Skip to content
/ standalone-operator-template Public template

Template repository with Terraform and scripts for Teleport standalone K8s Operator

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

asteroid-earth/standalone-operator-template

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
github
github
 
 
k8s
k8s
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Teleport Kubernetes Operator Template

This repo is a template repo you can fork to get a head start on using Terraform to manage the Teleport Standalone Kubernetes Operator.

Prerequisites

You will need to install:

Setting up

To run the Terraform, you will need to have an appropriate role existing in your Teleport cluster. You can do add the role with the following steps:

  • Log in as an admin user: $ tsh login --proxy=<your proxy url> --user=<your username/email>
  • Create the role: $ tctl create ./terraform/terraform.yaml

Now that you have a role, open up a new terminal window where we can start a bot that will run on your machine that Terraform can use to authenticate with Teleport. In that terminal $ cd terraform to get into the terraform directory, and run $ sudo create_and_start_bot.sh. The bot will now be running and you can go back to your first terminal window.

Note: This is necessary because on a local workstation our bot has to join via a token. In a production environment, you should move to running the Terraform commands on a machine in GitHub Actions/AWS/etc that can authenticate with Teleport by inherent properties. An example of setting up GitHub Actions to run Terraform can be found in the ./github directory of this repo. It includes Terraform to setup the necessary token and bot resources, and an example Actions workflow file.

Installing the Operator

In the Terraform directory, run $ terraform init to do the necessary prep for running an apply command. To apply the terraform, run

$ terraform apply -var="kubernetes_context=<context name for your K8s cluster from kube config>" \
-var="teleport_addr=<domain of your proxy>" \
-var="jwks=$(kubectl get --raw /openid/v1/jwks)"

The last variable flag will dynamically retrieve the JWKS from your K8s cluster to add as trusted certificates to Teleport.

The Terraform code creates the following resources in Teleport:

  • Role for the operator
  • Token using the cluster JWKS
  • Bot for the Operator to act as

And the following resoruces in your K8s cluster:

  • Namespace to install the Helm chart in
  • Helm chart that creates a deployment of an Operator pod.

To make sure the Operator is installed correctly, run $ kubectl get pods -n teleport-iac; you should see one pod with the status Running.

Creating Resources

Now that the operator is in your cluster, you can add resource manifests to Kubernetes and the Operator will create them in Teleport.

Try this now by running $ kubectl apply -f k8s/user.yaml. You can now check the UI of your Teleport instance, or run $ tctl users ls | grep alice and you should see the new user. You can remove the user by running $ kubectl delete -f k8s/user.yaml.

Wrapping Up

Hopefully this repo is helpful! If you need help or have any questions, you can join our Community Slack and reach out!

About

Template repository with Terraform and scripts for Teleport standalone K8s Operator

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages