Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

operator: Support trusted cluster resource #22474

Closed
Tracked by #29480
TeleLos opened this issue Mar 1, 2023 · 2 comments · Fixed by #50847
Closed
Tracked by #29480

operator: Support trusted cluster resource #22474

TeleLos opened this issue Mar 1, 2023 · 2 comments · Fixed by #50847
Assignees
Labels
c-cpd Internal Customer Reference c-q7j Internal Customer Reference c-tw Internal Customer Reference c-vo Internal Customer Reference feature-request Used for new features in Teleport, improvements to current should be #enhancements kube-operator Issues related to Kube Operator to-be-reviewed This issue needs to be reviewed by Engineering and Product

Comments

@TeleLos
Copy link
Contributor

TeleLos commented Mar 1, 2023

What would you like Teleport to do?

I would like to be able to create and manage trusted_cluster resources through the Teleport operator.

What problem does this solve?

This allows me to create trusted_cluster resources as part of an automated deployment process.

If a workaround exists, please include it.

none

@TeleLos TeleLos added feature-request Used for new features in Teleport, improvements to current should be #enhancements c-vo Internal Customer Reference kube-operator Issues related to Kube Operator labels Mar 1, 2023
@TeleLos TeleLos added the c-tw Internal Customer Reference label Apr 7, 2023
@TeleLos
Copy link
Contributor Author

TeleLos commented Apr 7, 2023

Added additional customer label requesting this support.

What Problem Does this Solve?

This would allow us to dynamically generate the trusted cluster resource with the correct role mappings needed for allowing access between root -> leaf clusters. By having it generated along side the users & roles which the operator can process, this will significantly streamline how we deploy our manifests to leaf clusters that are deployed within kubernetes by reusing our existing CI/CD pipelines. Without this functionality, we would be writing our own sidecar based operator to achieve the same functionality. We have tried using a wildcard mapping on the role_map but this doesn't work because we don't always have the same roles available on every leaf cluster.

Eg: (our roles are globally unique across all clusters, root & leafs)
role_map:

  • local: [$1]
    remote: "^(.*)$"

@Erick-Reyes Erick-Reyes added the to-be-reviewed This issue needs to be reviewed by Engineering and Product label Apr 18, 2023
@r0mant
Copy link
Collaborator

r0mant commented May 17, 2023

@TeleLos I talked about this with @hugoShaka a while ago and, while doable, adding a trusted cluster resource support to Kube Operator would be a non-trivial amount of work which we likely wouldn't have capacity for in Q2 with all the other goals we've committed to. We can add it to Q3 planning and see if we can schedule it then, would that work?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c-cpd Internal Customer Reference c-q7j Internal Customer Reference c-tw Internal Customer Reference c-vo Internal Customer Reference feature-request Used for new features in Teleport, improvements to current should be #enhancements kube-operator Issues related to Kube Operator to-be-reviewed This issue needs to be reviewed by Engineering and Product
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants