Basic Bastion
Note
This chart has been replaced by Secure Remote Access Bastion
The Akeyless Basic Bastion provides Secure Remote Access to resources using Akeyless Just In Time credentials (dynamic secrets and SSH certificates).
This chart bootstraps an Akeyless Basic Bastion deployment on a Kubernetes cluster using the Helm package manager.
To spin an Akeyless Basic Bastion using docker please refer to the last section on this page.
Prerequisites
-
Horizonal Auto-Scaling
-
Helm Installed
-
K8s Installed
Network
Currently, when using DB application (mysql, mongodb.mssql) via the Basic Bastion, it'll only work properly when using load balancer with "sticky" session:
-
Ingress - Make sure to use sticky session annotation, for example nginx.ingress.kubernetes.io/affinity: "cookie" in Nginx
-
Cloud Provider LB - Make sure to config the LB to support sticky session, for example is AWS, using ELB: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html
Note:
To enable Secure Remote Access features you will have to get an access-key to Akeyless private repository. Please contact your Account Manager for more details.
Installing the Chart
Add Akeyless helm charts repository to your Helm repository list:
helm repo add akeyless https://akeylesslabs.github.io/helm-charts
helm repo update
The values.yaml file holds default values, copy the file from:
https://github.com/akeylesslabs/helm-charts/tree/main/charts/akeyless-zero-trust-bastion
Or run the following helm command to generate the values file:
helm show values akeyless/akeyless-zero-trust-bastion > values.yaml
And replace the values with the ones from your environment where needed.
The following parameters are mandatory:
Parameter | Default Value | Info |
---|---|---|
dockerRepositoryCreds | N\A | Credentials to access Akeyless internal image |
apiGatewayURL | https://rest.akeyless.io | A full URL of Akeyless Gateway. |
privilegedAccess | N\A | Optional credentials for zero-trust access: if provided, it is possible for end users to have only "list" permissions on Akeyless item. Currently supported AWS IAM. |
allowedAccessIDs | [ ] | Limit access to privileged items only for these end user access ID. If left empty, all access Id are allowed |
Install the chart:
helm install <RELEASE NAME> akeyless/akeyless-zero-trust-bastion -f values.yaml
Verify that the Basic Bastion pod is up and running.
Installing Basic Bastion via Docker
Akeyless Basic bastion can be deployed via docker:
docker run -d -p 8888:8888 \
-e AKEYLESS_URL=https://api.akeyless.io \
-e PRIVILEGED_ACCESS_ID=<Access ID>\
-e PRIVILEGED_ACCESS_KEY=<Access Key>\
--name zero_trust_bastion \
akeyless/zero-trust-bastion
Updated 3 months ago