Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provide a guide on how to use teleport k8s with external proxy #2746

klizhentas opened this issue May 28, 2019 · 1 comment


Copy link

@klizhentas klizhentas commented May 28, 2019


The documentation on how to use Teleport Proxy that is external to kubernetes cluster:

  • Should explain that this feature won't work with EKS out of the box.
  • For other clusters, should use example and show the cluster role binding for the teleport proxy's user.
  • This should be a step by step guide I think that works with GKE/kops clusters.

This comment has been minimized.

Copy link

@webvictim webvictim commented Jun 14, 2019

This should be fairly simple:

  1. Install UUID: yum -y install uuid/apt-get-y install uuid
  2. Install cfssl: go get -u
  3. Install cfssljson: go get -u
  4. Download
  5. chmod +x ./
  6. ./ (must be run on a machine that has a working ~/.kube/config and access to the cluster)
  7. Copy build/kubeconfig to your Teleport proxy instance (for example to /var/lib/teleport/kubeconfig)
  8. Edit /etc/teleport.yaml to add kubeconfig:
    kubeconfig_file: /var/lib/teleport/kubeconfig
  1. Restart Teleport proxy
  2. Log into Teleport proxy from your client machine (tsh login --proxy=proxy.tld:3080)
  3. Run kubectl get nodes and you should get a list of nodes

There's a missing part here with the Role and RoleBinding for impersonation, but the process I wrote above worked fine on the test kops cluster that I built.

@klizhentas klizhentas assigned benarent and unassigned benarent Jun 25, 2019
@benarent benarent added the kubernetes label Jul 30, 2019
@benarent benarent modified the milestones: 4.1 "Seattle", 4.2 "Alameda" Sep 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
3 participants
You can’t perform that action at this time.