Federating Kubernetes Behind Firewalls


#1

It’s possible to access Kubernetes through tunnels the same way as SSH?

The documentation states that you could federated multiple clusters but you have to establish a connection through port 3026 for each trusted cluster.


#2

That’s how it works right now:

  • Teleport supports this same workflow with Kubernetes
  • Gravity enterprise works in the same way - Gravity cluster dials back to the ops center and this connection is used for proxying the kubernetes traffic. No direct connection to the gravity cluster is necessary from the kubectl, only connection to the ops center.

#3

I understood how it works now! I think it was a bit confuse for me because the documentation examples shows DNS and I assumed that each name answers to it’s own teleport Kubernetes proxy (:3026).
Maybe it’s worth pointing out that the DNS names of east and west answers to the gateway cluster (main), and that will only be proxied if the names match, otherwise it will default to the main cluster.

Thank you for clarifying Sasha!