Fork me on GitHub

Kubernetes Access Multiple Clusters



  • Kubernetes >= v1.(=kubernetes_minor_version=).0
  • Helm >= 3.4.2
  • Installed and running Teleport Cluster

Verify that helm and kubernetes are installed and up to date.

$ helm version
# version.BuildInfo{Version:"v3.4.2"}

$ kubectl version
# Client Version: version.Info{Major:"1", Minor:"17+"}
# Server Version: version.Info{Major:"1", Minor:"17+"}

Connecting clusters

Teleport can act as an access plane for multiple Kubernetes clusters. We have set up the Teleport cluster in SSO and Kubernetes.

Let's start a lightweight agent in another Kubernetes cluster cookie and connect it to We would need a join token from

A trick to save the pod ID in

POD=$(kubectl get po -l app=teleport-cluster -o jsonpath='{.items[0]}')

Create a join token for the cluster cookie to authenticate

TOKEN=$(kubectl exec -ti "${POD?}" -- tctl nodes add --roles=kube --ttl=10000h --format=json | jq -r '.[0]')
echo $TOKEN

Switch kubectl to the Kubernetes cluster cookie and run:

Add teleport chart repository

helm repo add teleport

Install Kubernetes agent. It dials back to the Teleport cluster

helm install teleport-agent teleport/teleport-kube-agent --set kubeClusterName=${CLUSTER?} \ --set proxyAddr=${PROXY?} --set authToken=${TOKEN?} --create-namespace --namespace=teleport-agent

List connected clusters using tsh kube ls and switch between them using tsh kube login:

tsh kube ls

Kube Cluster Name Selected

----------------- --------

cookie *

kubeconfig now points to the cookie cluster

tsh kube login cookie

Logged into kubernetes cluster "cookie"

kubectl command executed on `cookie` but is routed through `` cluster.

kubectl get pods
Have a suggestion or can’t find something?