have any questions.
📄️ Release Notes
📄️ Feature Status
Status of included features.
📄️ TSB Support Policy
TSB support policy, release schedule, and component version matrix.