Secure access via Teleport

Secure access via Teleport

datasirpi datasirpi

datasirpi

To a better life through technology

发布日期: 2022年8月18日
+ 关注

Datasirpi uses Teleport for safely accessing Kubernetes clusters, servers, and databases

Teleport is a modern, cloud-native PAM, designed for distributed teams running applications on distributed infrastructure. This means that Teleport users can remotely access any servers or VMs of their organization, from any device, from any location, regardless with cloud a server is located in, including behind-NAT environments, without the need for a VPN.

features of Teleport are

  • Built-in proxy (sometimes called jump host) with support for SSH and Kubernetes API.
  • Certificate-based SSH authentication with auto-expiring certificates: this removes the need to “manage” SSH keys.
  • Robust audit capabilities include a unified audit log, session recording & replay.
  • Built-in 2nd-factor authentication.
  • Works with a CLI client and Web UI.
  • Single sign-on (SSO) for SSH and Kubernetes (community supports Github SSO; enterprise version supports corporate identity managers).
  • Role-based access control (RBAC) for SSH (Enterprise version only).

No alt text provided for this image

Adding Database:

we can add databases to teleport using the below steps 

db_service
? enabled: "yes"
? databases:
? - name: "datasirpi-nonprod-app-mysql-db-master"
??? description: "non-prod MySQL"
??? protocol: "mysql"
??? uri: "datasirpi-nonprod-app-mysql-db-master.mysql.database.ds.com:3306"
??? static_labels:
????? env: non-prod
? - name: "datasirpi-dev-app-mysql-db-master"
??? description: "Dev MySQL"
??? protocol: "mysql"
??? uri: "datasirpi-dev-app-mysql-db-master.mysql.database.ds.com:3306"
??? static_labels:
????? env: dev:

Adding application :

we can add the application to teleport by the below steps 

??? - name: "keycloak
????? uri: "https://keycloakdemo-nonprod.ds.com/"
????? public_addr: "nonprodkeycloak.teleport.ds.com"
????? labels:
??????? env: "nonprod"
????? commands:
????? - name: "os"
??????? command: ["/usr/bin/uname"]
??????? period: "5s""

Limitations

  • Role-based access is not supported in opensource teleport (need to buy enterprise version)
  • some cloud services were not supported by teleport like cosmos DB, function app, etc.

Outcome

Now we can use a single solution to access your SSH servers, Kubernetes clusters, databases, desktops, and web applications. Teleport will remove VPN from your infra stack !!

#devops #cloudcomputing #kubernetes #security #teleport #datasirpi

要查看或添加评论,请登录

datasirpi的更多文章

社区洞察

其他会员也浏览了