meshctl experimental external-workload generate-token
Reference for the ‘meshctl experimental external-workload generate-token’ command.
meshctl experimental external-workload generate-token
Generate one or more join tokens as an attestation method to onboard external workloads to the mesh.
Synopsis
Join tokens are typically used for attestation when the external workload does not run in a cloud provider, such as in an on-prem, bare-metal server. The generated token is used by the VM agent to attest itself to participate in the mesh, and is considered sensitive information.
The file you provide in the command that contains the ExternalWorkload specification is updated with the identity information that corresponds to the generated token. After you run this command, apply the file with the updated specification to the registered cluster. For more information, see Onboard an external workload to the service mesh.
meshctl experimental external-workload generate-token [flags]
Examples
# Generate a join token for an external workload with a specification
# defined in extworkload.yaml that connects to cluster1:
meshctl x external-workload gen-token \
-f extworkload.yaml \
--cluster cluster1
# Generate 5 join tokens for 5 external workloads with specifications
# defined in extworkload.yaml that connect to cluster1:
meshctl x external-workload gen-token \
-f extworkload.yaml \
--cluster cluster1 \
--count 5
Options
--cluster string Kubernetes cluster the external workload will connect to
--cluster-domain string The cluster domain of the cluster the external workload will connect to (default "cluster.local")
--count uint Number of tokens to generate, typically equal to the number of external workload nodes backed by an ExternalWorkload resource (default 1)
-f, --file string File containing the ExternalWorkload configuration
-h, --help help for generate-token
--ttl uint Token TTL in seconds (default 600)
Options inherited from parent commands
--kubeconfig string Path to the kubeconfig file for the cluster.
--kubecontext string Kubernetes context for the cluster to run the command in.
-n, --namespace string Namespace to run the command in. (default "gloo-mesh")
--plain Disable styling for terminal output.
-v, --verbose Enable verbose logging.
SEE ALSO
- meshctl experimental external-workload - Operations on external workloads that are onboarded to the service mesh.