This chart has been replaced by Secure Remote Access Bastion
The Akeyless Basic Bastion provides Secure Remote Access to resources using Akeyless Just In Time credentials (dynamic secrets and SSH certificates).
This chart bootstraps an Akeyless Basic Bastion deployment on a Kubernetes cluster using the Helm package manager.
To spin an Akeyless Basic Bastion using docker please refer to the last section on this page.
Currently, when using DB application (mysql, mongodb.mssql) via the Basic Bastion, it'll only work properly when using load balancer with "sticky" session:
Ingress - Make sure to use sticky session annotation, for example nginx.ingress.kubernetes.io/affinity: "cookie" in Nginx
Cloud Provider LB - Make sure to config the LB to support sticky session, for example is AWS, using ELB: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html
To enable Secure Remote Access features you will have to get an access-key to Akeyless private repository. Please contact your Account Manager for more details.
Add Akeyless helm charts repository to your Helm repository list:
helm repo add akeyless https://akeylesslabs.github.io/helm-charts helm repo update
The values.yaml file holds default values, copy the file from:
Or run the following helm command to generate the values file:
helm show values akeyless/akeyless-zero-trust-bastion > values.yaml
And replace the values with the ones from your environment where needed.
The following parameters are mandatory:
Credentials to access Akeyless internal image
A full URL of Akeyless Gateway.
Optional credentials for zero-trust access: if provided, it is possible for end users to have only "list" permissions on Akeyless item.
Limit access to privileged items only for these end user access ID.
Install the chart:
helm install <RELEASE NAME> akeyless/akeyless-zero-trust-bastion -f values.yaml
Verify that the Basic Bastion pod is up and running.
Akeyless Basic bastion can be deployed via docker:
docker run -d -p 8888:8888 \ -e AKEYLESS_URL=https://api.akeyless.io \ -e PRIVILEGED_ACCESS_ID=<Access ID>\ -e PRIVILEGED_ACCESS_KEY=<Access Key>\ --name zero_trust_bastion \ akeyless/zero-trust-bastion
Updated 2 months ago