Control Plane
ControlPlane resource exposes a set of configurations necessary to automatically install the Service Bridge control plane on a cluster. The installation API is an override API so any unset fields that aren't required will use sensible defaults.
Prior to creating the ControlPlane resource, a cluster needs to be created in the management plane. Control plane install scripts would create the following secrets in the Kubernetes namespace the control plane is deployed into. Make sure they exist:
- tsbd-jwt-token
- oap-token
- zipkin-token
- otel-token
If your Elasticsearch backend requires authentication, ensure you create the following secret:
- elastic-credentials
A minimal resource must have the container registry hub, telemetryStore, and managementPlane fields set.
apiVersion: install.tetrate.io/v1alpha1
kind: ControlPlane
metadata:
name: controlplane
namespace: istio-system
spec:
hub: docker.io/tetrate
telemetryStore:
elastic:
host: elastic
port: 5678
managementPlane:
host: tsb.tetrate.io
port: 8443
clusterName: cluster
tenant: default
To configure infrastructure specific settings such as resource limits in Kubernetes, set the relevant field in a component. Remember that the installation API is an override API so if these fields are unset the operator will use sensible defaults. Only a subset of Kubernetes configuration is available and only for individual components.
apiVersion: install.tetrate.io/v1alpha1
kind: ControlPlane
metadata:
name: controlplane
namespace: istio-system
spec:
hub: docker.io/tetrate
telemetryStore:
elastic:
host: elastic
port: 5678
managementPlane:
host: tsb.tetrate.io
port: 8443
clusterName: cluster
tenant: default
components:
collector:
kubeSpec:
resources:
limits:
memory: 500Mi
requests:
memory: 750Mi
ControlPlaneComponentSet
The set of components that make up the control plane. Use this to override application settings or Kubernetes settings for each individual component.
Field | Description | Validation Rule |
collector | tetrateio.api.install.controlplane.v1alpha1.OpenTelemetryCollector | – |
oap | – | |
zipkin | – | |
xcp | – | |
istio | – | |
rateLimitServer | – |
ControlPlaneSpec
ControlPlaneSpec defines the desired installed state of control plane components. Specifying a minimal ControlPlaneSpec with hub, clusterName, and managementPlane set will create an installation with sensible defaults.
Field | Description | Validation Rule |
hub | string | string = { |
components | tetrateio.api.install.controlplane.v1alpha1.ControlPlaneComponentSet | – |
managementPlane | tetrateio.api.install.controlplane.v1alpha1.ManagementPlaneSettings | message = { |
meshExpansion | tetrateio.api.install.controlplane.v1alpha1.MeshExpansionSettings | – |
telemetryStore | tetrateio.api.install.controlplane.v1alpha1.ControlPlaneSpec.TelemetryStore | message = { |
tier1Cluster | bool | – |
TelemetryStore
Configure the store that TSB will use to persist application telemetry data.
Select one of the TelemetryStore
settings to see complete examples.
Field | Description | Validation Rule |
elastic | tetrateio.api.install.controlplane.v1alpha1.ElasticSearchSettings | – |
ElasticSearchSettings
Configure an Elasticsearch connection.
apiVersion: install.tetrate.io/v1alpha1
kind: ControlPlane
metadata:
name: controlplane
namespace: istio-system
spec:
telemetryStore:
elastic:
host: elastic
port: 5678
protocol: https
selfSigned: true
version: 7
Field | Description | Validation Rule |
host | string | string = { |
port | int32 | int32 = { |
protocol | tetrateio.api.install.controlplane.v1alpha1.ElasticSearchSettings.Protocol | – |
selfSigned | bool | – |
version | int32 | int32 = { |
Protocol
The list of supported protocols to communicate with Elasticsearch.
Name | Number | Description |
https | 0 | |
http | 1 |
Istio
Mesh and Kubernetes settings for Istio.
Field | Description | Validation Rule |
kubeSpec | tetrateio.api.install.kubernetes.KubernetesIstioComponentSpec | – |
traceSamplingRate | double | – |
defaultWorkloadCertTTL | google.protobuf.Duration | – |
maxWorkloadCertTTL | google.protobuf.Duration | – |
ManagementPlaneSettings
Configure the management plane connection.
apiVersion: install.tetrate.io/v1alpha1
kind: ControlPlane
metadata:
name: controlplane
namespace: istio-system
spec:
managementPlane:
host: tsb.tetrate.io
port: 8443
clusterName: cluster
Field | Description | Validation Rule |
host | string | string = { |
port | int32 | int32 = { |
clusterName | string | string = { |
MeshExpansionSettings
Configure mesh expansion to connect workloads external to Kubernetes to the mesh.
To enable mesh expansion set it to an empty object:
apiVersion: install.tetrate.io/v1alpha1
kind: ControlPlane
metadata:
name: controlplane
namespace: istio-system
spec:
meshExpansion: {}
If external workloads are unable to communicate with the default mesh expansion gateway via external IPs or hostnames, then you must specify the gateway that enables them to do so. This custom gateway must be configured to forward this communcation to the VM gateway service:
apiVersion: install.tetrate.io/v1alpha1
kind: ControlPlane
metadata:
name: controlplane
namespace: istio-system
spec:
meshExpansion:
customGateway:
host: customgateway.tetrate.io
port: 15443
Field | Description | Validation Rule |
customGateway | tetrateio.api.install.controlplane.v1alpha1.MeshExpansionSettings.Gateway | – |
Gateway
A custom mesh expansion gateway. This is required when the workload can't access the default gateway directly via the external IP or hostname.
Field | Description | Validation Rule |
host | string | string = { |
port | int32 | int32 = { |
Oap
Kubernetes settings for the OAP (SkyWalking) component.
Field | Description | Validation Rule |
kubeSpec | tetrateio.api.install.kubernetes.KubernetesComponentSpec | – |
OpenTelemetryCollector
Kubernetes settings for the OpenTelemetryCollector component.
Field | Description | Validation Rule |
kubeSpec | tetrateio.api.install.kubernetes.KubernetesComponentSpec | – |
RateLimitServer
Configuration settings for the RateLimit Server
Field | Description | Validation Rule |
backend | tetrateio.api.install.controlplane.v1alpha1.RateLimitServer.Backend | message = { |
kubeSpec | tetrateio.api.install.kubernetes.KubernetesComponentSpec | – |
Backend
External Backend Database types. This points to the backend used by the ratelimit server as a key/value store.
Field | Description | Validation Rule |
redis | tetrateio.api.install.controlplane.v1alpha1.RateLimitServer.Backend.RedisSettings | – |
RedisSettings
Configuration for the External Redis Backend Database
Field | Description | Validation Rule |
uri | string | string = { |
XCP
Kubernetes settings for the XCP component.
Field | Description | Validation Rule |
kubeSpec | tetrateio.api.install.kubernetes.KubernetesComponentSpec | – |
Zipkin
Kubernetes settings for the Zipkin component.
Field | Description | Validation Rule |
kubeSpec | tetrateio.api.install.kubernetes.KubernetesComponentSpec | – |