From 69b37589bb4719162e6ba14abd6c2e7956b5cf58 Mon Sep 17 00:00:00 2001 From: Roman Tkachenko Date: Mon, 8 May 2023 11:49:49 -0700 Subject: [PATCH] Release 13.0.0 --- CHANGELOG.md | 138 ++++++++++++++++++ Makefile | 2 +- api/version.go | 2 +- e | 2 +- examples/chart/teleport-cluster/Chart.yaml | 2 +- .../charts/teleport-operator/Chart.yaml | 2 +- .../auth_deployment_test.yaml.snap | 10 +- .../proxy_deployment_test.yaml.snap | 18 +-- examples/chart/teleport-kube-agent/Chart.yaml | 2 +- .../__snapshot__/deployment_test.yaml.snap | 58 ++++---- .../tests/__snapshot__/job_test.yaml.snap | 4 +- .../__snapshot__/statefulset_test.yaml.snap | 64 ++++---- .../updater_deployment_test.yaml.snap | 4 +- integrations/kube-agent-updater/version.go | 2 +- version.go | 2 +- 15 files changed, 225 insertions(+), 87 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fe335aa6534f4..4252c9f7b47ae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,143 @@ # Changelog +## 13.0.0 (05/08/23) + +Teleport 13 brings the following marquee features and improvements: + +* (Preview) Automatic agent upgrades. +* (Preview) TLS routing through ALB for Server, Kubernetes and Application Access. +* (Preview, Enterprise-only) Ability to import applications and groups from Okta to Application Access. +* (Preview) AWS OpenSearch support for Database Access. +* (Preview) View and control access to OpenSSH nodes natively in Teleport. +* Cross-cluster search for Teleport Connect. +* Kubernetes Access performance improvements. +* Universal binaries (including Apple Silicon) for macOS. +* Simplified RDS onboarding flow in Access Management UI. +* Light theme for Web UI. + +### (Preview) Automatic agent upgrades + +In Teleport 13 users can configure their Teleport agents deployed via apt/yum +repositories or a Helm chart to be upgraded automatically. + +### (Preview) TLS routing through ALB for Server, Kubernetes and Application Access + +Teleport 13 adds single-port TLS routing mode support to Server, Kubernetes and +Application Access for clusters deployed behind application layer load balancers +such as AWS ALB. + +### (Preview, Enterprise-only) Ability to import applications and groups from Okta to Application Access + +In Teleport 13 users can import apps and groups from Okta and use Teleport +access requests for requesting short-term access to them. This feature is only +available in the Teleport Enterprise edition. + +### (Preview) AWS OpenSearch support for Database Access + +Database Access users can now connect to AWS OpenSearch databases. + +### (Preview) View and control access to OpenSSH nodes natively in Teleport + +In Teleport 13 users will be able register OpenSSH nodes as a resource with the +cluster. + +This will allow users to view the OpenSSH nodes in Web UI and using `tsh ls` +and use RBAC to control access to them. + +See updated OpenSSH integration guide: https://goteleport.com/docs/ver/13.x/server-access/guides/openssh/. + +### Cross-cluster search for Teleport Connect + +Teleport Connect now includes a new search experience, allowing you to search +for and connect to resources across all logged-in clusters. + +### Kubernetes Access performance improvements + +In Teleport 13 we improved the way Teleport Proxy handles Kubernetes Access +credentials. + +Users will experience better performance when interacting with Kubernetes +clusters using kubectl or via the API. + +### Universal binaries (including Apple Silicon) for macOS + +Teleport 13 binaries (including Teleport Connect) will have universal +architecture and run natively on both Intel and ARM macOS systems. + +### Simplified RDS onboarding flow in Access Management UI + +When connecting an RDS database using Teleport 13 Access Management UI, users +can connect their AWS account and select the RDS database to add instead of +entering details manually. + +To try out the new flow, add an RDS database using the Resource Management UI +in your cluster’s Web UI dashboard. + +### Light theme for Web UI + +Teleport's web UI includes an optional light theme. + +The light theme is enabled by default but can be changed back to the dark theme +via the top-right corner user settings menu. + +### Desktop Access recording export + +Session recordings for Windows desktop sessions can now be exported to video +format for offline playback with the new tsh recordings export command. + +### SFTP in Moderated Sessions + +Teleport 13 adds the ability to transfer files in Moderated Sessions. +This feature requires that both the session originator and the moderator +have joined the session via the web UI. + +### Breaking changes + +Please familiarize yourself with the following potentially disruptive changes +in Teleport 13 before upgrading. + +#### Default session join mode + +Teleport 13 defaults to observer (read-only) mode when joining SSH and Kubernetes +sessions. Prior versions of Teleport would default to peer mode for SSH sessions +and moderator mode for Kubernetes sessions. To override the default join mode, +specify the --mode flag with tsh join. + +#### CA rotation deprecation + +Teleport 13 removes support for rotating all certificate authorities with +`tctl auth rotate --type=all`. The `type` flag is now required, which ensures +that only one CA is rotated at a time, increasing cluster stability during +rotations. + +#### Join token API changes + +The default 30-minute expiry no longer applies to tokens created via YAML +resource files. If you want to enforce an expiration, ensure this is set in the +`metadata.expires` field. Tokens created using `tctl nodes add` and `tctl tokens add` +will continue to have a default 30m expiry applied. + +Additionally, users of Teleport’s API module will note that the `CreateToken` +and `UpsertToken` RPCs are now deprecated in favor of `CreateTokenV2` and +`UpsertTokenV2`. The new V2 variants no longer have a default expiry, so be sure +to set a TTL if you want your tokens to expire. + +The original RPCs are still supported in Teleport 13 and will be removed +completely for Teleport 14. + +#### Enhanced user validation + +Teleport 13 will refuse to create or update users that reference non-existent +roles. In some circumstances, older versions of Teleport would permit you to +create users and assign them invalid roles. In Teleport 13 this is a hard error. + +#### Quay.io registry + +Quay.io registry was deprecated in Teleport 11 and starting with Teleport 13, +Teleport container images are no longer being published to it. + +Users should use the public ECR registry: https://goteleport.com/docs/installation/#docker. + ## 12.3.0 (05/01/23) This release of Teleport contains multiple improvements and bug fixes. diff --git a/Makefile b/Makefile index 27e83c530800b..b8c28a147402d 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ # Stable releases: "1.0.0" # Pre-releases: "1.0.0-alpha.1", "1.0.0-beta.2", "1.0.0-rc.3" # Master/dev branch: "1.0.0-dev" -VERSION=13.0.0-rc.1 +VERSION=13.0.0 DOCKER_IMAGE ?= teleport diff --git a/api/version.go b/api/version.go index f64fcbae9304e..3e16083a9fa95 100644 --- a/api/version.go +++ b/api/version.go @@ -1,7 +1,7 @@ // Code generated by "make version". DO NOT EDIT. package api -const Version = "13.0.0-rc.1" +const Version = "13.0.0" // Gitref is set to the output of "git describe" during the build process. var Gitref string diff --git a/e b/e index f809f1ff24af4..68e617511d094 160000 --- a/e +++ b/e @@ -1 +1 @@ -Subproject commit f809f1ff24af47c31f045f96c34b28f3acfda090 +Subproject commit 68e617511d09480533df44caca7d92023750e141 diff --git a/examples/chart/teleport-cluster/Chart.yaml b/examples/chart/teleport-cluster/Chart.yaml index 6b95b85d59030..8c466ab28c2f1 100644 --- a/examples/chart/teleport-cluster/Chart.yaml +++ b/examples/chart/teleport-cluster/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "13.0.0-rc.1" +.version: &version "13.0.0" name: teleport-cluster apiVersion: v2 diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml index e4ef202815df4..ade17de4da0ff 100644 --- a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml +++ b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "13.0.0-rc.1" +.version: &version "13.0.0" name: teleport-operator apiVersion: v2 diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap index 92eef8481b5e6..860323c736997 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap @@ -1,6 +1,6 @@ should add an operator side-car when operator is enabled: 1: | - image: public.ecr.aws/gravitational/teleport-operator:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-operator:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -34,7 +34,7 @@ should add an operator side-car when operator is enabled: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -167,7 +167,7 @@ should set nodeSelector when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -264,7 +264,7 @@ should set resources when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -350,7 +350,7 @@ should set securityContext when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent lifecycle: preStop: diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap index 43e1a67c1124c..9d56faa962984 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap @@ -5,7 +5,7 @@ should provision initContainer correctly when set in values: - wait - no-resolve - RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 name: wait-auth-update - args: - echo test @@ -62,7 +62,7 @@ should set nodeSelector when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -123,7 +123,7 @@ should set nodeSelector when set in values: - wait - no-resolve - RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 name: wait-auth-update nodeSelector: environment: security @@ -174,7 +174,7 @@ should set resources when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -242,7 +242,7 @@ should set resources when set in values: - wait - no-resolve - RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 name: wait-auth-update serviceAccountName: RELEASE-NAME-proxy terminationGracePeriodSeconds: 60 @@ -275,7 +275,7 @@ should set securityContext for initContainers when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -343,7 +343,7 @@ should set securityContext for initContainers when set in values: - wait - no-resolve - RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 name: wait-auth-update securityContext: allowPrivilegeEscalation: false @@ -383,7 +383,7 @@ should set securityContext when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -451,7 +451,7 @@ should set securityContext when set in values: - wait - no-resolve - RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 name: wait-auth-update securityContext: allowPrivilegeEscalation: false diff --git a/examples/chart/teleport-kube-agent/Chart.yaml b/examples/chart/teleport-kube-agent/Chart.yaml index eb0154e328e32..c473638b4ca55 100644 --- a/examples/chart/teleport-kube-agent/Chart.yaml +++ b/examples/chart/teleport-kube-agent/Chart.yaml @@ -1,4 +1,4 @@ -.version: &version "13.0.0-rc.1" +.version: &version "13.0.0" name: teleport-kube-agent apiVersion: v2 diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap index 09358bd43cd08..ecce25b4e63e4 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap @@ -30,7 +30,7 @@ sets Deployment annotations when specified if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -101,7 +101,7 @@ sets Deployment labels when specified if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -159,7 +159,7 @@ sets Pod annotations when specified if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -217,7 +217,7 @@ sets Pod labels when specified if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -292,7 +292,7 @@ should add emptyDir for data when existingDataVolume is not set if action is Upg env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -351,7 +351,7 @@ should add insecureSkipProxyTLSVerify to args when set in values if action is Up env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -409,7 +409,7 @@ should correctly configure existingDataVolume when set if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -465,7 +465,7 @@ should expose diag port if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -535,7 +535,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -605,7 +605,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -663,7 +663,7 @@ should have one replica when replicaCount is not set if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -721,7 +721,7 @@ should mount extraVolumes and extraVolumeMounts if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -786,7 +786,7 @@ should mount tls.existingCASecretName and set environment when set in values if value: "true" - name: SSL_CERT_FILE value: /etc/teleport-tls-ca/ca.pem - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -854,7 +854,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu value: http://username:password@my.proxy.host:3128 - name: SSL_CERT_FILE value: /etc/teleport-tls-ca/ca.pem - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -918,7 +918,7 @@ should provision initContainer correctly when set in values if action is Upgrade env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1012,7 +1012,7 @@ should set SecurityContext if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1090,7 +1090,7 @@ should set affinity when set in values if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1148,7 +1148,7 @@ should set default serviceAccountName when not set in values if action is Upgrad env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1219,7 +1219,7 @@ should set environment when extraEnv set in values if action is Upgrade: value: "true" - name: HTTPS_PROXY value: http://username:password@my.proxy.host:3128 - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1335,7 +1335,7 @@ should set imagePullPolicy when set in values if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: Always livenessProbe: failureThreshold: 6 @@ -1393,7 +1393,7 @@ should set nodeSelector if set in values if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1453,7 +1453,7 @@ should set not set priorityClassName when not set in values if action is Upgrade env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1523,7 +1523,7 @@ should set preferred affinity when more than one replica is used if action is Up env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1581,7 +1581,7 @@ should set priorityClassName when set in values if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1640,7 +1640,7 @@ should set probeTimeoutSeconds when set in values if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1708,7 +1708,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set if env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1766,7 +1766,7 @@ should set resources when set in values if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1831,7 +1831,7 @@ should set serviceAccountName when set in values if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1889,7 +1889,7 @@ should set tolerations when set in values if action is Upgrade: env: - name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT value: "true" - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap index ec296226b9191..903ae3d088823 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap @@ -13,7 +13,7 @@ should set nodeSelector in post-delete hook: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: @@ -43,7 +43,7 @@ should set securityContext in post-delete hook: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent name: post-delete-job securityContext: diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap index 0c14c209c69f8..c1e3432927739 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap @@ -16,7 +16,7 @@ sets Pod annotations when specified: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -84,7 +84,7 @@ sets Pod labels when specified: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -176,7 +176,7 @@ sets StatefulSet labels when specified: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -272,7 +272,7 @@ should add insecureSkipProxyTLSVerify to args when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -340,7 +340,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and action fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -428,7 +428,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and is Fre fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -506,7 +506,7 @@ should add volumeMount for data volume when using StatefulSet: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -574,7 +574,7 @@ should expose diag port: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -642,7 +642,7 @@ should generate Statefulset when storage is disabled and mode is a Upgrade: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -724,7 +724,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -804,7 +804,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -872,7 +872,7 @@ should have one replica when replicaCount is not set: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -940,7 +940,7 @@ should install Statefulset when storage is disabled and mode is a Fresh Install: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1010,7 +1010,7 @@ should mount extraVolumes and extraVolumeMounts: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1085,7 +1085,7 @@ should mount tls.existingCASecretName and set environment when set in values: value: RELEASE-NAME - name: SSL_CERT_FILE value: /etc/teleport-tls-ca/ca.pem - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1165,7 +1165,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu value: /etc/teleport-tls-ca/ca.pem - name: HTTPS_PROXY value: http://username:password@my.proxy.host:3128 - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1241,7 +1241,7 @@ should not add emptyDir for data when using StatefulSet: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1309,7 +1309,7 @@ should provision initContainer correctly when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1413,7 +1413,7 @@ should set SecurityContext: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1501,7 +1501,7 @@ should set affinity when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1569,7 +1569,7 @@ should set default serviceAccountName when not set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1650,7 +1650,7 @@ should set environment when extraEnv set in values: value: RELEASE-NAME - name: HTTPS_PROXY value: http://username:password@my.proxy.host:3128 - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1786,7 +1786,7 @@ should set imagePullPolicy when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: Always livenessProbe: failureThreshold: 6 @@ -1854,7 +1854,7 @@ should set nodeSelector if set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -1936,7 +1936,7 @@ should set preferred affinity when more than one replica is used: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2004,7 +2004,7 @@ should set probeTimeoutSeconds when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2082,7 +2082,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2150,7 +2150,7 @@ should set resources when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2225,7 +2225,7 @@ should set serviceAccountName when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2293,7 +2293,7 @@ should set storage.requests when set in values and action is an Upgrade: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2361,7 +2361,7 @@ should set storage.storageClassName when set in values and action is an Upgrade: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -2429,7 +2429,7 @@ should set tolerations when set in values: fieldPath: metadata.namespace - name: RELEASE_NAME value: RELEASE-NAME - image: public.ecr.aws/gravitational/teleport-distroless:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-distroless:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap index a9dd89ab1d7c7..9b69e50e657e2 100644 --- a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap +++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap @@ -27,7 +27,7 @@ sets the affinity: - --base-image=public.ecr.aws/gravitational/teleport-distroless - --version-server=https://my-custom-version-server/v1 - --version-channel=custom/preview - image: public.ecr.aws/gravitational/teleport-kube-agent-updater:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-kube-agent-updater:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 @@ -71,7 +71,7 @@ sets the tolerations: - --base-image=public.ecr.aws/gravitational/teleport-distroless - --version-server=https://my-custom-version-server/v1 - --version-channel=custom/preview - image: public.ecr.aws/gravitational/teleport-kube-agent-updater:13.0.0-rc.1 + image: public.ecr.aws/gravitational/teleport-kube-agent-updater:13.0.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 diff --git a/integrations/kube-agent-updater/version.go b/integrations/kube-agent-updater/version.go index 15d6d5c4ff843..b131cb0c4cfab 100644 --- a/integrations/kube-agent-updater/version.go +++ b/integrations/kube-agent-updater/version.go @@ -1,7 +1,7 @@ // Code generated by "make version". DO NOT EDIT. package kubeversionupdater -const Version = "13.0.0-rc.1" +const Version = "13.0.0" // Gitref is set to the output of "git describe" during the build process. var Gitref string diff --git a/version.go b/version.go index b3a2eedb69f6b..2755bdd153f0f 100644 --- a/version.go +++ b/version.go @@ -1,7 +1,7 @@ // Code generated by "make version". DO NOT EDIT. package teleport -const Version = "13.0.0-rc.1" +const Version = "13.0.0" // Gitref is set to the output of "git describe" during the build process. var Gitref string