Istio · Schema
Istio WorkloadEntry
A WorkloadEntry enables the addition of non-Kubernetes workloads such as virtual machines and bare metal servers into an Istio service mesh. It provides a way to describe the properties of a single non-Kubernetes workload so that Envoy sidecars on VMs and external endpoints can be treated uniformly with Kubernetes pods.
CNCFKubernetesMicroservicesOpen SourceService Mesh
Properties
| Name | Type | Description |
|---|---|---|
| apiVersion | string | Istio networking API version. |
| kind | string | Resource kind. |
| metadata | object | |
| spec | object |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://github.com/api-evangelist/istio/blob/main/json-schema/workload-entry.json",
"title": "Istio WorkloadEntry",
"description": "A WorkloadEntry enables the addition of non-Kubernetes workloads such as virtual machines and bare metal servers into an Istio service mesh. It provides a way to describe the properties of a single non-Kubernetes workload so that Envoy sidecars on VMs and external endpoints can be treated uniformly with Kubernetes pods.",
"type": "object",
"required": ["apiVersion", "kind", "metadata", "spec"],
"properties": {
"apiVersion": {
"type": "string",
"description": "Istio networking API version.",
"enum": ["networking.istio.io/v1", "networking.istio.io/v1beta1", "networking.istio.io/v1alpha3"]
},
"kind": {
"type": "string",
"description": "Resource kind.",
"enum": ["WorkloadEntry"]
},
"metadata": {
"$ref": "#/$defs/ObjectMeta"
},
"spec": {
"$ref": "#/$defs/WorkloadEntrySpec"
}
},
"$defs": {
"ObjectMeta": {
"type": "object",
"title": "ObjectMeta",
"description": "Standard Kubernetes object metadata.",
"required": ["name"],
"properties": {
"name": {
"type": "string",
"description": "Name of the WorkloadEntry resource."
},
"namespace": {
"type": "string",
"description": "Kubernetes namespace for the WorkloadEntry."
},
"labels": {
"type": "object",
"description": "Labels to attach to this resource.",
"additionalProperties": { "type": "string" }
},
"annotations": {
"type": "object",
"description": "Annotations to attach to this resource.",
"additionalProperties": { "type": "string" }
}
}
},
"WorkloadEntrySpec": {
"type": "object",
"title": "WorkloadEntrySpec",
"description": "Specification describing the properties of the non-Kubernetes workload.",
"required": ["address"],
"properties": {
"address": {
"type": "string",
"description": "Address of the workload, typically an IP address of a VM or bare metal host. Can also be a DNS name when the resolution field of the associated ServiceEntry is set to DNS."
},
"ports": {
"type": "object",
"description": "Port mapping from service port names to endpoint ports. If omitted, the endpoint port is assumed to be the same as the service port.",
"additionalProperties": {
"type": "integer",
"description": "Endpoint port number.",
"minimum": 1,
"maximum": 65535
}
},
"labels": {
"type": "object",
"description": "Labels associated with the workload, used to match this endpoint to WorkloadGroup or ServiceEntry selectors.",
"additionalProperties": { "type": "string" }
},
"network": {
"type": "string",
"description": "Network name this endpoint belongs to. Used for multi-network Istio deployments to ensure traffic routes via an appropriate gateway."
},
"locality": {
"type": "string",
"description": "Locality of the endpoint in region/zone/subzone format (e.g., us-east-1/us-east-1a). Used for locality-aware load balancing."
},
"weight": {
"type": "integer",
"description": "Load balancing weight for this endpoint. Higher weight means more traffic. Defaults to 1.",
"minimum": 1
},
"serviceAccount": {
"type": "string",
"description": "Kubernetes service account associated with this workload, used for mTLS identity assignment in multi-cluster scenarios."
}
}
}
}
}