Support Kubernetes Access through the Web UI

[pschisa]

What would you like Teleport to do? Support the ability to have kubernetes access run fully through the Web browser without requiring any local tooling like tsh or kubectl

What problem does this solve? This enables users in restricted environments where installing binaries is not allowed to utilize Teleport Kubernetes access fully through a web browser similar to how Server access can work through the Web browser.

If a workaround exists, please include it. Use Server access from the restricted node to reach a Teleport secured node that can download binaries such as tsh and kubectl to provide kubernetes access.

[david-fitzgerald]

Spoke with a government agency today that also has restricted environments where they cannot install binaries on end-user devices. The above feature would be greatly beneficial to them

[webvictim]

Another request for this from a prospect.

[webvictim]

Even if we were to automatically give you working tsh credentials in an SSH session started via the Teleport web UI (without you having to log in again) this would make a workflow like this much easier. It's not hard to run tsh kube login and tsh kubectl (or tsh proxy kube) inside a browser session to a node with kubectl installed to get a working Kubernetes setup inside a browser and it'd involve minimal development work.

[rosstimothy]

As of v16.1.0, the Web UI now provides the ability to kube exec directly in the browser ( https://github.com/gravitational/teleport/pull/41466 and https://github.com/gravitational/teleport/pull/41144).