{{- $mainClusterRoot := include "teleport.fullname" . -}}
{{- $mainClusterName := .Values.mainClusterName -}}
{{- $mainClusterDomain := .Values.cloudflare.domain -}}
{{- $mainClusterNodeRoot := printf ("%s-%s") $mainClusterRoot $mainClusterName -}}
{{- $mainClusterDNS := printf ("%s.%s") $mainClusterNodeRoot $mainClusterDomain -}}
{{- $mainClusterPort := .Values.service.ports.proxyweb.port -}}
{{- if contains "LoadBalancer" .Values.service.type -}}
{{- $mainClusterProxyAddress := printf ("%s:%v") $mainClusterDNS $mainClusterPort -}}
You can access the main cluster's web UI at https://{{ $mainClusterProxyAddress }}
{{- if not (eq (index .Values.extraClusterNames 0) "") }}

The following extra clusters/nodes have been added as trusted:

{{- $root := . -}}
{{- range .Values.extraClusterNames -}}
{{- $trustedClusterRoot := include "teleport.fullname" $root -}}
{{- $trustedClusterName := . -}}
{{- $trustedClusterDomain := $root.Values.cloudflare.domain -}}
{{- $trustedClusterNodeRoot := printf ("%s-%s") $trustedClusterRoot $trustedClusterName -}}
{{- $trustedClusterDNS := printf ("%s.%s") $trustedClusterNodeRoot $trustedClusterDomain -}}
{{- $trustedClusterPort := $root.Values.service.ports.proxyweb.port -}}
{{- $trustedClusterProxyAddress := printf ("%s:%v") $trustedClusterDNS $trustedClusterPort }}
- {{ $trustedClusterDNS }} (Web UI: https://{{ $trustedClusterProxyAddress }})
{{- end -}}
{{- end }}

You can log into the main cluster with tsh using the following command:
$ tsh --proxy={{ $mainClusterProxyAddress }} login

List the available nodes like this:
$ tsh ls

List clusters:
$ tsh clusters

SSH into a main cluster node with something like this:
$ tsh ssh root@{{ $mainClusterNodeRoot }}-node-0
{{- if not (eq (index .Values.extraClusterNames 0) "") }}

You can also SSH to nodes in trusted clusters in a similar manner:
{{- $root := . -}}
{{- range .Values.extraClusterNames -}}
{{- $trustedClusterRoot := include "teleport.fullname" $root -}}
{{- $trustedClusterName := . -}}
{{- $trustedClusterDomain := $root.Values.cloudflare.domain -}}
{{- $trustedClusterNodeRoot := printf ("%s-%s") $trustedClusterRoot $trustedClusterName -}}
{{- $trustedClusterDNS := printf ("%s.%s") $trustedClusterNodeRoot $trustedClusterDomain }}
$ tsh ssh --cluster={{ $trustedClusterDNS }} root@{{ $trustedClusterNodeRoot }}-node-0
{{- end -}}
{{- end -}}
{{- else -}}
{{- $minikubeIP := .Values.minikubeIP -}}
{{- $mainClusterPort := .Values.nodePort.ports.proxyweb.nodePort -}}
{{- $mainClusterProxyAddress := printf ("%s:%v") $minikubeIP $mainClusterPort -}}
You can access the main cluster's web UI at https://{{ $mainClusterProxyAddress }}

You should 'kubectl exec' into the auth pod and create a local user manually.

You can log into the main cluster with tsh using the following command
$ tsh --proxy={{ $mainClusterProxyAddress }} login --insecure --auth=local

List the available nodes like this:
$ tsh ls

List clusters:
$ tsh clusters

SSH into a main cluster node with something like this:
$ tsh ssh root@{{ $mainClusterNodeRoot }}-node-0
{{- end }}

For more information on Teleport, visit https://gravitational.com/teleport/docs/quickstart
