meshctl experimental external-workload generate-token

Generate one or more join tokens as an attestation method to onboard external workloads to the mesh.

Synopsis

Join tokens are typically used for attestation when the external workload does not run in a cloud provider, such as in an on-prem, bare-metal server. The generated token is used by the VM agent to attest itself to participate in the mesh, and is considered sensitive information.

The file you provide in the command that contains the ExternalWorkload specification is updated with the identity information that corresponds to the generated token. After you run this command, apply the file with the updated specification to the registered cluster. For more information, see Onboard an external workload to the service mesh.

  meshctl experimental external-workload generate-token [flags]

Examples 

  # Generate a join token for an external workload with a specification
# defined in extworkload.yaml that connects to cluster1:
meshctl x external-workload gen-token \
  -f extworkload.yaml \
  --cluster cluster1

# Generate 5 join tokens for 5 external workloads with specifications
# defined in extworkload.yaml that connect to cluster1:
meshctl x external-workload gen-token \
  -f extworkload.yaml \
  --cluster cluster1 \
  --count 5

Options 

        --cluster string          Kubernetes cluster the external workload will connect to
      --cluster-domain string   The cluster domain of the cluster the external workload will connect to (default "cluster.local")
      --count uint              Number of tokens to generate, typically equal to the number of external workload nodes backed by an ExternalWorkload resource (default 1)
  -f, --file string             File containing the ExternalWorkload configuration
  -h, --help                    help for generate-token
      --ttl uint                Token TTL in seconds (default 600)

Options inherited from parent commands 

        --kubeconfig string    Path to the kubeconfig file for the cluster.
      --kubecontext string   Kubernetes context for the cluster to run the command in.
  -n, --namespace string     Namespace to run the command in. (default "gloo-mesh")
      --plain                Disable styling for terminal output.
  -v, --verbose              Enable verbose logging.

SEE ALSO