CircleCI에 tbot 배포

CircleCI에서 Machine & Workload Identity 에이전트 `tbot`을 설치하고 설정하는 방법

사전 조건

Cluster (=teleport.url=)

Version (=teleport.version=)

CA pin (=presets.ca_pin=)

1단계/5단계. CircleCI 설정

조직 ID 찾기

컨텍스트 만들기

2단계/5단계. 봇 만들기

3단계/5단계. CircleCI용 조인 토큰 만들기

4단계/5단계. CircleCI 워크플로우 설정

services는 접근 가이드를 완료하는 동안 채워집니다.

See: https://circleci.com/docs/configuration-reference

보안 의미 및 위험에 대한 참고 사항

5단계/5단계. 서비스 설정

추가 단계

이 가이드에서는 CircleCI 워크플로우 내에서 Machine & Workload Identity의 에이전트 tbot 을 실행하도록 설정합니다. 봇은 장기 시크릿의 필요성을 제거하기 위해 circleci 위임 조인 방법을 사용하도록 설정됩니다. 사전 조건 # A running Teleport cluster. If you want to get started with Teleport, sign up for a free trial or set up a demo environment . The tctl and tsh clients. Installing `tctl` and `tsh` clients Determine the version of your Teleport cluster. The tctl and tsh clients must be at most one major version behind your Teleport cluster version. Send a GET request to the Proxy Service at /v1/webapi/find and use a JSON query tool to obtain your cluster version. Replace with the web address of your Teleport Proxy Service: $ TELEPORT_DOMAIN= $ TELEPORT_VERSION="$(curl -s https://$TELEPORT_DOMAIN/v1/webapi/find | jq -r '.server_version')" Follow the instructions for your platform to install tctl and tsh clients: To check that you can connect to your Teleport cluster, sign in with tsh login , then verify that you can run tctl commands using your current credentials. For example, run the following command, assigning to the domain name of the Teleport Proxy Service in your cluster and to your Teleport username: $ tsh login --proxy= --user= $ tctl status # Cluster (=teleport.url=) # Version (=teleport.version=) # CA pin (=presets.ca_pin=) If you can connect to the cluster and run the tctl status command, you can use your current credentials to run subsequent tctl commands from your workstation. If you host your own Teleport cluster, you can also run