Tetrate Istio Subscription PlusVersion: Latest

Workload Onboarding Token Claims

The differences between TSB and Tetrate Istio Subscription Plus (TIS+)

Tetrate Istio Subscription Plus (TIS+) utilizes many of the same components as the Tetrate Service Bridge(TSB) product but has the several distinctions.

Onboarding Token Claims specifies claims included into the Workload Onboarding Token returned by the OnboardingAuthorizationService.

\{
  "azp": "2b8e531d-f708-4fc5-b0c1-2c1edde46e4f",
  "aud": "2b8e531d-f708-4fc5-b0c1-2c1edde46e4f",
  "sub": "bookinfo/ratings-aws-aws-123456789012-ca-central-1b-ec2-i-1234567890abcdef0",
  "claims": \{
    "workload": \{
      "aws": \{
        "partition": "aws",
        "account": "123456789012",
        "region": "ca-central-1",
        "zone": "ca-central-1b",
        "ec2": \{
          "instance_id": "i-1234567890abcdef0"
        \}
      \}
    \},
    "workload_group": \{
      "namespace": "bookinfo",
      "name": "ratings"
    \}
  \}
\}

OnboardingTokenClaims

OnboardingTokenClaims specifies claims included into the Workload Onboarding Token returned by the OnboardingAuthorizationService.

Field	Description	Validation Rule
workload	tetrateio.api.onboarding.config.types.identity.v1alpha1.WorkloadIdentity REQUIRED Platform-specific identity of the workload.	–
workloadGroup	tetrateio.api.onboarding.config.types.core.v1alpha1.NamespacedName REQUIRED Name of the WorkloadGroup the workload was authorized to become a part of.	–

OnboardingTokenClaims​

OnboardingTokenClaims