Cloud Spanner로 데이터베이스 액세스

GCP의 Cloud Spanner로 Teleport 데이터베이스 액세스를 구성하는 방법.

Teleport can provide secure access to Cloud Spanner via the Teleport Database Service . This allows for fine-grained access control through Teleport's RBAC . In this guide, you will: Configure your Cloud Spanner database 서비스 계정으로. Add the database to your Teleport cluster. Connect to the database via Teleport. 작동 방식 # The Teleport Database Service uses IAM authentication to communicate with Spanner. When a user connects to the database via Teleport, the Teleport Database Service obtains Google Cloud credentials and authenticates to Google Cloud as an IAM principal with permissions to access the database. Self-Hosted Cloud-Hosted 사전 조건 # A running Teleport cluster. If you want to get started with Teleport, sign up for a free trial or set up a demo environment . The tctl and tsh clients. Installing `tctl` and `tsh` clients Determine the version of your Teleport cluster. The tctl and tsh clients must be at most one major version behind your Teleport cluster version. Send a GET request to the Proxy Service at /v1/webapi/find and use a JSON query tool to obtain your cluster version. Replace with the web address of your Teleport Proxy Service: $ TELEPORT_DOMAIN= $ TELEPORT_VERSION="$(curl -s https://$TELEPORT_DOMAIN/v1/webapi/find | jq -r '.server_version')" Follow the instructions for your platform to install tctl and tsh clients: Google Cloud 계정 Google Cloud Spanner 데이터베이스. Teleport Database Service를 실행할 호스트(예: Compute Engine 인스턴스). To check that you can connect to your Teleport