Skip to main content
logoTetrate Service BridgeVersion: next

Workload (VM) Onboarding

With Workload (VM) onboarding, you can authenticate and onboard external workloads (VMs and bare-metal services) onto the Tetrate-managed mesh.

This provides two capabilities:

  1. External (non-K8s-hosted) workloads can consume other services within the Tetrate-managed mesh, using the mesh service names and transported over the mesh mTLS network
  2. Services within the mesh can consume services running on external servers (VMs, bare-metal), exactly as if they were native to the mesh

Note that if you just want to consume external services from within the mesh, the Egress Gateway feature is another option. Egress Gateway is quick and easy to deploy and manage, but it terminates the mesh's mTLS network at the gateway (it can use a separate mTLS network to the remote endpoint). On the other hand, if you onboard a workload, the mTLS network is extended all the way to the istio-proxy that is installed within the workload.

Please refer to the VM Onboarding documentation in the Installation and Upgrade guide for instructions on how to onboard a Workload from various platforms.