[RFD] 0143 - External Kubernetes Joining#29225
Conversation
|
|
jentfoo
left a comment
jentfoo
left a comment
There was a problem hiding this comment.
Risks are well articulated. I don't see any additional risks, or room for improvement. However I have sent this to Doyensec so they can additionally review this RFD.
Co-authored-by: Mike Jensen <jentfoo@users.noreply.github.com>
strideynet
added
the
blocked
|
"Blocked" awaiting an external review. |
…nal/teleport into rfd/0143-external-k8s-joining
|
Any new audit events as part of this work? We often get dinged in security reviews for missing audit events, and despite having a section dedicated to them in the RFD template I don't see any information on them here. |
|
@zmb3 I'll add this to the RFD - in the actual implementation I've not added any new audit events (since we already emit them for Bot/Agent joins) - but I have improved the richness of the existing Kubernetes Join audit event in a similar way that we do for GitHub joining (e.g the token fields are included in the audit event). |
|
Completed in 42f9d3a |
public-teleport-github-review-bot
Bot
removed request for
greedy52 and
rosstimothy
SzymonDrosdzol
left a comment
SzymonDrosdzol
left a comment
There was a problem hiding this comment.
I have left a couple of small improvements to JWT validation process for consideration.
Otherwise, looks good.
strideynet
removed
blocked
7 participants
This RFD proposes a method for allowing entities (such as a Machine ID instance
or an Agent) to join Teleport Clusters via federation between the Kubernetes
Cluster they reside in and a Teleport Cluster, where that Teleport Cluster does
not reside in the same Kubernetes Cluster.
Part of #25543