diff --git a/CHANGELOG.md b/CHANGELOG.md index b99b03e845529..4b789e53cf89b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,22 @@ # Changelog +## 14.3.32 (10/03/24) + +* Fixes an issue preventing access requests from displaying user friendly resource names. [#47110](https://github.com/gravitational/teleport/pull/47110) +* Updated Go to `1.22.8`. [#47053](https://github.com/gravitational/teleport/pull/47053) +* Fixed the "source path is empty" error when attempting to upload a file in Teleport Connect. [#47014](https://github.com/gravitational/teleport/pull/47014) +* Enforce a global `device_trust.mode=required` on OSS processes paired with an Enterprise Auth. [#46945](https://github.com/gravitational/teleport/pull/46945) +* A user joining a session will now see available controls for terminating & leaving the session. [#46923](https://github.com/gravitational/teleport/pull/46923) +* Teleport no longer creates invalid SAML Connectors when calling `tctl get saml/ | tctl create -f` without the `--with-secrets` flag. [#46887](https://github.com/gravitational/teleport/pull/46887) +* Fixed a regression in the SAML IdP service which prevented cache from initializing in a cluster that may have a service provider configured with unsupported `acs_url` and `relay_state` values. [#46847](https://github.com/gravitational/teleport/pull/46847) +* Fixes a bug in Kubernetes access that causes the error `expected *metav1.PartialObjectMetadata object` when trying to list resources. [#46696](https://github.com/gravitational/teleport/pull/46696) +* Fixed an issue that prevented host user creation when the username was also listed in `host_groups`. [#46639](https://github.com/gravitational/teleport/pull/46639) +* Allow all audit events to be trimmed if necessary. [#46505](https://github.com/gravitational/teleport/pull/46505) +* Fixed an issue preventing session joining while host user creation was in use. [#46503](https://github.com/gravitational/teleport/pull/46503) +* Fixed an issue that prevented the Firestore backend from reading existing data. [#46435](https://github.com/gravitational/teleport/pull/46435) +* The `teleport-kube-agent` chart now correctly propagates configured annotations when deploying a StatefulSet. [#46423](https://github.com/gravitational/teleport/pull/46423) +* Ensure that additional pod labels are carried over to post-upgrade and post-delete hook job pods when using the `teleport-kube-agent` Helm chart. [#46236](https://github.com/gravitational/teleport/pull/46236) + ## 14.3.31 (09/05/24) * Updated Go to 1.22.7. [#46298](https://api.github.com/repos/gravitational/teleport/issues/46298) diff --git a/Makefile b/Makefile index 8f21f0fe2b8c7..f98fb5c65e48e 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ # Stable releases: "1.0.0" # Pre-releases: "1.0.0-alpha.1", "1.0.0-beta.2", "1.0.0-rc.3" # Master/dev branch: "1.0.0-dev" -VERSION=14.3.31 +VERSION=14.3.32 DOCKER_IMAGE ?= teleport diff --git a/api/version.go b/api/version.go index 06a281dd6d5d5..85c33d9532400 100644 --- a/api/version.go +++ b/api/version.go @@ -3,6 +3,6 @@ package api import "github.com/coreos/go-semver/semver" -const Version = "14.3.31" +const Version = "14.3.32" var SemVersion = semver.New(Version) diff --git a/build.assets/macos/tsh/tsh.app/Contents/Info.plist b/build.assets/macos/tsh/tsh.app/Contents/Info.plist index 9b7c2dc3f2e8c..6735f8f8479f7 100644 --- a/build.assets/macos/tsh/tsh.app/Contents/Info.plist +++ b/build.assets/macos/tsh/tsh.app/Contents/Info.plist @@ -19,13 +19,13 @@ CFBundlePackageType APPL CFBundleShortVersionString - 14.3.31 + 14.3.32 CFBundleSupportedPlatforms MacOSX CFBundleVersion - 14.3.31 + 14.3.32 DTCompiler com.apple.compilers.llvm.clang.1_0 DTPlatformBuild diff --git a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist index 9f1efa7627319..9c13203eef9be 100644 --- a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist +++ b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist @@ -17,13 +17,13 @@ CFBundlePackageType APPL CFBundleShortVersionString - 14.3.31 + 14.3.32 CFBundleSupportedPlatforms MacOSX CFBundleVersion - 14.3.31 + 14.3.32 DTCompiler com.apple.compilers.llvm.clang.1_0 DTPlatformBuild diff --git a/e b/e index 7be09af62c2bc..633e4577a551c 160000 --- a/e +++ b/e @@ -1 +1 @@ -Subproject commit 7be09af62c2bc1deb593d1ac8bad38b675b73cd6 +Subproject commit 633e4577a551c2d8ddd4564f932c012cf74e33ce diff --git a/examples/chart/teleport-cluster/Chart.yaml b/examples/chart/teleport-cluster/Chart.yaml index fb78c0729300d..2bfe5c89f2534 100644 --- a/examples/chart/teleport-cluster/Chart.yaml +++ b/examples/chart/teleport-cluster/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "14.3.31" +.version: &version "14.3.32" name: teleport-cluster apiVersion: v2 diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml index ed98f3898b0dc..22e452ea60dbe 100644 --- a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml +++ b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "14.3.31" +.version: &version "14.3.32" name: teleport-operator apiVersion: v2 diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap index a3d5e40fe9d98..9d5b45504687b 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap @@ -8,8 +8,8 @@ adds operator permissions to ClusterRole: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster - app.kubernetes.io/version: 14.3.31 - helm.sh/chart: teleport-cluster-14.3.31 + app.kubernetes.io/version: 14.3.32 + helm.sh/chart: teleport-cluster-14.3.32 teleport.dev/majorVersion: "14" name: RELEASE-NAME rules: diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap index 0c74ab3c3b06a..3acd63f6974fb 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap @@ -1797,8 +1797,8 @@ sets clusterDomain on Configmap: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster - app.kubernetes.io/version: 14.3.31 - helm.sh/chart: teleport-cluster-14.3.31 + app.kubernetes.io/version: 14.3.32 + helm.sh/chart: teleport-cluster-14.3.32 teleport.dev/majorVersion: "14" name: RELEASE-NAME-auth namespace: NAMESPACE diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap index 96654b03d838e..c610ba967a077 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap @@ -1,6 +1,6 @@ should add an operator side-car when operator is enabled: 1: | - image: public.ecr.aws/gravitational/teleport-operator:14.3.31 + image: public.ecr.aws/gravitational/teleport-operator:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -41,7 +41,7 @@ should add an operator side-car when operator is enabled: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -174,7 +174,7 @@ should set nodeSelector when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -271,7 +271,7 @@ should set resources when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -357,7 +357,7 @@ should set securityContext when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent lifecycle: preStop: diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap index ef31b68b989ae..4e2b7ed924172 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap @@ -567,8 +567,8 @@ sets clusterDomain on Configmap: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster - app.kubernetes.io/version: 14.3.31 - helm.sh/chart: teleport-cluster-14.3.31 + app.kubernetes.io/version: 14.3.32 + helm.sh/chart: teleport-cluster-14.3.32 teleport.dev/majorVersion: "14" name: RELEASE-NAME-proxy namespace: NAMESPACE diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap index d81b893a7f551..54434b2169674 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap @@ -11,8 +11,8 @@ sets clusterDomain on Deployment Pods: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster - app.kubernetes.io/version: 14.3.31 - helm.sh/chart: teleport-cluster-14.3.31 + app.kubernetes.io/version: 14.3.32 + helm.sh/chart: teleport-cluster-14.3.32 teleport.dev/majorVersion: "14" name: RELEASE-NAME-proxy namespace: NAMESPACE @@ -26,7 +26,7 @@ sets clusterDomain on Deployment Pods: template: metadata: annotations: - checksum/config: 80ed29337e001197b8dad050cc19902724d1382bfc43421f1457f1e181b25892 + checksum/config: 75a5fce8eb5dc94193c7eaf8a5bbcef77dab3e1b320ab45ff2e8dc5cbbca24bc kubernetes.io/pod: test-annotation kubernetes.io/pod-different: 4 labels: @@ -34,8 +34,8 @@ sets clusterDomain on Deployment Pods: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster - app.kubernetes.io/version: 14.3.31 - helm.sh/chart: teleport-cluster-14.3.31 + app.kubernetes.io/version: 14.3.32 + helm.sh/chart: teleport-cluster-14.3.32 teleport.dev/majorVersion: "14" spec: affinity: @@ -44,7 +44,7 @@ sets clusterDomain on Deployment Pods: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -105,7 +105,7 @@ sets clusterDomain on Deployment Pods: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.test.com - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 name: wait-auth-update serviceAccountName: RELEASE-NAME-proxy terminationGracePeriodSeconds: 60 @@ -137,7 +137,7 @@ should provision initContainer correctly when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 name: wait-auth-update - args: - echo test @@ -194,7 +194,7 @@ should set nodeSelector when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -255,7 +255,7 @@ should set nodeSelector when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 name: wait-auth-update nodeSelector: environment: security @@ -306,7 +306,7 @@ should set resources when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -374,7 +374,7 @@ should set resources when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 name: wait-auth-update serviceAccountName: RELEASE-NAME-proxy terminationGracePeriodSeconds: 60 @@ -407,7 +407,7 @@ should set securityContext for initContainers when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -475,7 +475,7 @@ should set securityContext for initContainers when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 name: wait-auth-update securityContext: allowPrivilegeEscalation: false @@ -515,7 +515,7 @@ should set securityContext when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -583,7 +583,7 @@ should set securityContext when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 name: wait-auth-update securityContext: allowPrivilegeEscalation: false diff --git a/examples/chart/teleport-kube-agent/Chart.yaml b/examples/chart/teleport-kube-agent/Chart.yaml index 25cd94d23c0c5..c342bd60ee3e8 100644 --- a/examples/chart/teleport-kube-agent/Chart.yaml +++ b/examples/chart/teleport-kube-agent/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "14.3.31" +.version: &version "14.3.32" name: teleport-kube-agent apiVersion: v2 diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap index 4092a18062d9a..4dc27e1516e72 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap @@ -32,7 +32,7 @@ sets Deployment annotations when specified if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -107,7 +107,7 @@ sets Deployment labels when specified if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -169,7 +169,7 @@ sets Pod annotations when specified if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -231,7 +231,7 @@ sets Pod labels when specified if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -310,7 +310,7 @@ should add emptyDir for data when existingDataVolume is not set if action is Upg value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -373,7 +373,7 @@ should add insecureSkipProxyTLSVerify to args when set in values if action is Up value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -435,7 +435,7 @@ should correctly configure existingDataVolume when set if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -495,7 +495,7 @@ should expose diag port if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -569,7 +569,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -643,7 +643,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -705,7 +705,7 @@ should have one replica when replicaCount is not set if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -767,7 +767,7 @@ should mount extraVolumes and extraVolumeMounts if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -836,7 +836,7 @@ should mount tls.existingCASecretName and set environment when set in values if value: cluster.local - name: SSL_CERT_FILE value: /etc/teleport-tls-ca/ca.pem - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -908,7 +908,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu value: http://username:password@my.proxy.host:3128 - name: SSL_CERT_FILE value: /etc/teleport-tls-ca/ca.pem - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -976,7 +976,7 @@ should provision initContainer correctly when set in values if action is Upgrade value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1074,7 +1074,7 @@ should set SecurityContext if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1156,7 +1156,7 @@ should set affinity when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1218,7 +1218,7 @@ should set default serviceAccountName when not set in values if action is Upgrad value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1293,7 +1293,7 @@ should set environment when extraEnv set in values if action is Upgrade: value: cluster.local - name: HTTPS_PROXY value: http://username:password@my.proxy.host:3128 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1417,7 +1417,7 @@ should set imagePullPolicy when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: Always livenessProbe: failureThreshold: 6 @@ -1479,7 +1479,7 @@ should set nodeSelector if set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1543,7 +1543,7 @@ should set not set priorityClassName when not set in values if action is Upgrade value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1617,7 +1617,7 @@ should set preferred affinity when more than one replica is used if action is Up value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1679,7 +1679,7 @@ should set priorityClassName when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1742,7 +1742,7 @@ should set probeTimeoutSeconds when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1814,7 +1814,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set if value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1876,7 +1876,7 @@ should set resources when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1945,7 +1945,7 @@ should set serviceAccountName when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2007,7 +2007,7 @@ should set tolerations when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap index 764a5dc3e1432..07a87fa76c4f8 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap @@ -25,7 +25,7 @@ should create ServiceAccount for post-delete hook by default: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: @@ -106,7 +106,7 @@ should not create ServiceAccount for post-delete hook if serviceAccount.create i fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: @@ -134,7 +134,7 @@ should not create ServiceAccount, Role or RoleBinding for post-delete hook if se fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: @@ -162,7 +162,7 @@ should set nodeSelector in post-delete hook: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: @@ -192,7 +192,7 @@ should set securityContext in post-delete hook: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap index ad1ef6d0418fc..b14ad8269dbe1 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap @@ -18,7 +18,7 @@ sets Pod annotations when specified: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -88,7 +88,7 @@ sets Pod labels when specified: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -182,7 +182,7 @@ sets StatefulSet labels when specified: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -280,7 +280,7 @@ should add insecureSkipProxyTLSVerify to args when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -350,7 +350,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and action value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -440,7 +440,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and is Fre value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -520,7 +520,7 @@ should add volumeMount for data volume when using StatefulSet: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -590,7 +590,7 @@ should expose diag port: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -660,7 +660,7 @@ should generate Statefulset when storage is disabled and mode is a Upgrade: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -744,7 +744,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -826,7 +826,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -896,7 +896,7 @@ should have one replica when replicaCount is not set: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -966,7 +966,7 @@ should install Statefulset when storage is disabled and mode is a Fresh Install: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1038,7 +1038,7 @@ should mount extraVolumes and extraVolumeMounts: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1115,7 +1115,7 @@ should mount tls.existingCASecretName and set environment when set in values: value: cluster.local - name: SSL_CERT_FILE value: /etc/teleport-tls-ca/ca.pem - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1197,7 +1197,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu value: /etc/teleport-tls-ca/ca.pem - name: HTTPS_PROXY value: http://username:password@my.proxy.host:3128 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1275,7 +1275,7 @@ should not add emptyDir for data when using StatefulSet: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1345,7 +1345,7 @@ should provision initContainer correctly when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1451,7 +1451,7 @@ should set SecurityContext: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1541,7 +1541,7 @@ should set affinity when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1611,7 +1611,7 @@ should set default serviceAccountName when not set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1694,7 +1694,7 @@ should set environment when extraEnv set in values: value: cluster.local - name: HTTPS_PROXY value: http://username:password@my.proxy.host:3128 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1834,7 +1834,7 @@ should set imagePullPolicy when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: Always livenessProbe: failureThreshold: 6 @@ -1904,7 +1904,7 @@ should set nodeSelector if set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1988,7 +1988,7 @@ should set preferred affinity when more than one replica is used: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2058,7 +2058,7 @@ should set probeTimeoutSeconds when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2138,7 +2138,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2208,7 +2208,7 @@ should set resources when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2285,7 +2285,7 @@ should set serviceAccountName when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2355,7 +2355,7 @@ should set storage.requests when set in values and action is an Upgrade: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2425,7 +2425,7 @@ should set storage.storageClassName when set in values and action is an Upgrade: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2495,7 +2495,7 @@ should set tolerations when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.31 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap index 7af29ad5d7a71..68dd5827bce9a 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap @@ -27,7 +27,7 @@ sets the affinity: - --base-image=public.ecr.aws/gravitational/teleport-distroless - --version-server=https://my-custom-version-server/v1 - --version-channel=custom/preview - image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.31 + image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -71,7 +71,7 @@ sets the tolerations: - --base-image=public.ecr.aws/gravitational/teleport-distroless - --version-server=https://my-custom-version-server/v1 - --version-channel=custom/preview - image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.31 + image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.32 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6