tare gateway config init
Generate a starter gcp-gateway.json from a serve domain and a GCP
project ID. The remaining fields are derived from the domain or written
as documented defaults so the operator can edit the file directly
without consulting the schema reference.
Synopsis
tare gateway config init [flags]
When stdin is a terminal and either --serve-domain or --project-id
is omitted, the command runs a two-question wizard prompting for the
missing values. With both flags supplied the command is fully
non-interactive and safe to run in CI or make targets.
Description
tare gateway config init is the quickest way to bootstrap the
config file consumed by tare gateway install and validated by
tare gateway config lint. It writes a single file (no live cloud or
cluster reach-out) and prints a per-field provenance table to stderr
so the operator can see which values came from input, which were
derived, and which are defaults that may need overriding.
Generated values for a tetrate.ai SaaS-style serve domain pass
tare gateway config lint with zero error findings at default
severity. For domains that do not follow the SaaS convention (no
proxy.<customer>.tetrate.ai shape), the customer derivation may
need overriding via --customer or a direct edit.
--type gcp (default) and --type azure are both supported; aws
returns an explicit not-implemented error, matching tare gateway install.
Flags
| Flag | Default | Description |
|---|---|---|
--type | gcp | Gateway provider type (gcp|azure). |
--serve-domain | (prompted) | Serve domain, e.g. proxy.acme.tetrate.ai. Wizard prompts when omitted on a TTY. |
--project-id | (prompted) | (--type gcp) GCP project ID. Wizard prompts when omitted on a TTY. |
--customer | (derived) | Customer slug. On GCP, defaults to a heuristic derived from --serve-domain (see Derivation rules). On Azure, prompted by the wizard (no domain-derived default). |
--azure-subscription-id | (prompted) | (--type azure) Azure subscription UUID. Wizard prompts when omitted on a TTY. |
--azure-resource-group | (prompted) | (--type azure) Resource group holding the AKS cluster. Wizard prompts when omitted on a TTY. |
--aks-cluster-name | (prompted) | (--type azure) AKS cluster name. Wizard prompts when omitted on a TTY. |
--output | gcp-gateway.json or azure-gateway.json | Output path. Default depends on --type. Matches the default --config of lint / install. |
--force | false | Overwrite the output file if it already exists. Without this the command refuses to clobber existing files. |
Derivation rules
For a serve domain like proxy.pocnt.tetrate.ai:
| Output field | Source | Example |
|---|---|---|
projectId | --project-id | withfraser |
serveDomain | --serve-domain | proxy.pocnt.tetrate.ai |
customer | derived (or --customer) | pocnt |
certificateMap.name | slug of domain with proxy. stripped | pocnt-tetrate-ai |
certificate.name | <customer>-serve-cert | pocnt-serve-cert |
dnsAuthorization.name | slug of full domain + -dns-auth | proxy-pocnt-tetrate-ai-dns-auth |
gateway.staticIpName | slug of domain with proxy. stripped + -ip | pocnt-tetrate-ai-ip |
namespaces.gateway | default | tars-gateway |
namespaces.system | default | tars-system |
namespaces.dataplane | default | tars-dataplane |
Customer derivation:
proxy.<customer>.tetrate.ai→<customer><customer>.tetrate.ai→<customer>- Any other domain → first DNS label (before the first
.) - Empty / unparsable → empty (lint rule TAREL001 will flag it)
serveUrl is intentionally not emitted; the resolver falls back to
serveDomain automatically, and emitting both with the same value
triggers the informational TAREL030 finding.
Examples
# Wizard: prompts for serve domain and project ID
tare gateway config init
# Fully non-interactive (CI / Make targets)
tare gateway config init \
--serve-domain proxy.acme.tetrate.ai \
--project-id acme-prod
# Custom output path; overwrite an existing file
tare gateway config init \
--serve-domain proxy.acme.tetrate.ai \
--project-id acme-prod \
--output ./envs/acme/gcp-gateway.json \
--force
# Override the derived customer slug
tare gateway config init \
--serve-domain proxy.acme.tetrate.ai \
--project-id acme-prod \
--customer acme-internal
# Azure: wizard (prompts for customer, serve domain, subscription ID, RG, cluster)
tare gateway config init --type azure
# Azure: fully non-interactive
tare gateway config init --type azure \
--customer acme \
--serve-domain proxy.acme.tetrate.test \
--azure-subscription-id 00000000-0000-0000-0000-000000000000 \
--azure-resource-group acme-aks-rg \
--aks-cluster-name acme-aks
Output
The file written to --output is strict JSON (no comments) so it can
be consumed unchanged by lint and install. The stderr stream
carries a human-readable summary, e.g. after running with
--serve-domain proxy.pocnt.tetrate.ai --project-id withfraser:
Wrote /abs/path/to/gcp-gateway.json
Generated values:
projectId [input] withfraser
serveDomain [input] proxy.pocnt.tetrate.ai
customer [derived] pocnt
certificateMap.name [derived] pocnt-tetrate-ai
certificate.name [derived] pocnt-serve-cert
dnsAuthorization.name [derived] proxy-pocnt-tetrate-ai-dns-auth
gateway.staticIpName [derived] pocnt-tetrate-ai-ip
namespaces.gateway [default] tars-gateway
namespaces.system [default] tars-system
namespaces.dataplane [default] tars-dataplane
Next:
- Review gcp-gateway.json and edit any field as needed.
- Validate: tare gateway config lint --config gcp-gateway.json
- Install: tare gateway install <identity.json> --type gcp --config gcp-gateway.json
Exit codes
- 0: File written successfully.
- non-zero: Provider not supported, output file already exists
without
--force, missing required values when stdin is not a terminal, or I/O failure.
See also
gcp-gateway.jsonschema: full field reference for hand-editing the generated file.tare gateway config lint: validate the generated file before install.tare gateway install: consume the file to provision GCP prereqs and deploy the gateway chart.
Where to go next