diff --git a/CHANGELOG.md b/CHANGELOG.md
index 82f74855fc0a6..57c85cb09463d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,84 @@
# Changelog
+## 13.4.0 (09/20/23)
+
+### Security Fixes
+
+#### [Critical] Privilege escalation via host user creation
+
+When using automatic Linux user creation, an attacker could exploit a race
+condition in the user creation functionality to create arbitrary files on the
+system as root writable by the created user.
+
+This could allow the attacker to escalate their privileges to root.
+
+Users who aren't using automatic Linux host user creation aren’t affected by
+this vulnerability.
+
+[#32210](https://github.com/gravitational/teleport/pull/32210)
+
+#### [High] Insufficient auth token verification when signing self-hosted database certificates
+
+When signing self-hosted database certificates, Teleport did not sufficiently
+validate the authorization token type.
+
+This could allow an attacker to sign valid database access certificates using a
+guessed authorization token name.
+
+Users who aren’t using self-hosted database access aren’t affected by this
+vulnerability.
+
+[#32215](https://github.com/gravitational/teleport/pull/32215)
+
+#### [High] Privilege escalation via untrusted config file on Windows
+
+When loading the global tsh configuration file tsh.yaml on Windows, Teleport
+would look for the file in a potentially untrusted directory.
+
+This could allow a malicious user to create harmful command aliases for all tsh
+users on the system.
+
+Users who aren’t using tsh on Windows aren’t affected by this vulnerability.
+
+[#32223](https://github.com/gravitational/teleport/pull/32223)
+
+#### [High] XSS in SAML IdP
+
+When registering a service provider with SAML IdP, Teleport did not sufficiently
+validate the ACS endpoint.
+
+This could allow an attacker to execute arbitrary code at the client-side
+leading to privilege escalation.
+
+This issue only affects Teleport Enterprise Edition. Enterprise users who aren’t
+using Teleport SAML IdP functionality aren’t affected by this vulnerability.
+
+[#32220](https://github.com/gravitational/teleport/pull/32220)
+
+### Other fixes and improvements
+
+* Added `change_feed_conn_string` option to PostgreSQL backend. [#31938](https://github.com/gravitational/teleport/pull/31938)
+* Added single-command AWS OIDC integration. [#31790](https://github.com/gravitational/teleport/pull/31790)
+* Added `pprof` support to Kubernetes Operator to diagnose memory use. [#31707](https://github.com/gravitational/teleport/pull/31707)
+* Added support for bot and agent joining from external Kubernetes Clusters. [#31703](https://github.com/gravitational/teleport/pull/31703)
+* Extend EC2 joining to Discovery, MDM and Okta services. [#31894](https://github.com/gravitational/teleport/pull/31894)
+* Support discovery for new AWS region il-central-1. [#31830](https://github.com/gravitational/teleport/pull/31830) [#31840](https://github.com/gravitational/teleport/pull/31840)
+* Fails with an error if desktops are created with invalid names. [#31766](https://github.com/gravitational/teleport/pull/31766)
+* Fixed directory sharing in Desktop Access for non-ascii directory names. [#31924](https://github.com/gravitational/teleport/pull/31924)
+* Fixed a `MissingRegion` error that would sometimes occur when running the discovery bootstrap command [#31701](https://github.com/gravitational/teleport/pull/31701)
+* Fixed incorrect autofill in Safari. [#31611](https://github.com/gravitational/teleport/pull/31611)
+* Fixed terminal resizing bug in web terminal. [#31586](https://github.com/gravitational/teleport/pull/31586)
+* Fixed Session & Identity search bar. [#31581](https://github.com/gravitational/teleport/pull/31581)
+* Fixed desktop sessions' viewport size to the size of browser window at session start. [#31524](https://github.com/gravitational/teleport/pull/31524)
+* Fixed database and k8s cluster resource names to avoid name collisions. [#30456](https://github.com/gravitational/teleport/pull/30456)
+* `tctl sso configure github` now includes default GitHub endpoints [#31480](https://github.com/gravitational/teleport/pull/31480)
+* `tsh [proxy | db | kube]` subcommands now support `--query` and `--labels` optional arguments. [#32087](https://github.com/gravitational/teleport/pull/32087)
+* `tsh` and `tctl` can select an auto-discovered database or Kubernetes cluster by its original name instead of the more detailed name generated by the v14+ Teleport Discovery service. [#32087](https://github.com/gravitational/teleport/pull/32087)
+* `tsh` text-formatted output in non-verbose mode will display auto-discovered resources with original resource names instead of the more detailed names generated by the v14+ Teleport Discovery service. [#32084](https://github.com/gravitational/teleport/pull/32084) [#32083](https://github.com/gravitational/teleport/pull/32083)
+* Updated discovery installers to work with SUSE zypper package manager. [#31428](https://github.com/gravitational/teleport/pull/31428)
+* Updated Go to v1.20.8 [#31506](https://github.com/gravitational/teleport/pull/31506)
+* Updated OpenSSL to 3.0.11 [#32160](https://github.com/gravitational/teleport/pull/32160)
+
## 13.3.8 (09/05/23)
* Fix WebAuthn Windows registration breakage. [#31420](https://github.com/gravitational/teleport/pull/31420)
diff --git a/Makefile b/Makefile
index 4ed105f535cfe..c63faa367568a 100644
--- a/Makefile
+++ b/Makefile
@@ -11,7 +11,7 @@
# Stable releases: "1.0.0"
# Pre-releases: "1.0.0-alpha.1", "1.0.0-beta.2", "1.0.0-rc.3"
# Master/dev branch: "1.0.0-dev"
-VERSION=13.3.8
+VERSION=13.4.0
DOCKER_IMAGE ?= teleport
diff --git a/api/version.go b/api/version.go
index 0fe81309031cf..3a4672a382c89 100644
--- a/api/version.go
+++ b/api/version.go
@@ -1,7 +1,7 @@
// Code generated by "make version". DO NOT EDIT.
package api
-const Version = "13.3.8"
+const Version = "13.4.0"
// Gitref is set to the output of "git describe" during the build process.
var Gitref string
diff --git a/build.assets/macos/tsh/tsh.app/Contents/Info.plist b/build.assets/macos/tsh/tsh.app/Contents/Info.plist
index e9a011dbd384d..65712668ef538 100644
--- a/build.assets/macos/tsh/tsh.app/Contents/Info.plist
+++ b/build.assets/macos/tsh/tsh.app/Contents/Info.plist
@@ -19,13 +19,13 @@
CFBundlePackageType
APPL
CFBundleShortVersionString
- 13.3.8
+ 13.4.0
CFBundleSupportedPlatforms
MacOSX
CFBundleVersion
- 13.3.8
+ 13.4.0
DTCompiler
com.apple.compilers.llvm.clang.1_0
DTPlatformBuild
diff --git a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
index 395349a9db5c8..bbe6a4aa40361 100644
--- a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
+++ b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
@@ -17,13 +17,13 @@
CFBundlePackageType
APPL
CFBundleShortVersionString
- 13.3.8
+ 13.4.0
CFBundleSupportedPlatforms
MacOSX
CFBundleVersion
- 13.3.8
+ 13.4.0
DTCompiler
com.apple.compilers.llvm.clang.1_0
DTPlatformBuild
diff --git a/examples/chart/teleport-cluster/Chart.yaml b/examples/chart/teleport-cluster/Chart.yaml
index 96737f01e6819..023c9e753c378 100644
--- a/examples/chart/teleport-cluster/Chart.yaml
+++ b/examples/chart/teleport-cluster/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "13.3.8"
+.version: &version "13.4.0"
name: teleport-cluster
apiVersion: v2
diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
index d2c8c2236fcc3..56306102f2731 100644
--- a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
+++ b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "13.3.8"
+.version: &version "13.4.0"
name: teleport-operator
apiVersion: v2
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
index 89b01dd6fe187..1f64a84a2c0a3 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
@@ -1,6 +1,6 @@
should add an operator side-car when operator is enabled:
1: |
- image: public.ecr.aws/gravitational/teleport-operator:13.3.8
+ image: public.ecr.aws/gravitational/teleport-operator:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -41,7 +41,7 @@ should add an operator side-car when operator is enabled:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -174,7 +174,7 @@ should set nodeSelector when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -271,7 +271,7 @@ should set resources when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -357,7 +357,7 @@ should set securityContext when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
index f16b56eb9942e..74b3fb0f7b608 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
@@ -5,7 +5,7 @@ should provision initContainer correctly when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
name: wait-auth-update
- args:
- echo test
@@ -62,7 +62,7 @@ should set nodeSelector when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -123,7 +123,7 @@ should set nodeSelector when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
name: wait-auth-update
nodeSelector:
environment: security
@@ -174,7 +174,7 @@ should set resources when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -242,7 +242,7 @@ should set resources when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
name: wait-auth-update
serviceAccountName: RELEASE-NAME-proxy
terminationGracePeriodSeconds: 60
@@ -275,7 +275,7 @@ should set securityContext for initContainers when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -343,7 +343,7 @@ should set securityContext for initContainers when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
name: wait-auth-update
securityContext:
allowPrivilegeEscalation: false
@@ -383,7 +383,7 @@ should set securityContext when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -451,7 +451,7 @@ should set securityContext when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
name: wait-auth-update
securityContext:
allowPrivilegeEscalation: false
diff --git a/examples/chart/teleport-kube-agent/Chart.yaml b/examples/chart/teleport-kube-agent/Chart.yaml
index 3be4a053e282c..1dac74c161d07 100644
--- a/examples/chart/teleport-kube-agent/Chart.yaml
+++ b/examples/chart/teleport-kube-agent/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "13.3.8"
+.version: &version "13.4.0"
name: teleport-kube-agent
apiVersion: v2
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
index 1dd13beb97adc..a7f87cd871b34 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
@@ -30,7 +30,7 @@ sets Deployment annotations when specified if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -101,7 +101,7 @@ sets Deployment labels when specified if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -159,7 +159,7 @@ sets Pod annotations when specified if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -217,7 +217,7 @@ sets Pod labels when specified if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -292,7 +292,7 @@ should add emptyDir for data when existingDataVolume is not set if action is Upg
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -351,7 +351,7 @@ should add insecureSkipProxyTLSVerify to args when set in values if action is Up
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -409,7 +409,7 @@ should correctly configure existingDataVolume when set if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -465,7 +465,7 @@ should expose diag port if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -535,7 +535,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -605,7 +605,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -663,7 +663,7 @@ should have one replica when replicaCount is not set if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -721,7 +721,7 @@ should mount extraVolumes and extraVolumeMounts if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -786,7 +786,7 @@ should mount tls.existingCASecretName and set environment when set in values if
value: "true"
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -854,7 +854,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
value: http://username:password@my.proxy.host:3128
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -918,7 +918,7 @@ should provision initContainer correctly when set in values if action is Upgrade
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1012,7 +1012,7 @@ should set SecurityContext if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1090,7 +1090,7 @@ should set affinity when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1148,7 +1148,7 @@ should set default serviceAccountName when not set in values if action is Upgrad
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1219,7 +1219,7 @@ should set environment when extraEnv set in values if action is Upgrade:
value: "true"
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1335,7 +1335,7 @@ should set imagePullPolicy when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: Always
livenessProbe:
failureThreshold: 6
@@ -1393,7 +1393,7 @@ should set nodeSelector if set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1453,7 +1453,7 @@ should set not set priorityClassName when not set in values if action is Upgrade
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1523,7 +1523,7 @@ should set preferred affinity when more than one replica is used if action is Up
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1581,7 +1581,7 @@ should set priorityClassName when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1640,7 +1640,7 @@ should set probeTimeoutSeconds when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1708,7 +1708,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set if
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1766,7 +1766,7 @@ should set resources when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1831,7 +1831,7 @@ should set serviceAccountName when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1889,7 +1889,7 @@ should set tolerations when set in values if action is Upgrade:
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
index f1e487786d6d3..770b03a45de96 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
@@ -25,7 +25,7 @@ should create ServiceAccount for post-delete hook by default:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -104,7 +104,7 @@ should not create ServiceAccount for post-delete hook if serviceAccount.create i
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -132,7 +132,7 @@ should not create ServiceAccount, Role or RoleBinding for post-delete hook if se
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -160,7 +160,7 @@ should set nodeSelector in post-delete hook:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -190,7 +190,7 @@ should set securityContext in post-delete hook:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
index ba5becce95c9d..8f9cbdf8a9a81 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
@@ -16,7 +16,7 @@ sets Pod annotations when specified:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -84,7 +84,7 @@ sets Pod labels when specified:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -176,7 +176,7 @@ sets StatefulSet labels when specified:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -272,7 +272,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -340,7 +340,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and action
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -428,7 +428,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and is Fre
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -506,7 +506,7 @@ should add volumeMount for data volume when using StatefulSet:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -574,7 +574,7 @@ should expose diag port:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -642,7 +642,7 @@ should generate Statefulset when storage is disabled and mode is a Upgrade:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -724,7 +724,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -804,7 +804,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -872,7 +872,7 @@ should have one replica when replicaCount is not set:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -940,7 +940,7 @@ should install Statefulset when storage is disabled and mode is a Fresh Install:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1010,7 +1010,7 @@ should mount extraVolumes and extraVolumeMounts:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1085,7 +1085,7 @@ should mount tls.existingCASecretName and set environment when set in values:
value: RELEASE-NAME
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1165,7 +1165,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
value: /etc/teleport-tls-ca/ca.pem
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1241,7 +1241,7 @@ should not add emptyDir for data when using StatefulSet:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1309,7 +1309,7 @@ should provision initContainer correctly when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1413,7 +1413,7 @@ should set SecurityContext:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1501,7 +1501,7 @@ should set affinity when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1569,7 +1569,7 @@ should set default serviceAccountName when not set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1650,7 +1650,7 @@ should set environment when extraEnv set in values:
value: RELEASE-NAME
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1786,7 +1786,7 @@ should set imagePullPolicy when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: Always
livenessProbe:
failureThreshold: 6
@@ -1854,7 +1854,7 @@ should set nodeSelector if set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1936,7 +1936,7 @@ should set preferred affinity when more than one replica is used:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2004,7 +2004,7 @@ should set probeTimeoutSeconds when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2082,7 +2082,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2150,7 +2150,7 @@ should set resources when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2225,7 +2225,7 @@ should set serviceAccountName when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2293,7 +2293,7 @@ should set storage.requests when set in values and action is an Upgrade:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2361,7 +2361,7 @@ should set storage.storageClassName when set in values and action is an Upgrade:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2429,7 +2429,7 @@ should set tolerations when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
+ image: public.ecr.aws/gravitational/teleport-distroless:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
index 5b116c0700b3b..f2eca70941db9 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
@@ -27,7 +27,7 @@ sets the affinity:
- --base-image=public.ecr.aws/gravitational/teleport-distroless
- --version-server=https://my-custom-version-server/v1
- --version-channel=custom/preview
- image: public.ecr.aws/gravitational/teleport-kube-agent-updater:13.3.8
+ image: public.ecr.aws/gravitational/teleport-kube-agent-updater:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -71,7 +71,7 @@ sets the tolerations:
- --base-image=public.ecr.aws/gravitational/teleport-distroless
- --version-server=https://my-custom-version-server/v1
- --version-channel=custom/preview
- image: public.ecr.aws/gravitational/teleport-kube-agent-updater:13.3.8
+ image: public.ecr.aws/gravitational/teleport-kube-agent-updater:13.4.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
diff --git a/integrations/kube-agent-updater/version.go b/integrations/kube-agent-updater/version.go
index d46021e764d76..403213661af3c 100644
--- a/integrations/kube-agent-updater/version.go
+++ b/integrations/kube-agent-updater/version.go
@@ -1,7 +1,7 @@
// Code generated by "make version". DO NOT EDIT.
package kubeversionupdater
-const Version = "13.3.8"
+const Version = "13.4.0"
// Gitref is set to the output of "git describe" during the build process.
var Gitref string
diff --git a/version.go b/version.go
index 41788fdf3f165..48cde1f98c054 100644
--- a/version.go
+++ b/version.go
@@ -1,7 +1,7 @@
// Code generated by "make version". DO NOT EDIT.
package teleport
-const Version = "13.3.8"
+const Version = "13.4.0"
// Gitref is set to the output of "git describe" during the build process.
var Gitref string