TeleportLock
This guide is a comprehensive reference to the fields in the TeleportLock
resource, which you can apply after installing the Teleport Kubernetes operator.
resources.teleport.dev/v2
apiVersion: resources.teleport.dev/v2
| Field | Type | Description |
|---|---|---|
| apiVersion | string | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
| kind | string | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| metadata | object | |
| spec | object | Lock resource definition v2 from Teleport |
spec
| Field | Type | Description |
|---|---|---|
| created_at | string | CreatedAt is the date time that the lock was created. |
| created_by | string | CreatedBy is the username of the author of the lock. |
| expires | string | Expires if set specifies when the lock ceases to be in force. |
| message | string | Message is the message displayed to locked-out users. |
| target | object | Target describes the set of interactions that the lock applies to. |
spec.target
| Field | Type | Description |
|---|---|---|
| access_request | string | AccessRequest specifies the UUID of an Access Request. |
| bot_instance_id | string | BotInstanceID is the bot instance ID if this is a bot identity and is ignored otherwise. |
| device | string | Device is the device ID of a trusted device. Requires Teleport Enterprise. |
| join_token | string | JoinToken is the name of the join token used when this identity originally joined. This is only valid for bot identities, and cannot be used to target token-joined bots. |
| login | string | Login specifies the name of a local UNIX user. |
| mfa_device | string | MFADevice specifies the UUID of a user MFA device. |
| role | string | Role specifies the name of an RBAC role known to the root cluster. In remote clusters, this constraint is evaluated before translating to local roles. |
| server_id | string | ServerID is the host id of the Teleport instance. |
| user | string | User specifies the name of a Teleport user. |
| windows_desktop | string | WindowsDesktop specifies the name of a Windows desktop. |
Was this page helpful?