Kubernetes 접근과 Machine & Workload Identity

Machine & Workload Identity를 사용하여 Kubernetes 클러스터에 접근하는 방법

Teleport는 Kubernetes 클러스터에 대한 접근을 보호하고 제어합니다. Machine & Workload Identity를 사용하여 머신에 이러한 클러스터에 대한 안전하고 단기적인 접근을 허용할 수 있습니다. 이 가이드에서는 Teleport 클러스터에 등록된 Kubernetes 클러스터에 접근하는 데 사용할 수 있는 자격 증명을 생성하도록 tbot 을 설정합니다. 사전 조건 # A running Teleport cluster. If you want to get started with Teleport, sign up for a free trial or set up a demo environment . The tctl and tsh clients. Installing `tctl` and `tsh` clients Determine the version of your Teleport cluster. The tctl and tsh clients must be at most one major version behind your Teleport cluster version. Send a GET request to the Proxy Service at /v1/webapi/find and use a JSON query tool to obtain your cluster version. Replace with the web address of your Teleport Proxy Service: $ TELEPORT_DOMAIN= $ TELEPORT_VERSION="$(curl -s https://$TELEPORT_DOMAIN/v1/webapi/find | jq -r '.server_version')" Follow the instructions for your platform to install tctl and tsh clients: 아직 Kubernetes 클러스터를 Teleport에 연결하지 않았다면 Kubernetes 클러스터 등록 을 따르세요. To check that you can connect to your Teleport cluster, sign in with tsh login , then verify that you can run tctl commands using your current credentials. For example, run the following command, assigning to the domain name of the Teleport Proxy Service in your cluster and to your Teleport username: $ tsh login --proxy= --user= $ tctl status # Cluster (=teleport.url=) # Version (=teleport.version=) # CA pin (=presets.ca_pin=) If you can connect to the cluster and run the tctl status command, you can