Tetrate · Capability

Tetrate Service Mesh Management

Unified service mesh management capability for platform engineers and DevOps teams. Composes Tetrate Service Bridge management APIs to enable multi-cluster mesh onboarding, tenant provisioning, workspace configuration, and application API lifecycle management from a single interface.

Run with Naftiko TetrateService MeshIstioMulti-ClusterPlatform EngineeringDevOps

What You Can Do

GET
List organizations — List all TSB organizations
/v1/organizations
POST
Create organization — Create a new TSB organization
/v1/organizations
GET
List tenants — List all tenants in an organization
/v1/tenants
POST
Create tenant — Create a new tenant
/v1/tenants
GET
List workspaces — List all workspaces in a tenant
/v1/workspaces
POST
Create workspace — Create a new workspace with namespace assignments
/v1/workspaces
GET
List clusters — List all onboarded clusters
/v1/clusters
POST
Onboard cluster — Onboard a new Kubernetes cluster
/v1/clusters
GET
List applications — List all applications in a tenant
/v1/applications
POST
Create application — Create a new application
/v1/applications
GET
List apis — List all APIs for an application
/v1/apis
POST
Register api — Register an OpenAPI spec as an API
/v1/apis

MCP Tools

list-organizations

List all TSB organizations

read-only
list-tenants

List all tenants within a TSB organization

read-only
create-tenant

Create a new tenant within a TSB organization

list-workspaces

List all workspaces within a tenant

read-only
create-workspace

Create a new workspace with namespace selector

list-clusters

List all Kubernetes clusters onboarded to TSB

read-only
onboard-cluster

Onboard a new Kubernetes cluster to TSB management

list-applications

List all applications in a TSB tenant

read-only
create-application

Create a new TSB application linked to a workspace

list-apis

List all APIs registered to a TSB application

read-only
register-api

Register an OpenAPI v3 spec as a managed API in TSB

get-organization

Get details of a specific TSB organization

read-only
get-tenant

Get details of a specific TSB tenant

read-only

APIs Used

tsb

Capability Spec

Raw ↑ 
naftiko: "1.0.0-alpha1"

info:
  label: "Tetrate Service Mesh Management"
  description: >-
    Unified service mesh management capability for platform engineers and
    DevOps teams. Composes Tetrate Service Bridge management APIs to enable
    multi-cluster mesh onboarding, tenant provisioning, workspace configuration,
    and application API lifecycle management from a single interface.
  tags:
    - Tetrate
    - Service Mesh
    - Istio
    - Multi-Cluster
    - Platform Engineering
    - DevOps
  created: "2026-05-03"
  modified: "2026-05-03"

binds:
  - namespace: env
    keys:
      TSB_TOKEN: TSB_TOKEN

capability:
  consumes:
    - import: tsb
      location: ./shared/tetrate-service-bridge.yaml

  exposes:
    - type: rest
      port: 8080
      namespace: tetrate-mesh-api
      description: "Unified REST API for Tetrate service mesh management."
      resources:
        - path: /v1/organizations
          name: organizations
          description: "Manage TSB organizations"
          operations:
            - method: GET
              name: list-organizations
              description: "List all TSB organizations"
              call: "tsb.list-organizations"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-organization
              description: "Create a new TSB organization"
              call: "tsb.create-organization"
              with:
                name: "rest.name"
                displayName: "rest.displayName"
                description: "rest.description"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/tenants
          name: tenants
          description: "Manage TSB tenants"
          operations:
            - method: GET
              name: list-tenants
              description: "List all tenants in an organization"
              call: "tsb.list-tenants"
              with:
                organization: "rest.organization"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-tenant
              description: "Create a new tenant"
              call: "tsb.create-tenant"
              with:
                organization: "rest.organization"
                name: "rest.name"
                displayName: "rest.displayName"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/workspaces
          name: workspaces
          description: "Manage TSB workspaces"
          operations:
            - method: GET
              name: list-workspaces
              description: "List all workspaces in a tenant"
              call: "tsb.list-workspaces"
              with:
                organization: "rest.organization"
                tenant: "rest.tenant"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-workspace
              description: "Create a new workspace with namespace assignments"
              call: "tsb.create-workspace"
              with:
                organization: "rest.organization"
                tenant: "rest.tenant"
                name: "rest.name"
                namespaces: "rest.namespaces"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/clusters
          name: clusters
          description: "Manage onboarded Kubernetes clusters"
          operations:
            - method: GET
              name: list-clusters
              description: "List all onboarded clusters"
              call: "tsb.list-clusters"
              with:
                organization: "rest.organization"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: onboard-cluster
              description: "Onboard a new Kubernetes cluster"
              call: "tsb.create-cluster"
              with:
                organization: "rest.organization"
                name: "rest.name"
                network: "rest.network"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/applications
          name: applications
          description: "Manage TSB applications"
          operations:
            - method: GET
              name: list-applications
              description: "List all applications in a tenant"
              call: "tsb.list-applications"
              with:
                organization: "rest.organization"
                tenant: "rest.tenant"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: create-application
              description: "Create a new application"
              call: "tsb.create-application"
              with:
                organization: "rest.organization"
                tenant: "rest.tenant"
                name: "rest.name"
                workspace: "rest.workspace"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/apis
          name: apis
          description: "Manage application APIs"
          operations:
            - method: GET
              name: list-apis
              description: "List all APIs for an application"
              call: "tsb.list-apis"
              with:
                organization: "rest.organization"
                tenant: "rest.tenant"
                application: "rest.application"
              outputParameters:
                - type: object
                  mapping: "$."
            - method: POST
              name: register-api
              description: "Register an OpenAPI spec as an API"
              call: "tsb.create-api"
              with:
                organization: "rest.organization"
                tenant: "rest.tenant"
                application: "rest.application"
                name: "rest.name"
                openapi: "rest.openapi"
              outputParameters:
                - type: object
                  mapping: "$."

    - type: mcp
      port: 9090
      namespace: tetrate-mesh-mcp
      transport: http
      description: "MCP server for AI-assisted Tetrate service mesh management."
      tools:
        - name: list-organizations
          description: "List all TSB organizations"
          hints:
            readOnly: true
            openWorld: true
          call: "tsb.list-organizations"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-tenants
          description: "List all tenants within a TSB organization"
          hints:
            readOnly: true
            openWorld: true
          call: "tsb.list-tenants"
          with:
            organization: "tools.organization"
          outputParameters:
            - type: object
              mapping: "$."

        - name: create-tenant
          description: "Create a new tenant within a TSB organization"
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "tsb.create-tenant"
          with:
            organization: "tools.organization"
            name: "tools.name"
            displayName: "tools.displayName"
            description: "tools.description"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-workspaces
          description: "List all workspaces within a tenant"
          hints:
            readOnly: true
            openWorld: true
          call: "tsb.list-workspaces"
          with:
            organization: "tools.organization"
            tenant: "tools.tenant"
          outputParameters:
            - type: object
              mapping: "$."

        - name: create-workspace
          description: "Create a new workspace with namespace selector"
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "tsb.create-workspace"
          with:
            organization: "tools.organization"
            tenant: "tools.tenant"
            name: "tools.name"
            namespaces: "tools.namespaces"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-clusters
          description: "List all Kubernetes clusters onboarded to TSB"
          hints:
            readOnly: true
            openWorld: true
          call: "tsb.list-clusters"
          with:
            organization: "tools.organization"
          outputParameters:
            - type: object
              mapping: "$."

        - name: onboard-cluster
          description: "Onboard a new Kubernetes cluster to TSB management"
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "tsb.create-cluster"
          with:
            organization: "tools.organization"
            name: "tools.name"
            network: "tools.network"
            tier1Cluster: "tools.tier1Cluster"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-applications
          description: "List all applications in a TSB tenant"
          hints:
            readOnly: true
            openWorld: true
          call: "tsb.list-applications"
          with:
            organization: "tools.organization"
            tenant: "tools.tenant"
          outputParameters:
            - type: object
              mapping: "$."

        - name: create-application
          description: "Create a new TSB application linked to a workspace"
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "tsb.create-application"
          with:
            organization: "tools.organization"
            tenant: "tools.tenant"
            name: "tools.name"
            workspace: "tools.workspace"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-apis
          description: "List all APIs registered to a TSB application"
          hints:
            readOnly: true
            openWorld: true
          call: "tsb.list-apis"
          with:
            organization: "tools.organization"
            tenant: "tools.tenant"
            application: "tools.application"
          outputParameters:
            - type: object
              mapping: "$."

        - name: register-api
          description: "Register an OpenAPI v3 spec as a managed API in TSB"
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "tsb.create-api"
          with:
            organization: "tools.organization"
            tenant: "tools.tenant"
            application: "tools.application"
            name: "tools.name"
            openapi: "tools.openapi"
          outputParameters:
            - type: object
              mapping: "$."

        - name: get-organization
          description: "Get details of a specific TSB organization"
          hints:
            readOnly: true
            openWorld: false
          call: "tsb.get-organization"
          with:
            organization: "tools.organization"
          outputParameters:
            - type: object
              mapping: "$."

        - name: get-tenant
          description: "Get details of a specific TSB tenant"
          hints:
            readOnly: true
            openWorld: false
          call: "tsb.get-tenant"
          with:
            organization: "tools.organization"
            tenant: "tools.tenant"
          outputParameters:
            - type: object
              mapping: "$."