Extending Teleport Using Rundeck and Slack APIs

Qwilt is a CDN provider that helps carriers reduce the impact of video traffic and improve the quality of service. Their tool allows you to build and operate a new delivery layer at the true edge of your network, enabling service providers to create radical content and application delivery solutions. Their universal video delivery solution, transparent caching, and analytics help accelerate the pace and streaming of live video and VOD (video on demand) broadcasts and reduce latency.

Qwilt's Teleport use case

The team at Qwilt uses Teleport to access all of their caching nodes in a secure way, to quickly approve access requests, and to maintain a detailed audit log. With their setup, Qwilt engineers are able to securely connect to their Kubernetes clusters via Teleport and by making use of their SSO provider, Okta.

Extending Teleport with Slack approval workflow

Qwilt uses the official Teleport Slack plugin for infrastructure access requests.

Senior Site Reliability Engineer, Tomer Tcherniak, said: “I wanted to reduce some load on my work. So I did a lot of automation in Slack in order to provide the users the ability to see the status in Teleport without logging in. So, if you would like to see which users are connected, if you would like to delete users who are connected, if you would like to approve access requests, etc., this is important.”

As an example of one way the Qwilt team connects Teleport + Slack, they monitor nodes using a Slack webhook. Every time Puppet runs, it will check if there is an error, and the status will be shared in a specific Slack channel. With this setup, you can see activity like when a user approves an open request, which users are connected, incoming access requests, etc.

This setup lets the team carefully control and monitor access without slowing down their team.

Extending Teleport with Rundeck

Rundeck is an open-source, runbook automation platform. With Qwilt's setup, Rundeck is connected directly to Teleport and lists all the nodes which are found in Teleport dynamically and automatically. With Teleport and Rundeck, the Qwilt team can run jobs on remote machines, can do parallel execution commands on the remote machines, and get detailed auditing. They are syncing both the nodes and the policies.

With Teleport, Qwilt has super-granular control over access. They can choose which roles to connect, which roles to sync, and the nodes themselves are also synced. For example, if you select a node that is found in Rundeck, you can connect to that node via the runbook and Teleport integration.

It can be particularly helpful to use Rundeck and Teleport side-by-side in a couple of situations:

1. When you have a lot of servers and you would like to control the configuration.
2. When there are many connected users and they are running a lot of batch requests to the clusters.

Conclusion

Qwilt uses Teleport to maintain secure, flexible infrastructure access. Their unique use of Slack and Rundeck adds an additional layer of fine-grained control over access to specific nodes and groups of nodes, and helps to streamline the flow of information and shorten the turnaround time on access requests.