Providing teleport SSH access on the basis of node labels #7424
-
How can we provide teleport ssh access to user on the basis of the labels assigned to a particular node? For eg. if we have 2 nodes with labels "env: dev" and "env: prod" respectively, then how can we provide a user SSH access of a node with label "env: dev" but NOT "env: prod". |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Hi @AryanSemwal you would provide a role and assign that to the user as the example below. Change the login as needed. Provided that's their only role they would not get access to the kind: role
version: v3
metadata:
name: dev
spec:
allow:
logins: ['ubuntu']
node_labels:
'env': 'dev' |
Beta Was this translation helpful? Give feedback.
Hi @AryanSemwal you would provide a role and assign that to the user as the example below. Change the login as needed. Provided that's their only role they would not get access to the
env: prod
automatically. You can also add a deny configuration so that even if they can see all other nodes they would not have access to nodes with theenv: prod
label.