Sapian
/
backup-gitops
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
backup-gitops/cur/k8s/helm/teleport/chart/README.md

89 lines
2.6 KiB
Raw Permalink Blame History

# Teleport
[Gravitational Teleport](https://github.com/gravitational/teleport) is a modern SSH/Kubernetes API proxy server for remotely accessing clusters of Linux containers and servers via SSH, HTTPS, or Kubernetes API.
## Introduction
This chart deploys Teleport components to your cluster via a Kubernetes `Deployment`.
By default this chart is configured as follows:
- 1 replica
- Record ssh/k8s exec and attach session to the `emptyDir` of the Teleport pod
- The assumed externally accessible hostname of Teleport is `teleport.example.com`
- Teleport is accessible only from within your cluster. You need `kubectl port-forward` for external access.
- TLS is enabled by default on the Proxy
See the comments in the default `values.yaml` and also the Teleport documentation for more options.
## Prerequisites
- Kubernetes 1.10+
- A Teleport license file stored as a Kubernetes Secret object(See below)
### Prepare the license file
Download the `license.pem` from the Teleport dashboard, and then rename it to the filename that this chart expects:
```
cp ~/Downloads/license.pem license-enterprise.pem
```
Store it as a Kubernetes secret:
```console
kubectl create secret generic license --from-file=license-enterprise.pem
```
## Installing the chart
To install the chart with the release name `teleport`, run:
```
$ helm install --name teleport ./
```
Teleport proxy generates a TLS key and a cert of its own by default.
In order to instruct the proxy to use the TLS assets brought by you, prepare the following files:
- Your CA cert named `ca.pem`
- Your proxy server cert named `proxy-server.pem`
- Your proxy server key named `proxy-server-key.pem`
Then run:
```
$ kubectl create secret tls tls-web --cert=proxy-server.pem --key=proxy-server-key.pem
$ kubectl create configmap ca-certs --from-file=ca.pem
$ helm upgrade --install --name teleport ./
```
## Running locally on minikube
Grab the test setup from the community project [teleport-on-minikube](http://github.com/mumoshu/teleport-on-minikube) and run:
```
path/to/teleport-on-minikube//scripts/install-on-minikube
```
Type your desired password, capture the barcode with your MFA device like Google Authenticator, type the OTP.
Now, you can run various `tsh` commands against your local Teleport installation via `teleport.example.com`:
```
$ tsh login --auth=local --user=$USER login
```
## Contributing
### Building the cli yourself
```console
$ git clone git@github.com:gravitational/teleport.git ~/go/src/github.com/gravitational/teleport
cd $_
$ make full
$ build/tsh --proxy=teleport.example.com --auth=local --user=admin login
```
Reference in new issue View Git Blame Copy Permalink