diff --git a/CHANGELOG.md b/CHANGELOG.md
index a571f1331332a..c4bf08935028e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,26 @@
# Changelog
+## 14.3.17 (04/30/24)
+
+* Fixed user SSO bypass by performing a local passwordless login. [#41071](https://github.com/gravitational/teleport/pull/41071)
+* Enforce allow_passwordless server-side. [#41058](https://github.com/gravitational/teleport/pull/41058)
+* Fixed a memory leak caused by incorrectly passing the offset when paginating all Access Lists' members when there are more than the default pagesize (200) Access Lists. [#41044](https://github.com/gravitational/teleport/pull/41044)
+* Fixed a regression causing roles filtering to not work. [#41000](https://github.com/gravitational/teleport/pull/41000)
+* Allow AWS integration to be used for global services without specifying a valid region. [#40990](https://github.com/gravitational/teleport/pull/40990)
+* Fixed access requests lingering in the UI and tctl after expiry. [#40965](https://github.com/gravitational/teleport/pull/40965)
+* Made `podSecurityContext` configurable in the `teleport-cluster` Helm chart. [#40950](https://github.com/gravitational/teleport/pull/40950)
+* Allow mounting extra volumes in the updater pod deployed by the `teleport-kube-agent`chart. [#40949](https://github.com/gravitational/teleport/pull/40949)
+* Improved error message when performing an SSO login with a hardware key. [#40924](https://github.com/gravitational/teleport/pull/40924)
+* Fixed a bug in the `teleport-cluster` Helm chart that happened when `sessionRecording` was `off`. [#40920](https://github.com/gravitational/teleport/pull/40920)
+* Allows setting additional Kubernetes labels on resources created by the `teleport-cluster` Helm chart. [#40916](https://github.com/gravitational/teleport/pull/40916)
+* Fixed audit event failures when using DynamoDB event storage. [#40912](https://github.com/gravitational/teleport/pull/40912)
+* Properly enforce session moderation requirements when starting Kubernetes ephemeral containers. [#40907](https://github.com/gravitational/teleport/pull/40907)
+* Introduced the tpm join method, which allows for secure joining in on-prem environments without the need for a shared secret. [#40875](https://github.com/gravitational/teleport/pull/40875)
+* Issue cert.create events during device authentication. [#40873](https://github.com/gravitational/teleport/pull/40873)
+* Add the ability to control `ssh_config` generation in Machine ID's Identity Outputs. This allows the generation of the `ssh_config` to be disabled if unnecessary, improving performance and removing the dependency on the Proxy being online. [#40862](https://github.com/gravitational/teleport/pull/40862)
+* Prevented deleting AWS OIDC integration used by External Audit Storage. [#40853](https://github.com/gravitational/teleport/pull/40853)
+* Reduced parallelism when polling AWS resources to prevent API throttling when exporting them to Teleport Access Graph. [#40812](https://github.com/gravitational/teleport/pull/40812)
+
## 14.3.16 (04/23/24)
* Fixed a deprecation warning being shown when `tbot` is used with OpenSSH. [#40838](https://github.com/gravitational/teleport/pull/40838)
diff --git a/Makefile b/Makefile
index d57d2fa624022..27f9b89b3d1eb 100644
--- a/Makefile
+++ b/Makefile
@@ -11,7 +11,7 @@
# Stable releases: "1.0.0"
# Pre-releases: "1.0.0-alpha.1", "1.0.0-beta.2", "1.0.0-rc.3"
# Master/dev branch: "1.0.0-dev"
-VERSION=14.3.16
+VERSION=14.3.17
DOCKER_IMAGE ?= teleport
diff --git a/api/version.go b/api/version.go
index d362f3812bfc0..c140fc9f7962e 100644
--- a/api/version.go
+++ b/api/version.go
@@ -3,6 +3,6 @@ package api
import "github.com/coreos/go-semver/semver"
-const Version = "14.3.16"
+const Version = "14.3.17"
var SemVersion = semver.New(Version)
diff --git a/build.assets/macos/tsh/tsh.app/Contents/Info.plist b/build.assets/macos/tsh/tsh.app/Contents/Info.plist
index f629fb33acb5f..d00c23938f8be 100644
--- a/build.assets/macos/tsh/tsh.app/Contents/Info.plist
+++ b/build.assets/macos/tsh/tsh.app/Contents/Info.plist
@@ -19,13 +19,13 @@
CFBundlePackageType
APPL
CFBundleShortVersionString
- 14.3.16
+ 14.3.17
CFBundleSupportedPlatforms
MacOSX
CFBundleVersion
- 14.3.16
+ 14.3.17
DTCompiler
com.apple.compilers.llvm.clang.1_0
DTPlatformBuild
diff --git a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
index 0097741da81d6..68e47591223e2 100644
--- a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
+++ b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
@@ -17,13 +17,13 @@
CFBundlePackageType
APPL
CFBundleShortVersionString
- 14.3.16
+ 14.3.17
CFBundleSupportedPlatforms
MacOSX
CFBundleVersion
- 14.3.16
+ 14.3.17
DTCompiler
com.apple.compilers.llvm.clang.1_0
DTPlatformBuild
diff --git a/e b/e
index 9138189f11e71..76ce262dd036d 160000
--- a/e
+++ b/e
@@ -1 +1 @@
-Subproject commit 9138189f11e7165f9fd7b0c9683215fb17ba6d97
+Subproject commit 76ce262dd036d73e083b682aa9122689d83608d3
diff --git a/examples/chart/teleport-cluster/Chart.yaml b/examples/chart/teleport-cluster/Chart.yaml
index b266852f21698..adba4ee21f32d 100644
--- a/examples/chart/teleport-cluster/Chart.yaml
+++ b/examples/chart/teleport-cluster/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "14.3.16"
+.version: &version "14.3.17"
name: teleport-cluster
apiVersion: v2
diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
index 07c718b417ec7..53d722d09f943 100644
--- a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
+++ b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "14.3.16"
+.version: &version "14.3.17"
name: teleport-operator
apiVersion: v2
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap
index ee4ea97b9fb74..da4fb18b2eee1 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap
@@ -8,8 +8,8 @@ adds operator permissions to ClusterRole:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
- app.kubernetes.io/version: 14.3.16
- helm.sh/chart: teleport-cluster-14.3.16
+ app.kubernetes.io/version: 14.3.17
+ helm.sh/chart: teleport-cluster-14.3.17
teleport.dev/majorVersion: "14"
name: RELEASE-NAME
rules:
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
index 29eede11f4eb9..b006efe15a6e2 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
@@ -1,6 +1,6 @@
should add an operator side-car when operator is enabled:
1: |
- image: public.ecr.aws/gravitational/teleport-operator:14.3.16
+ image: public.ecr.aws/gravitational/teleport-operator:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -41,7 +41,7 @@ should add an operator side-car when operator is enabled:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -174,7 +174,7 @@ should set nodeSelector when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -271,7 +271,7 @@ should set resources when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -357,7 +357,7 @@ should set securityContext when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
index 929a2e77a1464..a4947cb4e8aa2 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
@@ -5,7 +5,7 @@ should provision initContainer correctly when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
name: wait-auth-update
- args:
- echo test
@@ -62,7 +62,7 @@ should set nodeSelector when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -123,7 +123,7 @@ should set nodeSelector when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
name: wait-auth-update
nodeSelector:
environment: security
@@ -174,7 +174,7 @@ should set resources when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -242,7 +242,7 @@ should set resources when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
name: wait-auth-update
serviceAccountName: RELEASE-NAME-proxy
terminationGracePeriodSeconds: 60
@@ -275,7 +275,7 @@ should set securityContext for initContainers when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -343,7 +343,7 @@ should set securityContext for initContainers when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
name: wait-auth-update
securityContext:
allowPrivilegeEscalation: false
@@ -383,7 +383,7 @@ should set securityContext when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -451,7 +451,7 @@ should set securityContext when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
name: wait-auth-update
securityContext:
allowPrivilegeEscalation: false
diff --git a/examples/chart/teleport-kube-agent/Chart.yaml b/examples/chart/teleport-kube-agent/Chart.yaml
index d96a864a2c060..0588a6ebfb443 100644
--- a/examples/chart/teleport-kube-agent/Chart.yaml
+++ b/examples/chart/teleport-kube-agent/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "14.3.16"
+.version: &version "14.3.17"
name: teleport-kube-agent
apiVersion: v2
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
index 5365fd12814af..0250b0be3fffe 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
@@ -30,7 +30,7 @@ sets Deployment annotations when specified if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -103,7 +103,7 @@ sets Deployment labels when specified if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -163,7 +163,7 @@ sets Pod annotations when specified if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -223,7 +223,7 @@ sets Pod labels when specified if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -300,7 +300,7 @@ should add emptyDir for data when existingDataVolume is not set if action is Upg
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -361,7 +361,7 @@ should add insecureSkipProxyTLSVerify to args when set in values if action is Up
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -421,7 +421,7 @@ should correctly configure existingDataVolume when set if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -479,7 +479,7 @@ should expose diag port if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -551,7 +551,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -623,7 +623,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -683,7 +683,7 @@ should have one replica when replicaCount is not set if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -743,7 +743,7 @@ should mount extraVolumes and extraVolumeMounts if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -810,7 +810,7 @@ should mount tls.existingCASecretName and set environment when set in values if
value: "true"
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -880,7 +880,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
value: http://username:password@my.proxy.host:3128
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -946,7 +946,7 @@ should provision initContainer correctly when set in values if action is Upgrade
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1042,7 +1042,7 @@ should set SecurityContext if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1122,7 +1122,7 @@ should set affinity when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1182,7 +1182,7 @@ should set default serviceAccountName when not set in values if action is Upgrad
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1255,7 +1255,7 @@ should set environment when extraEnv set in values if action is Upgrade:
value: "true"
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1375,7 +1375,7 @@ should set imagePullPolicy when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: Always
livenessProbe:
failureThreshold: 6
@@ -1435,7 +1435,7 @@ should set nodeSelector if set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1497,7 +1497,7 @@ should set not set priorityClassName when not set in values if action is Upgrade
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1569,7 +1569,7 @@ should set preferred affinity when more than one replica is used if action is Up
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1629,7 +1629,7 @@ should set priorityClassName when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1690,7 +1690,7 @@ should set probeTimeoutSeconds when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1760,7 +1760,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set if
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1820,7 +1820,7 @@ should set resources when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1887,7 +1887,7 @@ should set serviceAccountName when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1947,7 +1947,7 @@ should set tolerations when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
index e504ad0bc19f2..ea774dab82d0c 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
@@ -25,7 +25,7 @@ should create ServiceAccount for post-delete hook by default:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -104,7 +104,7 @@ should not create ServiceAccount for post-delete hook if serviceAccount.create i
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -132,7 +132,7 @@ should not create ServiceAccount, Role or RoleBinding for post-delete hook if se
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -160,7 +160,7 @@ should set nodeSelector in post-delete hook:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -190,7 +190,7 @@ should set securityContext in post-delete hook:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
index 723750b851ba0..6206c7ae12fd8 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
@@ -16,7 +16,7 @@ sets Pod annotations when specified:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -84,7 +84,7 @@ sets Pod labels when specified:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -176,7 +176,7 @@ sets StatefulSet labels when specified:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -272,7 +272,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -340,7 +340,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and action
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -428,7 +428,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and is Fre
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -506,7 +506,7 @@ should add volumeMount for data volume when using StatefulSet:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -574,7 +574,7 @@ should expose diag port:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -642,7 +642,7 @@ should generate Statefulset when storage is disabled and mode is a Upgrade:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -724,7 +724,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -804,7 +804,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -872,7 +872,7 @@ should have one replica when replicaCount is not set:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -940,7 +940,7 @@ should install Statefulset when storage is disabled and mode is a Fresh Install:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1010,7 +1010,7 @@ should mount extraVolumes and extraVolumeMounts:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1085,7 +1085,7 @@ should mount tls.existingCASecretName and set environment when set in values:
value: RELEASE-NAME
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1165,7 +1165,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
value: /etc/teleport-tls-ca/ca.pem
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1241,7 +1241,7 @@ should not add emptyDir for data when using StatefulSet:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1309,7 +1309,7 @@ should provision initContainer correctly when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1413,7 +1413,7 @@ should set SecurityContext:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1501,7 +1501,7 @@ should set affinity when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1569,7 +1569,7 @@ should set default serviceAccountName when not set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1650,7 +1650,7 @@ should set environment when extraEnv set in values:
value: RELEASE-NAME
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1786,7 +1786,7 @@ should set imagePullPolicy when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: Always
livenessProbe:
failureThreshold: 6
@@ -1854,7 +1854,7 @@ should set nodeSelector if set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1936,7 +1936,7 @@ should set preferred affinity when more than one replica is used:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2004,7 +2004,7 @@ should set probeTimeoutSeconds when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2082,7 +2082,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2150,7 +2150,7 @@ should set resources when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2225,7 +2225,7 @@ should set serviceAccountName when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2293,7 +2293,7 @@ should set storage.requests when set in values and action is an Upgrade:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2361,7 +2361,7 @@ should set storage.storageClassName when set in values and action is an Upgrade:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2429,7 +2429,7 @@ should set tolerations when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.16
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
index 1aaab78fdc75e..1e45acb2ed1c7 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
@@ -27,7 +27,7 @@ sets the affinity:
- --base-image=public.ecr.aws/gravitational/teleport-distroless
- --version-server=https://my-custom-version-server/v1
- --version-channel=custom/preview
- image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.16
+ image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -71,7 +71,7 @@ sets the tolerations:
- --base-image=public.ecr.aws/gravitational/teleport-distroless
- --version-server=https://my-custom-version-server/v1
- --version-channel=custom/preview
- image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.16
+ image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.17
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6