Last active
April 28, 2020 22:51
-
-
Save benarent/0a62bc2605a28ad77b6a0d5957c60b79 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Example resource for a trusted cluster with RBAC | |
| # | |
| # IMPORTANT: only one field (enabled) can be changed after a cluster is created. | |
| # | |
| kind: trusted_cluster | |
| version: v2 | |
| metadata: | |
| # the name used for quick identification of this leaf cluster | |
| name: CAN-WE-AUTOPOPULATE-this. ( e.g. hostname of the leaf cluster ) | |
| spec: | |
| # this field allows to create tunnels that are disabled, but can be enabled later. | |
| # this is the only field that can be changed later. | |
| enabled: true | |
| # the token expected by the "root" cluster: | |
| # This can be a static token from the root cluster https://gravitational.com/teleport/docs/trustedclusters/#static-join-tokens | |
| # or a dynamic token generahted by the root cluster https://gravitational.com/teleport/docs/trustedclusters/#dynamic-join-tokens | |
| token: secret-token-from-root-cluster | |
| # the address in 'host:port' form of the reverse tunnel listening port on the | |
| # "root" proxy server: | |
| tunnel_addr: root-proxy.example.com:3024 | |
| # the address in 'host:port' form of the web listening port on the | |
| # "root" proxy server: | |
| web_proxy_addr: root-proxy.example.com:3080 | |
| # RBAC for trusted clusters: it says that the users who have the role 'admin' | |
| # on a root cluster will be mapped to the local role 'guest' | |
| role_map: | |
| - local: [guest] | |
| remote: admin |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment