This repository has been archived by the owner on Jun 4, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 78
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Replace guide content with link to docs website (#989)
- Loading branch information
1 parent
eb59bda
commit b16e69e
Showing
8 changed files
with
14 additions
and
961 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,108 +4,9 @@ This chart sets up and configures a Deployment for the Access Request Email plug | |
|
|
||
| ## Installation | ||
|
|
||
| ### Prerequisites | ||
| See the [Access Requests with Email guide](https://goteleport.com/docs/access-controls/access-request-plugins/ssh-approval-email/). | ||
|
|
||
| First, you'll need to create a Teleport user and role for the plugin. The following file contains a minimal user that's needed for the plugin to work: | ||
|
|
||
| ```yaml | ||
| --- | ||
| kind: role | ||
| version: v6 | ||
| metadata: | ||
| name: teleport-plugin-email | ||
| spec: | ||
| allow: | ||
| logins: | ||
| - teleport-plugin-email | ||
| rules: | ||
| - resources: | ||
| - access_request | ||
| verbs: | ||
| - list | ||
| - read | ||
| - update | ||
| options: | ||
| forward_agent: false | ||
| max_session_ttl: 8760h0m0s | ||
| port_forwarding: false | ||
| --- | ||
| kind: user | ||
| version: v2 | ||
| metadata: | ||
| name: teleport-plugin-email | ||
| spec: | ||
| roles: | ||
| - teleport-plugin-email | ||
| ``` | ||
| You can either create the user and the roles by putting the YAML above into a file and issuing the following command (you must be logged in with `tsh`): | ||
|
|
||
| ``` | ||
| tctl create user.yaml | ||
| ``` | ||
| or by navigating to the Teleport Web UI under `https://<yourserver>/web/users` and `https://<yourserver>/web/roles` respectively. You'll also need to create a password for the user by either clicking `Options/Reset password...` under `https://<yourserver>/web/users` on the UI or issuing `tctl users reset teleport-plugin-email` in the command line. | ||
| The next step is to create an identity file, which contains a private/public key pair and a certificate that'll identify us as the user above. To do this, log in with the newly created credentials and issue a new certificate (525600 and 8760 are both roughly a year in minutes and hours respectively): | ||
| ``` | ||
| tsh login --proxy=proxy.example.com --auth local --user teleport-plugin-email --ttl 525600 | ||
| ``` | ||
| ``` | ||
| tctl auth sign --user teleport-plugin-email --ttl 8760h --out teleport-plugin-email-identity | ||
| ``` | ||
| Alternatively, you can execute the command above on one of the `auth` instances/pods. | ||
| The last step is to create the secret. The following command will create a Kubernetes secret with the name `teleport-plugin-email-identity` with the key `auth_id` in it holding the contents of the file `teleport-plugin-email-identity`: | ||
| ``` | ||
| kubectl create secret generic teleport-plugin-email-identity --from-file=auth_id=teleport-plugin-email-identity | ||
| ``` | ||
| ### Installing the plugin | ||
| ``` | ||
| helm repo add teleport https://charts.releases.teleport.dev/ | ||
| ``` | ||
| ```shell | ||
| helm install teleport-plugin-email teleport/teleport-plugin-email --values teleport-plugin-email-values.yaml | ||
| ``` | ||
|
|
||
| Example `teleport-plugin-email-values.yaml` for using MailGun: | ||
|
|
||
| ```yaml | ||
| teleport: | ||
| address: teleport.example.com:443 | ||
| identitySecretName: teleport-plugin-email-identity | ||
|
|
||
| mailgun: | ||
| enabled: true | ||
| domain: sandboxbd81caddef744a69be0e5b544ab0c3bd.mailgun.org | ||
| privateKey: supersecretprivatekey | ||
|
|
||
| roleToRecipients: | ||
| '*': ["[email protected]"] | ||
| ``` | ||
| Alternatively, you can pass arguments from the command line (useful for one-liners or scripts): | ||
| ``` | ||
| helm install teleport-plugin-email teleport/teleport-plugin-email \ | ||
| --set 'teleport.address=teleport.example.com:443' \ | ||
| --set 'teleport.identitySecretName=teleport-plugin-email-identity' \ | ||
| --set 'mailgun.enabled=true' \ | ||
| --set 'mailgun.domain=sandboxbd81caddef744a69be0e5b544ab0c3b'd.mailgun.org \ | ||
| --set 'mailgun.privateKey=supersecretprivatekey' \ | ||
| --set 'roleToRecipients.*[email protected]' | ||
| ``` | ||
|
|
||
| See [Settings](#settings) for more details. | ||
|
|
||
| ## Settings | ||
| ## Values | ||
|
|
||
| The following values can be set for the Helm chart: | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,133 +4,9 @@ This chart sets up and configures a Deployment for the Access Request Jira plugi | |
|
|
||
| ## Installation | ||
|
|
||
| ### Prerequisites | ||
| See the [Access Requests with JIRA guide](https://goteleport.com/docs/access-controls/access-request-plugins/ssh-approval-jira/). | ||
|
|
||
| First, you'll need to create a Teleport user and role for the plugin. The following file contains a minimal user that's needed for the plugin to work: | ||
|
|
||
| ```yaml | ||
| --- | ||
| kind: role | ||
| version: v6 | ||
| metadata: | ||
| name: teleport-plugin-jira | ||
| spec: | ||
| allow: | ||
| logins: | ||
| - teleport-plugin-jira | ||
| rules: | ||
| - resources: | ||
| - access_request | ||
| verbs: | ||
| - list | ||
| - read | ||
| - update | ||
| options: | ||
| forward_agent: false | ||
| max_session_ttl: 8760h0m0s | ||
| port_forwarding: false | ||
| --- | ||
| kind: user | ||
| version: v2 | ||
| metadata: | ||
| name: teleport-plugin-jira | ||
| spec: | ||
| roles: | ||
| - teleport-plugin-jira | ||
| ``` | ||
| You can either create the user and the roles by putting the YAML above into a file and issuing the following command (you must be logged in with `tsh`): | ||
|
|
||
| ``` | ||
| tctl create user.yaml | ||
| ``` | ||
| or by navigating to the Teleport Web UI under `https://<yourserver>/web/users` and `https://<yourserver>/web/roles` respectively. You'll also need to create a password for the user by either clicking `Options/Reset password...` under `https://<yourserver>/web/users` on the UI or issuing `tctl users reset teleport-plugin-jira` in the command line. | ||
| The next step is to create an identity file, which contains a private/public key pair and a certificate that'll identify us as the user above. To do this, log in with the newly created credentials and issue a new certificate (525600 and 8760 are both roughly a year in minutes and hours respectively): | ||
| ``` | ||
| tsh login --proxy=teleport.example.com --auth local --user teleport-plugin-jira --ttl 525600 | ||
| ``` | ||
| ``` | ||
| tctl auth sign --user teleport-plugin-jira --ttl 8760h --out teleport-plugin-jira-identity | ||
| ``` | ||
| Alternatively, you can execute the command above on one of the `auth` instances/pods. | ||
| The last step is to create the secret. The following command will create a Kubernetes secret with the name `teleport-plugin-jira-identity` with the key `auth_id` in it holding the contents of the file `teleport-plugin-jira-identity`: | ||
| ``` | ||
| kubectl create secret generic teleport-plugin-jira-identity --from-file=auth_id=teleport-plugin-jira-identity | ||
| ``` | ||
| ### Attaching the certificate | ||
| You'll need both a certificate and it's private key to secure the WebHook connections coming from Jira Server or Jira Cloud. Once you have them, create a Kubernetes secret similar to the one below: | ||
| ```yaml | ||
| apiVersion: v1 | ||
| kind: Secret | ||
| type: kubernetes.io/tls | ||
| metadata: | ||
| name: teleport-plugin-jira-tls | ||
| data: | ||
| tls.crt: LS0... | ||
| tls.key: LS0... | ||
| ``` | ||
|
|
||
| Make sure you apply base64 on the value (or use Kubernetes Secret's `stringData` field instead of `data`). | ||
|
|
||
| ### Installing the plugin | ||
|
|
||
| ``` | ||
| helm repo add teleport https://charts.releases.teleport.dev/ | ||
| ``` | ||
|
|
||
| ```shell | ||
| helm install teleport-plugin-jira teleport/teleport-plugin-jira --values teleport-plugin-jira-values.yaml | ||
| ``` | ||
|
|
||
| Example `teleport-plugin-jira-values.yaml`: | ||
|
|
||
| ```yaml | ||
| teleport: | ||
| address: teleport.example.com:443 | ||
| identitySecretName: teleport-plugin-jira-identity | ||
|
|
||
| jira: | ||
| url: "https://jira.example.net" | ||
| username: "[email protected]" | ||
| apiToken: "exampleapitoken" | ||
| project: "REQS" | ||
| issueType: "Task" | ||
|
|
||
| http: | ||
| publicAddress: "teleport-plugin-jira.example.com" | ||
| tlsFromSecret: "teleport-plugin-jira-tls" | ||
| # Uncomment and change the following lines if your secret is structured | ||
| # differently then the example above | ||
| # tlsKeySecretPath: "tls.key" | ||
| # tlsCertSecretPath: "tls.crt" | ||
|
|
||
| basicAuth: | ||
| user: "basicauthuser" | ||
| password: "basicauthpassword" | ||
|
|
||
| # Uncomment the following line on AWS | ||
| # chartMode: "aws" | ||
| ``` | ||
|
|
||
| Make sure you protect the endpoint by setting a strong basic auth password in the `http` section! | ||
|
|
||
| See [Settings](#settings) for more details. | ||
|
|
||
| ### Set up the Jira project | ||
|
|
||
| [Follow these instructions](https://goteleport.com/docs/enterprise/workflow/ssh-approval-jira-cloud/#setting-up-your-jira-project) to set up a Jira project for the incoming access requests. | ||
|
|
||
| ## Settings | ||
| ## Values | ||
|
|
||
| The following values can be set for the Helm chart: | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,91 +4,7 @@ This chart sets up and configures a Deployment for the Access Request Mattermost | |
|
|
||
| ## Installation | ||
|
|
||
| ### Prerequisites | ||
|
|
||
| First, you'll need to create a Teleport user and role for the plugin. The following file contains a minimal user that's needed for the plugin to work: | ||
|
|
||
| ```yaml | ||
| --- | ||
| kind: role | ||
| version: v6 | ||
| metadata: | ||
| name: teleport-plugin-mattermost | ||
| spec: | ||
| allow: | ||
| logins: | ||
| - teleport-plugin-mattermost | ||
| rules: | ||
| - resources: | ||
| - access_request | ||
| verbs: | ||
| - list | ||
| - read | ||
| - update | ||
| options: | ||
| forward_agent: false | ||
| max_session_ttl: 8760h0m0s | ||
| port_forwarding: false | ||
| --- | ||
| kind: user | ||
| version: v2 | ||
| metadata: | ||
| name: teleport-plugin-mattermost | ||
| spec: | ||
| roles: | ||
| - teleport-plugin-mattermost | ||
| ``` | ||
| You can either create the user and the roles by putting the YAML above into a file and issuing the following command (you must be logged in with `tsh`): | ||
|
|
||
| ```console | ||
| tctl create user.yaml | ||
| ``` | ||
|
|
||
| or by navigating to the Teleport Web UI under `https://<yourserver>/web/users` and `https://<yourserver>/web/roles` respectively. You'll also need to create a password for the user by either clicking `Options/Reset password...` under `https://<yourserver>/web/users` on the UI or issuing `tctl users reset teleport-plugin-mattermost` in the command line. | ||
|
|
||
| The next step is to create an identity file, which contains a private/public key pair and a certificate that'll identify us as the user above. To do this, log in with the newly created credentials and issue a new certificate (525600 and 8760 are both roughly a year in minutes and hours respectively): | ||
|
|
||
| ```console | ||
| tsh login --proxy proxy.example.com --auth local --user teleport-plugin-mattermost --ttl 525600 | ||
| ``` | ||
|
|
||
| ```console | ||
| tctl auth sign --user teleport-plugin-mattermost --ttl 8760h --out teleport-plugin-mattermost-identity | ||
| ``` | ||
|
|
||
| Alternatively, you can execute the command above on one of the `auth` instances/pods. | ||
|
|
||
| The last step is to create the secret. The following command will create a Kubernetes secret with the name `teleport-plugin-mattermost-identity` with the key `auth_id` in it holding the contents of the file `teleport-plugin-mattermost-identity`: | ||
|
|
||
| ```console | ||
| kubectl create secret generic teleport-plugin-mattermost-identity --from-file=auth_id=teleport-plugin-mattermost-identity | ||
| ``` | ||
|
|
||
| ### Installing the plugin | ||
|
|
||
| ```console | ||
| helm repo add teleport https://charts.releases.teleport.dev/ | ||
| ``` | ||
|
|
||
| ```console | ||
| helm install teleport-plugin-mattermost teleport/teleport-plugin-mattermost --values teleport-plugin-mattermost-values.yaml | ||
| ``` | ||
|
|
||
| Example `teleport-plugin-mattermost-values.yaml`: | ||
|
|
||
| ```yaml | ||
| teleport: | ||
| address: teleport.example.com:443 | ||
| identitySecretName: teleport-plugin-mattermost-identity | ||
| mattermost: | ||
| url: https://mattermost.example.com/ | ||
| token: mattermosttoken | ||
| recipients: [[email protected], "#example-channel"] | ||
| ``` | ||
|
|
||
| See [Settings](#settings) for more details. | ||
| See the [Access Requests with Mattermost guide](https://goteleport.com/docs/access-controls/access-request-plugins/ssh-approval-mattermost/). | ||
|
|
||
| ## Settings | ||
|
|
||
|
|
||
Oops, something went wrong.