teleport

mirror of https://github.com/gravitational/teleport synced 2024-10-19 16:53:57 +00:00

History

Gus Luxton ee70d8a940 integration: Add teletest namespace and instructions for Kubernetes tests (#7447 )		2021-07-09 15:09:23 -07:00
..
ci-teleport.yaml	integration: Add teletest namespace and instructions for Kubernetes tests (#7447 )	2021-07-09 15:09:23 -07:00
README.md	integration: Add teletest namespace and instructions for Kubernetes tests (#7447 )	2021-07-09 15:09:23 -07:00

README.md

Generating a ServiceAccount to use for Teleport integration tests

This should be done on a 'clean' k8s cluster i.e. one that doesn't already have Teleport installed for Kubernetes forwarding (and doesn't require it), as we delete the default Teleport ClusterRole and ClusterRoleBinding for security.

# Check out the Teleport repo and change dir to it
git clone https://github.com/gravitational/teleport
cd teleport

# generate a ServiceAccount using the get-kubeconfig script
TELEPORT_NAMESPACE="ci-teleport" examples/k8s-auth/get-kubeconfig.sh

# copy the generated kubeconfig, then add it to CI as a secret (out of band)
mv kubeconfig INTEGRATION_CI_KUBECONFIG

# add the additional required RBAC fixtures
kubectl create -f fixtures/ci-teleport-rbac/ci-teleport.yaml

# remove the additional teleport permissions that were added by the get-kubeconfig script
# (as these are not needed for CI, we can remove them for greater security)
kubectl delete clusterrole/teleport-role
kubectl delete clusterrolebinding/teleport-crb