Identity & Access Management (Teleport)
The platform utilizes Teleport as a centralized gateway for secure infrastructure access.
🔒 The Implementation
- Architecture: Teleport runs as a distroless container within the main
docker-composestack. - Exposure: Exposes SSH (3023), Reverse Tunnel (3024), and Auth API (3025) directly to the host for high-performance connectivity.
- Web UI: Routed via Traefik on a dedicated internal subdomain (e.g.,
teleport.internal-tools.local).
✅ Key Learnings
- TLS Offloading: Teleport was configured to disable its internal ACME/TLS because Traefik handles SSL termination at the edge.
- User Enrollment: Automated the creation of initial admin invites via CLI during deployment.
Source: Teleport Integration Walkthrough