Skip to content

[v13] Support proxy version server#36315

Merged
bernardjkim merged 4 commits intobranch/v13from
bernard/backport-auto-updates/v13
Jan 9, 2024
Merged

[v13] Support proxy version server#36315
bernardjkim merged 4 commits intobranch/v13from
bernard/backport-auto-updates/v13

Conversation

@bernardjkim
Copy link
Copy Markdown
Contributor

@bernardjkim bernardjkim commented Jan 5, 2024
edited by camscale
Loading

Backport #35150, #35342, #35996, #35998 to branch/v13

changelog: Support running a version server in the proxy for automatic agent upgrades.

@bernardjkim
Copy link
Copy Markdown
Contributor Author

bernardjkim commented Jan 5, 2024
edited
Loading

Testing

  • Verify default version server
curl https://bernard-dev.cloud.gravitational.io/webapi/automaticupgrades/channel/stable/cloud/version
v13.4.14%curl https://updates.releases.teleport.dev/v1/stable/cloud/version
v13.4.14
  • Verify forward_url and static_url
# teleport.yaml
proxy_service:                                                              
  enabled: yes                                                              
  automatic_upgrades_channels:                                              
    stable/cloud:                                                           
      forward_url: https://updates.releases.teleport.dev/v1/stable/cloud/v13
    stable/cloud/v13:                                                       
      forward_url: https://updates.releases.teleport.dev/v1/stable/cloud/v13
    stable/cloud/v14:                                                       
      forward_url: https://updates.releases.teleport.dev/v1/stable/cloud/v14
    static/cloud/v13:                                                       
      static_version: v13.4.14                                                
    static/cloud/v14:                                                       
      static_version: v14.3.0                                              
    static/cloud/v15:                                                       
      static_version: v15.0.0       
curl https://bernard-dev.cloud.gravitational.io/webapi/automaticupgrades/channel/stable/cloud/version
v13.4.14%curl https://bernard-dev.cloud.gravitational.io/webapi/automaticupgrades/channel/stable/cloud/v13/version
v13.4.14%curl https://bernard-dev.cloud.gravitational.io/webapi/automaticupgrades/channel/stable/cloud/v14/version
13.4.14%curl https://bernard-dev.cloud.gravitational.io/webapi/automaticupgrades/channel/static/cloud/v13/version
v13.4.14%curl https://bernard-dev.cloud.gravitational.io/webapi/automaticupgrades/channel/static/cloud/v14/version
13.4.14%curl https://bernard-dev.cloud.gravitational.io/webapi/automaticupgrades/channel/static/cloud/v15/version
13.4.14%
  • Verify install scripts
# kube agent install script
helm install teleport-agent teleport/teleport-kube-agent -f prod-cluster-values.yaml --version 13.4.14 --create-namespace --namespace teleport

# systemd agent install scriptcurl -fsSL https://bernard-dev.cloud.gravitational.io/scripts/.../install-node.sh | grep TELEPORT_VERSION -m 1
TELEPORT_VERSION='13.4.14'
  • Verify kube agent upgrade v13.4.14
# kubectl -n teleport logs teleport-agent-updater...
2024-01-05T02:06:17Z    INFO    starting the updater    {"version": "13.4.14", "url": "https://bernard-dev.cloud.gravitational.io/webapi/automaticupgrades/channel/stable/cloud"}
...
2024-01-05T01:39:27Z    DEBUG   New version candidate   {"controller": "statefulset", "controllerGroup": "apps", "controllerKind": "StatefulSet", "StatefulSet": {"name":"teleport-agent","namespace":"teleport"}, "namespace": "teleport", "name": "teleport-agent", "reconcileID": "20bc75f0-1d27-4aab-afef-a64e24f09cc7", "namespacedname": {"name":"teleport-agent","namespace":"teleport"}, "kind": "StatefulSet", "nextVersion": "v13.4.13"}
2024-01-05T01:39:27Z    DEBUG   Version change is valid, building img candidate {"controller": "statefulset", "controllerGroup": "apps", "controllerKind": "StatefulSet", "StatefulSet": {"name":"teleport-agent","namespace":"teleport"}, "namespace": "teleport", "name": "teleport-agent", "reconcileID": "20bc75f0-1d27-4aab-afef-a64e24f09cc7", "namespacedname": {"name":"teleport-agent","namespace":"teleport"}, "kind": "StatefulSet"}
2024-01-05T01:39:27Z    DEBUG   Verifying candidate img {"controller": "statefulset", "controllerGroup": "apps", "controllerKind": "StatefulSet", "StatefulSet": {"name":"teleport-agent","namespace":"teleport"}, "namespace": "teleport", "name": "teleport-agent", "reconcileID": "20bc75f0-1d27-4aab-afef-a64e24f09cc7", "namespacedname": {"name":"teleport-agent","namespace":"teleport"}, "kind": "StatefulSet", "img": "public.ecr.aws/gravitational/teleport-ent-distroless:13.4.13"}
2024-01-05T01:39:27Z    DEBUG   Image approved by the validator {"controller": "statefulset", "controllerGroup": "apps", "controllerKind": "StatefulSet", "StatefulSet": {"name":"teleport-agent","namespace":"teleport"}, "namespace": "teleport", "name": "teleport-agent", "reconcileID": "20bc75f0-1d27-4aab-afef-a64e24f09cc7", "namespacedname": {"name":"teleport-agent","namespace":"teleport"}, "kind": "StatefulSet", "image": "public.ecr.aws/gravitational/teleport-ent-distroless:13.4.13", "validator": "cosign signature validator-a55977c6d752759f68c4883ac10ad8a85f5cfd0f", "resolvedImages": "public.ecr.aws/gravitational/teleport-ent-distroless:13.4.13@sha256:349463559827f10262b8b4e9b61702336d4c5031bac4f929c3265633b9bdcc1d"}
2024-01-05T01:39:27Z    DEBUG   The following image was verified        {"controller": "statefulset", "controllerGroup": "apps", "controllerKind": "StatefulSet", "StatefulSet": {"name":"teleport-agent","namespace":"teleport"}, "namespace": "teleport", "name": "teleport-agent", "reconcileID": "20bc75f0-1d27-4aab-afef-a64e24f09cc7", "namespacedname": {"name":"teleport-agent","namespace":"teleport"}, "kind": "StatefulSet", "verifiedImage": "public.ecr.aws/gravitational/teleport-ent-distroless:13.4.13@sha256:349463559827f10262b8b4e9b61702336d4c5031bac4f929c3265633b9bdcc1d"}
2024-01-05T01:39:27Z    INFO    Updating podSpec with image     {"controller": "statefulset", "controllerGroup": "apps", "controllerKind": "StatefulSet", "StatefulSet": {"name":"teleport-agent","namespace":"teleport"}, "namespace": "teleport", "name": "teleport-agent", "reconcileID": "20bc75f0-1d27-4aab-afef-a64e24f09cc7", "namespacedname": {"name":"teleport-agent","namespace":"teleport"}, "kind": "StatefulSet", "image": "public.ecr.aws/gravitational/teleport-ent-distroless:13.4.13@sha256:349463559827f10262b8b4e9b61702336d4c5031bac4f929c3265633b9bdcc1d"}
2024-01-05T01:39:27Z    DEBUG   statefulset managed pods        {"controller": "statefulset", "controllerGroup": "apps", "controllerKind": "StatefulSet", "StatefulSet": {"name":"teleport-agent","namespace":"teleport"}, "namespace": "teleport", "name": "teleport-agent", "reconcileID": "20bc75f0-1d27-4aab-afef-a64e24f09cc7", "namespacedname": {"name":"teleport-agent","namespace":"teleport"}, "kind": "StatefulSet", "managedPodsList": ["teleport-agent-0", "teleport-agent-1"]}
2024-01-05T01:39:27Z    DEBUG    no statefulset unhealthy pods from old revisions       {"controller": "statefulset", "controllerGroup": "apps", "controllerKind": "StatefulSet", "StatefulSet": {"name":"teleport-agent","namespace":"teleport"}, "namespace": "teleport", "name": "teleport-agent", "reconcileID": "20bc75f0-1d27-4aab-afef-a64e24f09cc7", "namespacedname": {"name":"teleport-agent","namespace":"teleport"}, "kind": "StatefulSet"}

@bernardjkim bernardjkim force-pushed the bernard/backport-auto-updates/v13 branch from 29df978 to b6acdb5 Compare January 8, 2024 22:50
@bernardjkim bernardjkim marked this pull request as ready for review January 9, 2024 00:18
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Jan 9, 2024

@bernardjkim - this PR will require admin approval to merge due to its size. Consider breaking it up into a series smaller changes.

@bernardjkim
Copy link
Copy Markdown
Contributor Author

bernardjkim commented Jan 9, 2024

@hugoShaka I'm keeping integrations/kube-agent-updater as a separate module for this v13 backport. Merging into the teleport module results in a number of dependency conflicts that I'm having trouble resolving.

If it because an issue later, I'll take another look at removing the integrations/kube-agent-updater module.

@hugoShaka
Copy link
Copy Markdown
Contributor

hugoShaka commented Jan 9, 2024

I'm keeping integrations/kube-agent-updater as a separate module for this v13 backport. Merging into the teleport module results in a number of dependency conflicts that I'm having trouble resolving.

Thank you for the heads up 👍

I don't think some code duplication in v13 is a no-go, but we'll have to be very careful when backporting future updater changes to v13 as the built-in version server and the kube-agent-updater will use two different implementations.

@bernardjkim bernardjkim added this pull request to the merge queue Jan 9, 2024
Merged via the queue into branch/v13 with commit 74bc9d3 Jan 9, 2024
@bernardjkim bernardjkim deleted the bernard/backport-auto-updates/v13 branch January 9, 2024 17:27
@camscale camscale mentioned this pull request Jan 10, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@r0mant r0mant r0mant approved these changes

@marcoandredinis marcoandredinis marcoandredinis approved these changes

@tigrato tigrato tigrato approved these changes

Assignees

No one assigned

Labels

backport helm size/xl

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@bernardjkim @hugoShaka @r0mant @marcoandredinis @tigrato