Teleport 16: Advancing Infrastructure Defense in Depth with Device Trust, MFA, and VNET
Jul 25
Virtual
Register Today
Teleport logo

Teleport Blog - Teleport at KubeCon + CloudNativeCon Europe 2023 - Mar 24, 2023

Teleport at KubeCon + CloudNativeCon Europe 2023

Kubernetes Defence

With April fast approaching, we’re eagerly anticipating one of our favorite conferences, KubeCon + CloudNativeCon Europe 2023. With the event hosted this year in beautiful Amsterdam, we’re excited to mingle with the community, learn more about Kubernetes, and as the event website puts it, “to further the education and advancement of cloud native computing.”

If you're planning on attending in-person, we'd love to meet you and even share with you how Teleport, an open source and CNCF member project, might better serve to secure your Kubernetes infrastructure, while also putting more smiles on the faces of your engineers. But while I have your attention now, let me share a few of our benefits.

Centralized Kubernetes infrastructure

Teleport lets your team consolidate access to your Kubernetes clusters, regardless of cloud environment or amount. Teleport can support thousands of Kubernetes clusters connected to one proxy, with your developers only needing to authenticate to Teleport for complete access to all their authorized resources. This creates a more efficient workflow and frictionless experience.

The authorization of infrastructure is managed by Teleport’s RBAC system which enables fine-grained control over who can access resources in your infrastructure as well as what they can do with it, including per-pod RBAC, just released in Teleport 12.

Sounds great, but I can hear a good security-minded engineer ask, "If all infrastructure can be managed in one place, is this actually safe?"

Good question…

Teleport identity-native access

Rather than using shared secrets like passwords and keys, Teleport assigns a cryptographically validated identity to all engineers and machines. So when your engineers log into the Teleport proxy, they do so by means of secure biometrics to assure that each user truly matches their identity.

In addition, the Teleport identity-native access proxy isn’t reliant on a network, or perimeter, or VPN to keep bad guys out, but instead is actually internet-facing so organizations can do actual Zero Trust.

Your Kubernetes engineers need only to authenticate to find themselves presented with specific clusters that they are authorized to interact with. Once authenticated, they can continue using kubectl to access clusters as usual.

Just-in-time privilege escalation

And what about admin access? Everyone wants to be an admin, right? Well, the principle of least privilege begs to differ. At Teleport, we realize that the need for privileged access is usually a temporary one. Thus, Teleport offers Just-in-time access requests allowing developers, DevOps engineers, or other technologists to request temporary access to any resource or role, depending on need, removing any justification for super-privileged accounts. Requests can be approved quickly with tools already in place like Slack or PagerDuty, or you can implement your own approval flow using the Teleport API.

Visibility and audits

Another key component of access in general, and specifically with Teleport, is auditing. Audit logs are a critical component of any Kubernetes cluster to maintain proper security and compliance. Teleport provides this functionality out of the box with audit logs of user sessions and access events for Kubernetes clusters across all environments. In addition, every kubectl session is recorded for future playback! Sorry Larry, we know it was you who deleted the stateful sets.

man hitting delete button
man hitting delete button
Figure: Gif from giphy.com

Easy deployment

Enrolling a Kubernetes cluster in Teleport is as simple as following the built-in Teleport wizard that walks you step-by-step through deploying the Teleport kube-agent onto your cluster via our Helm chart. If you're using a cloud-managed Kubernetes cluster like AWS EKS or Google Cloud’s GKE, Teleport can be configured for Auto-Discovery where clusters can be enrolled (and unenrolled) automatically. Once kube-agents are deployed, developers can quickly log into different clusters and issue kubectl commands as they normally do day-to-day.

Come meet us at KubeCon EU 2023

There is much more we can mention here, but why not just come see us in the Netherlands, in person, at the Cloud Native Computing Foundation’s flagship conference, KubeCon EU 2023? We'll be happy to share some of our new features like pod-level RBAC and device trust, as well as other defining offerings like our many compliance standards (SOC2, FedRAMP, HIPAA, etc.) and secure CI/CD automation with Machine ID.

So make a note to come say hi to us from April 19th through the 21st!

Our booth number is P2. We'll be sure to have tons of free swag there as well!

Join us for an evening of Late Night DevApps & Brews on April 19th at 6:30pm. RSVP here

See you then!

Tags

Teleport Newsletter

Stay up-to-date with the newest Teleport releases by subscribing to our monthly updates.

background

Subscribe to our newsletter

PAM / Teleport