Eliminate ssh proxy requirement for non-ssh workflows #6830
Labels
c-sq
Internal Customer Reference
feature-request
Used for new features in Teleport, improvements to current should be #enhancements
Comments
programmerq
added
feature-request
|
Will be fixed in #5777. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What
Currently, if a user wants to use teleport for kubernetes access only, the
tshclient will still need to communicate with multiple ports. It should be possible for an end-user to have all communicate tunnel over theproxy_service'sweb_public_addrport only. This is a particularly challenging wrinkle in a higher security environment that wants the kubernetes access feature specifically to only go through an https application firewall, which doesn't support ssh connections going through it.database access might also benefit from this, but isn't part of this request.
How
Either admin cluster-wide configuration or individual user configuration opt-in to run port 3023 traffic through the web proxy https port, possibly via a websocket. Alternate might be to have
tsh kube loginand other kube-specific operations skip any port 3023 communication.Why
Want to get teleport kube access working through an application gateway firewall appliance to be in compliance with the networking environment involved.
Workaround
none
The text was updated successfully, but these errors were encountered: