Open klizhentas opened 5 years ago
This doesn't actually work as described, see #3376
Also see #3402
I'm going to remove from the 4.3 milestone as it looks like it needs more testing / bug fixing.
I've edited the Trusted Clusters guide to act as more of a step-by-step tutorial (https://github.com/gravitational/teleport/pull/10708), focusing on Server Access. Should we include a separate Trusted Clusters guide for Kubernetes that includes multiple Kubernetes clusters? It might even be worthwhile to add a separate section to the docs related to Trusted Clusters, rather than including all Trusted Cluster-related information in the same guide.
Description
New feature allows remote cluster to reference the kubernetes groups coming from the roles of the main cluster in the trusted clusters configuration.
For example, main cluster can have a user with a role 'main' and kubernetes groups:
and SSH logins:
Remote cluster can choose to map this 'main' cluster to it's own: 'remote-admin' cluster in the trusted cluster config:
The role 'remote-admin' of the remote cluster can now be templated to use the main cluster role main logins and kubernetes_groups using variables:
This is possible because teleport now encodes both values in X509 certificate metadata and remote cluster passes these values as 'internal' traits to the template engine.