You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tailscale/ssh/tailssh
Irbe Krumina ba517ab388
cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274)
cmd/k8s-operator,ssh/tailssh,tsnet: optionally record kubectl exec sessions

The Kubernetes operator's API server proxy, when it receives a request
for 'kubectl exec' session now reads 'RecorderAddrs', 'EnforceRecorder'
fields from tailcfg.KubernetesCapRule.
If 'RecorderAddrs' is set to one or more addresses (of a tsrecorder instance(s)),
it attempts to connect to those and sends the session contents
to the recorder before forwarding the request to the kube API
server. If connection cannot be established or fails midway,
it is only allowed if 'EnforceRecorder' is not true (fail open).

Updates tailscale/corp#19821

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
Co-authored-by: Maisem Ali <maisem@tailscale.com>
5 months ago
..
testcontainers ssh/tailssh: replace incubator process with su instead of running su as child 5 months ago
connect.go cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 5 months ago
incubator.go ssh/tailssh: replace incubator process with su instead of running su as child 5 months ago
incubator_linux.go ssh/tailssh: fall back to using su when no TTY available on Linux 6 months ago
privs_test.go ssh/tailssh: fall back to using su when no TTY available on Linux 6 months ago
tailssh.go cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (#12274) 5 months ago
tailssh_integration_test.go ssh/tailssh: fix integration test (#12562) 5 months ago
tailssh_test.go proxymap, various: distinguish between different protocols 5 months ago
user.go ssh/tailssh: try fetching group IDs for user with the 'id' command 7 months ago