-
Notifications
You must be signed in to change notification settings - Fork 0
/
standalone-trusted-cluster.yaml
26 lines (26 loc) · 1.19 KB
/
standalone-trusted-cluster.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
kind: trusted_cluster
version: v2
metadata:
# the trusted cluster name MUST match the 'cluster_name' setting of the root cluster.
name: teleport.standalone.svc.cluster.local
spec:
# this field allows to create tunnels that are disabled, but can be enabled later.
# this is the only field that can be changed later.
enabled: true
# the token expected by the "root" cluster:
# This can be a static token from the root cluster https://goteleport.com/docs/trustedclusters/#static-join-tokens
# or a dynamic token generated by the root cluster https://goteleport.com/docs/trustedclusters/#dynamic-join-tokens
token: Zs15b013ba25c99d3454336002cf9b20fb
# the address in 'host:port' form of the reverse tunnel listening port on the
# "root" proxy server:
tunnel_addr: teleport.root-cluster.svc.cluster.local:3024
# the address in 'host:port' form of the web listening port on the
# "root" proxy server:
web_proxy_addr: teleport.root-cluster.svc.cluster.local:443
# RBAC for trusted clusters: it says that the users who have the role 'access'
# on a root cluster will be mapped to the local role 'guest'
role_map:
- local: [access]
remote: editor
- local: [access]
remote: full-admin