Open knechtionscoding opened 2 months ago
strideynet
commented
1 month ago We've recently merged support for a tbot helm chart which is a seperate deployment you can run in the same namespace as one of the plugins - do you have a particular need for a sidecar instead? That would be interesting for us to explore, but, at the moment we haven't dived into it too much since the landscape of sidecar support in K8S isn't too great.
knechtionscoding
commented
1 month ago I would prefer a sidecar, makes it easy to make sure that only approved things are using the tbot output, etc.
Sidecars have not been supported, but as of 1.29 they are! https://kubernetes.io/docs/concepts/workloads/pods/sidecar-containers/ so if the various helm charts were willing to allow us to define initContainers I am willing to do the leg work to define the relevant resources.
What would you like Teleport to do?
Currently when installing the slack plugin helm chart there's no opportunity to fill in a sidecar for tbot.
I would love it to be natively supported if we are on a version of k8s that has support for sidecars (i.e. 1.29+)
related issues:
44877
41893
What problem does this solve?
Makes slack, pagerduty, jira, etc plugins much more secure as it can utilize tbot easily and natively inside the cluster.
If a workaround exists, please include it.