Which remote access methods are supported in Gravity community edition?

Using the community edition of Gravity (6.x + ), how can I setup a remote set of users who access the cluster via Kubectl? I’d like users tied to serviceaccounts and using tokens or certs but i’m open to alternative ways. I haven’t been successful in this yet.

[EDIT] I’ve now been successful adding a @teleadmin user along with teleport (tsh) on a remote port to create an admin user. There is also another role called “admin” which is allowed by gravity community edition but it’s not clear the different between “admin” and “@teleadmin”.

I’m interested in using non-teleport methods of access, namely tying serviceaccounts to remote users. Is this supported?

Thanks

Hey @mmellin,

admin role is the default teleport role which is created due to gravity embedding teleport. As you’ve done, you should use @teleadmin role in gravity as that has privileged permissions for gravity clusters.

Is there anyway around Gravity to leverage standard RBAC practices whereby a remote API caller is tied to permissions based on a service account? How does one access the API server remotely without Teleport?

1 Like