From 8347dfc204789bc452e3dde26134b42fc0b5e28b Mon Sep 17 00:00:00 2001 From: Cam Hutchison Date: Thu, 29 Aug 2024 09:28:46 +1000 Subject: [PATCH] Release 14.3.30 --- CHANGELOG.md | 5 +- Makefile | 2 +- api/version.go | 2 +- .../macos/tsh/tsh.app/Contents/Info.plist | 4 +- .../macos/tshdev/tsh.app/Contents/Info.plist | 4 +- examples/chart/teleport-cluster/Chart.yaml | 2 +- .../charts/teleport-operator/Chart.yaml | 2 +- .../auth_clusterrole_test.yaml.snap | 4 +- .../__snapshot__/auth_config_test.yaml.snap | 4 +- .../auth_deployment_test.yaml.snap | 10 +-- .../__snapshot__/proxy_config_test.yaml.snap | 4 +- .../proxy_deployment_test.yaml.snap | 32 +++++----- examples/chart/teleport-kube-agent/Chart.yaml | 2 +- .../__snapshot__/deployment_test.yaml.snap | 58 ++++++++--------- .../tests/__snapshot__/job_test.yaml.snap | 10 +-- .../__snapshot__/statefulset_test.yaml.snap | 64 +++++++++---------- .../updater_deployment_test.yaml.snap | 4 +- 17 files changed, 108 insertions(+), 105 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3fa21572292b4..d8f3719b9e3de 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog -## 14.3.29 (08/27/24) +## 14.3.30 (08/28/24) ### Security fix @@ -25,6 +25,9 @@ to be updated. ### Other fixes and improvements +* Fixed an issue where host_sudoers could be written to Teleport proxy server sudoer lists in Teleport v14 and v15. [#45960](https://github.com/gravitational/teleport/pull/45960) +* Prevent interactive sessions from hanging on exit. [#45954](https://github.com/gravitational/teleport/pull/45954) +* Fixed kernel version check of Enhanced Session Recording for distributives with backported BPF. [#45943](https://github.com/gravitational/teleport/pull/45943) * When a database is created manually (without auto-discovery) the teleport.dev/db-admin and teleport.dev/db-admin-default-database labels are no longer ignored and can be used to configure database auto-user provisioning. [#45893](https://github.com/gravitational/teleport/pull/45893) * Fixed an issue where Teleport could modify group assignments for users not managed by Teleport. This will require a migration of host users created with create_host_user_mode: keep in order to maintain Teleport management. More info can be found at [Migrating unmanaged users](./docs/pages/enroll-resources/server-access/guides/host-user-creation.mdx#migrating-unmanaged-users). [#45796](https://github.com/gravitational/teleport/pull/45796) * Fixed host user creation for tsh scp. [#45682](https://github.com/gravitational/teleport/pull/45682) diff --git a/Makefile b/Makefile index 08291ad16a821..49297184de22f 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ # Stable releases: "1.0.0" # Pre-releases: "1.0.0-alpha.1", "1.0.0-beta.2", "1.0.0-rc.3" # Master/dev branch: "1.0.0-dev" -VERSION=14.3.29 +VERSION=14.3.30 DOCKER_IMAGE ?= teleport diff --git a/api/version.go b/api/version.go index ad2f88defd0bb..cb1731035f7fb 100644 --- a/api/version.go +++ b/api/version.go @@ -3,6 +3,6 @@ package api import "github.com/coreos/go-semver/semver" -const Version = "14.3.29" +const Version = "14.3.30" var SemVersion = semver.New(Version) diff --git a/build.assets/macos/tsh/tsh.app/Contents/Info.plist b/build.assets/macos/tsh/tsh.app/Contents/Info.plist index 56a395ee2da6f..adab8f165826d 100644 --- a/build.assets/macos/tsh/tsh.app/Contents/Info.plist +++ b/build.assets/macos/tsh/tsh.app/Contents/Info.plist @@ -19,13 +19,13 @@ CFBundlePackageType APPL CFBundleShortVersionString - 14.3.29 + 14.3.30 CFBundleSupportedPlatforms MacOSX CFBundleVersion - 14.3.29 + 14.3.30 DTCompiler com.apple.compilers.llvm.clang.1_0 DTPlatformBuild diff --git a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist index e948585db700e..ef2b732a3180c 100644 --- a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist +++ b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist @@ -17,13 +17,13 @@ CFBundlePackageType APPL CFBundleShortVersionString - 14.3.29 + 14.3.30 CFBundleSupportedPlatforms MacOSX CFBundleVersion - 14.3.29 + 14.3.30 DTCompiler com.apple.compilers.llvm.clang.1_0 DTPlatformBuild diff --git a/examples/chart/teleport-cluster/Chart.yaml b/examples/chart/teleport-cluster/Chart.yaml index 0d1675d71a255..690465d3c164d 100644 --- a/examples/chart/teleport-cluster/Chart.yaml +++ b/examples/chart/teleport-cluster/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "14.3.29" +.version: &version "14.3.30" name: teleport-cluster apiVersion: v2 diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml index 2eb68fdea6469..acb377ec7771d 100644 --- a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml +++ b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "14.3.29" +.version: &version "14.3.30" name: teleport-operator apiVersion: v2 diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap index 6b53ef6970d1f..41d4669def3f5 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap @@ -8,8 +8,8 @@ adds operator permissions to ClusterRole: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster - app.kubernetes.io/version: 14.3.29 - helm.sh/chart: teleport-cluster-14.3.29 + app.kubernetes.io/version: 14.3.30 + helm.sh/chart: teleport-cluster-14.3.30 teleport.dev/majorVersion: "14" name: RELEASE-NAME rules: diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap index 6bf731ada6eb4..9a5c8b4324ace 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap @@ -1797,8 +1797,8 @@ sets clusterDomain on Configmap: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster - app.kubernetes.io/version: 14.3.29 - helm.sh/chart: teleport-cluster-14.3.29 + app.kubernetes.io/version: 14.3.30 + helm.sh/chart: teleport-cluster-14.3.30 teleport.dev/majorVersion: "14" name: RELEASE-NAME-auth namespace: NAMESPACE diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap index d1703045ac1bc..ab42e43d72d88 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap @@ -1,6 +1,6 @@ should add an operator side-car when operator is enabled: 1: | - image: public.ecr.aws/gravitational/teleport-operator:14.3.29 + image: public.ecr.aws/gravitational/teleport-operator:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -41,7 +41,7 @@ should add an operator side-car when operator is enabled: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -174,7 +174,7 @@ should set nodeSelector when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -271,7 +271,7 @@ should set resources when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -357,7 +357,7 @@ should set securityContext when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent lifecycle: preStop: diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap index dc7c2aa390128..e51e830d304bd 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap @@ -567,8 +567,8 @@ sets clusterDomain on Configmap: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster - app.kubernetes.io/version: 14.3.29 - helm.sh/chart: teleport-cluster-14.3.29 + app.kubernetes.io/version: 14.3.30 + helm.sh/chart: teleport-cluster-14.3.30 teleport.dev/majorVersion: "14" name: RELEASE-NAME-proxy namespace: NAMESPACE diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap index 4ec1009aa7c9c..5415e7e28e9a6 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap @@ -11,8 +11,8 @@ sets clusterDomain on Deployment Pods: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster - app.kubernetes.io/version: 14.3.29 - helm.sh/chart: teleport-cluster-14.3.29 + app.kubernetes.io/version: 14.3.30 + helm.sh/chart: teleport-cluster-14.3.30 teleport.dev/majorVersion: "14" name: RELEASE-NAME-proxy namespace: NAMESPACE @@ -26,7 +26,7 @@ sets clusterDomain on Deployment Pods: template: metadata: annotations: - checksum/config: 3937f5f8355bf9d764442eec2c19e13a562f9a8dbfb06f32f8468e9841513a4d + checksum/config: 7d09284af8f16fe9cb56fa362c802ed742b2cbee0099c86800545176dc7bf014 kubernetes.io/pod: test-annotation kubernetes.io/pod-different: 4 labels: @@ -34,8 +34,8 @@ sets clusterDomain on Deployment Pods: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster - app.kubernetes.io/version: 14.3.29 - helm.sh/chart: teleport-cluster-14.3.29 + app.kubernetes.io/version: 14.3.30 + helm.sh/chart: teleport-cluster-14.3.30 teleport.dev/majorVersion: "14" spec: affinity: @@ -44,7 +44,7 @@ sets clusterDomain on Deployment Pods: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -105,7 +105,7 @@ sets clusterDomain on Deployment Pods: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.test.com - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 name: wait-auth-update serviceAccountName: RELEASE-NAME-proxy terminationGracePeriodSeconds: 60 @@ -137,7 +137,7 @@ should provision initContainer correctly when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 name: wait-auth-update - args: - echo test @@ -194,7 +194,7 @@ should set nodeSelector when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -255,7 +255,7 @@ should set nodeSelector when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 name: wait-auth-update nodeSelector: environment: security @@ -306,7 +306,7 @@ should set resources when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -374,7 +374,7 @@ should set resources when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 name: wait-auth-update serviceAccountName: RELEASE-NAME-proxy terminationGracePeriodSeconds: 60 @@ -407,7 +407,7 @@ should set securityContext for initContainers when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -475,7 +475,7 @@ should set securityContext for initContainers when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 name: wait-auth-update securityContext: allowPrivilegeEscalation: false @@ -515,7 +515,7 @@ should set securityContext when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -583,7 +583,7 @@ should set securityContext when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 name: wait-auth-update securityContext: allowPrivilegeEscalation: false diff --git a/examples/chart/teleport-kube-agent/Chart.yaml b/examples/chart/teleport-kube-agent/Chart.yaml index 24e23c3c417c6..9053590f6f69d 100644 --- a/examples/chart/teleport-kube-agent/Chart.yaml +++ b/examples/chart/teleport-kube-agent/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "14.3.29" +.version: &version "14.3.30" name: teleport-kube-agent apiVersion: v2 diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap index 07e7a606c007a..4a99de2fa3963 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap @@ -32,7 +32,7 @@ sets Deployment annotations when specified if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -107,7 +107,7 @@ sets Deployment labels when specified if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -169,7 +169,7 @@ sets Pod annotations when specified if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -231,7 +231,7 @@ sets Pod labels when specified if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -310,7 +310,7 @@ should add emptyDir for data when existingDataVolume is not set if action is Upg value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -373,7 +373,7 @@ should add insecureSkipProxyTLSVerify to args when set in values if action is Up value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -435,7 +435,7 @@ should correctly configure existingDataVolume when set if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -495,7 +495,7 @@ should expose diag port if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -569,7 +569,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -643,7 +643,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -705,7 +705,7 @@ should have one replica when replicaCount is not set if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -767,7 +767,7 @@ should mount extraVolumes and extraVolumeMounts if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -836,7 +836,7 @@ should mount tls.existingCASecretName and set environment when set in values if value: cluster.local - name: SSL_CERT_FILE value: /etc/teleport-tls-ca/ca.pem - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -908,7 +908,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu value: http://username:password@my.proxy.host:3128 - name: SSL_CERT_FILE value: /etc/teleport-tls-ca/ca.pem - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -976,7 +976,7 @@ should provision initContainer correctly when set in values if action is Upgrade value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1074,7 +1074,7 @@ should set SecurityContext if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1156,7 +1156,7 @@ should set affinity when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1218,7 +1218,7 @@ should set default serviceAccountName when not set in values if action is Upgrad value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1293,7 +1293,7 @@ should set environment when extraEnv set in values if action is Upgrade: value: cluster.local - name: HTTPS_PROXY value: http://username:password@my.proxy.host:3128 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1417,7 +1417,7 @@ should set imagePullPolicy when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: Always livenessProbe: failureThreshold: 6 @@ -1479,7 +1479,7 @@ should set nodeSelector if set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1543,7 +1543,7 @@ should set not set priorityClassName when not set in values if action is Upgrade value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1617,7 +1617,7 @@ should set preferred affinity when more than one replica is used if action is Up value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1679,7 +1679,7 @@ should set priorityClassName when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1742,7 +1742,7 @@ should set probeTimeoutSeconds when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1814,7 +1814,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set if value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1876,7 +1876,7 @@ should set resources when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1945,7 +1945,7 @@ should set serviceAccountName when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2007,7 +2007,7 @@ should set tolerations when set in values if action is Upgrade: value: "true" - name: TELEPORT_KUBE_CLUSTER_DOMAIN value: cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap index c278379e2d0ee..762a93b19a32b 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap @@ -25,7 +25,7 @@ should create ServiceAccount for post-delete hook by default: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: @@ -104,7 +104,7 @@ should not create ServiceAccount for post-delete hook if serviceAccount.create i fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: @@ -132,7 +132,7 @@ should not create ServiceAccount, Role or RoleBinding for post-delete hook if se fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: @@ -160,7 +160,7 @@ should set nodeSelector in post-delete hook: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: @@ -190,7 +190,7 @@ should set securityContext in post-delete hook: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap index 73b15d5fc19ff..a2069dd325a3b 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap @@ -16,7 +16,7 @@ sets Pod annotations when specified: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -84,7 +84,7 @@ sets Pod labels when specified: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -176,7 +176,7 @@ sets StatefulSet labels when specified: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -272,7 +272,7 @@ should add insecureSkipProxyTLSVerify to args when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -340,7 +340,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and action fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -428,7 +428,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and is Fre fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -506,7 +506,7 @@ should add volumeMount for data volume when using StatefulSet: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -574,7 +574,7 @@ should expose diag port: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -642,7 +642,7 @@ should generate Statefulset when storage is disabled and mode is a Upgrade: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -724,7 +724,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -804,7 +804,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -872,7 +872,7 @@ should have one replica when replicaCount is not set: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -940,7 +940,7 @@ should install Statefulset when storage is disabled and mode is a Fresh Install: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1010,7 +1010,7 @@ should mount extraVolumes and extraVolumeMounts: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1085,7 +1085,7 @@ should mount tls.existingCASecretName and set environment when set in values: value: RELEASE-NAME - name: SSL_CERT_FILE value: /etc/teleport-tls-ca/ca.pem - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1165,7 +1165,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu value: /etc/teleport-tls-ca/ca.pem - name: HTTPS_PROXY value: http://username:password@my.proxy.host:3128 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1241,7 +1241,7 @@ should not add emptyDir for data when using StatefulSet: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1309,7 +1309,7 @@ should provision initContainer correctly when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1413,7 +1413,7 @@ should set SecurityContext: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1501,7 +1501,7 @@ should set affinity when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1569,7 +1569,7 @@ should set default serviceAccountName when not set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1650,7 +1650,7 @@ should set environment when extraEnv set in values: value: RELEASE-NAME - name: HTTPS_PROXY value: http://username:password@my.proxy.host:3128 - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1786,7 +1786,7 @@ should set imagePullPolicy when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: Always livenessProbe: failureThreshold: 6 @@ -1854,7 +1854,7 @@ should set nodeSelector if set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1936,7 +1936,7 @@ should set preferred affinity when more than one replica is used: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2004,7 +2004,7 @@ should set probeTimeoutSeconds when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2082,7 +2082,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2150,7 +2150,7 @@ should set resources when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2225,7 +2225,7 @@ should set serviceAccountName when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2293,7 +2293,7 @@ should set storage.requests when set in values and action is an Upgrade: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2361,7 +2361,7 @@ should set storage.storageClassName when set in values and action is an Upgrade: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2429,7 +2429,7 @@ should set tolerations when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:14.3.29 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap index 7d1ed09270c25..56b8ea3967044 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap @@ -27,7 +27,7 @@ sets the affinity: - --base-image=public.ecr.aws/gravitational/teleport-distroless - --version-server=https://my-custom-version-server/v1 - --version-channel=custom/preview - image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.29 + image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -71,7 +71,7 @@ sets the tolerations: - --base-image=public.ecr.aws/gravitational/teleport-distroless - --version-server=https://my-custom-version-server/v1 - --version-channel=custom/preview - image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.29 + image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.30 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6