Skip to main content
logoTetrate Service ExpressVersion: Latest

Workload Identity

The differences between TSB and TSE API

Tetrate Service Express (TSE) utilizes many of the same components as the Tetrate Service Bridge(TSB) product but has the several distinctions. Go to Comparing TSE and TSB for more details.

WorkloadIdentity represents a platform-specific identity of a workload joining the mesh.

E.g.,

  • AWS EC2 instance identity:

    aws:
      partition: aws
      account: '123456789012'
      region: ca-central-1
      zone: ca-central-1b
      ec2:
        instance_id: i-1234567890abcdef0
        iam_role:
          name: example-role

  • GCP GCE instance identity:

    gcp:
      project_number: '234567890121'
      project_id: gcp-example
      region: us-central1
      zone: us-central1-a
      gce:
        instance_id: '693197132356332126'

  • Azure Compute instance identity:

    azure:
      subscription: 531bed28-f708-4fc5-b0c1-2c1edde46e4f
      resource_group: azure-example
      compute:
        instance_id: fc13d26e-d3c0-458e-b353-686d5ca19506

  • JWT identity:

    jwt:
      issuer: https://mycompany.corp
      subject: us-east-datacenter1-vm007
      attributes:
        region: us-east
        datacenter: datacenter1
        instance_name: vm007
        instance_hostname: vm007.internal.corp
        instance_role: app-ratings

WorkloadIdentity

WorkloadIdentity represents a platform-specific identity of a workload joining the mesh.

FieldDescriptionValidation Rule

aws

tetrateio.api.onboarding.config.types.identity.aws.v1alpha1.AwsIdentity oneof _kind
AWS-specific identity of a workload.

jwt

tetrateio.api.onboarding.config.types.identity.jwt.v1alpha1.JwtIdentity oneof _kind
JWT identity of a workload.