{"token_count": 1986} # Configure Teleport Teleport supports two ways to configure a cluster: - **Static configuration file:** At startup, a Teleport process reads a configuration file from the local filesystem (the default path is `/etc/teleport.yaml`). Static configuration settings control aspects of a specific instance of a service, such as the Teleport Auth Service, Teleport Proxy Service, or a single Teleport Agent. - **Dynamic resources:** Dynamic resources control aspects of your cluster that are likely to change over time, such as roles, local users, and Teleport-protected infrastructure resources. Dynamic resources do not configure specific services, but rather the cluster as a whole. Use static configuration if you want to configure the services that run in your cluster, including cluster-wide options that you do not expect to change very often. For day-to-day configuration updates, such as new Teleport roles, you likely need a dynamic resource. ![The Teleport Auth Service stores dynamic resources on its cluster state backend, and clients can authenticate to the Auth Service to read or write dynamic resources, depending on their permissions. Infrastructure as code tools can authenticate to a Teleport cluster to manage dynamic resources.](/docs/assets/images/dynamic-resources-56fe87d0cffa718b26d6ded28e85031e.png) ### Static configuration Learn how to add a static configuration file for a specific Teleport service. #### [Teleport Agents](https://goteleport.com/docs/ver/19.x/enroll-resources.md) Teleport Agents proxy connections to and from infrastructure like servers and databases. See how to get started configuring each Teleport Agent service. - [Teleport Application Service](https://goteleport.com/docs/ver/19.x/enroll-resources/application-access/getting-started.md) - [Teleport Database Service](https://goteleport.com/docs/ver/19.x/enroll-resources/database-access/getting-started.md) - [Teleport Desktop Service](https://goteleport.com/docs/ver/19.x/enroll-resources/desktop-access/getting-started.md) - [Teleport Kubernetes Service](https://goteleport.com/docs/ver/19.x/enroll-resources/kubernetes-access/getting-started.md) - [Teleport SSH Service](https://goteleport.com/docs/ver/19.x/enroll-resources/server-access/getting-started.md) #### [Teleport Control Plane](https://goteleport.com/docs/ver/19.x/installation/self-hosted.md) If you host your own Teleport cluster, learn how to configure the Teleport Auth Service and Proxy Service. - [High Availability Cluster](https://goteleport.com/docs/ver/19.x/installation/self-hosted/deployments/high-availability.md) - [Single-Machine Cluster](https://goteleport.com/docs/ver/19.x/get-started/deploy-community.md) #### [Configuration Reference](https://goteleport.com/docs/ver/19.x/reference/deployment/config.md) Configuration settings for all Teleport services. ### Dynamic configuration tools Teleport provides three methods for managing Teleport with infrastructure as code tools. #### [Teleport Terraform Provider](https://goteleport.com/docs/ver/19.x/configuration/terraform-provider.md) Manage dynamic Teleport resources with Terraform. - [Get started](https://goteleport.com/docs/ver/19.x/configuration/terraform-provider/terraform-getting-started.md) - [Setup guides](https://goteleport.com/docs/ver/19.x/configuration/terraform-provider.md) - [Import Teleport resources](https://goteleport.com/docs/ver/19.x/configuration/terraform-provider/import-existing-resources.md) #### [Teleport Kubernetes Operator](https://goteleport.com/docs/ver/19.x/configuration/teleport-operator.md) Manage Teleport resources directly from Kubernetes using the [operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/). - [Deploy with a cluster](https://goteleport.com/docs/ver/19.x/configuration/teleport-operator/teleport-operator-helm.md) - [Deploy without a cluster](https://goteleport.com/docs/ver/19.x/configuration/teleport-operator/teleport-operator-standalone.md) - [Secret lookup](https://goteleport.com/docs/ver/19.x/configuration/teleport-operator/secret-lookup.md) - [Troubleshooting](https://goteleport.com/docs/ver/19.x/configuration/teleport-operator.md#troubleshooting) #### [tctl client tool](https://goteleport.com/docs/ver/19.x/configuration/using-tctl.md) `tctl``tctl` ### Dynamic resource management guides Follow step-by-step instructions for using Infrastructure as Code tools to manage the most commonly needed Teleport resources. #### [Access Lists](https://goteleport.com/docs/ver/19.x/configuration/resource-guides/access-list.md) Centrally configured assignments of users to roles. #### [Agentless OpenSSH servers](https://goteleport.com/docs/ver/19.x/configuration/resource-guides/agentless-ssh-servers.md) OpenSSH servers registered without the Teleport SSH Service. #### [Kubernetes OIDC joining](https://goteleport.com/docs/ver/19.x/configuration/resource-guides/kubernetes-oidc-join-token.md) Teleport Agents running on Kubernetes that join the cluster with no shared secrets. #### [Login Rules (Kubernetes Operator)](https://goteleport.com/docs/ver/19.x/configuration/resource-guides/login-rules-operator.md) Data transformations for users who authenticate via a single sign-on provider. #### [Login Rules (Terraform Provider)](https://goteleport.com/docs/ver/19.x/configuration/resource-guides/login-rules-terraform.md) Login rules, managed via Terraform. #### [Trusted clusters](https://goteleport.com/docs/ver/19.x/configuration/resource-guides/trusted-cluster.md) Teleport clusters configured to trust users in a root cluster. #### [Users and roles](https://goteleport.com/docs/ver/19.x/configuration/resource-guides/user-and-role.md) Who can authenticate to your Teleport cluster and what permissions they have. ### Dynamic resource references Comprehensive lists of Teleport configuration options. #### [tctl resources](https://goteleport.com/docs/ver/19.x/reference/infrastructure-as-code/teleport-resources.md) `tctl` #### [tctl command reference](https://goteleport.com/docs/ver/19.x/reference/cli/tctl.md) `tctl` #### [Teleport Terraform Provider](https://goteleport.com/docs/ver/19.x/reference/infrastructure-as-code/terraform-provider.md) Comprehensive lists of resource and data source fields available to the Teleport Terraform provider. #### [Teleport Kubernetes Operator](https://goteleport.com/docs/ver/19.x/reference/infrastructure-as-code/operator-resources.md) Comprehensive lists of resources available to the Teleport Kubernetes Operator. #### [Reconciling Static and Dynamic Configuration](https://goteleport.com/docs/ver/19.x/reference/deployment/static-and-dynamic-configuration.md) How Teleport merges overlapping options.