Tenant Setting

Tenant Setting allows configuring default settings for the tenant.

Traffic and Security settings can be defined as default for a tenant, meaning that they will be applied to all the workspaces of the tenant. These defaults settings can be overridden by creating proper WorkspaceSetting, TrafficSetting or SecuritySetting into the desired workspace or group.

apiVersion: api.tsb.tetrate.io/v2
kind: TenantSetting
metadata:
  name: tenant-settings
  organization: myorg
  tenant: mytenant
spec:
  defaultTrafficSetting:
    reachability:
      mode: WORKSPACE
    egress: 
      host: bookinfo-perimeter/tsb-egress
  defaultSecuritySetting:
    authenticationSettings:
      trafficMode: REQUIRED
    authorization:
      mode: GROUP

TenantSetting

Default settings that apply to all workspaces under a tenant.

Field Description Validation Rule

Field	Description	Validation Rule
defaultSecuritySetting	tetrateio.api.tsb.security.v2.SecuritySetting Security settings for all proxy workloads in this tenant. This can be overridden at WorkspaceSettings or security group’s SecuritySetting for specific cases. The override strategy used will be driven by the SecuritySetting propagation strategy. The default propagation strategy is `REPLACE`, in which a lower level SecuritySetting in the configuration hierarchy replaces a higher level SecuritySetting defined in the configuration hierarchy. For instance, a WorkspaceSettings defined SecuritySetting will replace any tenant or organization defined SecuritySetting. Proxy workloads without a specific security group will inherit these settings. If omitted, the following semantics apply: Sidecars will accept connections from clients using Istio Mutual TLS as well as legacy clients using plaintext (i.e. any traffic not using Istio Mutual TLS authentication), i.e. authentication mode defaults to `OPTIONAL`. No authorization will be performed, i.e., authorization mode defaults to `DISABLED`.	–
defaultTrafficSetting	tetrateio.api.tsb.traffic.v2.TrafficSetting Traffic settings for all proxy workloads in this tenant. This can be overridden at WorkspaceSetting or TrafficSetting for specific cases. Proxy workloads without a specific traffic group will inherit these settings. If omitted, the following semantics apply: Sidecars will be able to reach any service in the cluster, i.e. reachability mode defaults to `CLUSTER`. Traffic to unknown destinations will be directly routed from the sidecar to the destination.	–

defaultSecuritySetting

tetrateio.api.tsb.security.v2.SecuritySetting
Security settings for all proxy workloads in this tenant. This can be overridden at WorkspaceSettings or security group’s SecuritySetting for specific cases. The override strategy used will be driven by the SecuritySetting propagation strategy. The default propagation strategy is REPLACE, in which a lower level SecuritySetting in the configuration hierarchy replaces a higher level SecuritySetting defined in the configuration hierarchy. For instance, a WorkspaceSettings defined SecuritySetting will replace any tenant or organization defined SecuritySetting. Proxy workloads without a specific security group will inherit these settings. If omitted, the following semantics apply:

Sidecars will accept connections from clients using Istio Mutual TLS as well as legacy clients using plaintext (i.e. any traffic not using Istio Mutual TLS authentication), i.e. authentication mode defaults to OPTIONAL.
No authorization will be performed, i.e., authorization mode defaults to DISABLED.

–

defaultTrafficSetting

tetrateio.api.tsb.traffic.v2.TrafficSetting
Traffic settings for all proxy workloads in this tenant. This can be overridden at WorkspaceSetting or TrafficSetting for specific cases. Proxy workloads without a specific traffic group will inherit these settings. If omitted, the following semantics apply:

Sidecars will be able to reach any service in the cluster, i.e. reachability mode defaults to CLUSTER.
Traffic to unknown destinations will be directly routed from the sidecar to the destination.

–

TSB

最近更新于 2023-09-19