Common Configuration Objects
Tetrate Service Express (TSE) utilizes many of the same components as the Tetrate Service Bridge(TSB) product but has the several distinctions. Go to Comparing TSE and TSB for more details.
Common configuration objects shared by the different install APIs.
CertManagerSettings
CertManagerSettings represents the settings used for the cert-manager installation. TSE supports installing and managing the lifecycle of the cert-manager installation.
Field | Description | Validation Rule |
---|---|---|
managed | tetrateio.api.install.common.CertManagerSettings.Managed | – |
certManagerSpec | tetrateio.api.install.common.CertManagerSettings.CertManagerSpec | – |
certManagerWebhookSpec | tetrateio.api.install.common.CertManagerSettings.CertManagerWebhookSpec | – |
certManagerCaInjector | tetrateio.api.install.common.CertManagerSettings.CertManagerCAInjector | – |
certManagerStartupapicheck | tetrateio.api.install.common.CertManagerSettings.CertManagerStartupAPICheck | – |
CertManagerCAInjector
CertManagerCAInjector represents the settings used for cert-manager CAInjector installation in the clusters.
Field | Description | Validation Rule |
---|---|---|
kubeSpec | tetrateio.api.install.kubernetes.KubernetesComponentSpec | – |
CertManagerSpec
CertManagerSpec represents the settings used for cert-manager controller installation in the clusters.
Field | Description | Validation Rule |
---|---|---|
kubeSpec | tetrateio.api.install.kubernetes.KubernetesComponentSpec | – |
CertManagerStartupAPICheck
CertManagerStartupAPICheck represents the settings used for cert-manager startup API check job installation in the clusters. DEPRECATED. StartupAPICheck is disabled.
Field | Description | Validation Rule |
---|---|---|
kubeSpec | tetrateio.api.install.kubernetes.KubernetesJobComponentSpec | – |
CertManagerWebhookSpec
CertManagerWebhookSpec represents the settings used for cert-manager Webhook installation in the clusters.
Field | Description | Validation Rule |
---|---|---|
kubeSpec | tetrateio.api.install.kubernetes.KubernetesComponentSpec | – |
ConfigProtection
ConfigProtection contains settings for enabling/disabling config protection over XCP created resources. Config protections are disabled by default. Example:
configProtection:
enableAuthorizedUpdateDeleteOnXcpConfigs: true
enableAuthorizedCreateUpdateDeleteOnXcpConfigs: true
authorizedUsers:
- user1
- system:serviceaccount:ns1:serviceaccount-1
Field | Description | Validation Rule |
---|---|---|
enableAuthorizedUpdateDeleteOnXcpConfigs | bool | – |
enableAuthorizedCreateUpdateDeleteOnXcpConfigs | bool | – |
authorizedUsers | List of string | – |
CustomCertProviderSettings
CustomCertProviderSettings represents the settings used for the custom certificate provider. Users can configure the CSR signer required for certificate signing and point to the CA bundle to be used to validate the certificates.
Field | Description | Validation Rule |
---|---|---|
csrSignerName | string | string = { |
caBundleSecretName | string | string = { |
GitOps
The GitOps component configures the features that allow integrating the Management Plane and/or the Control Plane cluster with Continuous Deployment pipelines.
Field | Description | Validation Rule |
---|---|---|
enabled | bool | – |
reconcileInterval | google.protobuf.Duration | – |
batchWindow | google.protobuf.Duration | – |
managementplaneRequestTimeout | google.protobuf.Duration | – |
reconcileRequestTimeout | google.protobuf.Duration | – |
webhookTimeout | google.protobuf.Duration | – |
InternalCertProvider
InternalCertProvider describes the certificate provider configuration for TSE internal purposes like kubernetes webhook certificate. TSE supports cert-manager out of the box.
Field | Description | Validation Rule |
---|---|---|
certManager | tetrateio.api.install.common.CertManagerSettings oneof _internal_cert_provider | – |
custom | tetrateio.api.install.common.CustomCertProviderSettings oneof _internal_cert_provider | – |
MeshObservabilitySettings
Configure mesh observability. The following examples enable the analysis and generation of RED metrics for each endpoint of your registered services.
Notice that both, ManagementPlane and ControlPlane, need to be aligned with this configuration.
apiVersion: install.tetrate.io/v1alpha1
kind: ManagementPlane
metadata:
name: managementplane
spec:
meshObservability:
settings:
apiEndpointMetricsEnabled: true
apiVersion: install.tetrate.io/v1alpha1
kind: ControlPlane
metadata:
name: controlplane
namespace: istio-system
spec:
meshObservability:
settings:
apiEndpointMetricsEnabled: true
Field | Description | Validation Rule |
---|---|---|
apiEndpointMetricsEnabled | bool | – |
Managed
If INTERNAL, TSB will install and manage cert-manager. In case a pre-existing installation is found, the operator will not install cert-manager and fail. If EXTERNAL, TSB would rely on a pre installed cert-manager for use. Pre installed cert-manager should support signing requests raised through Kubernetes CSR
Field | Number | Description |
---|---|---|
AUTO | 0 | TSB will check if a pre-existing cert-manager installation is found in the cluster and only install and manage cert-manager if it is not found. The pre-installed cert-manager should support signing requests raised through Kubernetes CSR |
EXTERNAL | 1 | EXTERNAL represents that TSB will rely on a pre installed cert-manager for use. Pre installed cert-manager should support signing requests raised through Kubernetes CSR |
INTERNAL | 2 | INTERNAL represents that TSB will install and manage cert-manager in the cluster. In case a pre-existing installation is found, the operator will not install cert-manager and fail. |