In our quest to automate most of the components of our infrastructure, we’ve set up CI/CD pipelines to automate the rollout of Teleport servers and their nodes.
As you might know, we use Teleport to access the instances of our (and your) infrastructure. It’s useful to be able to troubleshoot problems or to access private databases and services via an SSH tunnel.
Up until today, our Teleport setup was partially automated via Terraform, but as of now, there are Concourse pipelines in place that take care of the rollout of new Teleport servers and also update the Teleport version on the connected nodes.
The update of the actual Teleport server requires a replacement of the underlying EC2 instance, which might incur in a downtime of a couple of minutes, until the new instance is up. On the other hand, the update of the nodes is done in place, without any downtime or impact on your workloads.
When an update takes place, you might see new sessions being made to your Teleport instances, comming from the concourse user. That’s expected and nothing to worry about, it’s our CI/CD accessing the instances to actually update the Teleport binary.