Teleport as jump host for k8 clusters

we are looking to use teleport ( proxy, auth, and node in single VM) as jump host for namespace bound multi-tenancy model in a k8 cluster, we assume that this could help users to access multiple k8 clusters as well, could you clarify

  1. create a service account for each namespace in a cluster, configure permissions for services accounts to respective namespaces.
  2. create OS users in teleport VM and configure kubeconfig for individual users with respective service account token, hence they could access their respective namespaces.
  3. user login to teleport proxy in UI, ssh to teleport node and access k8 namespace

It sounds like what you’re suggesting is that you want to have people log into this host and run kubectl commands from there, rather than passing the access through Teleport’s Kubernetes functionality?

Theoretically you can do this but it might be arduous for the end users, depending on the model.

yes, our k8 users have clusters in AWS & GCP ( we manage the clusters ) and we are looking at a single point of access to the clusters with authentication and session recording, agree that this solution is cumbersome in terms of configuring kubeconfig for individual users ( looking to automate), k8 users just need to ssh to teleport server, then kubectl.