Web Access Bastion

Akeyless Web Access Bastion provides Secure Remote Access to any web application with session recording.

Working with isolated browsers provides you a complete zero knowledge for users. i.e. users do not have any knowledge about the access credentials.

This chart bootstraps an Akeyless-Web-Access-Bastion deployment on a Kubernetes cluster using the Helm package manager. This chart has been tested to work with NGINX Ingress and cert-manager.

Prerequisites

Network

When using Embedded browser session behind load balancer such as ELB, the session can be closed due to idle connection timeout, so its advise to increase it to a reasonable high value, or even unlimited.

e.g when running on AWS with ELB: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-idle-timeout.html?icmpid=docs_elb_console

Horizonal Auto-Scaling

Horizontal auto-scaling is based on the HorizonalPodAutoscaler object.
For it to work properly, Kubernetes metrics server must be installed in the cluster - https://github.com/kubernetes-sigs/metrics-server

  • Helm Installed

  • K8s Installed

🚧

Note:

To enable Secure Remote Access features you will have to get an access-key to Akeyless private repository. Please contact your Account Manager for more details.

Installing the Chart

Add Akeyless helm charts repository to your Helm repository list:

helm repo add akeyless https://akeylesslabs.github.io/helm-charts
helm repo update

The values.yaml file holds default values, replace the values with the ones from your environment where needed.

https://github.com/akeylesslabs/helm-charts/tree/main/charts/akeyless-zero-trust-web-access

The following parameters are mandatory:

Parameter

Default

Info

dockerRepositoryCreds

N\A

Required Credentials to access Akeyless private image

apiGatewayURL

https://rest.akeyless.io

Required A full URL of Akeyless API Gateway

listOnlyCredentials

N\A

Non privileged credentials with "List" access. Currently supported only SamlAccessID

privilegedAccess

N\A

Required Credentials for zero-trust access: If provided, it is possible for end users to have only "list" permissions on Akeyless items if privileged credentials have "read" access

allowdAccessIDs

N\A

Mandatory for Isolated mode.

config.policy.Exceptions

"https://*.akeyless.io/*"

Allow isolated access to the listed URL\domains.

Install the chart:

helm install <RELEASE NAME>  akeyless/akeyless-zero-trust-web-access -f values.yaml

Verify that both pods are up and running:

web-worker-deployment
web-dispatcher-deployment


Did this page help you?