Tetrate Service ExpressVersion: LatestRelease Notes for Tetrate Service Express
TSE Version 1.8.0
21 December 2023: TSE 1.8.0 is a feature release of Tetrate Service Express
TSE 1.8.0 is based on Tetrate Service Bridge 1.8.0, and inherits the relevant changes from this release.
| Supported Platforms | Kubernetes 1.25 - 1.28 |
| Istio Version | TSE includes Istio 1.19 |
| Base Software | Tetrate Service Bridge 1.8.0 (GA release) |
Major New Features
AWS VPC Lattice Support
AWS VPC Lattice is a connectivity solution from AWS that creates a unified service network that spans VPCs across one or more AWS Accounts, within a single region. TSE 1.8.0 bridges this region-local service network with the global TSE-based mesh network:
- TSE 1.8.0 can expose EKS-based services to AWS VPC Lattice, so that Lattice-based clients can consume them as if they were local
- TSE 1.8.0 can import Lattice-based services into the TSE mesh, so that clients anywhere on the mesh can consume these services as if they were local
This capability is tagged as experimental in the TSE 1.8.0 release. For more information, please refer to the AWS VPC Lattice Integration Guide.
Product and Behavior Changes
- The Route 53 Controller in TSE 1.7 has been renamed to AWS Controller, as it now provides the Lattice integration in addition to Route 53 integration. This has no effect on deployment or configuration
- Resource naming rules have been tightened; resources created in 1.8.0 must follow the rules for DNS names in RFC 1123.
Upgrade
Upgrades to TSE Version 1.8.0 are supported from TSE 1.7.x, following the Upgrade Instructions.
TSE Version 1.7.3
21 December 2023: TSE 1.7.3 is a patch release that fixes CVEs in TSE's dependencies.
TSE 1.7.3 is a patch release that fixes CVEs in TSE's dependencies.
| Supported Platforms | Kubernetes 1.23 - 1.27 |
| Istio Version | TSE includes Istio 1.17 |
| Base Software | Tetrate Service Bridge 1.7.3 (GA release) |
TSE Version 1.7.2
26 October 2023: TSE 1.7.2 is a patch release that fixes CVEs in TSE's dependencies.
TSE 1.7.2 is a patch release that fixes CVEs in TSE's dependencies. Of particular note, CVE-2023-44487 has been fixed in Envoy, Istio and core TSE components.
| Supported Platforms | Kubernetes 1.23 - 1.27 |
| Istio Version | TSE includes Istio 1.17 |
| Base Software | Tetrate Service Bridge 1.7.2 (GA release) |
Upgrade
Upgrades to TSE Version 1.7.2 are supported from TSE 1.7.x, following the Upgrade Instructions.
TSE Version 1.7.1
21 September 2023: TSE 1.7.1 is a feature release of Tetrate Service Express, based on the Tetrate Service Bridge 1.7.0 release
| Supported Platforms | Kubernetes 1.23 - 1.27 |
| Istio Version | TSE includes Istio 1.17 |
| Base Software | Tetrate Service Bridge 1.7.0 (GA release) |
Major New Features
- The new Gateway resource for configuring Edge and Ingress resources replaces the deprecated Tier1Gateway and IngressGateway resources. TSE users should transition to this API resource
For other changes, refer to the Tetrate Service Bridge 1.7.0 release notes.
Upgrade
Upgrades to TSE Version 1.7.1 are supported from TSE 1.7.0, following the Upgrade Instructions.
TSE Version 1.7.0
3 August 2023: TSE 1.7.0 is the first production-ready, GA release of Tetrate Service Express
| Supported Platforms | Kubernetes 1.23 - 1.26 |
| Istio Version | TSE includes Istio 1.17 |
| Base Software | Tetrate Service Bridge 1.7.0 (private release) |
Major New Features
TSE is built on the proven Tetrate Service Bridge (TSB) product, and provides a streamlined user experience for deployments on Amazon EKS.
With TSE, you benefit from:
- A simple helm-based installation process, optimized for EKS
- Managed database components; Postgres for Management-Plane configuration and ElasticSearch for metrics and trace information
- A managed certificate authority, included in TSE but pluggable if an external CA must be used
- Simplified user roles and user management
In addition, TSE provides a more integrated user experience on AWS, with:
- Optional delivery through AWS Marketplace
- Automated provisioning of DNS entries for exposed services using AWS Route 53
- Integration with AWS Load Balancer Controller
- Optional metrics visualization through Amazon Managed Grafana
- Optional integration with AWS Private Certificate Authority
Compared to TSB, TSE uses:
- Opinionated Configuration Choices such as automatic generation of certificates and passwords, to drive faster deployments
- GitOps-enabled-by-default, reducing the time to create a GitOps-driven configuration flow
- A simplified (in places) User Interface with a Getting Started workflow to offer an optimized process to onboard clusters and applications
TSE does not support the most sophisticated TSB capabilities, such as:
- The multi-user RBAC (based on Next Generation Access Control) is not available in TSE. TSE provides a single 'TSE' admin user with a Platform Operations role.
- The ability to configure the Organization and to create multiple Tenants is not available in TSE. Where the TSB documentation refers to user-defined orgs and tenants, TSE supports a single tse org and tse tenant.
- Certain advanced features such as Isolation Boundaries, Security Domains and Web Application Firewall are not described in the TSE documentation, and are not supported in the TSE product