diff --git a/teleport-cluster-13.3.8/templates/proxy/certificate.yaml b/teleport-cluster-13.3.8/templates/proxy/certificate.yaml deleted file mode 100644 index d1a98ee..0000000 --- a/teleport-cluster-13.3.8/templates/proxy/certificate.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- $proxy := mustMergeOverwrite (mustDeepCopy .Values) .Values.proxy -}} -{{- if $proxy.highAvailability.certManager.enabled }} - {{- $domain := (required "clusterName is required in chartValues when certManager is enabled" $proxy.clusterName) }} - {{- $domainWildcard := printf "*.%s" (required "clusterName is required in chartValues when certManager is enabled" $proxy.clusterName) }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Release.Name }} - namespace: {{ .Release.Namespace }} - labels: {{- include "teleport-cluster.proxy.labels" . | nindent 4 }} -spec: - secretName: teleport-tls - {{- if $proxy.highAvailability.certManager.addCommonName }} - commonName: {{ quote $domain }} - {{- end }} - dnsNames: - - {{ quote $domain }} - - {{ quote $domainWildcard }} - issuerRef: - name: {{ required "highAvailability.certManager.issuerName is required in chart values" $proxy.highAvailability.certManager.issuerName }} - kind: {{ required "highAvailability.certManager.issuerKind is required in chart values" $proxy.highAvailability.certManager.issuerKind }} - group: {{ required "highAvailability.certManager.issuerGroup is required in chart values" $proxy.highAvailability.certManager.issuerGroup }} - {{- with $proxy.annotations.certSecret }} - secretTemplate: - annotations: {{- toYaml . | nindent 6 }} - {{- end }} -{{- end }} diff --git a/teleport-cluster-13.3.8/tests/__snapshot__/proxy_certificate_test.yaml.snap b/teleport-cluster-13.3.8/tests/__snapshot__/proxy_certificate_test.yaml.snap deleted file mode 100644 index 319cbd8..0000000 --- a/teleport-cluster-13.3.8/tests/__snapshot__/proxy_certificate_test.yaml.snap +++ /dev/null @@ -1,16 +0,0 @@ -should request a certificate for cluster name when cert-manager is enabled (cert-manager.yaml): - 1: | - - test-cluster - - '*.test-cluster' - 2: | - group: custom.cert-manager.io - kind: CustomClusterIssuer - name: custom -should request a certificate for cluster name when cert-manager is enabled (cert-secret.yaml): - 1: | - - test-cluster - - '*.test-cluster' - 2: | - group: cert-manager.io - kind: Issuer - name: letsencrypt diff --git a/teleport-cluster-13.3.8/tests/proxy_certificate_test.yaml b/teleport-cluster-13.3.8/tests/proxy_certificate_test.yaml deleted file mode 100644 index d1d8f0c..0000000 --- a/teleport-cluster-13.3.8/tests/proxy_certificate_test.yaml +++ /dev/null @@ -1,29 +0,0 @@ -suite: Proxy Certificate -templates: - - proxy/certificate.yaml -tests: - - it: should request a certificate for cluster name when cert-manager is enabled (cert-manager.yaml) - values: - - ../.lint/cert-manager.yaml - asserts: - - hasDocuments: - count: 1 - - isKind: - of: Certificate - - matchSnapshot: - path: spec.dnsNames - - matchSnapshot: - path: spec.issuerRef - - - it: should request a certificate for cluster name when cert-manager is enabled (cert-secret.yaml) - values: - - ../.lint/cert-secret.yaml - asserts: - - hasDocuments: - count: 1 - - isKind: - of: Certificate - - matchSnapshot: - path: spec.dnsNames - - matchSnapshot: - path: spec.issuerRef diff --git a/teleport-cluster-13.3.8/.lint/acme-off.yaml b/teleport-cluster-14.0.1/.lint/acme-off.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/acme-off.yaml rename to teleport-cluster-14.0.1/.lint/acme-off.yaml diff --git a/teleport-cluster-13.3.8/.lint/acme-on.yaml b/teleport-cluster-14.0.1/.lint/acme-on.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/acme-on.yaml rename to teleport-cluster-14.0.1/.lint/acme-on.yaml diff --git a/teleport-cluster-13.3.8/.lint/acme-uri-staging.yaml b/teleport-cluster-14.0.1/.lint/acme-uri-staging.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/acme-uri-staging.yaml rename to teleport-cluster-14.0.1/.lint/acme-uri-staging.yaml diff --git a/teleport-cluster-13.3.8/.lint/affinity.yaml b/teleport-cluster-14.0.1/.lint/affinity.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/affinity.yaml rename to teleport-cluster-14.0.1/.lint/affinity.yaml diff --git a/teleport-cluster-13.3.8/.lint/annotations.yaml b/teleport-cluster-14.0.1/.lint/annotations.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/annotations.yaml rename to teleport-cluster-14.0.1/.lint/annotations.yaml diff --git a/teleport-cluster-13.3.8/.lint/auth-connector-name.yaml b/teleport-cluster-14.0.1/.lint/auth-connector-name.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/auth-connector-name.yaml rename to teleport-cluster-14.0.1/.lint/auth-connector-name.yaml diff --git a/teleport-cluster-13.3.8/.lint/auth-disable-local.yaml b/teleport-cluster-14.0.1/.lint/auth-disable-local.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/auth-disable-local.yaml rename to teleport-cluster-14.0.1/.lint/auth-disable-local.yaml diff --git a/teleport-cluster-13.3.8/.lint/auth-locking-mode.yaml b/teleport-cluster-14.0.1/.lint/auth-locking-mode.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/auth-locking-mode.yaml rename to teleport-cluster-14.0.1/.lint/auth-locking-mode.yaml diff --git a/teleport-cluster-13.3.8/.lint/auth-passwordless.yaml b/teleport-cluster-14.0.1/.lint/auth-passwordless.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/auth-passwordless.yaml rename to teleport-cluster-14.0.1/.lint/auth-passwordless.yaml diff --git a/teleport-cluster-13.3.8/.lint/auth-type-legacy.yaml b/teleport-cluster-14.0.1/.lint/auth-type-legacy.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/auth-type-legacy.yaml rename to teleport-cluster-14.0.1/.lint/auth-type-legacy.yaml diff --git a/teleport-cluster-13.3.8/.lint/auth-type.yaml b/teleport-cluster-14.0.1/.lint/auth-type.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/auth-type.yaml rename to teleport-cluster-14.0.1/.lint/auth-type.yaml diff --git a/teleport-cluster-13.3.8/.lint/auth-webauthn-legacy.yaml b/teleport-cluster-14.0.1/.lint/auth-webauthn-legacy.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/auth-webauthn-legacy.yaml rename to teleport-cluster-14.0.1/.lint/auth-webauthn-legacy.yaml diff --git a/teleport-cluster-13.3.8/.lint/auth-webauthn.yaml b/teleport-cluster-14.0.1/.lint/auth-webauthn.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/auth-webauthn.yaml rename to teleport-cluster-14.0.1/.lint/auth-webauthn.yaml diff --git a/teleport-cluster-13.3.8/.lint/aws-dynamodb-autoscaling.yaml b/teleport-cluster-14.0.1/.lint/aws-dynamodb-autoscaling.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/aws-dynamodb-autoscaling.yaml rename to teleport-cluster-14.0.1/.lint/aws-dynamodb-autoscaling.yaml diff --git a/teleport-cluster-13.3.8/.lint/aws-ha-acme.yaml b/teleport-cluster-14.0.1/.lint/aws-ha-acme.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/aws-ha-acme.yaml rename to teleport-cluster-14.0.1/.lint/aws-ha-acme.yaml diff --git a/teleport-cluster-13.3.8/.lint/aws-ha-antiaffinity.yaml b/teleport-cluster-14.0.1/.lint/aws-ha-antiaffinity.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/aws-ha-antiaffinity.yaml rename to teleport-cluster-14.0.1/.lint/aws-ha-antiaffinity.yaml diff --git a/teleport-cluster-13.3.8/.lint/aws-ha-log.yaml b/teleport-cluster-14.0.1/.lint/aws-ha-log.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/aws-ha-log.yaml rename to teleport-cluster-14.0.1/.lint/aws-ha-log.yaml diff --git a/teleport-cluster-13.3.8/.lint/aws-ha.yaml b/teleport-cluster-14.0.1/.lint/aws-ha.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/aws-ha.yaml rename to teleport-cluster-14.0.1/.lint/aws-ha.yaml diff --git a/teleport-cluster-13.3.8/.lint/aws.yaml b/teleport-cluster-14.0.1/.lint/aws.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/aws.yaml rename to teleport-cluster-14.0.1/.lint/aws.yaml diff --git a/teleport-cluster-13.3.8/.lint/azure.yaml b/teleport-cluster-14.0.1/.lint/azure.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/azure.yaml rename to teleport-cluster-14.0.1/.lint/azure.yaml diff --git a/teleport-cluster-13.3.8/.lint/cert-manager.yaml b/teleport-cluster-14.0.1/.lint/cert-manager.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/cert-manager.yaml rename to teleport-cluster-14.0.1/.lint/cert-manager.yaml diff --git a/teleport-cluster-13.3.8/.lint/cert-secret.yaml b/teleport-cluster-14.0.1/.lint/cert-secret.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/cert-secret.yaml rename to teleport-cluster-14.0.1/.lint/cert-secret.yaml diff --git a/teleport-cluster-13.3.8/.lint/example-minimal-standalone.yaml b/teleport-cluster-14.0.1/.lint/example-minimal-standalone.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/example-minimal-standalone.yaml rename to teleport-cluster-14.0.1/.lint/example-minimal-standalone.yaml diff --git a/teleport-cluster-13.3.8/.lint/existing-tls-secret-with-ca.yaml b/teleport-cluster-14.0.1/.lint/existing-tls-secret-with-ca.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/existing-tls-secret-with-ca.yaml rename to teleport-cluster-14.0.1/.lint/existing-tls-secret-with-ca.yaml diff --git a/teleport-cluster-13.3.8/.lint/existing-tls-secret.yaml b/teleport-cluster-14.0.1/.lint/existing-tls-secret.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/existing-tls-secret.yaml rename to teleport-cluster-14.0.1/.lint/existing-tls-secret.yaml diff --git a/teleport-cluster-13.3.8/.lint/extra-env.yaml b/teleport-cluster-14.0.1/.lint/extra-env.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/extra-env.yaml rename to teleport-cluster-14.0.1/.lint/extra-env.yaml diff --git a/teleport-cluster-13.3.8/.lint/gcp-ha-acme.yaml b/teleport-cluster-14.0.1/.lint/gcp-ha-acme.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/gcp-ha-acme.yaml rename to teleport-cluster-14.0.1/.lint/gcp-ha-acme.yaml diff --git a/teleport-cluster-13.3.8/.lint/gcp-ha-antiaffinity.yaml b/teleport-cluster-14.0.1/.lint/gcp-ha-antiaffinity.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/gcp-ha-antiaffinity.yaml rename to teleport-cluster-14.0.1/.lint/gcp-ha-antiaffinity.yaml diff --git a/teleport-cluster-13.3.8/.lint/gcp-ha-log.yaml b/teleport-cluster-14.0.1/.lint/gcp-ha-log.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/gcp-ha-log.yaml rename to teleport-cluster-14.0.1/.lint/gcp-ha-log.yaml diff --git a/teleport-cluster-13.3.8/.lint/gcp-ha-workload.yaml b/teleport-cluster-14.0.1/.lint/gcp-ha-workload.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/gcp-ha-workload.yaml rename to teleport-cluster-14.0.1/.lint/gcp-ha-workload.yaml diff --git a/teleport-cluster-13.3.8/.lint/gcp-ha.yaml b/teleport-cluster-14.0.1/.lint/gcp-ha.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/gcp-ha.yaml rename to teleport-cluster-14.0.1/.lint/gcp-ha.yaml diff --git a/teleport-cluster-13.3.8/.lint/gcp.yaml b/teleport-cluster-14.0.1/.lint/gcp.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/gcp.yaml rename to teleport-cluster-14.0.1/.lint/gcp.yaml diff --git a/teleport-cluster-13.3.8/.lint/imagepullsecrets.yaml b/teleport-cluster-14.0.1/.lint/imagepullsecrets.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/imagepullsecrets.yaml rename to teleport-cluster-14.0.1/.lint/imagepullsecrets.yaml diff --git a/teleport-cluster-13.3.8/.lint/ingress-publicaddr.yaml b/teleport-cluster-14.0.1/.lint/ingress-publicaddr.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/ingress-publicaddr.yaml rename to teleport-cluster-14.0.1/.lint/ingress-publicaddr.yaml diff --git a/teleport-cluster-13.3.8/.lint/ingress.yaml b/teleport-cluster-14.0.1/.lint/ingress.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/ingress.yaml rename to teleport-cluster-14.0.1/.lint/ingress.yaml diff --git a/teleport-cluster-13.3.8/.lint/initcontainers.yaml b/teleport-cluster-14.0.1/.lint/initcontainers.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/initcontainers.yaml rename to teleport-cluster-14.0.1/.lint/initcontainers.yaml diff --git a/teleport-cluster-13.3.8/.lint/kube-cluster-name.yaml b/teleport-cluster-14.0.1/.lint/kube-cluster-name.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/kube-cluster-name.yaml rename to teleport-cluster-14.0.1/.lint/kube-cluster-name.yaml diff --git a/teleport-cluster-13.3.8/.lint/log-basic.yaml b/teleport-cluster-14.0.1/.lint/log-basic.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/log-basic.yaml rename to teleport-cluster-14.0.1/.lint/log-basic.yaml diff --git a/teleport-cluster-13.3.8/.lint/log-extra.yaml b/teleport-cluster-14.0.1/.lint/log-extra.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/log-extra.yaml rename to teleport-cluster-14.0.1/.lint/log-extra.yaml diff --git a/teleport-cluster-13.3.8/.lint/log-legacy.yaml b/teleport-cluster-14.0.1/.lint/log-legacy.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/log-legacy.yaml rename to teleport-cluster-14.0.1/.lint/log-legacy.yaml diff --git a/teleport-cluster-13.3.8/.lint/node-selector.yaml b/teleport-cluster-14.0.1/.lint/node-selector.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/node-selector.yaml rename to teleport-cluster-14.0.1/.lint/node-selector.yaml diff --git a/teleport-cluster-13.3.8/.lint/operator.yaml b/teleport-cluster-14.0.1/.lint/operator.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/operator.yaml rename to teleport-cluster-14.0.1/.lint/operator.yaml diff --git a/teleport-cluster-13.3.8/.lint/pdb.yaml b/teleport-cluster-14.0.1/.lint/pdb.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/pdb.yaml rename to teleport-cluster-14.0.1/.lint/pdb.yaml diff --git a/teleport-cluster-13.3.8/.lint/persistence-legacy.yaml b/teleport-cluster-14.0.1/.lint/persistence-legacy.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/persistence-legacy.yaml rename to teleport-cluster-14.0.1/.lint/persistence-legacy.yaml diff --git a/teleport-cluster-13.3.8/.lint/podmonitor.yaml b/teleport-cluster-14.0.1/.lint/podmonitor.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/podmonitor.yaml rename to teleport-cluster-14.0.1/.lint/podmonitor.yaml diff --git a/teleport-cluster-13.3.8/.lint/priority-class-name.yaml b/teleport-cluster-14.0.1/.lint/priority-class-name.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/priority-class-name.yaml rename to teleport-cluster-14.0.1/.lint/priority-class-name.yaml diff --git a/teleport-cluster-13.3.8/.lint/probe-timeout-seconds.yaml b/teleport-cluster-14.0.1/.lint/probe-timeout-seconds.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/probe-timeout-seconds.yaml rename to teleport-cluster-14.0.1/.lint/probe-timeout-seconds.yaml diff --git a/teleport-cluster-13.3.8/.lint/proxy-listener-mode-multiplex.yaml b/teleport-cluster-14.0.1/.lint/proxy-listener-mode-multiplex.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/proxy-listener-mode-multiplex.yaml rename to teleport-cluster-14.0.1/.lint/proxy-listener-mode-multiplex.yaml diff --git a/teleport-cluster-13.3.8/.lint/proxy-listener-mode-separate.yaml b/teleport-cluster-14.0.1/.lint/proxy-listener-mode-separate.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/proxy-listener-mode-separate.yaml rename to teleport-cluster-14.0.1/.lint/proxy-listener-mode-separate.yaml diff --git a/teleport-cluster-13.3.8/.lint/public-addresses.yaml b/teleport-cluster-14.0.1/.lint/public-addresses.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/public-addresses.yaml rename to teleport-cluster-14.0.1/.lint/public-addresses.yaml diff --git a/teleport-cluster-13.3.8/.lint/resources.yaml b/teleport-cluster-14.0.1/.lint/resources.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/resources.yaml rename to teleport-cluster-14.0.1/.lint/resources.yaml diff --git a/teleport-cluster-13.3.8/.lint/security-context-empty.yaml b/teleport-cluster-14.0.1/.lint/security-context-empty.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/security-context-empty.yaml rename to teleport-cluster-14.0.1/.lint/security-context-empty.yaml diff --git a/teleport-cluster-13.3.8/.lint/security-context.yaml b/teleport-cluster-14.0.1/.lint/security-context.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/security-context.yaml rename to teleport-cluster-14.0.1/.lint/security-context.yaml diff --git a/teleport-cluster-13.3.8/.lint/separate-mongo-listener.yaml b/teleport-cluster-14.0.1/.lint/separate-mongo-listener.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/separate-mongo-listener.yaml rename to teleport-cluster-14.0.1/.lint/separate-mongo-listener.yaml diff --git a/teleport-cluster-13.3.8/.lint/separate-postgres-listener.yaml b/teleport-cluster-14.0.1/.lint/separate-postgres-listener.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/separate-postgres-listener.yaml rename to teleport-cluster-14.0.1/.lint/separate-postgres-listener.yaml diff --git a/teleport-cluster-13.3.8/.lint/service-account.yaml b/teleport-cluster-14.0.1/.lint/service-account.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/service-account.yaml rename to teleport-cluster-14.0.1/.lint/service-account.yaml diff --git a/teleport-cluster-13.3.8/.lint/service.yaml b/teleport-cluster-14.0.1/.lint/service.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/service.yaml rename to teleport-cluster-14.0.1/.lint/service.yaml diff --git a/teleport-cluster-13.3.8/.lint/session-recording.yaml b/teleport-cluster-14.0.1/.lint/session-recording.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/session-recording.yaml rename to teleport-cluster-14.0.1/.lint/session-recording.yaml diff --git a/teleport-cluster-13.3.8/.lint/standalone-custom-storage-class.yaml b/teleport-cluster-14.0.1/.lint/standalone-custom-storage-class.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/standalone-custom-storage-class.yaml rename to teleport-cluster-14.0.1/.lint/standalone-custom-storage-class.yaml diff --git a/teleport-cluster-13.3.8/.lint/standalone-customsize.yaml b/teleport-cluster-14.0.1/.lint/standalone-customsize.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/standalone-customsize.yaml rename to teleport-cluster-14.0.1/.lint/standalone-customsize.yaml diff --git a/teleport-cluster-13.3.8/.lint/standalone-existingpvc.yaml b/teleport-cluster-14.0.1/.lint/standalone-existingpvc.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/standalone-existingpvc.yaml rename to teleport-cluster-14.0.1/.lint/standalone-existingpvc.yaml diff --git a/teleport-cluster-13.3.8/.lint/tolerations.yaml b/teleport-cluster-14.0.1/.lint/tolerations.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/tolerations.yaml rename to teleport-cluster-14.0.1/.lint/tolerations.yaml diff --git a/teleport-cluster-13.3.8/.lint/version-override.yaml b/teleport-cluster-14.0.1/.lint/version-override.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/version-override.yaml rename to teleport-cluster-14.0.1/.lint/version-override.yaml diff --git a/teleport-cluster-13.3.8/.lint/volumes.yaml b/teleport-cluster-14.0.1/.lint/volumes.yaml similarity index 100% rename from teleport-cluster-13.3.8/.lint/volumes.yaml rename to teleport-cluster-14.0.1/.lint/volumes.yaml diff --git a/teleport-cluster-14.0.1/.values.home.yaml.swp b/teleport-cluster-14.0.1/.values.home.yaml.swp new file mode 100644 index 0000000..485f029 Binary files /dev/null and b/teleport-cluster-14.0.1/.values.home.yaml.swp differ diff --git a/teleport-cluster-13.3.8/Chart.yaml b/teleport-cluster-14.0.1/Chart.yaml similarity index 84% rename from teleport-cluster-13.3.8/Chart.yaml rename to teleport-cluster-14.0.1/Chart.yaml index 54e08fe..ae75a87 100644 --- a/teleport-cluster-13.3.8/Chart.yaml +++ b/teleport-cluster-14.0.1/Chart.yaml @@ -1,13 +1,13 @@ apiVersion: v2 -appVersion: 13.3.8 +appVersion: 14.0.1 dependencies: - condition: installCRDs,operator.enabled name: teleport-operator repository: "" - version: 13.3.8 + version: 14.0.1 description: Teleport is an access platform for your infrastructure icon: https://goteleport.com/images/logos/logo-teleport-square.svg keywords: - Teleport name: teleport-cluster -version: 13.3.8 +version: 14.0.1 diff --git a/teleport-cluster-13.3.8/README.md b/teleport-cluster-14.0.1/README.md similarity index 100% rename from teleport-cluster-13.3.8/README.md rename to teleport-cluster-14.0.1/README.md diff --git a/teleport-cluster-13.3.8/charts/teleport-operator/Chart.yaml b/teleport-cluster-14.0.1/charts/teleport-operator/Chart.yaml similarity index 85% rename from teleport-cluster-13.3.8/charts/teleport-operator/Chart.yaml rename to teleport-cluster-14.0.1/charts/teleport-operator/Chart.yaml index d450e67..9f8efe4 100644 --- a/teleport-cluster-13.3.8/charts/teleport-operator/Chart.yaml +++ b/teleport-cluster-14.0.1/charts/teleport-operator/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 13.3.8 +appVersion: 14.0.1 description: Teleport Operator provides management of select Teleport resources. icon: https://goteleport.com/images/logos/logo-teleport-square.svg keywords: - Teleport name: teleport-operator -version: 13.3.8 +version: 14.0.1 diff --git a/teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_githubconnectors.yaml b/teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_githubconnectors.yaml similarity index 100% rename from teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_githubconnectors.yaml rename to teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_githubconnectors.yaml diff --git a/teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_loginrules.yaml b/teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_loginrules.yaml similarity index 100% rename from teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_loginrules.yaml rename to teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_loginrules.yaml diff --git a/teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_oidcconnectors.yaml b/teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_oidcconnectors.yaml similarity index 100% rename from teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_oidcconnectors.yaml rename to teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_oidcconnectors.yaml diff --git a/teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_oktaimportrules.yaml b/teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_oktaimportrules.yaml similarity index 100% rename from teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_oktaimportrules.yaml rename to teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_oktaimportrules.yaml diff --git a/teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_provisiontokens.yaml b/teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_provisiontokens.yaml similarity index 96% rename from teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_provisiontokens.yaml rename to teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_provisiontokens.yaml index 81c7d92..9d4a18d 100644 --- a/teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_provisiontokens.yaml +++ b/teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_provisiontokens.yaml @@ -235,6 +235,19 @@ spec: type: object nullable: true type: array + static_jwks: + description: StaticJWKS is the configuration specific to the `static_jwks` + type. + nullable: true + properties: + jwks: + type: string + type: object + type: + description: 'Type controls which behavior should be used for + validating the Kubernetes Service Account token. Support values: + - `in_cluster` - `static_jwks` If unset, this defaults to `in_cluster`.' + type: string type: object roles: description: Roles is a list of roles associated with the token, that diff --git a/teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_roles.yaml b/teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_roles.yaml similarity index 98% rename from teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_roles.yaml rename to teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_roles.yaml index b305702..e41e29a 100644 --- a/teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_roles.yaml +++ b/teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_roles.yaml @@ -236,6 +236,13 @@ spec: description: Namespace is the resource namespace. It supports wildcards. type: string + verbs: + description: Verbs are the allowed Kubernetes verbs for + the following resource. + items: + type: string + nullable: true + type: array type: object type: array kubernetes_users: @@ -690,6 +697,13 @@ spec: description: Namespace is the resource namespace. It supports wildcards. type: string + verbs: + description: Verbs are the allowed Kubernetes verbs for + the following resource. + items: + type: string + nullable: true + type: array type: object type: array kubernetes_users: @@ -949,8 +963,7 @@ spec: mode: description: Mode is the type of extension to be used -- currently critical-option is not supported - format: int32 - type: integer + x-kubernetes-int-or-string: true name: description: Name specifies the key to be used in the cert extension. @@ -958,8 +971,7 @@ spec: type: description: Type represents the certificate type being extended, only ssh is supported at this time. - format: int32 - type: integer + x-kubernetes-int-or-string: true value: description: Value specifies the value to be used in the cert extension. @@ -992,8 +1004,7 @@ spec: create_host_user_mode: description: CreateHostUserMode allows users to be automatically created on a host when not set to off - format: int32 - type: integer + x-kubernetes-int-or-string: true desktop_clipboard: description: DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. @@ -1099,13 +1110,12 @@ spec: type: string request_prompt: description: RequestPrompt is an optional message which tells - users what they aught to + users what they aught to request. type: string require_session_mfa: description: RequireMFAType is the type of MFA requirement enforced for this user. - format: int32 - type: integer + x-kubernetes-int-or-string: true ssh_file_copy: description: SSHFileCopy indicates whether remote file operations via SCP or SFTP are allowed over an SSH session. It defaults @@ -1419,6 +1429,13 @@ spec: description: Namespace is the resource namespace. It supports wildcards. type: string + verbs: + description: Verbs are the allowed Kubernetes verbs for + the following resource. + items: + type: string + nullable: true + type: array type: object type: array kubernetes_users: @@ -1873,6 +1890,13 @@ spec: description: Namespace is the resource namespace. It supports wildcards. type: string + verbs: + description: Verbs are the allowed Kubernetes verbs for + the following resource. + items: + type: string + nullable: true + type: array type: object type: array kubernetes_users: @@ -2132,8 +2156,7 @@ spec: mode: description: Mode is the type of extension to be used -- currently critical-option is not supported - format: int32 - type: integer + x-kubernetes-int-or-string: true name: description: Name specifies the key to be used in the cert extension. @@ -2141,8 +2164,7 @@ spec: type: description: Type represents the certificate type being extended, only ssh is supported at this time. - format: int32 - type: integer + x-kubernetes-int-or-string: true value: description: Value specifies the value to be used in the cert extension. @@ -2175,8 +2197,7 @@ spec: create_host_user_mode: description: CreateHostUserMode allows users to be automatically created on a host when not set to off - format: int32 - type: integer + x-kubernetes-int-or-string: true desktop_clipboard: description: DesktopClipboard indicates whether clipboard sharing is allowed between the user's workstation and the remote desktop. @@ -2282,13 +2303,12 @@ spec: type: string request_prompt: description: RequestPrompt is an optional message which tells - users what they aught to + users what they aught to request. type: string require_session_mfa: description: RequireMFAType is the type of MFA requirement enforced for this user. - format: int32 - type: integer + x-kubernetes-int-or-string: true ssh_file_copy: description: SSHFileCopy indicates whether remote file operations via SCP or SFTP are allowed over an SSH session. It defaults diff --git a/teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_samlconnectors.yaml b/teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_samlconnectors.yaml similarity index 100% rename from teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_samlconnectors.yaml rename to teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_samlconnectors.yaml diff --git a/teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_users.yaml b/teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_users.yaml similarity index 100% rename from teleport-cluster-13.3.8/charts/teleport-operator/templates/resources.teleport.dev_users.yaml rename to teleport-cluster-14.0.1/charts/teleport-operator/templates/resources.teleport.dev_users.yaml diff --git a/teleport-cluster-13.3.8/templates/NOTES.txt b/teleport-cluster-14.0.1/templates/NOTES.txt similarity index 100% rename from teleport-cluster-13.3.8/templates/NOTES.txt rename to teleport-cluster-14.0.1/templates/NOTES.txt diff --git a/teleport-cluster-13.3.8/templates/_helpers.tpl b/teleport-cluster-14.0.1/templates/_helpers.tpl similarity index 100% rename from teleport-cluster-13.3.8/templates/_helpers.tpl rename to teleport-cluster-14.0.1/templates/_helpers.tpl diff --git a/teleport-cluster-13.3.8/templates/auth/_config.aws.tpl b/teleport-cluster-14.0.1/templates/auth/_config.aws.tpl similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/_config.aws.tpl rename to teleport-cluster-14.0.1/templates/auth/_config.aws.tpl diff --git a/teleport-cluster-13.3.8/templates/auth/_config.azure.tpl b/teleport-cluster-14.0.1/templates/auth/_config.azure.tpl similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/_config.azure.tpl rename to teleport-cluster-14.0.1/templates/auth/_config.azure.tpl diff --git a/teleport-cluster-13.3.8/templates/auth/_config.common.tpl b/teleport-cluster-14.0.1/templates/auth/_config.common.tpl similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/_config.common.tpl rename to teleport-cluster-14.0.1/templates/auth/_config.common.tpl diff --git a/teleport-cluster-13.3.8/templates/auth/_config.gcp.tpl b/teleport-cluster-14.0.1/templates/auth/_config.gcp.tpl similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/_config.gcp.tpl rename to teleport-cluster-14.0.1/templates/auth/_config.gcp.tpl diff --git a/teleport-cluster-13.3.8/templates/auth/_config.scratch.tpl b/teleport-cluster-14.0.1/templates/auth/_config.scratch.tpl similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/_config.scratch.tpl rename to teleport-cluster-14.0.1/templates/auth/_config.scratch.tpl diff --git a/teleport-cluster-13.3.8/templates/auth/_config.standalone.tpl b/teleport-cluster-14.0.1/templates/auth/_config.standalone.tpl similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/_config.standalone.tpl rename to teleport-cluster-14.0.1/templates/auth/_config.standalone.tpl diff --git a/teleport-cluster-13.3.8/templates/auth/clusterrole.yaml b/teleport-cluster-14.0.1/templates/auth/clusterrole.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/clusterrole.yaml rename to teleport-cluster-14.0.1/templates/auth/clusterrole.yaml diff --git a/teleport-cluster-13.3.8/templates/auth/clusterrolebinding.yaml b/teleport-cluster-14.0.1/templates/auth/clusterrolebinding.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/clusterrolebinding.yaml rename to teleport-cluster-14.0.1/templates/auth/clusterrolebinding.yaml diff --git a/teleport-cluster-13.3.8/templates/auth/config.yaml b/teleport-cluster-14.0.1/templates/auth/config.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/config.yaml rename to teleport-cluster-14.0.1/templates/auth/config.yaml diff --git a/teleport-cluster-13.3.8/templates/auth/deployment.yaml b/teleport-cluster-14.0.1/templates/auth/deployment.yaml similarity index 98% rename from teleport-cluster-13.3.8/templates/auth/deployment.yaml rename to teleport-cluster-14.0.1/templates/auth/deployment.yaml index 8c71803..8b86131 100644 --- a/teleport-cluster-13.3.8/templates/auth/deployment.yaml +++ b/teleport-cluster-14.0.1/templates/auth/deployment.yaml @@ -248,6 +248,13 @@ spec: port: 8081 initialDelaySeconds: 5 periodSeconds: 10 + ports: + - name: op-metrics + containerPort: 8080 + protocol: TCP + - name: op-health + containerPort: 8081 + protocol: TCP {{- if .Values.operator.resources }} resources: {{- toYaml .Values.operator.resources | nindent 10 }} {{- end }} diff --git a/teleport-cluster-13.3.8/templates/auth/pdb.yaml b/teleport-cluster-14.0.1/templates/auth/pdb.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/pdb.yaml rename to teleport-cluster-14.0.1/templates/auth/pdb.yaml diff --git a/teleport-cluster-13.3.8/templates/auth/predeploy_config.yaml b/teleport-cluster-14.0.1/templates/auth/predeploy_config.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/predeploy_config.yaml rename to teleport-cluster-14.0.1/templates/auth/predeploy_config.yaml diff --git a/teleport-cluster-13.3.8/templates/auth/predeploy_job.yaml b/teleport-cluster-14.0.1/templates/auth/predeploy_job.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/predeploy_job.yaml rename to teleport-cluster-14.0.1/templates/auth/predeploy_job.yaml diff --git a/teleport-cluster-13.3.8/templates/auth/pvc.yaml b/teleport-cluster-14.0.1/templates/auth/pvc.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/pvc.yaml rename to teleport-cluster-14.0.1/templates/auth/pvc.yaml diff --git a/teleport-cluster-13.3.8/templates/auth/service-previous-version.yaml b/teleport-cluster-14.0.1/templates/auth/service-previous-version.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/service-previous-version.yaml rename to teleport-cluster-14.0.1/templates/auth/service-previous-version.yaml diff --git a/teleport-cluster-13.3.8/templates/auth/service.yaml b/teleport-cluster-14.0.1/templates/auth/service.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/service.yaml rename to teleport-cluster-14.0.1/templates/auth/service.yaml diff --git a/teleport-cluster-13.3.8/templates/auth/serviceaccount.yaml b/teleport-cluster-14.0.1/templates/auth/serviceaccount.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/auth/serviceaccount.yaml rename to teleport-cluster-14.0.1/templates/auth/serviceaccount.yaml diff --git a/teleport-cluster-13.3.8/templates/podmonitor.yaml b/teleport-cluster-14.0.1/templates/podmonitor.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/podmonitor.yaml rename to teleport-cluster-14.0.1/templates/podmonitor.yaml diff --git a/teleport-cluster-13.3.8/templates/proxy/_config.aws.tpl b/teleport-cluster-14.0.1/templates/proxy/_config.aws.tpl similarity index 100% rename from teleport-cluster-13.3.8/templates/proxy/_config.aws.tpl rename to teleport-cluster-14.0.1/templates/proxy/_config.aws.tpl diff --git a/teleport-cluster-13.3.8/templates/proxy/_config.azure.tpl b/teleport-cluster-14.0.1/templates/proxy/_config.azure.tpl similarity index 100% rename from teleport-cluster-13.3.8/templates/proxy/_config.azure.tpl rename to teleport-cluster-14.0.1/templates/proxy/_config.azure.tpl diff --git a/teleport-cluster-13.3.8/templates/proxy/_config.common.tpl b/teleport-cluster-14.0.1/templates/proxy/_config.common.tpl similarity index 94% rename from teleport-cluster-13.3.8/templates/proxy/_config.common.tpl rename to teleport-cluster-14.0.1/templates/proxy/_config.common.tpl index b6c5e41..32dd85c 100644 --- a/teleport-cluster-13.3.8/templates/proxy/_config.common.tpl +++ b/teleport-cluster-14.0.1/templates/proxy/_config.common.tpl @@ -70,7 +70,10 @@ proxy_service: uri: {{ .Values.acmeURI }} {{- end }} {{- end }} -{{- if and .Values.ingress.enabled (semverCompare ">= 13.2.0-0" (include "teleport-cluster.version" .)) }} +{{- if .Values.proxyProtocol }} + proxy_protocol: {{ .Values.proxyProtocol | quote }} +{{- end }} +{{- if and .Values.ingress.enabled (semverCompare ">= 14.0.0-0" (include "teleport-cluster.version" .)) }} trust_x_forwarded_for: true {{- end }} {{- end -}} diff --git a/teleport-cluster-13.3.8/templates/proxy/_config.gcp.tpl b/teleport-cluster-14.0.1/templates/proxy/_config.gcp.tpl similarity index 100% rename from teleport-cluster-13.3.8/templates/proxy/_config.gcp.tpl rename to teleport-cluster-14.0.1/templates/proxy/_config.gcp.tpl diff --git a/teleport-cluster-13.3.8/templates/proxy/_config.scratch.tpl b/teleport-cluster-14.0.1/templates/proxy/_config.scratch.tpl similarity index 100% rename from teleport-cluster-13.3.8/templates/proxy/_config.scratch.tpl rename to teleport-cluster-14.0.1/templates/proxy/_config.scratch.tpl diff --git a/teleport-cluster-13.3.8/templates/proxy/_config.standalone.tpl b/teleport-cluster-14.0.1/templates/proxy/_config.standalone.tpl similarity index 100% rename from teleport-cluster-13.3.8/templates/proxy/_config.standalone.tpl rename to teleport-cluster-14.0.1/templates/proxy/_config.standalone.tpl diff --git a/teleport-cluster-14.0.1/templates/proxy/certificate.yaml b/teleport-cluster-14.0.1/templates/proxy/certificate.yaml new file mode 100644 index 0000000..d2a4dbd --- /dev/null +++ b/teleport-cluster-14.0.1/templates/proxy/certificate.yaml @@ -0,0 +1,43 @@ +{{- $proxy := mustMergeOverwrite (mustDeepCopy .Values) .Values.proxy -}} +{{- if $proxy.highAvailability.certManager.enabled -}} + {{- /* Append clusterName and wildcard version to list of dnsNames on certificate request (original functionality) */ -}} + {{- $domainList := list (required "clusterName is required in chartValues when certManager is enabled" $proxy.clusterName) -}} + {{- $domainList := append $domainList (printf "*.%s" (required "clusterName is required in chartValues when certManager is enabled" $proxy.clusterName)) -}} + {{- /* If the config option is enabled and at least one publicAddr is set, append all public addresses to the list of dnsNames */ -}} + {{- if and $proxy.highAvailability.certManager.addPublicAddrs (gt (len .Values.publicAddr) 0) -}} + {{- /* Trim ports from all public addresses if present */ -}} + {{- range .Values.publicAddr -}} + {{- $address := . -}} + {{- if (contains ":" $address) -}} + {{- $split := split ":" $address -}} + {{- $address = $split._0 -}} + {{- end -}} + {{- $domainList = append (mustWithout $domainList .) $address -}} + {{- end -}} + {{- end -}} + {{- /* Finally, remove any duplicate entries from the list of domains */ -}} + {{- $domainList := mustUniq $domainList -}} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: {{- include "teleport-cluster.proxy.labels" . | nindent 4 }} +spec: + secretName: teleport-tls + {{- if $proxy.highAvailability.certManager.addCommonName }} + commonName: {{ quote $proxy.clusterName }} + {{- end }} + dnsNames: + {{- range $domainList }} + - {{ quote . }} + {{- end }} + issuerRef: + name: {{ required "highAvailability.certManager.issuerName is required in chart values" $proxy.highAvailability.certManager.issuerName }} + kind: {{ required "highAvailability.certManager.issuerKind is required in chart values" $proxy.highAvailability.certManager.issuerKind }} + group: {{ required "highAvailability.certManager.issuerGroup is required in chart values" $proxy.highAvailability.certManager.issuerGroup }} + {{- with $proxy.annotations.certSecret }} + secretTemplate: + annotations: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/teleport-cluster-13.3.8/templates/proxy/config.yaml b/teleport-cluster-14.0.1/templates/proxy/config.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/proxy/config.yaml rename to teleport-cluster-14.0.1/templates/proxy/config.yaml diff --git a/teleport-cluster-13.3.8/templates/proxy/deployment.yaml b/teleport-cluster-14.0.1/templates/proxy/deployment.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/proxy/deployment.yaml rename to teleport-cluster-14.0.1/templates/proxy/deployment.yaml diff --git a/teleport-cluster-13.3.8/templates/proxy/ingress.yaml b/teleport-cluster-14.0.1/templates/proxy/ingress.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/proxy/ingress.yaml rename to teleport-cluster-14.0.1/templates/proxy/ingress.yaml diff --git a/teleport-cluster-13.3.8/templates/proxy/pdb.yaml b/teleport-cluster-14.0.1/templates/proxy/pdb.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/proxy/pdb.yaml rename to teleport-cluster-14.0.1/templates/proxy/pdb.yaml diff --git a/teleport-cluster-13.3.8/templates/proxy/predeploy_config.yaml b/teleport-cluster-14.0.1/templates/proxy/predeploy_config.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/proxy/predeploy_config.yaml rename to teleport-cluster-14.0.1/templates/proxy/predeploy_config.yaml diff --git a/teleport-cluster-13.3.8/templates/proxy/predeploy_job.yaml b/teleport-cluster-14.0.1/templates/proxy/predeploy_job.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/proxy/predeploy_job.yaml rename to teleport-cluster-14.0.1/templates/proxy/predeploy_job.yaml diff --git a/teleport-cluster-13.3.8/templates/proxy/service.yaml b/teleport-cluster-14.0.1/templates/proxy/service.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/proxy/service.yaml rename to teleport-cluster-14.0.1/templates/proxy/service.yaml diff --git a/teleport-cluster-13.3.8/templates/proxy/serviceaccount.yaml b/teleport-cluster-14.0.1/templates/proxy/serviceaccount.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/proxy/serviceaccount.yaml rename to teleport-cluster-14.0.1/templates/proxy/serviceaccount.yaml diff --git a/teleport-cluster-13.3.8/templates/psp.yaml b/teleport-cluster-14.0.1/templates/psp.yaml similarity index 100% rename from teleport-cluster-13.3.8/templates/psp.yaml rename to teleport-cluster-14.0.1/templates/psp.yaml diff --git a/teleport-cluster-13.3.8/tests/README.md b/teleport-cluster-14.0.1/tests/README.md similarity index 100% rename from teleport-cluster-13.3.8/tests/README.md rename to teleport-cluster-14.0.1/tests/README.md diff --git a/teleport-cluster-13.3.8/tests/__snapshot__/auth_clusterrole_test.yaml.snap b/teleport-cluster-14.0.1/tests/__snapshot__/auth_clusterrole_test.yaml.snap similarity index 100% rename from teleport-cluster-13.3.8/tests/__snapshot__/auth_clusterrole_test.yaml.snap rename to teleport-cluster-14.0.1/tests/__snapshot__/auth_clusterrole_test.yaml.snap diff --git a/teleport-cluster-13.3.8/tests/__snapshot__/auth_config_test.yaml.snap b/teleport-cluster-14.0.1/tests/__snapshot__/auth_config_test.yaml.snap similarity index 100% rename from teleport-cluster-13.3.8/tests/__snapshot__/auth_config_test.yaml.snap rename to teleport-cluster-14.0.1/tests/__snapshot__/auth_config_test.yaml.snap diff --git a/teleport-cluster-13.3.8/tests/__snapshot__/auth_deployment_test.yaml.snap b/teleport-cluster-14.0.1/tests/__snapshot__/auth_deployment_test.yaml.snap similarity index 96% rename from teleport-cluster-13.3.8/tests/__snapshot__/auth_deployment_test.yaml.snap rename to teleport-cluster-14.0.1/tests/__snapshot__/auth_deployment_test.yaml.snap index 204efdb..cfc3b88 100644 --- a/teleport-cluster-13.3.8/tests/__snapshot__/auth_deployment_test.yaml.snap +++ b/teleport-cluster-14.0.1/tests/__snapshot__/auth_deployment_test.yaml.snap @@ -1,6 +1,6 @@ should add an operator side-car when operator is enabled: 1: | - image: public.ecr.aws/gravitational/teleport-operator:13.3.8 + image: public.ecr.aws/gravitational/teleport-operator:14.0.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -9,6 +9,13 @@ should add an operator side-car when operator is enabled: initialDelaySeconds: 15 periodSeconds: 20 name: operator + ports: + - containerPort: 8080 + name: op-metrics + protocol: TCP + - containerPort: 8081 + name: op-health + protocol: TCP readinessProbe: httpGet: path: /readyz @@ -34,7 +41,7 @@ should add an operator side-car when operator is enabled: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:13.3.8 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -167,7 +174,7 @@ should set nodeSelector when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:13.3.8 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -264,7 +271,7 @@ should set resources when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:13.3.8 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -350,7 +357,7 @@ should set securityContext when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:13.3.8 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 imagePullPolicy: IfNotPresent lifecycle: preStop: diff --git a/teleport-cluster-13.3.8/tests/__snapshot__/ingress_test.yaml.snap b/teleport-cluster-14.0.1/tests/__snapshot__/ingress_test.yaml.snap similarity index 100% rename from teleport-cluster-13.3.8/tests/__snapshot__/ingress_test.yaml.snap rename to teleport-cluster-14.0.1/tests/__snapshot__/ingress_test.yaml.snap diff --git a/teleport-cluster-13.3.8/tests/__snapshot__/predeploy_test.yaml.snap b/teleport-cluster-14.0.1/tests/__snapshot__/predeploy_test.yaml.snap similarity index 100% rename from teleport-cluster-13.3.8/tests/__snapshot__/predeploy_test.yaml.snap rename to teleport-cluster-14.0.1/tests/__snapshot__/predeploy_test.yaml.snap diff --git a/teleport-cluster-14.0.1/tests/__snapshot__/proxy_certificate_test.yaml.snap b/teleport-cluster-14.0.1/tests/__snapshot__/proxy_certificate_test.yaml.snap new file mode 100644 index 0000000..ff19c7f --- /dev/null +++ b/teleport-cluster-14.0.1/tests/__snapshot__/proxy_certificate_test.yaml.snap @@ -0,0 +1,68 @@ +? should not request a certificate for cluster name and publicAddrs when cert-manager + is enabled and proxy.highAvailability.certManager.addPublicAddrs is not set (cert-manager.yaml) +: 1: | + - test-cluster + - '*.test-cluster' + 2: | + group: custom.cert-manager.io + kind: CustomClusterIssuer + name: custom +? should not request a certificate for cluster name and publicAddrs when cert-manager + is enabled and proxy.highAvailability.certManager.addPublicAddrs is not set (cert-secret.yaml) +: 1: | + - test-cluster + - '*.test-cluster' + 2: | + group: cert-manager.io + kind: Issuer + name: letsencrypt +? should request a certificate for cluster name and publicAddrs when cert-manager + is enabled and proxy.highAvailability.certManager.addPublicAddrs is set (cert-manager.yaml) +: 1: | + - test-cluster + - '*.test-cluster' + - teleport.test.com + - teleport.shared-services.old-domain.com + 2: | + group: custom.cert-manager.io + kind: CustomClusterIssuer + name: custom +? should request a certificate for cluster name and publicAddrs when cert-manager + is enabled and proxy.highAvailability.certManager.addPublicAddrs is set (cert-secret.yaml) +: 1: | + - test-cluster + - '*.test-cluster' + - teleport.test.com + - teleport.shared-services.old-domain.com + 2: | + group: cert-manager.io + kind: Issuer + name: letsencrypt +? should request a certificate for cluster name and publicAddrs when cert-manager + is enabled and proxy.highAvailability.certManager.addPublicAddrs is set, removing + duplicates +: 1: | + - test-cluster + - '*.test-cluster' + - teleport.test.com + - teleport.shared-services.old-domain.com + 2: | + group: custom.cert-manager.io + kind: CustomClusterIssuer + name: custom +should request a certificate for cluster name when cert-manager is enabled (cert-manager.yaml): + 1: | + - test-cluster + - '*.test-cluster' + 2: | + group: custom.cert-manager.io + kind: CustomClusterIssuer + name: custom +should request a certificate for cluster name when cert-manager is enabled (cert-secret.yaml): + 1: | + - test-cluster + - '*.test-cluster' + 2: | + group: cert-manager.io + kind: Issuer + name: letsencrypt diff --git a/teleport-cluster-13.3.8/tests/__snapshot__/proxy_config_test.yaml.snap b/teleport-cluster-14.0.1/tests/__snapshot__/proxy_config_test.yaml.snap similarity index 98% rename from teleport-cluster-13.3.8/tests/__snapshot__/proxy_config_test.yaml.snap rename to teleport-cluster-14.0.1/tests/__snapshot__/proxy_config_test.yaml.snap index d2858df..490e0bf 100644 --- a/teleport-cluster-13.3.8/tests/__snapshot__/proxy_config_test.yaml.snap +++ b/teleport-cluster-14.0.1/tests/__snapshot__/proxy_config_test.yaml.snap @@ -1,4 +1,4 @@ -generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version < 13.2.0 and ingress.enabled is not set: +generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version < 14.0.0 and ingress.enabled is not set: 1: | |- auth_service: @@ -28,7 +28,7 @@ generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version output: stderr severity: INFO version: v3 -generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version < 13.2.0 and ingress.enabled=true: +generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version < 14.0.0 and ingress.enabled=true: 1: | |- auth_service: @@ -54,7 +54,7 @@ generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version output: stderr severity: INFO version: v3 -generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version >=13.2.0 and ingress.enabled is not set: +generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version >=14.0.0 and ingress.enabled is not set: 1: | |- auth_service: @@ -141,7 +141,7 @@ generates a config with proxy_service.trust_x_forwarded_for=true when version = output: stderr severity: INFO version: v3 -generates a config with proxy_service.trust_x_forwarded_for=true when version >=13.2.0 and ingress.enabled=true: +generates a config with proxy_service.trust_x_forwarded_for=true when version >=14.0.0 and ingress.enabled=true: 1: | |- auth_service: diff --git a/teleport-cluster-13.3.8/tests/__snapshot__/proxy_deployment_test.yaml.snap b/teleport-cluster-14.0.1/tests/__snapshot__/proxy_deployment_test.yaml.snap similarity index 92% rename from teleport-cluster-13.3.8/tests/__snapshot__/proxy_deployment_test.yaml.snap rename to teleport-cluster-14.0.1/tests/__snapshot__/proxy_deployment_test.yaml.snap index f16b56e..3ecdcf1 100644 --- a/teleport-cluster-13.3.8/tests/__snapshot__/proxy_deployment_test.yaml.snap +++ b/teleport-cluster-14.0.1/tests/__snapshot__/proxy_deployment_test.yaml.snap @@ -4,8 +4,8 @@ should provision initContainer correctly when set in values: - teleport - wait - no-resolve - - RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:13.3.8 + - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local + image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 name: wait-auth-update - args: - echo test @@ -62,7 +62,7 @@ should set nodeSelector when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:13.3.8 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -122,8 +122,8 @@ should set nodeSelector when set in values: - teleport - wait - no-resolve - - RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:13.3.8 + - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local + image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 name: wait-auth-update nodeSelector: environment: security @@ -174,7 +174,7 @@ should set resources when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:13.3.8 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -241,8 +241,8 @@ should set resources when set in values: - teleport - wait - no-resolve - - RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:13.3.8 + - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local + image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 name: wait-auth-update serviceAccountName: RELEASE-NAME-proxy terminationGracePeriodSeconds: 60 @@ -275,7 +275,7 @@ should set securityContext for initContainers when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:13.3.8 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -342,8 +342,8 @@ should set securityContext for initContainers when set in values: - teleport - wait - no-resolve - - RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:13.3.8 + - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local + image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 name: wait-auth-update securityContext: allowPrivilegeEscalation: false @@ -383,7 +383,7 @@ should set securityContext when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:13.3.8 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -450,8 +450,8 @@ should set securityContext when set in values: - teleport - wait - no-resolve - - RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:13.3.8 + - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local + image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 name: wait-auth-update securityContext: allowPrivilegeEscalation: false diff --git a/teleport-cluster-13.3.8/tests/__snapshot__/proxy_service_test.yaml.snap b/teleport-cluster-14.0.1/tests/__snapshot__/proxy_service_test.yaml.snap similarity index 100% rename from teleport-cluster-13.3.8/tests/__snapshot__/proxy_service_test.yaml.snap rename to teleport-cluster-14.0.1/tests/__snapshot__/proxy_service_test.yaml.snap diff --git a/teleport-cluster-13.3.8/tests/__snapshot__/psp_test.yaml.snap b/teleport-cluster-14.0.1/tests/__snapshot__/psp_test.yaml.snap similarity index 100% rename from teleport-cluster-13.3.8/tests/__snapshot__/psp_test.yaml.snap rename to teleport-cluster-14.0.1/tests/__snapshot__/psp_test.yaml.snap diff --git a/teleport-cluster-13.3.8/tests/auth_clusterrole_test.yaml b/teleport-cluster-14.0.1/tests/auth_clusterrole_test.yaml similarity index 100% rename from teleport-cluster-13.3.8/tests/auth_clusterrole_test.yaml rename to teleport-cluster-14.0.1/tests/auth_clusterrole_test.yaml diff --git a/teleport-cluster-13.3.8/tests/auth_clusterrolebinding_test.yaml b/teleport-cluster-14.0.1/tests/auth_clusterrolebinding_test.yaml similarity index 100% rename from teleport-cluster-13.3.8/tests/auth_clusterrolebinding_test.yaml rename to teleport-cluster-14.0.1/tests/auth_clusterrolebinding_test.yaml diff --git a/teleport-cluster-13.3.8/tests/auth_config_test.yaml b/teleport-cluster-14.0.1/tests/auth_config_test.yaml similarity index 100% rename from teleport-cluster-13.3.8/tests/auth_config_test.yaml rename to teleport-cluster-14.0.1/tests/auth_config_test.yaml diff --git a/teleport-cluster-13.3.8/tests/auth_deployment_test.yaml b/teleport-cluster-14.0.1/tests/auth_deployment_test.yaml similarity index 100% rename from teleport-cluster-13.3.8/tests/auth_deployment_test.yaml rename to teleport-cluster-14.0.1/tests/auth_deployment_test.yaml diff --git a/teleport-cluster-13.3.8/tests/auth_pdb_test.yaml b/teleport-cluster-14.0.1/tests/auth_pdb_test.yaml similarity index 100% rename from teleport-cluster-13.3.8/tests/auth_pdb_test.yaml rename to teleport-cluster-14.0.1/tests/auth_pdb_test.yaml diff --git a/teleport-cluster-13.3.8/tests/auth_pvc_test.yaml b/teleport-cluster-14.0.1/tests/auth_pvc_test.yaml similarity index 100% rename from teleport-cluster-13.3.8/tests/auth_pvc_test.yaml rename to teleport-cluster-14.0.1/tests/auth_pvc_test.yaml diff --git a/teleport-cluster-13.3.8/tests/auth_serviceaccount_test.yaml b/teleport-cluster-14.0.1/tests/auth_serviceaccount_test.yaml similarity index 100% rename from teleport-cluster-13.3.8/tests/auth_serviceaccount_test.yaml rename to teleport-cluster-14.0.1/tests/auth_serviceaccount_test.yaml diff --git a/teleport-cluster-13.3.8/tests/ingress_test.yaml b/teleport-cluster-14.0.1/tests/ingress_test.yaml similarity index 100% rename from teleport-cluster-13.3.8/tests/ingress_test.yaml rename to teleport-cluster-14.0.1/tests/ingress_test.yaml diff --git a/teleport-cluster-13.3.8/tests/podmonitor_test.yaml b/teleport-cluster-14.0.1/tests/podmonitor_test.yaml similarity index 100% rename from teleport-cluster-13.3.8/tests/podmonitor_test.yaml rename to teleport-cluster-14.0.1/tests/podmonitor_test.yaml diff --git a/teleport-cluster-13.3.8/tests/predeploy_test.yaml b/teleport-cluster-14.0.1/tests/predeploy_test.yaml similarity index 100% rename from teleport-cluster-13.3.8/tests/predeploy_test.yaml rename to teleport-cluster-14.0.1/tests/predeploy_test.yaml diff --git a/teleport-cluster-14.0.1/tests/proxy_certificate_test.yaml b/teleport-cluster-14.0.1/tests/proxy_certificate_test.yaml new file mode 100644 index 0000000..3d50476 --- /dev/null +++ b/teleport-cluster-14.0.1/tests/proxy_certificate_test.yaml @@ -0,0 +1,194 @@ +suite: Proxy Certificate +templates: + - proxy/certificate.yaml +tests: + - it: should request a certificate for cluster name when cert-manager is enabled (cert-manager.yaml) + values: + - ../.lint/cert-manager.yaml + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Certificate + - matchSnapshot: + path: spec.dnsNames + - matchSnapshot: + path: spec.issuerRef + - equal: + path: spec.commonName + value: test-cluster + + - it: should request a certificate for cluster name when cert-manager is enabled (cert-secret.yaml) + values: + - ../.lint/cert-secret.yaml + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Certificate + - matchSnapshot: + path: spec.dnsNames + - matchSnapshot: + path: spec.issuerRef + + - it: should request a certificate for cluster name and publicAddrs when cert-manager is enabled and proxy.highAvailability.certManager.addPublicAddrs is set (cert-manager.yaml) + values: + - ../.lint/cert-manager.yaml + set: + publicAddr: ['teleport.test.com:443', 'teleport.shared-services.old-domain.com:443'] + highAvailability: + certManager: + addPublicAddrs: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Certificate + - matchSnapshot: + path: spec.dnsNames + - matchSnapshot: + path: spec.issuerRef + - equal: + path: spec.commonName + value: test-cluster + - equal: + path: spec.dnsNames[0] + value: "test-cluster" + - equal: + path: spec.dnsNames[1] + value: "*.test-cluster" + - equal: + path: spec.dnsNames[2] + value: "teleport.test.com" + - equal: + path: spec.dnsNames[3] + value: "teleport.shared-services.old-domain.com" + + - it: should not request a certificate for cluster name and publicAddrs when cert-manager is enabled and proxy.highAvailability.certManager.addPublicAddrs is not set (cert-manager.yaml) + values: + - ../.lint/cert-manager.yaml + set: + publicAddr: ['teleport.test.com:443', 'teleport.shared-services.old-domain.com:443'] + highAvailability: + certManager: + addPublicAddrs: false + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Certificate + - matchSnapshot: + path: spec.dnsNames + - matchSnapshot: + path: spec.issuerRef + - equal: + path: spec.commonName + value: test-cluster + - equal: + path: spec.dnsNames[0] + value: "test-cluster" + - equal: + path: spec.dnsNames[1] + value: "*.test-cluster" + - notEqual: + path: spec.dnsNames[2] + value: "teleport.test.com" + - notEqual: + path: spec.dnsNames[3] + value: "teleport.shared-services.old-domain.com" + + - it: should request a certificate for cluster name and publicAddrs when cert-manager is enabled and proxy.highAvailability.certManager.addPublicAddrs is set (cert-secret.yaml) + values: + - ../.lint/cert-secret.yaml + set: + publicAddr: ['teleport.test.com:443', 'teleport.shared-services.old-domain.com:443'] + highAvailability: + certManager: + addPublicAddrs: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Certificate + - matchSnapshot: + path: spec.dnsNames + - matchSnapshot: + path: spec.issuerRef + - equal: + path: spec.dnsNames[0] + value: "test-cluster" + - equal: + path: spec.dnsNames[1] + value: "*.test-cluster" + - equal: + path: spec.dnsNames[2] + value: "teleport.test.com" + - equal: + path: spec.dnsNames[3] + value: "teleport.shared-services.old-domain.com" + + - it: should not request a certificate for cluster name and publicAddrs when cert-manager is enabled and proxy.highAvailability.certManager.addPublicAddrs is not set (cert-secret.yaml) + values: + - ../.lint/cert-secret.yaml + set: + publicAddr: ['teleport.test.com:443', 'teleport.shared-services.old-domain.com:443'] + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Certificate + - matchSnapshot: + path: spec.dnsNames + - matchSnapshot: + path: spec.issuerRef + - notEqual: + path: spec.commonName + value: test-cluster + - equal: + path: spec.dnsNames[0] + value: "test-cluster" + - equal: + path: spec.dnsNames[1] + value: "*.test-cluster" + - notEqual: + path: spec.dnsNames[2] + value: "teleport.test.com" + - notEqual: + path: spec.dnsNames[3] + value: "teleport.shared-services.old-domain.com" + + - it: should request a certificate for cluster name and publicAddrs when cert-manager is enabled and proxy.highAvailability.certManager.addPublicAddrs is set, removing duplicates + values: + - ../.lint/cert-manager.yaml + set: + publicAddr: ['test-cluster:443', 'teleport.test.com:443', 'teleport.shared-services.old-domain.com:443', 'teleport.test.com:443'] + highAvailability: + certManager: + addPublicAddrs: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Certificate + - matchSnapshot: + path: spec.dnsNames + - matchSnapshot: + path: spec.issuerRef + - equal: + path: spec.dnsNames[0] + value: "test-cluster" + - equal: + path: spec.dnsNames[1] + value: "*.test-cluster" + - notEqual: + path: spec.dnsNames[2] + value: "test-cluster" + - equal: + path: spec.dnsNames[2] + value: "teleport.test.com" + - equal: + path: spec.dnsNames[3] + value: "teleport.shared-services.old-domain.com" + - notEqual: + path: spec.dnsNames[4] + value: "teleport.test.com" diff --git a/teleport-cluster-13.3.8/tests/proxy_config_test.yaml b/teleport-cluster-14.0.1/tests/proxy_config_test.yaml similarity index 85% rename from teleport-cluster-13.3.8/tests/proxy_config_test.yaml rename to teleport-cluster-14.0.1/tests/proxy_config_test.yaml index cbacce9..02bc186 100644 --- a/teleport-cluster-13.3.8/tests/proxy_config_test.yaml +++ b/teleport-cluster-14.0.1/tests/proxy_config_test.yaml @@ -163,9 +163,9 @@ tests: - failedTemplate: errorMessage: "clusterName must not contain a colon, you can override the cluster's public address with publicAddr" - - it: generates a config with proxy_service.trust_x_forwarded_for=true when version >=13.2.0 and ingress.enabled=true + - it: generates a config with proxy_service.trust_x_forwarded_for=true when version >=14.0.0 and ingress.enabled=true chart: - version: 13.2.0 + version: 14.0.0 values: - ../.lint/ingress.yaml set: @@ -193,9 +193,9 @@ tests: - matchSnapshot: path: data.teleport\.yaml - - it: generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version >=13.2.0 and ingress.enabled is not set + - it: generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version >=14.0.0 and ingress.enabled is not set chart: - version: 13.2.0 + version: 14.0.0 set: clusterName: "helm-test.example.com" asserts: @@ -206,7 +206,7 @@ tests: - matchSnapshot: path: data.teleport\.yaml - - it: generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version < 13.2.0 and ingress.enabled=true + - it: generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version < 14.0.0 and ingress.enabled=true chart: version: 13.1.5 values: @@ -221,9 +221,9 @@ tests: - matchSnapshot: path: data.teleport\.yaml - - it: generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version < 13.2.0 and ingress.enabled is not set + - it: generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version < 14.0.0 and ingress.enabled is not set chart: - version: 13.1.5 + version: 14.0.0 set: clusterName: "helm-test.example.com" asserts: @@ -233,3 +233,26 @@ tests: of: ConfigMap - matchSnapshot: path: data.teleport\.yaml + - it: sets "proxy_protocol" to "on" + set: + proxyProtocol: "on" + clusterName: teleport.example.com + asserts: + - matchRegex: + path: data.teleport\.yaml + pattern: 'proxy_protocol: "on"' + - it: sets "proxy_protocol" to "off" + set: + proxyProtocol: "off" + clusterName: teleport.example.com + asserts: + - matchRegex: + path: data.teleport\.yaml + pattern: 'proxy_protocol: "off"' + - it: does not set "proxy_protocol" + set: + clusterName: teleport.example.com + asserts: + - notMatchRegex: + path: data.teleport\.yaml + pattern: 'proxy_protocol:' diff --git a/teleport-cluster-13.3.8/tests/proxy_deployment_test.yaml b/teleport-cluster-14.0.1/tests/proxy_deployment_test.yaml similarity index 100% rename from teleport-cluster-13.3.8/tests/proxy_deployment_test.yaml rename to teleport-cluster-14.0.1/tests/proxy_deployment_test.yaml diff --git a/teleport-cluster-13.3.8/tests/proxy_pdb_test.yaml b/teleport-cluster-14.0.1/tests/proxy_pdb_test.yaml similarity index 100% rename from teleport-cluster-13.3.8/tests/proxy_pdb_test.yaml rename to teleport-cluster-14.0.1/tests/proxy_pdb_test.yaml diff --git a/teleport-cluster-13.3.8/tests/proxy_service_test.yaml b/teleport-cluster-14.0.1/tests/proxy_service_test.yaml similarity index 100% rename from teleport-cluster-13.3.8/tests/proxy_service_test.yaml rename to teleport-cluster-14.0.1/tests/proxy_service_test.yaml diff --git a/teleport-cluster-13.3.8/tests/proxy_serviceaccount_test.yaml b/teleport-cluster-14.0.1/tests/proxy_serviceaccount_test.yaml similarity index 100% rename from teleport-cluster-13.3.8/tests/proxy_serviceaccount_test.yaml rename to teleport-cluster-14.0.1/tests/proxy_serviceaccount_test.yaml diff --git a/teleport-cluster-13.3.8/tests/psp_test.yaml b/teleport-cluster-14.0.1/tests/psp_test.yaml similarity index 100% rename from teleport-cluster-13.3.8/tests/psp_test.yaml rename to teleport-cluster-14.0.1/tests/psp_test.yaml diff --git a/teleport-cluster-13.3.8/values-home.yaml b/teleport-cluster-14.0.1/values.home.yaml similarity index 94% rename from teleport-cluster-13.3.8/values-home.yaml rename to teleport-cluster-14.0.1/values.home.yaml index 2401780..3e005f3 100644 --- a/teleport-cluster-13.3.8/values-home.yaml +++ b/teleport-cluster-14.0.1/values.home.yaml @@ -16,7 +16,7 @@ clusterName: "teleport.ervine.cloud" # Name for this kubernetes cluster to be used by teleport users. -kubeClusterName: "" +kubeClusterName: "homeK8s" ################################################## # Values that you may need to change. @@ -30,6 +30,30 @@ kubeClusterName: "" # If you want to run Teleport version X, you should use `helm --version X` instead. teleportVersionOverride: "" +# The `proxyProtocol` value controls whether the Proxy pods will +# accept PROXY lines with the client's IP address when they are +# behind a L4 load balancer (e.g. AWS ELB, GCP L4 LB, etc) with PROXY protocol +# enabled. Since L4 LBs do not preserve the client's IP address, PROXY protocol is +# required to ensure that Teleport can properly audit the client's IP address. +# +# When Teleport pods are not behind a L4 LB with PROXY protocol enabled, this +# value should be set to "off" to prevent Teleport from accepting PROXY headers +# from untrusted sources. +# Possible values are "on" and "off". +# - "on" will enable the PROXY protocol for all connections and will require the +# L4 LB to send a PROXY header. +# - "off" will disable the PROXY protocol for all connections and denies all +# connections prefixed with a PROXY header. +# +# If proxyProtocol is unspecified, Teleport does not require PROXY header for the +# connection, but will accept it if present. This mode is considered insecure +# and should only be used for testing purposes. +# +# See https://goteleport.com/docs/ver/14.x/management/security/proxy-protocol/ +# for more information. +# +# proxyProtocol: on + # The `teleport-cluster` charts deploys two sets of pods: auth and proxy. # `auth` contains values specific for the auth pods. You can use it to # set specific values for auth pods, taking precedence over chart-scoped values. @@ -76,8 +100,8 @@ proxy: # https_keypairs: # - key_file: /my-custom-mount/key.pem # cert_file: /my-custom-mount/cert.pem - highAvailability: - replicaCount: 1 + teleportConfig: {} + authentication: # Default authentication type. Possible values are 'local' and 'github' for OSS, plus 'oidc' and 'saml' for Enterprise. type: local @@ -437,10 +461,13 @@ highAvailability: # Settings for cert-manager (can be used for provisioning TLS certs in HA mode) # These settings are mutually exclusive with the "tls" value below. certManager: - # If set to true, a common name matching the cluster name will be set in the certificate signing request. This is mandatory for some CAs. - addCommonName: true # If set to true, use cert-manager to get certificates for Teleport to use for TLS termination enabled: true + # If set to true, a common name matching the cluster name will be set in the certificate signing request. This is mandatory for some CAs. + addCommonName: false + # If set to true, any additional public addresses configured under the `publicAddr` chart value will be added to the certificate signing request. + # This setting is not enabled by default to preserve backward compatibility. + addPublicAddrs: false # Name of the Issuer/ClusterIssuer to use for certs # NOTE: You will always need to create this yourself when certManager.enabled is true. issuerName: "letsencrypt-prod" @@ -539,6 +566,10 @@ annotations: nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" + nginx.ingress.kubernetes.io/affinity: "cookie" + nginx.ingress.kubernetes.io/session-cookie-name: "http-cookie" + nginx.ingress.kubernetes.io/session-cookie-expires: "172800" + nginx.ingress.kubernetes.io/session-cookie-max-age: "172800" # Kubernetes service account to create/use. serviceAccount: @@ -601,7 +632,7 @@ extraVolumeMounts: [] # Allow the imagePullPolicy to be overridden imagePullPolicy: IfNotPresent - # A list of initContainers to run before each Teleport pod starts +# A list of initContainers to run before each Teleport pod starts # https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ initContainers: [] # - name: "teleport-init" diff --git a/teleport-cluster-13.3.8/values.schema.json b/teleport-cluster-14.0.1/values.schema.json similarity index 95% rename from teleport-cluster-13.3.8/values.schema.json rename to teleport-cluster-14.0.1/values.schema.json index 3169457..8317874 100644 --- a/teleport-cluster-13.3.8/values.schema.json +++ b/teleport-cluster-14.0.1/values.schema.json @@ -33,6 +33,15 @@ "type": "string", "default": "" }, + "proxyProtocol": { + "$id": "#/properties/proxyProtocol", + "type": "string", + "default": "", + "enum": [ + "off", + "on" + ] + }, "auth": { "$id": "#/properties/auth", "type": "object" @@ -49,7 +58,9 @@ "podMonitor": { "$id": "#/properties/podMonitor", "type": "object", - "required": ["enabled"], + "required": [ + "enabled" + ], "properties": { "enabled": { "$id": "#/properties/podMonitor/enabled", @@ -59,8 +70,12 @@ "additionalLabels": { "$id": "#/properties/podMonitor/additionalLabels", "type": "object", - "default": {"prometheus": "default"}, - "additionalProperties": {"type": "string"} + "default": { + "prometheus": "default" + }, + "additionalProperties": { + "type": "string" + } }, "interval": { "$id": "#/properties/podMonitor/interval", @@ -72,7 +87,10 @@ "authentication": { "$id": "#/properties/authentication", "type": "object", - "required": ["type", "localAuth"], + "required": [ + "type", + "localAuth" + ], "properties": { "type": { "$id": "#/properties/authentication/properties/type", @@ -97,7 +115,13 @@ "secondFactor": { "$id": "#/properties/authentication/properties/secondFactor", "type": "string", - "enum": ["off", "on", "otp", "optional", "webauthn"], + "enum": [ + "off", + "on", + "otp", + "optional", + "webauthn" + ], "default": "otp" }, "webauthn": { @@ -131,7 +155,13 @@ "secondFactor": { "$id": "#/properties/authenticationSecondFactor/properties/secondFactor", "type": "string", - "enum": ["off", "on", "otp", "optional", "webauthn"], + "enum": [ + "off", + "on", + "otp", + "optional", + "webauthn" + ], "default": "otp" }, "webauthn": { @@ -261,7 +291,9 @@ "operator": { "$id": "#/properties/operator", "type": "object", - "required": ["enabled"], + "required": [ + "enabled" + ], "properties": { "enabled": { "$id": "#/properties/operator/properties/enabled", @@ -587,6 +619,11 @@ "type": "boolean", "default": "false" }, + "addPublicAddrs": { + "$id": "#/properties/highAvailability/properties/certManager/properties/addPublicAddrs", + "type": "boolean", + "default": "false" + }, "enabled": { "$id": "#/properties/highAvailability/properties/certManager/properties/enabled", "type": "boolean", @@ -695,7 +732,13 @@ "level": { "$id": "#/properties/log/properties/level", "type": "string", - "enum": ["DEBUG", "INFO", "WARN", "WARNING", "ERROR"], + "enum": [ + "DEBUG", + "INFO", + "WARN", + "WARNING", + "ERROR" + ], "default": "INFO" }, "deployment": { diff --git a/teleport-cluster-13.3.8/values.yaml b/teleport-cluster-14.0.1/values.yaml similarity index 95% rename from teleport-cluster-13.3.8/values.yaml rename to teleport-cluster-14.0.1/values.yaml index 54283ec..d524306 100644 --- a/teleport-cluster-13.3.8/values.yaml +++ b/teleport-cluster-14.0.1/values.yaml @@ -30,6 +30,30 @@ kubeClusterName: "" # If you want to run Teleport version X, you should use `helm --version X` instead. teleportVersionOverride: "" +# The `proxyProtocol` value controls whether the Proxy pods will +# accept PROXY lines with the client's IP address when they are +# behind a L4 load balancer (e.g. AWS ELB, GCP L4 LB, etc) with PROXY protocol +# enabled. Since L4 LBs do not preserve the client's IP address, PROXY protocol is +# required to ensure that Teleport can properly audit the client's IP address. +# +# When Teleport pods are not behind a L4 LB with PROXY protocol enabled, this +# value should be set to "off" to prevent Teleport from accepting PROXY headers +# from untrusted sources. +# Possible values are "on" and "off". +# - "on" will enable the PROXY protocol for all connections and will require the +# L4 LB to send a PROXY header. +# - "off" will disable the PROXY protocol for all connections and denies all +# connections prefixed with a PROXY header. +# +# If proxyProtocol is unspecified, Teleport does not require PROXY header for the +# connection, but will accept it if present. This mode is considered insecure +# and should only be used for testing purposes. +# +# See https://goteleport.com/docs/ver/14.x/management/security/proxy-protocol/ +# for more information. +# +# proxyProtocol: on + # The `teleport-cluster` charts deploys two sets of pods: auth and proxy. # `auth` contains values specific for the auth pods. You can use it to # set specific values for auth pods, taking precedence over chart-scoped values. @@ -437,10 +461,13 @@ highAvailability: # Settings for cert-manager (can be used for provisioning TLS certs in HA mode) # These settings are mutually exclusive with the "tls" value below. certManager: - # If set to true, a common name matching the cluster name will be set in the certificate signing request. This is mandatory for some CAs. - addCommonName: false # If set to true, use cert-manager to get certificates for Teleport to use for TLS termination enabled: false + # If set to true, a common name matching the cluster name will be set in the certificate signing request. This is mandatory for some CAs. + addCommonName: false + # If set to true, any additional public addresses configured under the `publicAddr` chart value will be added to the certificate signing request. + # This setting is not enabled by default to preserve backward compatibility. + addPublicAddrs: false # Name of the Issuer/ClusterIssuer to use for certs # NOTE: You will always need to create this yourself when certManager.enabled is true. issuerName: "" diff --git a/teleport-cluster/Chart.yaml b/teleport-cluster/Chart.yaml index ae75a87..4a03678 100644 --- a/teleport-cluster/Chart.yaml +++ b/teleport-cluster/Chart.yaml @@ -1,13 +1,13 @@ apiVersion: v2 -appVersion: 14.0.1 +appVersion: 14.0.3 dependencies: - condition: installCRDs,operator.enabled name: teleport-operator repository: "" - version: 14.0.1 + version: 14.0.3 description: Teleport is an access platform for your infrastructure icon: https://goteleport.com/images/logos/logo-teleport-square.svg keywords: - Teleport name: teleport-cluster -version: 14.0.1 +version: 14.0.3 diff --git a/teleport-cluster/charts/teleport-operator/Chart.yaml b/teleport-cluster/charts/teleport-operator/Chart.yaml index 9f8efe4..a07336c 100644 --- a/teleport-cluster/charts/teleport-operator/Chart.yaml +++ b/teleport-cluster/charts/teleport-operator/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 14.0.1 +appVersion: 14.0.3 description: Teleport Operator provides management of select Teleport resources. icon: https://goteleport.com/images/logos/logo-teleport-square.svg keywords: - Teleport name: teleport-operator -version: 14.0.1 +version: 14.0.3 diff --git a/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap b/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap index cfc3b88..bf328cb 100644 --- a/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap +++ b/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap @@ -1,6 +1,6 @@ should add an operator side-car when operator is enabled: 1: | - image: public.ecr.aws/gravitational/teleport-operator:14.0.1 + image: public.ecr.aws/gravitational/teleport-operator:14.0.3 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -41,7 +41,7 @@ should add an operator side-car when operator is enabled: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.3 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -174,7 +174,7 @@ should set nodeSelector when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.3 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -271,7 +271,7 @@ should set resources when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.3 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -357,7 +357,7 @@ should set securityContext when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.3 imagePullPolicy: IfNotPresent lifecycle: preStop: diff --git a/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap b/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap index 3ecdcf1..5f0ac6c 100644 --- a/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap +++ b/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap @@ -5,7 +5,7 @@ should provision initContainer correctly when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.3 name: wait-auth-update - args: - echo test @@ -62,7 +62,7 @@ should set nodeSelector when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.3 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -123,7 +123,7 @@ should set nodeSelector when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.3 name: wait-auth-update nodeSelector: environment: security @@ -174,7 +174,7 @@ should set resources when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.3 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -242,7 +242,7 @@ should set resources when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.3 name: wait-auth-update serviceAccountName: RELEASE-NAME-proxy terminationGracePeriodSeconds: 60 @@ -275,7 +275,7 @@ should set securityContext for initContainers when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.3 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -343,7 +343,7 @@ should set securityContext for initContainers when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.3 name: wait-auth-update securityContext: allowPrivilegeEscalation: false @@ -383,7 +383,7 @@ should set securityContext when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.3 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -451,7 +451,7 @@ should set securityContext when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.0.1 + image: public.ecr.aws/gravitational/teleport-distroless:14.0.3 name: wait-auth-update securityContext: allowPrivilegeEscalation: false