Access Kubernetes Clusters with Teleport
Teleport provides secure access to Kubernetes clusters:
- Users can access Kubernetes clusters with Single Sign-On (SSO) providers like Okta and switch between clusters without logging in twice.
- Operators can implement granular role-based access controls, including limiting access to specific Kubernetes clusters or even specific pods within a namespace.
- Organizations can achieve compliance by recording
Here is an example of using Teleport to access a Kubernetes cluster, execute
commands, and view your
kubectl activity in Teleport's audit log:
The fastest way to register a Kubernetes cluster with Teleport is to deploy a Teleport Kubernetes Service instance on the cluster you want to register. We'll show you how to do this in our Getting Started Guide.
Automatically register Kubernetes clusters
Teleport can automatically discover Kubernetes clusters by communicating with your cloud provider. When you create or destroy a Kubernetes cluster, Teleport registers or deregisters the cluster so your access controls stay up to date with your infrastructure.
Read our overview of how Teleport automatically discovers Kubernetes clusters.
Read our guides to automatically registering Kubernetes clusters with Teleport on your cloud:
Manually register Kubernetes clusters
In some cases, you will want to register a Kubernetes cluster with Teleport manually when you create the cluster. There are a few ways to do this:
- Deploy the Teleport Kubernetes Service with IAM Joining on your cluster of choice.
- Deploy the Teleport Kubernetes Service outside your Kubernetes cluster (e.g., directly on a virtual machine) and give it access to a kubeconfig.
- Deploy the Teleport Kubernetes Service outside of Kubernetes and use dynamic configuration resources to register your clusters.
Configure access to Kubernetes clusters
Once you register a Kubernetes cluster with Teleport, you can apply fine-grained access controls to manage the way users access your cluster.
Read our Kubernetes RBAC guide for step-by-step instructions on giving your users the correct access to Kubernetes clusters, groups, users, and resources.
For a comprehensive reference to configuring access controls in your Teleport-registered Kubernetes clusters, see our Access Controls Reference.
See how to federate your Kubernetes access controls using Teleport Trusted Clusters.