Skip to main content

Tetrate Service Bridge API (1.11.x)

Download OpenAPI specification:Download

Tetrate Service Bridge API.

OAuth

OIDC

Callback endpoint for OAuth2 Authorization Code grant flows as part of the OIDC spec.

query Parameters
code
string

OAuth2 Authorization Code. When present this indicates the user authorized the request. TSB will use this code to acquire a token from the OIDC token endpoint and complete the login flow.

error
string

OAuth2 Error Code. When present this indicates that either the authorization request has an error, the OIDC provider encountered an error or the user failed to log in. When set TSB will display information to the user indicating what went wrong.

Standard error codes can be found found here. https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#AuthError

state
required
string

The state parameter sent to the OIDC provider on the authorization request.

errorDescription
string

Optional error description sent by the OIDC provider when an error occurs.

errorUri
string

Optional error URI of a web page that includes additional information about the error.

Responses

Response samples

Content type
application/json
{ }

Login endpoint to start an OIDC Authentication flow.

query Parameters
redirectUri
string

URl where the user will be redirected when the authentication flow completes.

Responses

Response samples

Content type
application/json
{ }

SidecarConfigurationService

SidecarInfoService

OnboardingAuthorizationService

OnboardingPlaneDiscoveryService

WorkloadRegistrationService

AgentSessionService

Applications

List all existing applications for the given tenant.

path Parameters
organization
required
string

Organization name.

tenant
required
string

Tenant name.

Responses

Response samples

Content type
application/json
{
  • "applications": [
    ]
}

Creates a new Application in TSB.

path Parameters
organization
required
string

Organization name.

tenant
required
string

Tenant name.

Request Body schema: application/json
required
required
object (v2Application)

An Application represents a set of logical groupings of services that are related to each other and expose a set of APIs that implement a complete set of business logic.

name
required
string

The short name for the resource to be created.

Responses

Request samples

Content type
application/json
{
  • "application": {
    },
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "fqn": "string",
  • "displayName": "string",
  • "etag": "string",
  • "description": "string",
  • "workspace": "string",
  • "namespaceSelector": {
    },
  • "gatewayGroup": "string",
  • "services": [
    ],
  • "configResources": [
    ]
}

Get the details of an existing application.

path Parameters
organization
required
string

Organization name.

tenant
required
string

Tenant name.

application
required
string

Application name.

Responses

Response samples

Content type
application/json
{
  • "fqn": "string",
  • "displayName": "string",
  • "etag": "string",
  • "description": "string",
  • "workspace": "string",
  • "namespaceSelector": {
    },
  • "gatewayGroup": "string",
  • "services": [
    ],
  • "configResources": [
    ]
}

Modify an existing application.

path Parameters
organization
required
string

Organization name.

tenant
required
string

Tenant name.

application
required
string

Application name.

Request Body schema: application/json
required
description
string (A description of the resource. $hide_from_yaml)
displayName
string (User friendly name for the resource. $hide_from_yaml)
etag
string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
gatewayGroup
string

Optional FQN of the Gateway Group to be used by the application. If configured, this gateway group will be used by the application. If no namespaces are configured and no existing gateway group is set, a new gateway group claiming all namespaces in the workspace (*/*) will be created by default. All Ingress Gateway resources created for the APIs attached to the application will be created in the application's gateway group.

object (`NamespaceSelector` selects a set of namespaces across one or more clusters in a tenant. Namespace selectors can be used at Workspace level to carve out a chunk of resources under a tenant into an isolated configuration domain. They can be used in a Traffic, Security, or a Gateway group to further scope the set of namespaces that will belong to a specific configuration group. Names in namespaces selector must be in the form `cluster/namespace` where: - cluster must be a cluster name or an `*` to mean all clusters - namespace must be a namespace name, an `*` to mean all namespaces or a prefix like `ns-*` to mean all those namespaces starting by `ns-`)
services
Array of strings

Optional list of services that are part of the application. This is a list of FQNs of services in the service registry. If omitted, the application is assumed to own all the services in the workspace. Note that a service can only be part of one application. If any of the services in the list is already in use by an existing application, application creation/modification will fail. If the list of services is not explicitly set and any service in the workspace is already in use by another application, application creation/modification will fail.

workspace
required
string

FQN of the workspace this application is part of. The application will configure IngressGateways for the attached APIs in the different namespaces exposed by this workspace.

Responses

Request samples

Content type
application/json
{
  • "description": "string",
  • "displayName": "string",
  • "etag": "string",
  • "gatewayGroup": "string",
  • "namespaceSelector": {
    },
  • "services": [
    ],
  • "workspace": "string"
}

Response samples

Content type
application/json
{
  • "fqn": "string",
  • "displayName": "string",
  • "etag": "string",
  • "description": "string",
  • "workspace": "string",
  • "namespaceSelector": {
    },
  • "gatewayGroup": "string",
  • "services": [
    ],
  • "configResources": [
    ]
}

Delete an existing Application. Note that deleting resources in TSB is a recursive operation. Deleting a application will delete all API objects that exist in it.

path Parameters
organization
required
string

Organization name.

tenant
required
string

Tenant name.

application
required
string

Application name.

query Parameters
forceDeleteProtectedGroups
boolean

Force the deletion of internal groups even if they are protected against deletion.

Responses

Response samples

Content type
application/json
{ }

List all APIs attached to the given application.

path Parameters
organization
required
string

Organization name.

tenant
required
string

Tenant name.

application
required
string

Application name.

Responses

Response samples

Content type
application/json
{
  • "apis": [
    ]
}

Attach a new API to the given application.

path Parameters
organization
required
string

Organization name.

tenant
required
string

Tenant name.

application
required
string

Application name.

Request Body schema: application/json
required
required
object (tsbapplicationv2API)

An API configuring a set of servers and endpoints that expose the Application business logic.

name
required
string

The short name for the resource to be created.

Responses

Request samples

Content type
application/json
{
  • "api": {
    },
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "fqn": "string",
  • "displayName": "string",
  • "etag": "string",
  • "description": "string",
  • "openapi": "string",
  • "workloadSelector": {
    },
  • "servers": [
    ],
  • "endpoints": [
    ],
  • "configResources": [
    ],
  • "httpServers": [
    ]
}

Get the details of an API.

path Parameters
organization
required
string

Organization name.

tenant
required
string

Tenant name.

application
required
string

Application name.

api
required
string

Api name.

Responses

Response samples

Content type
application/json
{
  • "fqn": "string",
  • "displayName": "string",
  • "etag": "string",
  • "description": "string",
  • "openapi": "string",
  • "workloadSelector": {
    },
  • "servers": [
    ],
  • "endpoints": [
    ],
  • "configResources": [
    ],
  • "httpServers": [
    ]
}

Delete an existing API.

path Parameters
organization
required
string

Organization name.

tenant
required
string

Tenant name.

application
required
string

Application name.

api
required
string

Api name.

Responses

Response samples

Content type
application/json
{ }

DashboardService

Return the list of available dashboards, alongside their descriptions. Dashboards are identified by their names, which can be used to download them.

Responses

Response samples

Content type
application/json
{
  • "dashboards": [
    ]
}

Download a Grafana dashboard in JSON format by providing the dashboard's name. The downloaded dashboard is intended to be uploaded to a Grafana instance. Platform operators can use each dashboard to monitor specific components of the TSB platform.

path Parameters
name
required
string

The name of the dashboard to download.

Responses

Response samples

Content type
application/json
{
  • "contentType": "string",
  • "data": "string",
  • "extensions": [
    ]
}

ProxyDiagnosticService

Return the cluster stats of an Istio Proxy

path Parameters
organization
required
string

Organization name.

cluster
required
string

Cluster name.

Request Body schema: application/json
required
cluster
required
string

Fully-qualified name of the cluster the workload belongs to.

outputFormat
string (GetClusterStatsRequestClusterStatsFormat)
Default: "JSON"
Enum: "JSON" "TEXT"

Format of the cluster stats of an Istio Proxy.

  • JSON: JSON format.
  • TEXT: Text format.
required
object (tsbdiagnosticv2Workload)

Name and namespace of a workload.

Responses

Request samples

Content type
application/json
{
  • "cluster": "string",
  • "outputFormat": "JSON",
  • "workload": {
    }
}

Response samples

Content type
application/json
{
  • "output": "string",
  • "outputFormat": "JSON"
}

Return a config dump from a workload (Istio Proxy)

path Parameters
organization
required
string

Organization name.

cluster
required
string

Cluster name.

Request Body schema: application/json
required
object (v2GetConfigDumpRequestAll)

Dump all configuration.

bootstrap
object (GetConfigDumpRequestBootstrap)

Dump bootstrap configuration.

cluster
required
string

Fully-qualified name of the cluster the workload belongs to.

clusters
object (GetConfigDumpRequestClusters)

Dump cluster configuration.

ecds
object (GetConfigDumpRequestEcds)

Dump typed extension configuration.

endpoints
object (v2GetConfigDumpRequestEndpoints)

Dump endpoint configuration.

listeners
object (GetConfigDumpRequestListeners)

Dump listener configuration.

routes
object (GetConfigDumpRequestRoutes)

Dump route configuration.

secrets
object (v2GetConfigDumpRequestSecrets)

Dump secret configuration.

required
object (tsbdiagnosticv2Workload)

Name and namespace of a workload.

Responses

Request samples

Content type
application/json
{
  • "all": {
    },
  • "bootstrap": { },
  • "cluster": "string",
  • "clusters": { },
  • "ecds": { },
  • "endpoints": { },
  • "listeners": { },
  • "routes": { },
  • "secrets": { },
  • "workload": {
    }
}

Response samples

Content type
application/json
{
  • "output": "string"
}

Set the log levels of a workload

path Parameters
organization
required
string

Organization name.

cluster
required
string

Cluster name.

Request Body schema: application/json
required
object (SetLoggerLevelsRequestAllLoggers)

Desired level for all loggers.

cluster
required
string

Fully-qualified name of the cluster the workload belongs to.

object (SetLoggerLevelsRequestGivenLoggers)

Desired levels for given loggers. Available log levels are: trace, debug, info, warning/warn, error, critical, off. Examples: {"config": "trace", "grpc": "debug", "http": "debug", "http2": "debug"} See https://www.envoyproxy.io/docs/envoy/latest/operations/admin#post--logging for more details about loggers' naming.

required
object (tsbdiagnosticv2Workload)

Name and namespace of a workload.

Responses

Request samples

Content type
application/json
{
  • "allLoggers": {
    },
  • "cluster": "string",
  • "givenLoggers": {
    },
  • "workload": {
    }
}

Response samples

Content type
application/json
{
  • "supportedLevels": [
    ],
  • "loggerLevels": {
    }
}

Return the logger levels of a workload

path Parameters
organization
required
string

Organization name.

cluster
required
string

Cluster name.

Request Body schema: application/json
required
cluster
required
string

Fully-qualified name of the cluster the workload belongs to.

required
object (tsbdiagnosticv2Workload)

Name and namespace of a workload.

Responses

Request samples

Content type
application/json
{
  • "cluster": "string",
  • "workload": {
    }
}

Response samples

Content type
application/json
{
  • "supportedLevels": [
    ],
  • "loggerLevels": {
    }
}

Return the server stats of an Istio Proxy

path Parameters
organization
required
string

Organization name.

cluster
required
string

Cluster name.

Request Body schema: application/json
required
cluster
required
string

Fully-qualified name of the cluster the workload belongs to.

outputFormat
string (GetServerStatsRequestServerStatsFormat)
Default: "JSON"
Enum: "JSON" "TEXT" "PROMETHEUS"

Format of the server stats of an Istio Proxy.

  • JSON: JSON format.
  • TEXT: Text format.
  • PROMETHEUS: Prometheus format.
required
object (tsbdiagnosticv2Workload)

Name and namespace of a workload.

Responses

Request samples

Content type
application/json
{
  • "cluster": "string",
  • "outputFormat": "JSON",
  • "workload": {
    }
}

Response samples

Content type
application/json
{
  • "output": "string",
  • "outputFormat": "JSON"
}

Return a stream of logs (the output of the `kubectl logs` command) of an Istio Proxy.

path Parameters
organization
required
string

Organization name.

cluster
required
string

Cluster name.

Request Body schema: application/json
required
cluster
required
string

Fully-qualified name of the cluster to execute the diagnostic task in.

follow
boolean

Follow the log stream of the pod. Defaults to false.

previous
boolean

Return logs of the previous terminated container instead of the logs of the current container. Defaults to false.

sinceSeconds
string <int64>

A relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned.

required
object (tsbdiagnosticv2Workload)

Name and namespace of a workload.

Responses

Request samples

Content type
application/json
{
  • "cluster": "string",
  • "follow": true,
  • "previous": true,
  • "sinceSeconds": "string",
  • "workload": {
    }
}

Response samples

Content type
application/json
{
  • "error": {
    },
  • "result": {
    }
}

Return the workload names under a given FQN resource and cluster.

path Parameters
organization
required
string

Organization name.

cluster
required
string

Cluster name.

Request Body schema: application/json
required
cluster
required
string

Fully-qualified name of the cluster the workload belongs to.

object (ListWorkloadsRequestFilter)

Workloads filter.

pageSize
integer <int32>

Optional. The maximum number of Workloads to return. The service may return fewer than this value. Rely on the next_page_token response field to determine if there are more workloads to be retrieved. If unspecified, at most 50 Workloads will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.

pageToken
string

Optional. A page token, received from a previous ListWorkloadsRequest call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to ListWorkloadsRequest must match the call that provided the page token.

Responses

Request samples

Content type
application/json
{
  • "cluster": "string",
  • "filter": {
    },
  • "pageSize": 0,
  • "pageToken": "string"
}

Response samples

Content type
application/json
{
  • "workloads": [
    ],
  • "nextPageToken": "string",
  • "totalSize": 0
}

Return the cluster stats of an Istio Proxy

path Parameters
organization
required
string

Organization name.

tenant
required
string

Tenant name.

workspace
required
string

Workspace name.

gatewaygroup
required
string

Gatewaygroup name.

Request Body schema: application/json
required
cluster
required
string

Fully-qualified name of the cluster the workload belongs to.

outputFormat
string (GetClusterStatsRequestClusterStatsFormat)
Default: "JSON"
Enum: "JSON" "TEXT"

Format of the cluster stats of an Istio Proxy.

  • JSON: JSON format.
  • TEXT: Text format.
required
object (tsbdiagnosticv2Workload)

Name and namespace of a workload.

Responses

Request samples

Content type
application/json
{
  • "cluster": "string",
  • "outputFormat": "JSON",
  • "workload": {
    }
}

Response samples

Content type
application/json
{
  • "output": "string",
  • "outputFormat": "JSON"
}

Return a config dump from a workload (Istio Proxy)

path Parameters
organization
required
string

Organization name.

tenant
required
string

Tenant name.

workspace
required
string

Workspace name.

gatewaygroup
required
string

Gatewaygroup name.

Request Body schema: application/json
required
object (v2GetConfigDumpRequestAll)

Dump all configuration.

bootstrap
object (GetConfigDumpRequestBootstrap)

Dump bootstrap configuration.

cluster
required
string

Fully-qualified name of the cluster the workload belongs to.

clusters
object (GetConfigDumpRequestClusters)

Dump cluster configuration.

ecds
object (GetConfigDumpRequestEcds)

Dump typed extension configuration.

endpoints
object (v2GetConfigDumpRequestEndpoints)

Dump endpoint configuration.

listeners
object (GetConfigDumpRequestListeners)

Dump listener configuration.

routes
object (GetConfigDumpRequestRoutes)

Dump route configuration.

secrets
object (v2GetConfigDumpRequestSecrets)

Dump secret configuration.

required
object (tsbdiagnosticv2Workload)

Name and namespace of a workload.

Responses

Request samples

Content type
application/json
{
  • "all": {
    },
  • "bootstrap": { },
  • "cluster": "string",
  • "clusters": { },
  • "ecds": { },
  • "endpoints": { },
  • "listeners": { },
  • "routes": { },
  • "secrets": { },
  • "workload": {
    }
}

Response samples

Content type
application/json
{
  • "output": "string"
}

Set the log levels of a workload

path Parameters
organization
required
string

Organization name.

tenant
required
string

Tenant name.

workspace
required
string

Workspace name.

gatewaygroup
required
string

Gatewaygroup name.

Request Body schema: application/json
required
object (SetLoggerLevelsRequestAllLoggers)

Desired level for all loggers.

cluster
required
string

Fully-qualified name of the cluster the workload belongs to.

object (SetLoggerLevelsRequestGivenLoggers)

Desired levels for given loggers. Available log levels are: trace, debug, info, warning/warn, error, critical, off. Examples: {"config": "trace", "grpc": "debug", "http": "debug", "http2": "debug"} See https://www.envoyproxy.io/docs/envoy/latest/operations/admin#post--logging for more details about loggers' naming.

required
object (tsbdiagnosticv2Workload)

Name and namespace of a workload.

Responses

Request samples

Content type
application/json
{
  • "allLoggers": {
    },
  • "cluster": "string",
  • "givenLoggers": {
    },
  • "workload": {
    }
}

Response samples

Content type
application/json
{
  • "supportedLevels": [
    ],
  • "loggerLevels": {
    }
}

Return the logger levels of a workload

path Parameters
organization
required
string

Organization name.

tenant
required
string

Tenant name.

workspace
required
string

Workspace name.

gatewaygroup
required
string

Gatewaygroup name.

Request Body schema: application/json
required
cluster
required
string

Fully-qualified name of the cluster the workload belongs to.

required
object (tsbdiagnosticv2Workload)

Name and namespace of a workload.

Responses

Request samples

Content type
application/json
{
  • "cluster": "string",
  • "workload": {
    }
}

Response samples

Content type
application/json
{
  • "supportedLevels": [
    ],
  • "loggerLevels": {
    }
}

Return the server stats of an Istio Proxy

path Parameters
organization
required
string

Organization name.

tenant
required
string

Tenant name.

workspace
required
string

Workspace name.

gatewaygroup
required
string

Gatewaygroup name.

Request Body schema: application/json
required
cluster
required
string

Fully-qualified name of the cluster the workload belongs to.

outputFormat
string (GetServerStatsRequestServerStatsFormat)
Default: "JSON"
Enum: "JSON" "TEXT" "PROMETHEUS"

Format of the server stats of an Istio Proxy.

  • JSON: JSON format.
  • TEXT: Text format.
  • PROMETHEUS: Prometheus format.
required
object (tsbdiagnosticv2Workload)

Name and namespace of a workload.

Responses

Request samples