Teleport Access Plane

Teleport Kubernetes Access

Consolidate identity-based access to Kubernetes clusters across all environments, meet compliance requirements, and have complete visibility into access and behavior.

For DevSecOps

Easily secure your Kubernetes clusters using security best practices

Implement industry best practices for Kubernetes access with minimal configuration. Easily enforce MFA, RBAC, and SSO using identity-based short-lived X.509 certificates for engineers and service accounts.
a diagram of server architecture
Access requests

Move away from admin accounts with just-in-time Kubernetes privilege escalation for administrative tasks. Access requests can be approved via Slack or other supported plugins.

Machine ID

Extend identity-based access to IT infrastructure and applications with Teleport Machine ID. It's the easiest way to issue, renew and manage X.509 certificates for applications and automation that need access to Kubernetes.

Per-session MFA

Implement multi-factor authorization of privileged operations for already logged in users.

For compliance-minded engineers

Meet compliance requirements

Teleport was designed to continuously maintain compliance and pass audits with minimal configuration. The supported standards include SOC 2, FedRAMP, HIPAA, ISO 27001, PCI and more.
a diagram of server architecture
Advanced authorization

Use the authorization mechanism best suited for your compliance requirements such as RBAC, per-session MFA, and dual authorization for privileged operations.

FIPS mode

Avoid human errors using Teleport FIPS mode which rejects configuration options unless they are compliant with FIPS 140-2, also known as the Federal Information Processing Standard.

Session controls

Implement moderated sessions, enforce concurrent session restrictions, proactive session termination and identity locking across your entire infrastructure footprint.

For security professionals

Complete visibility into access and behavior

Teleport provides a live view and the audit log of all user sessions and access events for all Kubernetes clusters across all environments, making it easy to see what’s happening and who is responsible.
Session recording

Every interactive kubectl session by an engineer or service account is recorded for future replay and can be analyzed by other tools for behavior anomalies.

Unified audit log

Consolidate all security events across all clusters in a single source of truth for engineers and service accounts and export them into a SIEM solution of your choice.

Live view

All online clusters, active kubectl sessions, and access requests are visible with a single CLI command or in a browser.

For developers

Secure access that doesn't get in the way

A single login gives engineers access to all Kubernetes clusters across all environments. Leave behind configuration complexity, juggling of shared credentials, and hopping between VPNs and access points.
a diagram of server architecture
Live cluster inventory

List all available Kubernetes clusters across all environments with a single CLI command or via a web browser.

Access as code

Automate access provisioning and request approvals across all clusters using your favorite programming language.

Teleport Terminal

Save time with the superpowers of Teleport’s remote-first terminal app for interacting with cloud-native CLI environments like kubectl.

Machine-to-machine access

Give an identity to all your microservices, CI/CD automation, and service accounts

Machine ID dramatically simplifies secure machine-to-machine access via SSH and X.509 certificates with access controls and audit built in.
diagram of machine id
Manage machine users at scale

Teleport Machine ID vastly simplifies certificate management for IT infrastructure and applications, just like Let’s Encrypt simplified TLS certificate management for websites.

Unified identity for developers & machines

Teleport Machine ID unifies access policies for people and machines, reducing operational overhead and increasing security and compliance.

Reduce supply chain attack impact

Teleport Machine ID automatically implements least privilege for all machine users so you don’t have to worry about a compromised service taking over your infrastructure.

Demo Video

Works with everything you have

Teleport Kubernetes Access is open source and relies on open standards such as X.509 certificates, HTTPS, SAML, OpenID connect and others. Deployed as a single binary, it seamlessly integrates with the rest of your stack.

Amazon
Google Cloud
Azure
Linux
Windows
Chef
Okta
Active Directory
Puppet
OneLogin
Kubernetes
Ansible

Easy to get started

Teleport is easy to deploy and use. We believe that simplicity and good user experience are key to first-class security.

Teleport consists of just two binaries.
  1. The tsh client allows users to login to retrieve short-lived certificates.
  2. The teleport agent can be installed on any server or any Kubernetes cluster with a single command.
Download Teleport
Terminal
# on a client
$ tsh login --proxy=example.com

# on a server
$ apt install teleport

# in a Kubernetes cluster
$ helm install

Try Teleport today

In the cloud, self-hosted, or open source
Get StartedView developer docs