Gravitational Teleport docker-compose简单运行

Gravitational Teleport 可以作为堡垒机进行使用，为了测试方便使用docker-compose
运行一个all in one 的demo
备注：官方提供的docker-compose 文件版太旧，而且复杂

环境准备

docker-compose 文件

 
version: '2'

services:

  one:

    image: quay.io/gravitational/teleport:2.7.3

    container_name: one

    mem_limit: 300m

    memswap_limit: 0

    ports:

      - "3080:3080"

      - "3023:3023"

      - "3025:3025"

      - "3024:3024"

    volumes:

      - ./one.yaml:/etc/teleport/teleport.yaml

      - ./data/one:/var/lib/teleport

      - certs:/mnt/shared/certs

    networks:

      teleport:

        ipv4_address: 172.10.1.1

        aliases:

          - one-lb

networks:

  teleport:

    driver: bridge

    ipam:

      driver: default

      config:

      - subnet: 172.10.1.0/16

        ip_range: 172.10.1.0/24

        gateway: 172.10.1.254

volumes:

  certs:

Teleport 配置文件
为了方便，关闭了2f，同时包好的node proxy auth 的role

 
teleport:

  nodename: one

  advertise_ip: 172.10.1.1

  log:

    output: /var/lib/teleport/teleport.log

    severity: INFO

​

  data_dir: /var/lib/teleport

  storage:

      path: /var/lib/teleport/backend

      type: dir

​

auth_service:

  enabled: yes

  authentication:

    type: local

    second_factor: off

  cluster_name: one

  tokens: 

       - "node,auth,proxy:foo"

       - "trustedcluster:bar"

ssh_service:

  enabled: yes

  labels:

      cluster: one

  commands:

      - name: kernel

        command: [/bin/uname, -r]

        period: 5m

proxy_service:

  enabled: yes

运行&&测试

启动

docker-compose up -d
 

添加用户
因为使用的local ，inside 容器

 
tctl users add root

Signup token has been created and is valid for 1 hours. Share this URL with the user:

https://one:3080/web/newuser/f14e192e8adc32a01d1f7ca945225ace

NOTE: Make sure one:3080 points at a Teleport proxy which users can access.