Basic Bastion

❗️

Note

This chart has been replaced by Secure Remote Access Bastion

The Akeyless Basic Bastion provides Secure Remote Access to resources using Akeyless Just In Time credentials (dynamic secrets and SSH certificates).

This chart bootstraps an Akeyless Basic Bastion deployment on a Kubernetes cluster using the Helm package manager.

To spin an Akeyless Basic Bastion using docker please refer to the last section on this page.

Prerequisites

  • Horizonal Auto-Scaling

  • Helm Installed

  • K8s Installed

Network
Currently, when using DB application (mysql, mongodb.mssql) via the Basic Bastion, it'll only work properly when using load balancer with "sticky" session:

🚧

Note:

To enable Secure Remote Access features you will have to get an access-key to Akeyless private repository. Please contact your Account Manager for more details.

Installing the Chart

Add Akeyless helm charts repository to your Helm repository list:

helm repo add akeyless https://akeylesslabs.github.io/helm-charts
helm repo update

The values.yaml file holds default values, copy the file from:

https://github.com/akeylesslabs/helm-charts/tree/main/charts/akeyless-zero-trust-bastion

Or run the following helm command to generate the values file:

helm show values akeyless/akeyless-zero-trust-bastion > values.yaml

And replace the values with the ones from your environment where needed.

The following parameters are mandatory:

ParameterDefault ValueInfo
dockerRepositoryCredsN\ACredentials to access Akeyless internal image
apiGatewayURLhttps://rest.akeyless.ioA full URL of Akeyless Gateway.
privilegedAccessN\AOptional credentials for zero-trust access: if provided, it is possible for end users to have only "list" permissions on Akeyless item.
Currently supported AWS IAM.
allowedAccessIDs[ ]Limit access to privileged items only for these end user access ID.
If left empty, all access Id are allowed

Install the chart:

helm install <RELEASE NAME> akeyless/akeyless-zero-trust-bastion -f values.yaml

Verify that the Basic Bastion pod is up and running.

Installing Basic Bastion via Docker

Akeyless Basic bastion can be deployed via docker:

docker run -d -p 8888:8888 \
    -e AKEYLESS_URL=https://api.akeyless.io \
    -e PRIVILEGED_ACCESS_ID=<Access ID>\
    -e PRIVILEGED_ACCESS_KEY=<Access Key>\
    --name zero_trust_bastion \
    akeyless/zero-trust-bastion