Make clearing kubeconfig on `tsh logout` configurable

[thameezb]

What would you like Teleport to do? Currently on tsh logout, kube config file is cleared from any teleport related clusters. This causes a lot of headache when dealing with multiple clusters (>14) all using teleport to connect (as on next login one needs to run tsh kube login for each cluster)

What problem does this solve? Removes time wasting activity of readding teleport kube clusters

If a workaround exists, please include it. Already prepared and tested a solution which adds a new flag to make this configurable

[tigrato]

@thameezb tsh logout only cleanup Teleport related clusters.

Which manual changes do you introduce in kubeconfig?

[thameezb]

@thameezb tsh logout only cleanup Teleport related clusters.

Which manual changes do you introduce in kubeconfig?

Hi

The aim is to retain teleport kube clusters with current config after logout (non-teleport clusters do remain untouched at the moment).

We change kubecontext names to custom names based on legacy scripts (therefore they cannot be the autogenerated context names created when running tsh kube login ) Using --set-context-name is not feasible as its >14 clusters

[tigrato]

@thameezb tsh logout only cleanup Teleport related clusters. Which manual changes do you introduce in kubeconfig?

Hi

The aim is to retain teleport kube clusters with current config after logout (non-teleport clusters do remain untouched at the moment).

We change kubecontext names to custom names based on legacy scripts (therefore they cannot be the autogenerated context names created when running tsh kube login ) Using --set-context-name is not feasible as its >14 clusters

@thameezb

Doesn't tsh kube login --set-context-name="{{.KubeName}}" --all work for you? Available from v14 onwards

[thameezb]

@thameezb tsh logout only cleanup Teleport related clusters. Which manual changes do you introduce in kubeconfig?

Hi The aim is to retain teleport kube clusters with current config after logout (non-teleport clusters do remain untouched at the moment). We change kubecontext names to custom names based on legacy scripts (therefore they cannot be the autogenerated context names created when running tsh kube login ) Using --set-context-name is not feasible as its >14 clusters

@thameezb

Doesn't tsh kube login --set-context-name="{{.KubeName}}" --all work for you? Available from v14 onwards

• Would still be an extra step on every login
• And does not cater for the legacy names of contexts which do not match Kubename

[tigrato]

@thameezb

the simplest way is just to run KUBECONFIG="fakefile" tsh logout This will skip kubeconfig cleanup on logout without any code change. You just need to alias it in your preferred shell or using tsh aliases https://goteleport.com/docs/connect-your-client/tsh/#custom-aliases-and-defaults

aliases:
   "exit": '<absolute_path>/exit'

<absolute_path>/exit

#!/bin/bash

KUBECONFIG="fakefile" tsh logout

execute tsh exit

[thameezb]

@thameezb

the simplest way is just to run KUBECONFIG="fakefile" tsh logout This will skip kubeconfig cleanup on logout without any code change. You just need to alias it in your preferred shell or using tsh aliases https://goteleport.com/docs/connect-your-client/tsh/#custom-aliases-and-defaults

aliases:
   "exit": '<absolute_path>/exit'

<absolute_path>/exit

#!/bin/bash

KUBECONFIG="fakefile" tsh logout

execute tsh exit

Would a config flag/env var (as per my PR) not be cleaner and more apparent?

[othmane399]

We have the same problem, and we've set an alias to logout as a tmp workaround

cat ~/.tsh/config/config.yaml                                                                    
aliases:
  lo: env -u KUBECONFIG tsh logout