This is a placeholder page that shows you how to use this template site.
This is the multi-page printable view of this section. Click here to print.
Teleport
List of how-to to operate Kargo Infrastructure using teleport
1 - Access Kubernetes Using teleport
Guide to access kubernetes via kubectl using teleport
Introduction
This guide will help you to access kargo Kubernetes cluster using teleport as an authentication proxy.
Prerequisites
- Installed
tsh.tshisteleportCLI client - Installed
kubectl - Your Github account is member of
engineeringteam onkargotechorg for accessing non-prod Kubernetes cluster) - Your Github account is member of
production-accessteam onkargotechorg for accessing prod Kubernetes cluster
Step 1 - Login to teleport using GIthub
Login to the kargo’s internal teleport https://teleport.helios.kargo.tech
tsh login --proxy=teleport.helios.kargo.tech:443
Step 2 - List kubernetes cluster
Check all available kubernetes cluster in teleport
tsh kube ls
Step 3 - Login to Kubernetes cluster
Login to the desired kubernetes cluster
tsh kube login {cluster-name}
After this command executed, teleport automatically generate kubernetes credential for the cluster and set the current context of the kubectl
Step 4 - Test the connection
Use kubectl command to test teleport authentication
kubectl version
# The output should look like this
## Client Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.0", GitCommit:"4ce5a8954017644c5420bae81d72b09b735c21f0", GitTreeState:"clean", BuildDate:"2022-05-04T02:28:17Z", GoVersion:"go1.18.1", Compiler:"gc", Platform:"linux/amd64"}
## Server Version: version.Info{Major:"1", Minor:"20+", GitVersion:"v1.20.15-gke.3400", GitCommit:"750002971a60d8a06e0a403c52724257f0f68481", GitTreeState:"clean", BuildDate:"2022-03-08T09:33:43Z", GoVersion:"go1.15.15b5", Compiler:"gc", Platform:"linux/amd64"}
# Or execute
kubectl get pod
Example
Access app-dev cluster using teleport
# Login to teleport
tsh login --proxy=helios.teleport.kargo.tech:443
# Connect to app-dev cluster
tsh kube login app-dev
# Check pod in `dev` namespace
kubectl get pod -n dev
FAQ
How can I access production cluster?
To access production cluster via teleport you need to be invited to production-access github team. Please contact maintainer for the team to request access to Production cluster.
I already invited to production github team but I still can’t access the cluster
Teleport will renew certificate for authorization every 30 minutes. To renew immediately relogin to teleport.
tsh logout
tsh login
Protip
- Use
ohmyzshkubectl plugin to add useful alias. You can shortenkubectltok, change namespace usingkcn {namespace name}, etc.
# .zshrc
plugins=(... kubectl ...)