In this blog post we are announcing Gravity 5.5. This new release entrusts Helm users with a new superpower: the ability to build downloadable Kubernetes images using their Helm Charts.
Given our experience with SSH we are often asked about restricted shells. In this article we cover some common ways so-called 'secure restricted shells' are implemented to show what works and what doesn't work.
What is a microservice? Should you be using microservices? How are microservices related to containers and Kubernetes? If these things keep coming up in your day-to-day and you need an overview in 10 minutes, this blog post is for you.
An overview of Teleport's SSH certificate authority pinning capability and discussion of how HTTP public key pinning (HPKP) can be used to improve SSH CA user experience.
The universe of serverless-wielding software architects and Kubernetes cluster operators has started to collide and, yet again, Google is in the driver's seat. In this article we'll wander down the CNCF's Serverless Landscape in chronological order, quickly discovering that Knative is the sweet mamba jamba of open source lambda competitors.
In this post we'll explore K8s community decision making process by looking underneath the hood of the 'kerfluffe' of Google LLC being called out by Samsung SDS engineers for skipping 'graduation criteria' while merging the new 'kustomize' subcommand into upstream 'kubectl'.
The recently discovered xterm.js vulnerability shows how bugs are hard to kill as technology evolves.
An overview into CVE-2018-1002105's root cause and a program to test if your clusters are affected
GKE requires users to have Google Cloud Tools (gcloud) installed. In this post show how to use authenticate with GKE using generic kubeconfig without having to install anything.
Today we are announcing the new release of Teleport. This version adds support for Kubernetes protocol, becoming a universal security gateway for both SSH and Kubernetes clusters.
A brief explanation of a common problem that could happen while creating new Kubernetes clusters with Kubeadm, Flannel and installing the Dashboard tool.
This release of Teleport adds support for scp protocol via a Web UI, brings performance improvements for large clusters and adds more flexibility in configuring your infrastructure for PCI, SOC2, GDPR and other SSH compliance/audit use cases.
Proud new Kubernetes cluster owners are often lulled into a false sense of operational confidence by its consensus database’s glorious simplicity. In this Q&A, we dig into the challenges of in-place upgrades of etcd beneath autonomous Kubernetes clusters running within air-gapped environments.
This post discusses the different approaches that can be taken to gracefully restart an application and provides a working sample that can be used to dig into the details. This post should be interesting to developers and SREs who build and maintain services written in Go.
Cyber security researches from Cure53 have completed a full security audit of Gravitational's privileged access management layer for SSH and Kubernetes. Here is a brief summary of their findings and links to the full source-assisted penetration test report.
We are happy to announce the release of v2.6 of Teleport. This is a major release which delivers several important new features. The source code of this release has also gone through a security audit performed by Cure53.
This post is the first of an ongoing series about interesting issues and bugs that the Teleport team has worked on. This post, about missing SIGINTs and SSH, should be interesting for developers who leverage signal handling in terminal-based applications written in Go.
Why using cryptographic hashes doesn't make data anonymous.
A customer recently asked how to utilize Teleport's RBAC mechanism to restrict access to critical nodes within an OpenSSH cluster. This blog post explains how to do this.
We review the impact of the GDPR on SaaS vendors and their data collection practices and how it may reduce the operational cost disparity between hosted SaaS and on-prem Private SaaS
This release of Teleport brings easier AWS deployments at scale and includes several usability enhancements.
The Teleport Proxy requires a valid x509 certificate to serve content like the Web UI via HTTPS. In this post we show how to configure the Teleport Proxy to use Let's Encrypt for this.
There are many strategies and products to help you manage SSH keys. This blog post argues that instead of managing SSH keys one should switch to short-lived SSH certificates instead.
Unabated releases of vanilla upstream Kubernetes every three months could continue forever. You have to keep up, while also paying close attention to Kubernetes API object versioning. In this article, we discuss where this pace comes from, how it's a key ingredient in Kubernetes' success and what it means for end-users
In this post we show you how to use Github as an identity manager to control who has access to your server infrastructure through SSH
An interview about our experience running PostgreSQL on on-premises Kubernetes, covering the challenges involved, open source and commercial tools that can help and other alternatives to managing stateful applications on Kubernetes.
In this blog post we show how to record SSH sessions with OpenSSH sshd using Teleport as a recording proxy
We cover the difference between OpenSSH servers and Teleport SSH node service for Teleport clusters.
Announcing the new version of Teleport SSH server. Two major new features of this release are recording of OpenSSH sesssions for audit purposes and authentication via Github OAuth2.
Learn about common problems when migrating your application to Kubernetes.
We are pleased to announce that Gravity v4 is now a long term support release with version 4.44.0 LTS. This release focuses on improved security, usability and stability.
Part 1 of our series on Troubleshooting Kubernetes focuses on networking.
We are happy to announce the release of v2.3 of Teleport. This release focuses on making Teleport much easier to configure and use.
We review the challenges MSPs face in a hybrid, multi-cloud world.
We explore helpful techniques to improve resiliency and high availability of Kubernetes deployments and take a look at some common mistakes to avoid when working with Docker and Kubernetes.
This post covers the new features and improvements that made it into 2.2 release.
How we use Teleport to manage Kubernetes clusters across multiple teams, regions or organizations.
Teleport 2.0.5 Security Fixes
How do you let your employees access company AWS infrastructure using their Github credentials? How do you restrict parts of your infrastructure to certain Github teams? How do you configure SSH to use Github credentials? This blog post covers it all.
We review the Vendor Security Alliance's security questionnaire to look at the security related costs of running SaaS vs On-prem.
Announcing the official 2.0 version of Teleport
We talk about a new feature in Teleconsole: you can turn any laptop into a secure and publicly accessible SSH server wich uses Github SSH keys for authentication.
This tutorial covers aggregating SSH access logs from your server fleet into SumoLogic using Teleport
Calico is now a standard option in all Gravity deployments.
We are excited to announce that Teleport now supports Universal 2nd Factor out of the box.
Go from zero to running a sample Kubernetes application. Learn about Kubernetes Services, Pods, Replica Sets and Configmaps.
It might be mundane and boring but keeping track of your FOSS license usage can save you from a big headache at the least opportune time.
Going on-prem can be a handful, especially maintaining those deployments. Here's how we use Kubernetes and our own tooling to help scale those efforts.
Part 1 of the series of articles about managing Kubernetes clusters across multiple teams, regions or organizations.
Announcing the release of Teleconsole 0.3.1 with a nice list of improvements. For example you can instantly (and securely!) SSH into a laptop of any Github user who trusts you.
In this post we talk about using every day engineering activities to better market our company and our products.
We are announcing the official 1.0 version of Teleport: SSH server with built-in bastion and audit!
We are excited to announce the new open source project: Gravitational Teleport, which in some cases can be a great replacement for OpenSSH.
Kubernetes has great built-in application monitoring features. But how to make sure Kubernetes itself is healthy after you upgrade it to the next version?
We are playing with Elastic Beats, doing structured logging with Golang and Elastic Search
We discuss effective ways to handle errors in Go programming language.