Skip to content

Providing teleport SSH access on the basis of node labels #7424

Answered by stevenGravy
AryanSemwal asked this question in Q&A
Discussion options

You must be logged in to vote

Hi @AryanSemwal you would provide a role and assign that to the user as the example below. Change the login as needed. Provided that's their only role they would not get access to the env: prod automatically. You can also add a deny configuration so that even if they can see all other nodes they would not have access to nodes with the env: prod label.

kind: role
version: v3
metadata:
  name: dev
spec:
  allow:
    logins: ['ubuntu']
    node_labels:
      'env': 'dev'

Replies: 1 comment 1 reply

Comment options

You must be logged in to vote
1 reply
@AryanSemwal
Comment options

Answer selected by AryanSemwal
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
2 participants