Skip to main content
Version: 1.6.x

Tetrate Service Bridge 1.6

Tetrate Service Bridge (TSB) is an application connectivity platform. It provides enterprises with a consistent, unified way to connect and secure services across multiple Kubernetes clusters, as well as virtual machines and bare-metal workloads.

The 1.6 release furthers TSB's capabilities of availability, security, and visibility, bringing remote clusters closer together for easier management and scale:

Who benefits from the 1.6 release?

Platform Operators can more effectively manage large, multi-cluster platforms. They can deliver rich availability, security and visibility capabilities to their platform users in a seamless, self-service manner. They can manage highly heterogeneous environments, across clouds, clusters, platforms (Kubernetes, OpenShift) and Istio versions and boundaries.

Service Owners can improve the availability of the services they create and rely on, across clusters and clouds, without needing to arrange for external gateway access such as DNS, certificates, and edge security rules. Their application teams can efficiently troubleshoot performance issues without requiring high-privilege admin access to the production clusters.

Security Teams can apply concise and specific security policies to manage access control within their ZTA architecture, confident that the policies they declare will be accurately applied in the face of unexpected autoscaling and failover scenarios.

Platform Operators, Service Owners and Security Teams can extend the proxies (gateways and sidecars) capabilities with custom function, for example to add security validation or custom business logic. Extending data plane function is seamless with support for WASM extensions.

What are the new capabilities in the 1.6 release?

Easy cross-cluster high-availability for any service

Use the new EastWestGateway capability to improve availability by making any service highly-available. EastWestGateway enables failover between different clusters without the need to expose the service though external gateways. This eliminates complexity and avoids extending your attack surface.

  • Maximize service availability for any service, reducing downtime and facilitating routine maintenance.
  • Completely transparent to each service - no application modifications means no additional development complexity.
  • Lightweight - enabled by a simple configuration update, with no DNS or infrastructure changes.
  • Highly secure - all cross-cluster traffic is mTLS and no services are exposed.

Quickly locate and investigate under performing services

Enable App Developers to troubleshoot and identify performance issues with production services, examine traces and zoom in on slow requests and errors. Tetrate Service Bridge's tctl collect exports runtime data for offline analysis, and Application Developers use tctl troubleshoot and do not require direct access to TSB APIs or management interface.

  • Reduced MTTF (mean time to fix) means better application performance and availability.
  • Identify performance issues more quickly, and collaborate easily with application developers (the experts in their apps) to investigate and remediate the performance issue.
  • Self-service empowers teams to investigate and interpret data themselves.

Use the Red Hat OpenShift Ecosystem

Deploy Tetrate Service Bridge 1.6 with confidence on Red Hat OpenShift, with a certified and compliant software distribution available through the Red Hat Ecosystem Catalog.

  • Gain observability, security, and traffic management for workloads in multi-cluster OpenShift environment.
  • Benefit from easy-to-implement and easy-to-manage security to create and operate a Zero Trust Architecture (ZTA) platform.
  • Span OpenShift, Kubernetes, on premise, and cloud, and extend to physical and virtual-machine workloads, thus eliminating lock-in and accelerating integration.

Extend your application capabilities with WASM extensions

With the 1.6 release, Platform Operators, Service Owners and Security Teams can easily augment their applications by taking advantage of a rich ecosystem of WASM-based extensions or build their own custom extensions.

  • Accelerate innovation and the speed of application development by providing services as reusable, easy-to-consume, platform-independent extensions.
  • Reduce compliance, security, and development costs.
  • Enforce global application policies automatically, at gateways or on selected service instances.
  • Extend or modify functionality of application without making application changes.

Rich, scalable access control policies that enforce security across clusters

Deploy straightforward security policies for accurate and consistent access control rules for local, remote and failover services, and propagate service identity securely between clusters.

  • Define security policies in the terms and concepts that make sense to your organization, not in low-level terms that align with infrastructure implementation.
  • Be confident that your ZTA security policies are applied accurately and consistently, and across tenants and clusters.
  • Avoid unintentionally opening attack paths when configuring failover infrastructure.

Segmentation with Istio Isolation Boundaries and Multi-Istio and Canary Deployments with Istio Revisions

Support complex, heterogeneous service mesh environments, with isolation boundaries for compliance-sensitive applications and multiple Istio versions for canary and legacy applications.

  • Strong network isolation provides strict and easy-to-demonstrate security by default in highly regulated environments.
  • Run different Istio versions within a cluster, to support legacy and modern applications on the same cluster.
  • Use Canary Releases for flexibility as you test and deploy TSB upgrades.

Tetrate Web Application Firewall (WAF) - Technical Preview

Get an advance look at forthcoming technology in Tetrate Service Mesh. Tetrate Web Application Firewall will provide advanced L7 protection for all services, from all directions of attack.

Traditional WAF solutions operate at the edge of a network operate on the assumption that a bad actor is external to your internal infrastructure. Tetrate WAF runs within an application, protecting individual services in a very granular way. With Tetrate WAF, you can enhance your zero trust posture by protecting from internal and external attackers alike.

  • Understand and instrument traffic patterns, identifying anomalies within an application that may be indicative of compromise, attack, or just unexpected behavior.
  • Actively block known bad attacks using the industry-standard OWASP Core Rule Set (CRS) detection rules to neutralize attempts to spread laterally and compromise internal services.
  • Tetrate WAF is lightweight, easy to deploy and manage, and fully compatible with CI/CD and GitOps practices.

Additional Improvements

Refer to TSB 1.6 Release Notes for complete list of additional improvements in TSB 1.6

Get Started with Tetrate Service Bridge

To get started with Tetrate Service Bridge:

Don't hesitate to reach out to your Tetrate support contact if you have any questions.

Feature Status

Status of included features.

TSB Support Policy

TSB support policy, release schedule, and component version matrix.