Articles
- Mar 13, 2019By Russell JonesHow to restrict SSH sessions to specific commands? How to have a restricted shell for some users? In this article we cover some common ways to answer these questions.
- Mar 1, 2019By Abraham IngersollHow to keep up with Kubernetes releases? Unabated releases of vanilla Kubernetes every three months could continue forever. In this article, we discuss where this pace comes from, how it's a key ingredient in Kubernetes' success and what it means for end-users
- Feb 26, 2019By Russell JonesAn overview of Teleport's SSH certificate authority pinning capability and discussion of how HTTP public key pinning (HPKP) can be used to improve SSH CA user experience.
- Feb 21, 2019By Abraham IngersollThe universe of serverless-wielding software architects and Kubernetes cluster operators has started to collide and, yet again, Google is in the driver's seat. In this article we'll wander down the CNCF's Serverless Landscape in chronological order, quickly discovering that Knative is the sweet mamba jamba of open source lambda competitors.
- Jan 29, 2019By Abraham IngersollIn this post we'll explore K8s community decision making process by looking underneath the hood of the 'kerfluffe' of Google LLC being called out by Samsung SDS engineers for skipping 'graduation criteria' while merging the new 'kustomize' subcommand into upstream 'kubectl'.
- Jan 21, 2019By Alexey Kontsevoy, Russell JonesThe recently discovered xterm.js vulnerability shows how bugs are hard to kill as technology evolves.
- Dec 5, 2018By Abraham IngersollAn overview into CVE-2018-1002105's root cause and a program to test if your clusters are affected
- Oct 3, 2018By Emanuele CaloGKE requires users to have Google Cloud Tools (gcloud) installed. In this post show how to use authenticate with GKE using generic kubeconfig without having to install anything.
- Oct 2, 2018By Ev KontsevoyToday we are announcing the new release of Teleport. This version adds support for Kubernetes protocol, becoming a universal security gateway for both SSH and Kubernetes clusters.
- Sep 14, 2018By Emanuele CaloA brief explanation of a common problem that could happen while creating new Kubernetes clusters with Kubeadm, Flannel and installing the Dashboard tool.
- Jul 27, 2018By Ev KontsevoyThis release of Teleport adds support for scp protocol via a Web UI, brings performance improvements for large clusters and adds more flexibility in configuring your infrastructure for PCI, SOC2, GDPR and other SSH compliance/audit use cases.
- Jul 3, 2018By Kevin NisbetProud new Kubernetes cluster owners are often lulled into a false sense of operational confidence by its consensus database’s glorious simplicity. In this Q&A, we dig into the challenges of in-place upgrades of etcd beneath autonomous Kubernetes clusters running within air-gapped environments.
- Jun 8, 2018By Russell JonesThis post discusses the different approaches that can be taken to gracefully restart an application and provides a working sample that can be used to dig into the details. This post should be interesting to developers and SREs who build and maintain services written in Go.
- Jun 1, 2018By Russell JonesCyber security researches from Cure53 have completed a full security audit of Teleport, the privileged access management layer for SSH and Kubernetes. Here is a brief summary of their findings and links to the full source-assisted penetration test report.
- May 31, 2018By Ev KontsevoyWe are happy to announce the release of v2.6 of Teleport. This is a major release which delivers several important new features. The source code of this release has also gone through a security audit performed by Cure53.
- May 24, 2018By Russell JonesThis post is the first of an ongoing series about interesting issues and bugs that the Teleport team has worked on. This post, about missing SIGINTs and SSH, should be interesting for developers who leverage signal handling in terminal-based applications written in Go.
- Apr 30, 2018By Kevin NisbetWhy using cryptographic hashes doesn't make data anonymous.
- Apr 20, 2018By Russell JonesTechnical deep dive into an RBAC mechanism to restrict access to critical nodes within an OpenSSH cluster.
- Mar 26, 2018By Taylor WakefieldWe review the impact of the GDPR on SaaS vendors and their data collection practices and how it may reduce the operational cost disparity between hosted SaaS and on-prem Private SaaS
- Mar 10, 2018By Ev KontsevoyThis release of Teleport brings easier AWS deployments at scale and includes several usability enhancements.
- Feb 5, 2018By Russell JonesThe Teleport Proxy requires a valid x509 certificate to serve content like the Web UI via HTTPS. In this post we show how to configure the Teleport Proxy to use Let's Encrypt for this.
- Feb 2, 2018By Ev KontsevoyHow to avoid managing SSH keys and switch to short-lived SSH certificates.
- Jan 24, 2018By Ev KontsevoyIn this post we show you how to use Github as an identity manager to control who has access to your server infrastructure through SSH
- Jan 22, 2018By Abraham IngersollAn interview about our experience running PostgreSQL on on-premises Kubernetes, covering the challenges involved, open source and commercial tools that can help and other alternatives to managing stateful applications on Kubernetes.
- Jan 18, 2018By Ev KontsevoyIn this blog post we show how to record SSH sessions with OpenSSH sshd using Teleport as a recording proxy