TIBCO Rendezvous API Reference for Kubernetes
Rendezvous
Field | Description |
---|---|
apiVersion (string) | tibco.com/v1 |
kind (string) | Rendezvous |
metadata (ObjectMeta) | For information about metadata, see Kubernetes API documentation. |
spec (RendezvousSpec) | Defines the desired state of a Rendezvous deployment in Kubernetes. |
RendezvousSpec
Defines the desired state of a Rendezvous deployment in Kubernetes.
Field | Description |
---|---|
imageName (string) | Required. The container image name used by all the pods of this custom resource. |
serviceAccountName (string) | Required. A Kubernetes service account name. |
volumeClaimName (string) | The name of the PersistentVolumeClaim used for Rendezvous daemon logs and store files. By default daemon data is not persisted. |
defaultTlsSecretName (string) |
The default Kubernetes TLS secret used by all components of the custom resource. If empty, a secret with the suffix trns-default-tls is created by the operator and used. To rotate secrets without restarting, change the secret data not the secret name. Affected components detect the change and apply the new secret data dynamically. |
networkServices (NetworkService array) | A list of NetworkService objects. |
gatewayServices (GatewayService array) | A list of GatewayService objects |
monitorServices (MonitorService array) | A list of MonitorService objects. Currently only one object is supported. |
securitySettings (SecuritySettings) | A SecuritySettings object. |
SecuritySettings
Resource-wide security settings.
Field | Description |
---|---|
securityLevel (integer) |
A value between 0 and 4 indicates the minimum strength required by cryptographic primitives like ciphers and hashes. 0 indicates anything is permitted. Values 1 through 4 correspond to 80, 112, 128, and 192 bits of security respectively. The default is 2. Any certificates that do not meet the requirements of the security level are rejected and may cause affected services to fail. Increasing the security level on an existing Rendezvous resource may require TLS secrets in use by the resource be updated if they do not meet the new security level requirements. Failure to upgrade weak TLS secrets may result in service failures. |
networkSecuritySettings |
A NetworkSettings object. Used as the default value for NetworkServices that do not define their own NetworkSecuritySettings. |
NetworkService
Defines the desired state of a single NetworkService.
Field | Description |
---|---|
name (string) | Required. The unique name of the NetworkService. Must be a legal DNS name, between 1 and 27 characters long. |
service (integer) |
A NetworkService only accepts client connections presenting this service specification. Use ignoreClientService to allow any client to connect to the NetworkService. Default: 7500 |
ignoreClientService (boolean) |
When true, the NetworkService ignores the service specification presented by the Rendezvous client and uses service instead. Default: false |
replicas (integer) | The initial number of replicas when the NetworkService starts. The actual number of replicas depend on external factors such as autoscaling. Default: 1 |
clientPort (integer) |
The port for Rendezvous client connections. Default: 7500 |
httpPort (integer) |
The port for HTTP connections. Default: 7580 |
resources (ResourceRequirements) | A Kubernetes ResourceRequirements object describing the compute resource requirements for this NetworkService. |
autoscaler (HPA) | A Kubernetes Horizontal Pod Autoscaler (HPA) object. |
securitySettings (NetworkSecuritySettings) | A NetworkSecuritySettings object. Overrides the SecuritySettings of the RendezvousSpec. |
HPA
Horizontal Pod Autoscaler settings.
Field | Description |
---|---|
minReplicas (integer) |
The lower limit for the number of replicas to which the autoscaler can scale down. Default: 1 |
maxReplicas (integer) |
The upper limit for the number of replicas to which the autoscaler can scale up. It cannot be less than minReplicas. Default: 1 |
metrics (MetricSpec array) | An array of MetricSpec objects. The default is 80% average CPU utilization. |
behavior (HorizontalPodAutoscalerBehavior) | A HorizontalPodAutoscalerBehavior object. If not set, the default HPAScalingRules for scale up and scale down are used. |
NetworkSecuritySettings
The security settings of an individual NetworkService.
Field | Description |
---|---|
requireTls (boolean) |
Clients must use the Rendezvous Secure Daemon API to connect to this NetworkService. GatewayServices in the same custom resource automatically uses TLS for neighbor connections to this NetworkService. Default: false |
authenticationSecretName (string) |
Ignored if requireTls is false. The name of a basic authentication Kubernetes secret. Clients must supply this username and password using the Rendezvous Secure Daemon API in order to connect to the NetworkService. If not defined, the username and password supplied by the client are ignored which is the TLS without authentication. |
GatewayService
Defines the desired state of a single GatewayService.
Field | Description |
---|---|
name (string) | Required. The unique name of the GatewayService. Must be a legal DNS name, between 1 and 27 characters long. |
httpPort (integer) |
The port for HTTP connections. Default: 7580 |
neighbors (Neighbor array) | A list of Neighbor objects. |
borderPolicies (BorderPolicy array) | A list of BorderPolicy objects. |
routerTlsSecretName (string) | Overrides the defaultTlsSecretName for routing using this GatewayService. To rotate secrets without restarting, change the secret data not the secret name. Affected components detect the change and apply the new secret data dynamically. |
resources (ResourceRequirements) | A Kubernetes ResourceRequirements object describing the compute resource requirements for this GatewayService. |
Neighbor
Defines a GatewayService neighbor connection to an on-premises Rendezvous router, a NetworkService or another GatewayService.
Field | Description |
---|---|
name (string) | Required. The name of the remote Rendezvous router, NetworkService, or GatewayService. |
remoteHost (string) | The hostname of the neighbor. Must be a legal DNS name between 3 and 63 characters long. If the neighbor is a NetworkService, use the hostname of the 0th replica. For example, network1-0.network1. |
remotePort (integer) |
The remote TCP port. Ignored if the passive field is true. Default: 7501 |
localPort (integer) |
The local TCP port for accepting neighbor connections. Neighbors can use the same localPort as long as they are either all TLS or all non-TLS. Default: 7501 |
cost (integer) | The routing cost of the neighbor connection. Default: 1 |
compressed (boolean) | Enable compression. If peerTlsSecretName is set then this value is ignored and compression is enabled. Default: false |
peerTlsSecretName (string) | Enable TLS. The name of a Kubernetes TLS secret containing a certificate for remote neighbor verification. |
passive (boolean) |
Create a passive neighbor. Passive neighbors do not initiate connections. Default: false |
BorderPolicy
Defines a message forwarding policy between two neighbors.
Field | Description |
---|---|
from (string) | Required. The ingress neighbor. The name must be present in the Neighbors object list. |
to (string) | Required. The egress neighbor. The name must be present in the Neighbors object list. |
subjects (BorderSubject array) | Required. A list of BorderSubject objects. Only messages whose subject matches a BorderSubject will be forwarded. |
BorderSubject
Defines a subject that will be forwarded by a GatewayService.
Field | Description |
---|---|
name (string) | Required. A valid Rendezvous subject less than 197 characters long. |
MonitorService
Defines the desired state of the MonitorService.
Field | Description |
---|---|
name (string) | Required. The unique name of the monitor service. Must be a legal DNS name, between 1 and 27 characters long. |
httpPort (integer) |
The HTTP port to access the REST API and Prometheus endpoints. Default: 7580 |
logLevel (string) |
The value is in the format Default: json:info |
interval (integer) | Resource polling interval in seconds. Default: 30 seconds |
influx (InfluxClientSettings) | An InfluxClientSettings object. InfluxDB support is disabled by default. |
resources (ResourceRequirements) | A Kubernetes ResourceRequirements object describing the compute resource requirements for this MonitorService. |
InfluxClientSettings
Defines the connection to an InfluxDB server.
Field | Description |
---|---|
url (string) | Required. URI of the InfluxDB 1.8+ or 2.0+ server. |
apiTokenSecretName (string) | Required. The name of a Kubernetes secret containing a field named token with the InfluxDB API Token for InfluxDB 2.0+ or fields username and password for InfluxDB 1.8+. |
organization (string) | Required. The InfluxDB organization to post TRNS metrics (2.0+) or empty string (1.8+). |
bucket (string) | Required. The InfluxDB 2.0+ bucket name or a string in the form database and [retention_policy] for InfluxDB 1.8+. |
tlsSecretName (string) | The name of a Kubernetes TLS secret containing a client certificate and key. |
tlsInsecureSkipVerify (boolean) |
Skip server verification when connecting to the InfluxDB server. Default: False |