Tetrate Service BridgeVersion: nextWorkload (VM) Onboarding
With Workload (VM) onboarding, you can authenticate and onboard external workloads (VMs and bare-metal services) onto the Tetrate-managed mesh.
This provides two capabilities:
- External (non-K8s-hosted) workloads can consume other services within the Tetrate-managed mesh, using the mesh service names and transported over the mesh mTLS network
- Services within the mesh can consume services running on external servers (VMs, bare-metal), exactly as if they were native to the mesh
Note that if you just want to consume external services from within the mesh, the Egress Gateway feature is another option. Egress Gateway is quick and easy to deploy and manage, but it terminates the mesh's mTLS network at the gateway (it can use a separate mTLS network to the remote endpoint). On the other hand, if you onboard a workload, the mTLS network is extended all the way to the istio-proxy that is installed within the workload.
Please refer to the VM Onboarding documentation in the Installation and Upgrade guide for instructions on how to onboard a Workload from various platforms.