How to deploy Teleport on Kubernetes at Scale
J
Justin Brooksjsbroks
Posted: October 24, 20242 min read

In this tutorial, we'll walk through the process of creating a GitHub Action to deploy Teleport on Kubernetes at scale. This automation will streamline your deployment process and ensure consistency across your infrastructure.

Prerequisites

Before we begin, make sure you have the following:

  1. A GitHub repository for your Teleport configuration
  2. Access to a Kubernetes cluster
  3. Teleport configuration files (e.g., teleport.yaml)
  4. Necessary secrets and credentials stored in GitHub Secrets
  5. Connecting it with Ctrlplane

Step 1: Create the GitHub Action Workflow File

First, create a new file in your repository at .github/workflows/deploy-teleport.yml. This file will define our GitHub Action workflow.

name: Deploy Teleport Kube Agent
run-name: Deploy Teleport Kube Agent [${{ inputs.job_id && inputs.job_id || '' }}]

on:
  workflow_dispatch:
    inputs:
      job_id:
        description: "Job ID"
        required: true

jobs:
  deploy:
    runs-on: ubuntu-latest
    permissions:
      contents: "read"
      id-token: "write"
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - id: ctrlplane
        uses: ctrlplanedev/ctrlplane/github/get-job-inputs@main
        with:
          base_url: https://ctrlplane.wandb.io
          job_id: ${{ inputs.job_id }}
          api_key: ${{ secrets.CTRLPLANE_API_KEY }}
          required_outputs: |
            target_config_auth_method
            target_config_server_endpoint
            target_config_server_certificateAuthorityData
            release_version

      - name: Connect to Cluster
        uses: ./github/connect-to-k8s
        with:
          auth_method: ${{ steps.ctrlplane.outputs.target_config_auth_method }}
          endpoint: ${{ steps.ctrlplane.outputs.target_config_server_endpoint }}
          certificate_authority_data: ${{ steps.ctrlplane.outputs.target_config_server_certificateAuthorityData }}

      - name: Set up Helm
        uses: azure/setup-helm@v4.2.0

      - name: Add Teleport Helm Repository
        run: |
          helm repo add teleport https://charts.releases.teleport.dev
          helm repo update

      - name: Create values.yaml
        run: |
          cat << EOF > values.yaml
          roles: kube
          authToken: ${{ secrets.TELEPORT_AUTH_TOKEN }}
          proxyAddr: wandb.teleport.sh:443
          kubeClusterName: ${{ steps.ctrlplane.outputs.target_config_name }}
          labels:
              teleport.internal/resource-id: c61c780e-16aa-4bdd-a410-208a4bf5b108
          enterprise: true
          updater:
              enabled: true
              releaseChannel: "stable/cloud"
          highAvailability:
              replicaCount: 5
              requireAntiAffinity: true
              podDisruptionBudget:
                  enabled: true
                  minAvailable: 5
          EOF

      - name: Helm Apply Teleport Kube Agent
        run: |
          helm upgrade --install teleport-agent teleport/teleport-kube-agent \
            -f values.yaml \
            --version ${{ steps.ctrlplane.outputs.release_version }} \
            --create-namespace \
            --namespace teleport
Ctrlplane - Ship software faster

Developers

GitHub