You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to enable database access via Teleport with the CloudNativePG Kubernetes Operator (CNPG).
As far as I understand, the CNPG basically supports two modes for handling certificates. a) Either it manages all certificates itself or b) an external CA must provide certificates for all components.
The most promising approach seems to me to be the one according to a). I would then have to extend the clientCASecret from the CNPG with the client-db.ca from Teleport so that the teleport agent can log into the postgres cluster. This concept was also mentioned in another discussion. Unfortunately, I have not yet found a simple solution to automate this. This is a problem because the client certs are regularly rotated by the CNPG and this may then break the replication of the cluster.
Are there already sustainable solutions for integrating Teleport with the CNPG Operator?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
I would like to enable database access via Teleport with the CloudNativePG Kubernetes Operator (CNPG).
As far as I understand, the CNPG basically supports two modes for handling certificates. a) Either it manages all certificates itself or b) an external CA must provide certificates for all components.
The most promising approach seems to me to be the one according to a). I would then have to extend the clientCASecret from the CNPG with the client-db.ca from Teleport so that the teleport agent can log into the postgres cluster. This concept was also mentioned in another discussion. Unfortunately, I have not yet found a simple solution to automate this. This is a problem because the client certs are regularly rotated by the CNPG and this may then break the replication of the cluster.
Are there already sustainable solutions for integrating Teleport with the CNPG Operator?
Beta Was this translation helpful? Give feedback.
All reactions