From a12edb9686e85c51cf4e3c0233f16d5e73591dbd Mon Sep 17 00:00:00 2001 From: Cam Hutchison Date: Thu, 28 Nov 2024 12:30:22 +1100 Subject: [PATCH] Release 14.3.34 (#49530) --- CHANGELOG.md | 12 ++++ Makefile | 2 +- api/version.go | 2 +- .../macos/tsh/tsh.app/Contents/Info.plist | 4 +- .../macos/tshdev/tsh.app/Contents/Info.plist | 4 +- examples/chart/teleport-cluster/Chart.yaml | 2 +- .../charts/teleport-operator/Chart.yaml | 2 +- .../auth_clusterrole_test.yaml.snap | 4 +- .../__snapshot__/auth_config_test.yaml.snap | 4 +- .../auth_deployment_test.yaml.snap | 10 +-- .../__snapshot__/proxy_config_test.yaml.snap | 4 +- .../proxy_deployment_test.yaml.snap | 32 +++++----- examples/chart/teleport-kube-agent/Chart.yaml | 2 +- .../__snapshot__/deployment_test.yaml.snap | 58 ++++++++--------- .../tests/__snapshot__/job_test.yaml.snap | 12 ++-- .../__snapshot__/statefulset_test.yaml.snap | 64 +++++++++---------- .../updater_deployment_test.yaml.snap | 4 +- 17 files changed, 117 insertions(+), 105 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cb067bbb2682a..7a68c17f2c72b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## 14.3.34 (11/27/24) + +* Fixed a bug in the `teleport-cluster` Helm chart that can cause token mount to fail when using ArgoCD. [#49071](https://github.com/gravitational/teleport/pull/49071) +* Allow overriding Teleport license secret name when using `teleport-cluster` Helm chart. [#48981](https://github.com/gravitational/teleport/pull/48981) +* Fixed a bug in Kubernetes session recordings where both root and leaf cluster recorded the same Kubernetes session. Recordings of leaf resources are only available in leaf clusters. [#48740](https://github.com/gravitational/teleport/pull/48740) +* Updated Go to 1.22.9. [#48583](https://github.com/gravitational/teleport/pull/48583) +* The teleport-cluster Helm chart now uses the configured `serviceAccount.name` from chart values for its pre-deploy configuration check Jobs. [#48577](https://github.com/gravitational/teleport/pull/48577) +* Fixed a Teleport Kubernetes Operator bug that happened for OIDCConnector resources with non-nil `max_age`. [#48378](https://github.com/gravitational/teleport/pull/48378) +* Updated host user creation to prevent local password expiration policies from affecting Teleport managed users. [#48161](https://github.com/gravitational/teleport/pull/48161) +* Resolved an issue that caused false positive errors incorrectly indicating that the YubiKey was in use by another application, while only tsh was accessing it. [#47954](https://github.com/gravitational/teleport/pull/47954) +* Updated `tsh ssh` to support the `--` delimiter similar to openssh. It is now possible to execute a command via `tsh ssh user@host -- echo test` or `tsh ssh -- host uptime`. [#47495](https://github.com/gravitational/teleport/pull/47495) + ## 14.3.33 (10/30/24) * Fixed a bug in the External Audit Storage bootstrap script that broke S3 bucket creation. [#48179](https://github.com/gravitational/teleport/pull/48179) diff --git a/Makefile b/Makefile index 9f2996a8fa96e..628922376dc45 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ # Stable releases: "1.0.0" # Pre-releases: "1.0.0-alpha.1", "1.0.0-beta.2", "1.0.0-rc.3" # Master/dev branch: "1.0.0-dev" -VERSION=14.3.33 +VERSION=14.3.34 DOCKER_IMAGE ?= teleport diff --git a/api/version.go b/api/version.go index b22cecce071de..1a44f7787d518 100644 --- a/api/version.go +++ b/api/version.go @@ -3,6 +3,6 @@ package api import "github.com/coreos/go-semver/semver" -const Version = "14.3.33" +const Version = "14.3.34" var SemVersion = semver.New(Version) diff --git a/build.assets/macos/tsh/tsh.app/Contents/Info.plist b/build.assets/macos/tsh/tsh.app/Contents/Info.plist index 6da038d33d6b0..71e878e8e6b90 100644 --- a/build.assets/macos/tsh/tsh.app/Contents/Info.plist +++ b/build.assets/macos/tsh/tsh.app/Contents/Info.plist @@ -19,13 +19,13 @@ CFBundlePackageType APPL CFBundleShortVersionString - 14.3.33 + 14.3.34 CFBundleSupportedPlatforms MacOSX CFBundleVersion - 14.3.33 + 14.3.34 DTCompiler com.apple.compilers.llvm.clang.1_0 DTPlatformBuild diff --git a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist index 9dc8dc8ca0723..e92bd5c3de195 100644 --- a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist +++ b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist @@ -17,13 +17,13 @@ CFBundlePackageType APPL CFBundleShortVersionString - 14.3.33 + 14.3.34 CFBundleSupportedPlatforms MacOSX CFBundleVersion - 14.3.33 + 14.3.34 DTCompiler com.apple.compilers.llvm.clang.1_0 DTPlatformBuild diff --git a/examples/chart/teleport-cluster/Chart.yaml b/examples/chart/teleport-cluster/Chart.yaml index 48f3067b105f4..374274e49f0bb 100644 --- a/examples/chart/teleport-cluster/Chart.yaml +++ b/examples/chart/teleport-cluster/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "14.3.33" +.version: &version "14.3.34" name: teleport-cluster apiVersion: v2 diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml index 24ebc3c002392..0ef668eb2d7c2 100644 --- a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml +++ b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "14.3.33" +.version: &version "14.3.34" name: teleport-operator apiVersion: v2 diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap index 729891357908e..a406742a7ac46 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap @@ -8,8 +8,8 @@ adds operator permissions to ClusterRole: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster - app.kubernetes.io/version: 14.3.33 - helm.sh/chart: teleport-cluster-14.3.33 + app.kubernetes.io/version: 14.3.34 + helm.sh/chart: teleport-cluster-14.3.34 teleport.dev/majorVersion: "14" name: RELEASE-NAME rules: diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap index f78be8a2a897a..ab75ec04444f4 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap @@ -1797,8 +1797,8 @@ sets clusterDomain on Configmap: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster - app.kubernetes.io/version: 14.3.33 - helm.sh/chart: teleport-cluster-14.3.33 + app.kubernetes.io/version: 14.3.34 + helm.sh/chart: teleport-cluster-14.3.34 teleport.dev/majorVersion: "14" name: RELEASE-NAME-auth namespace: NAMESPACE diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap index 2a7b6e989e597..4de84b40be518 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap @@ -1,6 +1,6 @@ should add an operator side-car when operator is enabled: 1: | - image: public.ecr.aws/gravitational/teleport-operator:14.3.33 + image: public.ecr.aws/gravitational/teleport-operator:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -41,7 +41,7 @@ should add an operator side-car when operator is enabled: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -174,7 +174,7 @@ should set nodeSelector when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -271,7 +271,7 @@ should set resources when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -357,7 +357,7 @@ should set securityContext when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent lifecycle: preStop: diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap index 2ff5e7bbca6e0..dd61aed029ccb 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap @@ -567,8 +567,8 @@ sets clusterDomain on Configmap: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster - app.kubernetes.io/version: 14.3.33 - helm.sh/chart: teleport-cluster-14.3.33 + app.kubernetes.io/version: 14.3.34 + helm.sh/chart: teleport-cluster-14.3.34 teleport.dev/majorVersion: "14" name: RELEASE-NAME-proxy namespace: NAMESPACE diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap index 9afd89752a83d..5436a9f0c9d69 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap @@ -11,8 +11,8 @@ sets clusterDomain on Deployment Pods: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster - app.kubernetes.io/version: 14.3.33 - helm.sh/chart: teleport-cluster-14.3.33 + app.kubernetes.io/version: 14.3.34 + helm.sh/chart: teleport-cluster-14.3.34 teleport.dev/majorVersion: "14" name: RELEASE-NAME-proxy namespace: NAMESPACE @@ -26,7 +26,7 @@ sets clusterDomain on Deployment Pods: template: metadata: annotations: - checksum/config: f7106583f842c0c8420a999ea1f7f57be18184cb5688bb9c59d0cf769a824842 + checksum/config: 86bc053300d968e11b90f5fc900381e8309275c6976b95ee7e5463abd8750dcd kubernetes.io/pod: test-annotation kubernetes.io/pod-different: 4 labels: @@ -34,8 +34,8 @@ sets clusterDomain on Deployment Pods: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster - app.kubernetes.io/version: 14.3.33 - helm.sh/chart: teleport-cluster-14.3.33 + app.kubernetes.io/version: 14.3.34 + helm.sh/chart: teleport-cluster-14.3.34 teleport.dev/majorVersion: "14" spec: affinity: @@ -44,7 +44,7 @@ sets clusterDomain on Deployment Pods: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -105,7 +105,7 @@ sets clusterDomain on Deployment Pods: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.test.com - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 name: wait-auth-update serviceAccountName: RELEASE-NAME-proxy terminationGracePeriodSeconds: 60 @@ -137,7 +137,7 @@ should provision initContainer correctly when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 name: wait-auth-update - args: - echo test @@ -194,7 +194,7 @@ should set nodeSelector when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -255,7 +255,7 @@ should set nodeSelector when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 name: wait-auth-update nodeSelector: environment: security @@ -306,7 +306,7 @@ should set resources when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -374,7 +374,7 @@ should set resources when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 name: wait-auth-update serviceAccountName: RELEASE-NAME-proxy terminationGracePeriodSeconds: 60 @@ -407,7 +407,7 @@ should set securityContext for initContainers when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -475,7 +475,7 @@ should set securityContext for initContainers when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 name: wait-auth-update securityContext: allowPrivilegeEscalation: false @@ -515,7 +515,7 @@ should set securityContext when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -583,7 +583,7 @@ should set securityContext when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 name: wait-auth-update securityContext: allowPrivilegeEscalation: false diff --git a/examples/chart/teleport-kube-agent/Chart.yaml b/examples/chart/teleport-kube-agent/Chart.yaml index cfbc4678346ac..01e84306ee168 100644 --- a/examples/chart/teleport-kube-agent/Chart.yaml +++ b/examples/chart/teleport-kube-agent/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "14.3.33" +.version: &version "14.3.34" name: teleport-kube-agent apiVersion: v2 diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap index 5590660e7945c..d6ba8b314d321 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap @@ -32,7 +32,7 @@ sets Deployment annotations when specified if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -107,7 +107,7 @@ sets Deployment labels when specified if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -169,7 +169,7 @@ sets Pod annotations when specified if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -231,7 +231,7 @@ sets Pod labels when specified if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -310,7 +310,7 @@ should add emptyDir for data when existingDataVolume is not set if action is Upg value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -373,7 +373,7 @@ should add insecureSkipProxyTLSVerify to args when set in values if action is Up value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -435,7 +435,7 @@ should correctly configure existingDataVolume when set if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -495,7 +495,7 @@ should expose diag port if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -569,7 +569,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -643,7 +643,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -705,7 +705,7 @@ should have one replica when replicaCount is not set if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -767,7 +767,7 @@ should mount extraVolumes and extraVolumeMounts if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -836,7 +836,7 @@ should mount tls.existingCASecretName and set environment when set in values if value: cluster.local - name: SSL_CERT_FILE value: /etc/teleport-tls-ca/ca.pem - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -908,7 +908,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu value: http://username:password@my.proxy.host:3128 - name: SSL_CERT_FILE value: /etc/teleport-tls-ca/ca.pem - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -976,7 +976,7 @@ should provision initContainer correctly when set in values if action is Upgrade value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1074,7 +1074,7 @@ should set SecurityContext if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1156,7 +1156,7 @@ should set affinity when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1218,7 +1218,7 @@ should set default serviceAccountName when not set in values if action is Upgrad value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1293,7 +1293,7 @@ should set environment when extraEnv set in values if action is Upgrade: value: cluster.local - name: HTTPS_PROXY value: http://username:password@my.proxy.host:3128 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1417,7 +1417,7 @@ should set imagePullPolicy when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: Always livenessProbe: failureThreshold: 6 @@ -1479,7 +1479,7 @@ should set nodeSelector if set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1543,7 +1543,7 @@ should set not set priorityClassName when not set in values if action is Upgrade value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1617,7 +1617,7 @@ should set preferred affinity when more than one replica is used if action is Up value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1679,7 +1679,7 @@ should set priorityClassName when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1742,7 +1742,7 @@ should set probeTimeoutSeconds when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1814,7 +1814,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set if value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1876,7 +1876,7 @@ should set resources when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1945,7 +1945,7 @@ should set serviceAccountName when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2007,7 +2007,7 @@ should set tolerations when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap index 49448084b6b0f..d704dfd579932 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap @@ -25,7 +25,7 @@ should create ServiceAccount for post-delete hook by default: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: @@ -106,7 +106,7 @@ should not create ServiceAccount for post-delete hook if serviceAccount.create i fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: @@ -134,7 +134,7 @@ should not create ServiceAccount, Role or RoleBinding for post-delete hook if se fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: @@ -162,7 +162,7 @@ should set nodeSelector in post-delete hook: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: @@ -192,7 +192,7 @@ should set resources in the Job's pod spec if resources is set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent name: post-delete-job resources: @@ -227,7 +227,7 @@ should set securityContext in post-delete hook: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap index d4d2b8b85207f..f20857e2f6776 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap @@ -18,7 +18,7 @@ sets Pod annotations when specified: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -88,7 +88,7 @@ sets Pod labels when specified: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -182,7 +182,7 @@ sets StatefulSet labels when specified: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -280,7 +280,7 @@ should add insecureSkipProxyTLSVerify to args when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -350,7 +350,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and action value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -440,7 +440,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and is Fre value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -520,7 +520,7 @@ should add volumeMount for data volume when using StatefulSet: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -590,7 +590,7 @@ should expose diag port: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -660,7 +660,7 @@ should generate Statefulset when storage is disabled and mode is a Upgrade: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -744,7 +744,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -826,7 +826,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -896,7 +896,7 @@ should have one replica when replicaCount is not set: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -966,7 +966,7 @@ should install Statefulset when storage is disabled and mode is a Fresh Install: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1038,7 +1038,7 @@ should mount extraVolumes and extraVolumeMounts: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1115,7 +1115,7 @@ should mount tls.existingCASecretName and set environment when set in values: value: cluster.local - name: SSL_CERT_FILE value: /etc/teleport-tls-ca/ca.pem - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1197,7 +1197,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu value: /etc/teleport-tls-ca/ca.pem - name: HTTPS_PROXY value: http://username:password@my.proxy.host:3128 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1275,7 +1275,7 @@ should not add emptyDir for data when using StatefulSet: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1345,7 +1345,7 @@ should provision initContainer correctly when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1451,7 +1451,7 @@ should set SecurityContext: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1541,7 +1541,7 @@ should set affinity when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1611,7 +1611,7 @@ should set default serviceAccountName when not set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1694,7 +1694,7 @@ should set environment when extraEnv set in values: value: cluster.local - name: HTTPS_PROXY value: http://username:password@my.proxy.host:3128 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1834,7 +1834,7 @@ should set imagePullPolicy when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: Always livenessProbe: failureThreshold: 6 @@ -1904,7 +1904,7 @@ should set nodeSelector if set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1988,7 +1988,7 @@ should set preferred affinity when more than one replica is used: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2058,7 +2058,7 @@ should set probeTimeoutSeconds when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2138,7 +2138,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2208,7 +2208,7 @@ should set resources when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2285,7 +2285,7 @@ should set serviceAccountName when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2355,7 +2355,7 @@ should set storage.requests when set in values and action is an Upgrade: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2425,7 +2425,7 @@ should set storage.storageClassName when set in values and action is an Upgrade: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2495,7 +2495,7 @@ should set tolerations when set in values: value: RELEASE-NAME - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.33 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap index b78fdb8ecdec8..cd718f07d2bc1 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap @@ -27,7 +27,7 @@ sets the affinity: - --base-image=public.ecr.aws/gravitational/teleport-distroless - --version-server=https://my-custom-version-server/v1 - --version-channel=custom/preview - image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.33 + image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -71,7 +71,7 @@ sets the tolerations: - --base-image=public.ecr.aws/gravitational/teleport-distroless - --version-server=https://my-custom-version-server/v1 - --version-channel=custom/preview - image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.33 + image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.34 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6