diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3fa21572292b4..4dae2c6b12455 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,6 @@
# Changelog
-## 14.3.29 (08/27/24)
+## 14.3.30 (08/28/24)
### Security fix
@@ -25,6 +25,9 @@ to be updated.
### Other fixes and improvements
+* Fixed an issue where host_sudoers could be written to Teleport proxy server sudoer lists in Teleport v14 and v15. [#45960](https://github.com/gravitational/teleport/pull/45960)
+* Prevent interactive sessions from hanging on exit. [#45954](https://github.com/gravitational/teleport/pull/45954)
+* Fixed kernel version check of Enhanced Session Recording for distributions with backported BPF. [#45943](https://github.com/gravitational/teleport/pull/45943)
* When a database is created manually (without auto-discovery) the teleport.dev/db-admin and teleport.dev/db-admin-default-database labels are no longer ignored and can be used to configure database auto-user provisioning. [#45893](https://github.com/gravitational/teleport/pull/45893)
* Fixed an issue where Teleport could modify group assignments for users not managed by Teleport. This will require a migration of host users created with create_host_user_mode: keep in order to maintain Teleport management. More info can be found at [Migrating unmanaged users](./docs/pages/enroll-resources/server-access/guides/host-user-creation.mdx#migrating-unmanaged-users). [#45796](https://github.com/gravitational/teleport/pull/45796)
* Fixed host user creation for tsh scp. [#45682](https://github.com/gravitational/teleport/pull/45682)
diff --git a/Makefile b/Makefile
index 9ebed94bb41e8..0e56ee44dbf85 100644
--- a/Makefile
+++ b/Makefile
@@ -11,7 +11,7 @@
# Stable releases: "1.0.0"
# Pre-releases: "1.0.0-alpha.1", "1.0.0-beta.2", "1.0.0-rc.3"
# Master/dev branch: "1.0.0-dev"
-VERSION=14.3.29
+VERSION=14.3.30
DOCKER_IMAGE ?= teleport
diff --git a/api/version.go b/api/version.go
index ad2f88defd0bb..cb1731035f7fb 100644
--- a/api/version.go
+++ b/api/version.go
@@ -3,6 +3,6 @@ package api
import "github.com/coreos/go-semver/semver"
-const Version = "14.3.29"
+const Version = "14.3.30"
var SemVersion = semver.New(Version)
diff --git a/build.assets/macos/tsh/tsh.app/Contents/Info.plist b/build.assets/macos/tsh/tsh.app/Contents/Info.plist
index 56a395ee2da6f..adab8f165826d 100644
--- a/build.assets/macos/tsh/tsh.app/Contents/Info.plist
+++ b/build.assets/macos/tsh/tsh.app/Contents/Info.plist
@@ -19,13 +19,13 @@
CFBundlePackageType
APPL
CFBundleShortVersionString
- 14.3.29
+ 14.3.30
CFBundleSupportedPlatforms
MacOSX
CFBundleVersion
- 14.3.29
+ 14.3.30
DTCompiler
com.apple.compilers.llvm.clang.1_0
DTPlatformBuild
diff --git a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
index e948585db700e..ef2b732a3180c 100644
--- a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
+++ b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
@@ -17,13 +17,13 @@
CFBundlePackageType
APPL
CFBundleShortVersionString
- 14.3.29
+ 14.3.30
CFBundleSupportedPlatforms
MacOSX
CFBundleVersion
- 14.3.29
+ 14.3.30
DTCompiler
com.apple.compilers.llvm.clang.1_0
DTPlatformBuild
diff --git a/e b/e
index 81e2900019c73..3ad6b63414cfa 160000
--- a/e
+++ b/e
@@ -1 +1 @@
-Subproject commit 81e2900019c7359309b76aa7eb47b562dceec502
+Subproject commit 3ad6b63414cfa394a700fac1467235d064a5173b
diff --git a/examples/chart/teleport-cluster/Chart.yaml b/examples/chart/teleport-cluster/Chart.yaml
index 0d1675d71a255..690465d3c164d 100644
--- a/examples/chart/teleport-cluster/Chart.yaml
+++ b/examples/chart/teleport-cluster/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "14.3.29"
+.version: &version "14.3.30"
name: teleport-cluster
apiVersion: v2
diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
index 2eb68fdea6469..acb377ec7771d 100644
--- a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
+++ b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "14.3.29"
+.version: &version "14.3.30"
name: teleport-operator
apiVersion: v2
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap
index 6b53ef6970d1f..41d4669def3f5 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap
@@ -8,8 +8,8 @@ adds operator permissions to ClusterRole:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
- app.kubernetes.io/version: 14.3.29
- helm.sh/chart: teleport-cluster-14.3.29
+ app.kubernetes.io/version: 14.3.30
+ helm.sh/chart: teleport-cluster-14.3.30
teleport.dev/majorVersion: "14"
name: RELEASE-NAME
rules:
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap
index 6bf731ada6eb4..9a5c8b4324ace 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap
@@ -1797,8 +1797,8 @@ sets clusterDomain on Configmap:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
- app.kubernetes.io/version: 14.3.29
- helm.sh/chart: teleport-cluster-14.3.29
+ app.kubernetes.io/version: 14.3.30
+ helm.sh/chart: teleport-cluster-14.3.30
teleport.dev/majorVersion: "14"
name: RELEASE-NAME-auth
namespace: NAMESPACE
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
index d1703045ac1bc..ab42e43d72d88 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
@@ -1,6 +1,6 @@
should add an operator side-car when operator is enabled:
1: |
- image: public.ecr.aws/gravitational/teleport-operator:14.3.29
+ image: public.ecr.aws/gravitational/teleport-operator:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -41,7 +41,7 @@ should add an operator side-car when operator is enabled:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -174,7 +174,7 @@ should set nodeSelector when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -271,7 +271,7 @@ should set resources when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -357,7 +357,7 @@ should set securityContext when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap
index dc7c2aa390128..e51e830d304bd 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap
@@ -567,8 +567,8 @@ sets clusterDomain on Configmap:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
- app.kubernetes.io/version: 14.3.29
- helm.sh/chart: teleport-cluster-14.3.29
+ app.kubernetes.io/version: 14.3.30
+ helm.sh/chart: teleport-cluster-14.3.30
teleport.dev/majorVersion: "14"
name: RELEASE-NAME-proxy
namespace: NAMESPACE
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
index 4ec1009aa7c9c..5415e7e28e9a6 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
@@ -11,8 +11,8 @@ sets clusterDomain on Deployment Pods:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
- app.kubernetes.io/version: 14.3.29
- helm.sh/chart: teleport-cluster-14.3.29
+ app.kubernetes.io/version: 14.3.30
+ helm.sh/chart: teleport-cluster-14.3.30
teleport.dev/majorVersion: "14"
name: RELEASE-NAME-proxy
namespace: NAMESPACE
@@ -26,7 +26,7 @@ sets clusterDomain on Deployment Pods:
template:
metadata:
annotations:
- checksum/config: 3937f5f8355bf9d764442eec2c19e13a562f9a8dbfb06f32f8468e9841513a4d
+ checksum/config: 7d09284af8f16fe9cb56fa362c802ed742b2cbee0099c86800545176dc7bf014
kubernetes.io/pod: test-annotation
kubernetes.io/pod-different: 4
labels:
@@ -34,8 +34,8 @@ sets clusterDomain on Deployment Pods:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
- app.kubernetes.io/version: 14.3.29
- helm.sh/chart: teleport-cluster-14.3.29
+ app.kubernetes.io/version: 14.3.30
+ helm.sh/chart: teleport-cluster-14.3.30
teleport.dev/majorVersion: "14"
spec:
affinity:
@@ -44,7 +44,7 @@ sets clusterDomain on Deployment Pods:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -105,7 +105,7 @@ sets clusterDomain on Deployment Pods:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.test.com
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
name: wait-auth-update
serviceAccountName: RELEASE-NAME-proxy
terminationGracePeriodSeconds: 60
@@ -137,7 +137,7 @@ should provision initContainer correctly when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
name: wait-auth-update
- args:
- echo test
@@ -194,7 +194,7 @@ should set nodeSelector when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -255,7 +255,7 @@ should set nodeSelector when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
name: wait-auth-update
nodeSelector:
environment: security
@@ -306,7 +306,7 @@ should set resources when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -374,7 +374,7 @@ should set resources when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
name: wait-auth-update
serviceAccountName: RELEASE-NAME-proxy
terminationGracePeriodSeconds: 60
@@ -407,7 +407,7 @@ should set securityContext for initContainers when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -475,7 +475,7 @@ should set securityContext for initContainers when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
name: wait-auth-update
securityContext:
allowPrivilegeEscalation: false
@@ -515,7 +515,7 @@ should set securityContext when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -583,7 +583,7 @@ should set securityContext when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
name: wait-auth-update
securityContext:
allowPrivilegeEscalation: false
diff --git a/examples/chart/teleport-kube-agent/Chart.yaml b/examples/chart/teleport-kube-agent/Chart.yaml
index 24e23c3c417c6..9053590f6f69d 100644
--- a/examples/chart/teleport-kube-agent/Chart.yaml
+++ b/examples/chart/teleport-kube-agent/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "14.3.29"
+.version: &version "14.3.30"
name: teleport-kube-agent
apiVersion: v2
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
index 07e7a606c007a..4a99de2fa3963 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
@@ -32,7 +32,7 @@ sets Deployment annotations when specified if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -107,7 +107,7 @@ sets Deployment labels when specified if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -169,7 +169,7 @@ sets Pod annotations when specified if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -231,7 +231,7 @@ sets Pod labels when specified if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -310,7 +310,7 @@ should add emptyDir for data when existingDataVolume is not set if action is Upg
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -373,7 +373,7 @@ should add insecureSkipProxyTLSVerify to args when set in values if action is Up
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -435,7 +435,7 @@ should correctly configure existingDataVolume when set if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -495,7 +495,7 @@ should expose diag port if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -569,7 +569,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -643,7 +643,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -705,7 +705,7 @@ should have one replica when replicaCount is not set if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -767,7 +767,7 @@ should mount extraVolumes and extraVolumeMounts if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -836,7 +836,7 @@ should mount tls.existingCASecretName and set environment when set in values if
value: cluster.local
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -908,7 +908,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
value: http://username:password@my.proxy.host:3128
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -976,7 +976,7 @@ should provision initContainer correctly when set in values if action is Upgrade
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1074,7 +1074,7 @@ should set SecurityContext if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1156,7 +1156,7 @@ should set affinity when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1218,7 +1218,7 @@ should set default serviceAccountName when not set in values if action is Upgrad
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1293,7 +1293,7 @@ should set environment when extraEnv set in values if action is Upgrade:
value: cluster.local
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1417,7 +1417,7 @@ should set imagePullPolicy when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: Always
livenessProbe:
failureThreshold: 6
@@ -1479,7 +1479,7 @@ should set nodeSelector if set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1543,7 +1543,7 @@ should set not set priorityClassName when not set in values if action is Upgrade
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1617,7 +1617,7 @@ should set preferred affinity when more than one replica is used if action is Up
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1679,7 +1679,7 @@ should set priorityClassName when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1742,7 +1742,7 @@ should set probeTimeoutSeconds when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1814,7 +1814,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set if
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1876,7 +1876,7 @@ should set resources when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1945,7 +1945,7 @@ should set serviceAccountName when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2007,7 +2007,7 @@ should set tolerations when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
index c278379e2d0ee..762a93b19a32b 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
@@ -25,7 +25,7 @@ should create ServiceAccount for post-delete hook by default:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -104,7 +104,7 @@ should not create ServiceAccount for post-delete hook if serviceAccount.create i
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -132,7 +132,7 @@ should not create ServiceAccount, Role or RoleBinding for post-delete hook if se
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -160,7 +160,7 @@ should set nodeSelector in post-delete hook:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -190,7 +190,7 @@ should set securityContext in post-delete hook:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
index 73b15d5fc19ff..a2069dd325a3b 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
@@ -16,7 +16,7 @@ sets Pod annotations when specified:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -84,7 +84,7 @@ sets Pod labels when specified:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -176,7 +176,7 @@ sets StatefulSet labels when specified:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -272,7 +272,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -340,7 +340,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and action
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -428,7 +428,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and is Fre
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -506,7 +506,7 @@ should add volumeMount for data volume when using StatefulSet:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -574,7 +574,7 @@ should expose diag port:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -642,7 +642,7 @@ should generate Statefulset when storage is disabled and mode is a Upgrade:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -724,7 +724,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -804,7 +804,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -872,7 +872,7 @@ should have one replica when replicaCount is not set:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -940,7 +940,7 @@ should install Statefulset when storage is disabled and mode is a Fresh Install:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1010,7 +1010,7 @@ should mount extraVolumes and extraVolumeMounts:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1085,7 +1085,7 @@ should mount tls.existingCASecretName and set environment when set in values:
value: RELEASE-NAME
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1165,7 +1165,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
value: /etc/teleport-tls-ca/ca.pem
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1241,7 +1241,7 @@ should not add emptyDir for data when using StatefulSet:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1309,7 +1309,7 @@ should provision initContainer correctly when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1413,7 +1413,7 @@ should set SecurityContext:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1501,7 +1501,7 @@ should set affinity when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1569,7 +1569,7 @@ should set default serviceAccountName when not set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1650,7 +1650,7 @@ should set environment when extraEnv set in values:
value: RELEASE-NAME
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1786,7 +1786,7 @@ should set imagePullPolicy when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: Always
livenessProbe:
failureThreshold: 6
@@ -1854,7 +1854,7 @@ should set nodeSelector if set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1936,7 +1936,7 @@ should set preferred affinity when more than one replica is used:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2004,7 +2004,7 @@ should set probeTimeoutSeconds when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2082,7 +2082,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2150,7 +2150,7 @@ should set resources when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2225,7 +2225,7 @@ should set serviceAccountName when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2293,7 +2293,7 @@ should set storage.requests when set in values and action is an Upgrade:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2361,7 +2361,7 @@ should set storage.storageClassName when set in values and action is an Upgrade:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2429,7 +2429,7 @@ should set tolerations when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.29
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
index 7d1ed09270c25..56b8ea3967044 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
@@ -27,7 +27,7 @@ sets the affinity:
- --base-image=public.ecr.aws/gravitational/teleport-distroless
- --version-server=https://my-custom-version-server/v1
- --version-channel=custom/preview
- image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.29
+ image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -71,7 +71,7 @@ sets the tolerations:
- --base-image=public.ecr.aws/gravitational/teleport-distroless
- --version-server=https://my-custom-version-server/v1
- --version-channel=custom/preview
- image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.29
+ image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.30
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6