Dynamic App Registration
- Version 15.x
- Version 14.x
- Version 13.x
- Version 12.x
- Older Versions
- Available for:
Dynamic app registration allows Teleport administrators to register new apps (or update/unregister existing ones) without having to update the static configuration and restarting Teleport Application Service instances.
To enable dynamic registration, include a
resources section in your Application
Service configuration with a list of resource label selectors you'd like this
service to monitor for registering:
app_service: enabled: "yes" resources: - labels: "*": "*"
You can use a wildcard selector to register all dynamic app resources in the cluster on the Application Service or provide a specific set of labels for a subset:
resources: - labels: "env": "prod" - labels: "env": "test"
Next define an application resource:
kind: app version: v3 metadata: name: example description: "Example app" labels: env: test spec: uri: http://localhost:4321 public_addr: test.example.com
See the full app resource spec reference.
The user creating the dynamic registration needs to have a role with access to the
application labels and the
app resource. In this example role the user can only
create and maintain application services labeled
kind: role metadata: name: dynamicappregexample spec: allow: app_labels: env: test rules: - resources: - app verbs: - list - create - read - update - delete version: v5
To create an application resource, run:
Log in to your cluster with tsh so you can use tctl from your local machine.
You can also run tctl on your Auth Service host without running "tsh login"
first.tsh login --proxy=teleport.example.com --user=myusertctl create app.yaml
After the resource has been created, it will appear among the list of available
tsh apps ls or UI) as long as at least one Application Service
instance picks it up according to its label selectors.
To update an existing application resource, run:
tctl create -f app.yaml
If the updated resource's labels no longer match a particular app agent, it will unregister and stop proxying it.
To delete an application resource, run:
tctl rm app/example