Tetrate Service Express Management Plane configuration
The Tetrate Service Express (TSE) Management Plane is comprised of a set of containers, running in the tse namespace in the Management Cluster.
Configuration is defined by a custom resource of type ManagementPlane, named managementplane:
kubectl get managementplane -n tse -o yaml
You can edit the Management Plane configuration as follows:
kubectl edit managementplane managementplane -n tse
Any changes are detected by the tsb-operator-management-plane operator and are applied.
Management Plane configuration
The Management Plane settings are documented in the TSE Reference Guide. You can modify the behaviour of the various components that make up the Management Plane, configuring features such as external authentication against an identity provider, or alternative data stores for configuration or telemetry.
Please refer to Tetrate support before changing any of these settings.
Example Configuration change
The Management Plane is served through a frontEnvoy proxy service. The kubeSpec stanza declares Kubernetes-specific settings, and the front-end load balancer settings are found within.
You may wish to reconfigure the front-end load balancer to only accept internally-sourced traffic. This is a common configuration for organizations who deploy an internal proxy (e.g. a jumpbox) to access internal services. You can edit the front-end load balancer settings by modifying this stanza:
If you make this change and re-apply the ManagementPlane resource, the tsb-operator-management-plane operator will then update the frontEnvoy component's configuration, reconfiguring the envoy service with the desired annotations. The AWS load balancer controller will then update the load balancing configuration for that service.
Note: To open the frontEnvoy to external traffic, you can set the
aws-load-balancer-scheme to the value
Other load balancer configuration, such as
aws-load-balancer-name can also be added.
When you save this change, the TSE operator will redeploy the front-envoy component with the new load-balancing configuration. This can take several minutes to take effect.
After this change, you need to wait several minutes for it to take effect, and then re-configure tctl.