[QUESTION] can teleport record kubectl commands?

Hi all,

I am running several OpenShift/Kubernetes clusters, all with their own teleport clusters deployed on top. Those are connected to one central cluster through the trusted_clusters mechanism.

Accessing the nodes works like a charm, using oc/kubectl cli, too. However, the recorded sessions are only those which where recorded through tsh ssh or kubectl exec -it. Is it possible to also record, say, kubectl get pods or the like? If not, is this functionality planned? Technically it should be possible, as the kubectl commands target the proxy service.

Best regards

Hey @balpert89,

Looks like a Github issue was created for this here. Feel free to add to it, or if that’s not exactly what you were going for please open an issue and we can take a look at expanding the session recordings.

Thanks

We haven’t seen it as any kind of priority to add this functionality because it’s already something that can be achieved by using a custom audit policy within the Kubernetes apiserver - see https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy

If this doesn’t address the requirement that you were looking for, please explain what your’e after in more detail.