LogoLogo
DocsMain SiteStart Now
  • 2024
    • πŸ’ΏJIT access for passwordless databases
    • πŸ€–Docker Hub updates
    • 🌱Updates for Kubernetes API
    • 🌷Some spring sprucing
    • 🌁Multiple replica support for Kubernetes agent
    • πŸ“¨Include your issue directly in your zli send-logs command
    • πŸ€–Update to agent shutdown procedures
    • β˜‚οΈTable refresh
    • 🎿A small fix
    • 🌁Minor adjustments
    • πŸ”Introducing OpenPubkey SSH
  • 2023
    • 🧹End of year cleanup
    • πŸŒ„Use environments as proxy targets
    • πŸ‚Configurable MFA duration
    • 🍁Customize agent log levels
    • 🍏Connect to all Kubernetes targets in a single command
    • 🐝Sorting, grouping, and range search for `zli lt` and `zli la`
    • β˜€οΈThe divorce of targets and agents
    • β›΅Small fix for connecting to Kubernetes targets
    • 🌴Connect to Kubernetes targets without specifying a target group
    • πŸ—ΊοΈConnection improvements
    • ⛱️Google SSO users
    • πŸ”¨Kubernetes updates pt. 2
    • 🧰Kubernetes updates pt. 1
    • πŸͺŸSupport for Windows
    • πŸ•οΈA couple fixes
    • 🌻Changes to bzero's agent types
    • ☁️Passwordless access to GCP Cloud SQL
    • πŸ—οΈAuthenticate using Keycloak
    • πŸ‘ΎBastionZero's Terraform Provider is live
    • 🐦MFA setup enhancements
    • 🌷Access Linux targets with IdP username as target user
    • πŸ€Fixed Kube connection stability
    • ❄️Use Github Actions to grant just-in-time access
    • πŸ’ŒImproved ZLI error messaging
    • πŸ”‘SplitCert with databases is ready to demo
    • 🎿Authenticate using OneLogin
  • 2022
    • β˜ƒοΈGlobal MFA is enabled by default for new orgs
    • πŸ€–Headless authentication with service accounts
    • πŸ‚Secure your targets using the onboarding tool
    • 😎Need help? Send us your logs from the ZLI
    • ⏱️QuickStart installs the bzero agent
    • 🍁Some autumn housekeeping
    • πŸŽ‰Tab completion in the ZLI
    • πŸ“©Laying the foundation
    • βš’οΈRestart a bzero agent from the ZLI
    • πŸ“„Improved SSH config file management
    • πŸ’ΎConnect to multiple database targets
    • βš™οΈCreate policies from the ZLI
    • πŸ”₯Govern file transfers with policy
    • πŸ’‘Enhanced filtering with the ZLI
Powered by GitBook
On this page
  • zli v. 6.14.3
  • New
  • Fixes
  • bzero v. 7.3.0
  • New
  • Web app & backend
  • New
  • Fixes

Was this helpful?

  1. 2022

Headless authentication with service accounts

2 December 2022

PreviousGlobal MFA is enabled by default for new orgsNextSecure your targets using the onboarding tool

Last updated 1 year ago

Was this helpful?

zli v. 6.14.3

New

  • Service accounts. Beginning with zli v. 6.14.3 and bzero v. 7.3.0, BastionZero supports headless authentication via service accounts. Generic, Google, and Microsoft service accounts are all supported. You can learn more about service accounts on

  • Connect to multiple Kubernetes targets. The zli supports simultaneous connections to multiple Kubernetes targets and can also connect to the same target if the targetUser (Kubernetes role) is distinct from other running Kube connections on the same machine.\

    IMPORTANT zli v. 6.14.3** introduces a change to the context name used when connecting to a Kubernetes cluster secured by BastionZero.** > Bzero-context is no longer used to connect to your cluster. Instead, all contexts follow a format that includes both the targetUser (Kubernetes role) and targetName (cluster name): bzero-{targetUser}@{targetName} > Each Kubernetes connection creates an additional context entry following the same bzero- format mentioned above > zli generate kubeConfig is no longer required before connecting to a Kubernetes target. Simply run zli connect {targetUser}@{targetName}, and the zli will update your kubeconfig to a new context entry to connect to your target > Before upgrading, adjust any tooling that relies on the former context name, bzero-context

Some quick how-to's

  • To view open Kubernetes connections, use zli list-connections -t kube or zli lc to see what Kubernetes connections exist.

  • To display a list of your Kube connections and their corresponding context name, use zli list-daemons kube or zli ld kube.

  • To close a Kubernetes connection, use zli close <connection-id> for a specific connection or zli close -t kube to close all Kubernetes connections.

  • To disconnect from the Kubernetes daemon, use zli disconnect kube.

  • To set a specific port when connecting, use --customPort. A free port to use for the Kube daemon is decided at connection time instead of being loaded from the config.

  • To set a default namespace when using zli connect, use the --namespace flag. This namespace is used as a default when using kubectl and other clients that respect the kubeconfig namespace field.

Find more information on connecting to your Kubernetes clusters with BastionZero in our .

Fixes

  • zli send-logs. Resolved issue so zli send-logs sends zli logs when no daemon logs exist

bzero v. 7.3.0

IMPORTANT REMINDER

For those who use Helm to install the Kubernetes bzero agent, you must update the Helm repository to chart version >= 1.1.3 before doing a fresh install of the bzero agent. You can do this with helm repo update.

This action updates the bctl-agent role to include permissions for retrieving logs from pods within the deployed namespace for the zli send-logs feature. Even if you do not intend to use send-logs, you must be using chart version >= 1.1.3 for any new Helm installations to be compatible with the new backend changes. We strongly recommend everyone who uses Helm takes this action.

New

  • Service accounts. To use service accounts, you must be running a minimum of zli v. 6.14.3 and bzero v. 7.3.0. Older versions of bzero do not support the service account feature

Web app & backend

New

  • Service accounts. Event logs, policy, and user management have been updated to include service accounts

Fixes

  • Last login. Resolved issue with login records that caused intermittent issues with the onboarding tool\

For questions or to give us feedback on how we can make our updates better, reach out to .

πŸ€–
docs.bastionzero.com
docs
product@bastionzero.com