cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) - tailscale - The easiest, most secure way to use WireGuard and 2FA

diff options

author	Irbe Krumina <irbe@tailscale.com>	2024-07-08 21:18:55 +0100
committer	GitHub <noreply@github.com>	2024-07-08 21:18:55 +0100
commit	ba517ab3880d6416f92a742beec554a72d2d0b1c (patch)
tree	45cfd2194bfecf4f1a4d9283c9dc5881b2f3d4fc /control/controlknobs
parent	2b638f550d0871b997506bb27edd0c330d7d9940 (diff)
download	tailscale-ba517ab3880d6416f92a742beec554a72d2d0b1c.tar.xz tailscale-ba517ab3880d6416f92a742beec554a72d2d0b1c.zip

cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274)

cmd/k8s-operator,ssh/tailssh,tsnet: optionally record kubectl exec sessions The Kubernetes operator's API server proxy, when it receives a request for 'kubectl exec' session now reads 'RecorderAddrs', 'EnforceRecorder' fields from tailcfg.KubernetesCapRule. If 'RecorderAddrs' is set to one or more addresses (of a tsrecorder instance(s)), it attempts to connect to those and sends the session contents to the recorder before forwarding the request to the kube API server. If connection cannot be established or fails midway, it is only allowed if 'EnforceRecorder' is not true (fail open). Updates tailscale/corp#19821 Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Maisem Ali <maisem@tailscale.com>

Diffstat (limited to 'control/controlknobs')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: