Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Unable to Replay Interactive k8s Sessions, Web UI due to missing event field #4055

Closed
travelton opened this issue Jul 15, 2020 · 4 comments · Fixed by #4057
Closed

Unable to Replay Interactive k8s Sessions, Web UI due to missing event field #4055

travelton opened this issue Jul 15, 2020 · 4 comments · Fixed by #4057
Assignees
@awly
Labels
bug
Milestone
4.3.1 "Londinium"

Comments

@travelton
Copy link
Contributor

Description

What happened:
When running an interactive k8s session through Teleport w/ k8s support enabled, the session is labeled as non-interactive, and you are unable to replay through the Teleport web UI. If you downgrade the cluster to 4.2.10, the session is playable in the web UI. If you use tsh (4.2.10 and 4.3), the session is playable.

What you expected to happen:
Interactive k8s sessions are recorded and accessible via Teleport web UI.

How to reproduce it (as minimally and precisely as possible):

  1. Configure Teleport w/ k8s proxy
  2. Launch an interactive session kubectl run -i --tty --rm debug2 --image=busybox --restart=Never -- sh.
  3. Observe that the Teleport web UI does not show this as an active session. There is no option to join the session.
  4. End the interactive session.
  5. Observe that the session is listed in the audit log, but it shows as non-interactive and there's no way to replay the session.
  6. Using tsh, run tsh play <session-id>.
  7. Observe that it's possible to replay the interactive session from tsh.

Selection_084_clean

Selection_083

Environment

  • Teleport version (use teleport version): 4.3.0 Enterprise

  • Tsh version (use tsh version): 4.3.0

  • OS (e.g. from /etc/os-release): Ubuntu 18.04.4 LTS

  • Where are you running Teleport? (e.g. AWS, GCP, Dedicated Hardware): GCP + Azure AKS

Browser environment

  • Browser Version (for UI-related issues): Chrome 84.0.4147.89

Relevant Debug Logs If Applicable

  • tsh --debug
  • teleport --debug

session.end event:

{
  "code": "T2004I",
  "ei": 12,
  "event": "session.end",
  "namespace": "default",
  "proto": "kube",
  "sid": "e1b00ab4-99c5-4e02-a75f-f2829e9860ea",
  "time": "2020-07-15T16:59:02.497Z",
  "uid": "b9e283de-2d28-4f7c-88c1-89474c2770dd",
  "user": "travelton"
}
@travelton travelton added this to the 4.3.1 "Londinium" milestone Jul 15, 2020
@alex-kovoy
Copy link
Contributor

This Session.end is missing interactive flag which tells if this session can be open in the session player.
This needs to be fixed on the server side.

@alex-kovoy alex-kovoy changed the title Unable to Replay Interactive k8s Sessions, Web UI Unable to Replay Interactive k8s Sessions, Web UI due to missing event field Jul 15, 2020
@russjones
Copy link
Contributor

Best: 1
Realistic: 3

@travelton
Copy link
Contributor Author

Looks like the issue might originate from here, https://github.com/gravitational/teleport/blob/master/lib/kube/proxy/forwarder.go#L563-L568

@alex-kovoy
Copy link
Contributor

Also, this event is missing some other fields

{
 server_id
 server_addr
 server_hostname
}

@travelton travelton added the bug label Jul 15, 2020
@benarent benarent mentioned this issue Jul 15, 2020
Closed
@awly awly mentioned this issue Jul 15, 2020
Merged
awly pushed a commit that referenced this issue Jul 15, 2020
Add missing audit log fields for k8s sessions
f924493 
Added `interactive` as needed.
Added `server_hostname` and `server_addr` referring to the k8s endpoint.
Added `session_start` and `session_end` for timestamps.
Added `participants` to mimic SSH sessions.

Fixes #4055
awly pushed a commit that referenced this issue Jul 17, 2020
@awly
Add missing audit log fields for k8s sessions
abdb970 
Added `interactive` as needed.
Added `server_hostname` and `server_addr` referring to the k8s endpoint.
Added `session_start` and `session_end` for timestamps.
Added `participants` to mimic SSH sessions.

Fixes #4055
awly pushed a commit that referenced this issue Jul 17, 2020
Add missing audit log fields for k8s sessions
b88c1d0 
Added `interactive` as needed.
Added `server_hostname` and `server_addr` referring to the k8s endpoint.
Added `session_start` and `session_end` for timestamps.
Added `participants` to mimic SSH sessions.

Fixes #4055
@awly awly mentioned this issue Jul 17, 2020
Merged
awly pushed a commit that referenced this issue Jul 23, 2020
@awly
Add missing audit log fields for k8s sessions
8bcf744 
Added `interactive` as needed.
Added `server_hostname` and `server_addr` referring to the k8s endpoint.
Added `session_start` and `session_end` for timestamps.
Added `participants` to mimic SSH sessions.

Fixes #4055
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@awly awly

Labels
bug
Projects
None yet
Milestone
4.3.1 "Londinium"
Development

Successfully merging a pull request may close this issue.

Add missing audit log fields for k8s sessions gravitational/teleport
4 participants
@travelton @awly @russjones @alex-kovoy