Privileged Access Management (PAM) for Kubernetes

Kubernetes is being adopted throughout enterprise IT as the de facto container orchestration service. Along with this adoption, companies are struggling with the “day-two” operational tasks such as managing usage, training users and securing clusters. Securing clusters has become a primary concern as unmanaged access to Kubernetes can lead to critical vulnerabilities throughout an organization’s private infrastructure.

Teleport can be used as a proxy to your Kubernetes clusters in order to secure your infrastructure and improve visibility into access and behavior. It also gives you a single control plane to manage both SSH and Kubernetes access, reducing your operational overhead.

Who can Benefit from Teleport's Kubernetes PAM?

Using Teleport instead of individually-managed authorization and authentication methods means companies can now have a single control plane to manage role-based access control (RBAC) for Kubernetes clusters and clusters of SSH servers for their organization but also for third-party teams. This is useful for:

  • Company-wide compliance teams overseeing multiple infrastructure and engineering groups who use both Kubernetes and SSH.
  • Manage service providers (MSPs) that manage Kubernetes and generic server clusters for clients.
  • Remote support teams from software vendors who wish to manage remote on-site Kubernetes clusters.
  • Internet-of-Things (IoT) edge cloud management from a centralized office.

PAM for Kubernetes Highlights

Teleport was built from the ground up to support highly elastic, cloud-native infrastructure being accessed by multiple teams. Teleport integration with Kubernetes extends Teleport benefits to teams who have adopted Kubernetes-based operations:

  • Unified cluster level permissions. Teleport seamlessly integrates with Kubernetes role based access controls ("RBAC") so you can connect permissions set in your identity manager with permissions for your Kubernetes clusters and these permissions are enforced for SSH access as well. This makes it impossible to "bypass" Kubernetes RBAC via SSH or vice versa.
  • Audit log and session recording. Teleport's strong audit and compliance features apply to Kubernetes clusters as well. Interactive sessions or remote commands launched via kubectl are recorded and can be replayed for compliance, knowledge sharing or root-cause analyses.
  • Federate trust across Kubernetes clusters. Teleport's trusted clusters allows you to configure trust across Kubernetes clusters in order to manage permissions across teams and organizations.
  • A bridge from legacy workflows. Using a single tool like Teleport to manage both SSH access to your servers and to Kubernetes API endpoints allows you to seamlessly support both modern and legacy workflows as your organization transitions to cloud-native operations.

Which Teleport offering is right for you?

Teleport is available through the free, open source Community Edition or our Commercial Offerings.

Community Free and Open-Source Edition Pro Enhanced Features and Support Enterprise Enterprise Grade Security, Compliance and Support
Identity-Based Authentication ? CommunityUses local users or Github Pro Enterprise
Multi-cloud Authentication ? Community Pro Enterprise
Kubernetes & SSH integration ? Community Pro Enterprise
Security Audit Logging ? Community Pro Enterprise
Session Recording ? Community Pro Enterprise
Dynamic Permissions ? Community Pro Enterprise
Support for IoT devices ? Community Pro Enterprise
Trust Federation ? Community Pro Enterprise
Multi-factor Authentication ? Community Pro Enterprise
Web-based client ? Community Pro Enterprise
Command line client ? Community Pro Enterprise
Single Sign-On ? CommunityOnly with Github SSO pro enterprise
Role Based Access Controls ? Community pro Enterprise
Support Channels communityGithub Issues and
Community Forum
proEmail and ticket support enterprisePrioritized email, phone and dedicated Slack/IM channel
Support Availability community proBusiness hours (PT) enterprise24/7 with response time guarantees
Backwards Compatibility (LTS) community proSupport for most recent LTS version enterpriseAll LTS versions are supported for 24-months
Regulation Compliance Support community pro enterpriseFedRamp, HIPAA, PCI, SOC2 and others
  Download Community Demo Pro Demo Enterprise

This site uses cookies to improve service. By using this site, you agree to our use of cookies. More info.