Skip to main content
logoTetrate Service ExpressVersion: Latest

Workspace

The differences between TSB and TSE API

Tetrate Service Express (TSE) utilizes many of the same components as the Tetrate Service Bridge(TSB) product but has the several distinctions. Go to Comparing TSE and TSB for more details.

A Workspace carves a chunk of the cluster resources owned by a tenant into an isolated configuration domain.

The following example claims ns1 and ns2 namespaces across all clusters owned by the tenant mycompany.

apiVersion: api.tsb.tetrate.io/v2
kind: Workspace
metadata:
  name: w1
  tenant: tse
  organization: tse
spec:
  namespaceSelector:
    names:
    - "*/ns1"
    - "*/ns2"

The following example claims ns1 namespace only from the c1 cluster and claims all namespaces from the c2 cluster.

apiVersion: api.tsb.tetrate.io/v2
kind: Workspace
metadata:
  name: w1
  tenant: tse
  organization: tse
spec:
  namespaceSelector:
    names:
    - "c1/ns1"
    - "c2/*"

Custom labels and annotations can be propagated to the final Istio translation that will be applied at the clusters. This could help with third-party integrations or to set custom identifier. The following example configures the annotation my.org.environment to be applied to all final Istio translations generated under this Workspace, for example Gateways or Virtual Services.

apiVersion: api.tsb.tetrate.io/v2
kind: Workspace
metadata:
  name: w1
  tenant: tse
  organization: tse
  annotations:
    my.org.environment: dev
spec:
  namespaceSelector:
    names:
    - "*/ns1"

Workspace

A Workspace is a collection of related namespaces in one or more clusters.

FieldDescriptionValidation Rule

namespaceSelector

tetrateio.api.tsb.types.v2.NamespaceSelector
REQUIRED
Set of namespaces owned exclusively by this workspace. A workspace can own all namespaces of a cluster or a set of namespaces across any cluster or a set of namespaces in a specific cluster. Use */* to claim all cluster resources under the tenant.

message = {
  required: true
}

privileged

google.protobuf.BoolValue
If set to true, allows Gateways in the workspace to route to services in other workspaces. Set this to true for workspaces owning cluster-wide gateways shared by multiple teams.

deletionProtectionEnabled

bool
When set, prevents the resource from being deleted. In order to delete the resource this property needs to be set to false first.

configGenerationMetadata

tetrateio.api.tsb.types.v2.ConfigGenerationMetadata
Default metadata values that will be propagated to the children Istio generated configurations. When using YAML APIs liketctl or gitops, put them into the metadata.labels or metadata.annotations instead. This field is only necessary when using gRPC APIs directly.