Update teleport to 14.0.3
This commit is contained in:
parent
0e8ab34db6
commit
bf398a60bc
@ -1,27 +0,0 @@
|
|||||||
{{- $proxy := mustMergeOverwrite (mustDeepCopy .Values) .Values.proxy -}}
|
|
||||||
{{- if $proxy.highAvailability.certManager.enabled }}
|
|
||||||
{{- $domain := (required "clusterName is required in chartValues when certManager is enabled" $proxy.clusterName) }}
|
|
||||||
{{- $domainWildcard := printf "*.%s" (required "clusterName is required in chartValues when certManager is enabled" $proxy.clusterName) }}
|
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: {{ .Release.Name }}
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
labels: {{- include "teleport-cluster.proxy.labels" . | nindent 4 }}
|
|
||||||
spec:
|
|
||||||
secretName: teleport-tls
|
|
||||||
{{- if $proxy.highAvailability.certManager.addCommonName }}
|
|
||||||
commonName: {{ quote $domain }}
|
|
||||||
{{- end }}
|
|
||||||
dnsNames:
|
|
||||||
- {{ quote $domain }}
|
|
||||||
- {{ quote $domainWildcard }}
|
|
||||||
issuerRef:
|
|
||||||
name: {{ required "highAvailability.certManager.issuerName is required in chart values" $proxy.highAvailability.certManager.issuerName }}
|
|
||||||
kind: {{ required "highAvailability.certManager.issuerKind is required in chart values" $proxy.highAvailability.certManager.issuerKind }}
|
|
||||||
group: {{ required "highAvailability.certManager.issuerGroup is required in chart values" $proxy.highAvailability.certManager.issuerGroup }}
|
|
||||||
{{- with $proxy.annotations.certSecret }}
|
|
||||||
secretTemplate:
|
|
||||||
annotations: {{- toYaml . | nindent 6 }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
|
||||||
@ -1,16 +0,0 @@
|
|||||||
should request a certificate for cluster name when cert-manager is enabled (cert-manager.yaml):
|
|
||||||
1: |
|
|
||||||
- test-cluster
|
|
||||||
- '*.test-cluster'
|
|
||||||
2: |
|
|
||||||
group: custom.cert-manager.io
|
|
||||||
kind: CustomClusterIssuer
|
|
||||||
name: custom
|
|
||||||
should request a certificate for cluster name when cert-manager is enabled (cert-secret.yaml):
|
|
||||||
1: |
|
|
||||||
- test-cluster
|
|
||||||
- '*.test-cluster'
|
|
||||||
2: |
|
|
||||||
group: cert-manager.io
|
|
||||||
kind: Issuer
|
|
||||||
name: letsencrypt
|
|
||||||
@ -1,29 +0,0 @@
|
|||||||
suite: Proxy Certificate
|
|
||||||
templates:
|
|
||||||
- proxy/certificate.yaml
|
|
||||||
tests:
|
|
||||||
- it: should request a certificate for cluster name when cert-manager is enabled (cert-manager.yaml)
|
|
||||||
values:
|
|
||||||
- ../.lint/cert-manager.yaml
|
|
||||||
asserts:
|
|
||||||
- hasDocuments:
|
|
||||||
count: 1
|
|
||||||
- isKind:
|
|
||||||
of: Certificate
|
|
||||||
- matchSnapshot:
|
|
||||||
path: spec.dnsNames
|
|
||||||
- matchSnapshot:
|
|
||||||
path: spec.issuerRef
|
|
||||||
|
|
||||||
- it: should request a certificate for cluster name when cert-manager is enabled (cert-secret.yaml)
|
|
||||||
values:
|
|
||||||
- ../.lint/cert-secret.yaml
|
|
||||||
asserts:
|
|
||||||
- hasDocuments:
|
|
||||||
count: 1
|
|
||||||
- isKind:
|
|
||||||
of: Certificate
|
|
||||||
- matchSnapshot:
|
|
||||||
path: spec.dnsNames
|
|
||||||
- matchSnapshot:
|
|
||||||
path: spec.issuerRef
|
|
||||||
BIN
teleport-cluster-14.0.1/.values.home.yaml.swp
Normal file
BIN
teleport-cluster-14.0.1/.values.home.yaml.swp
Normal file
Binary file not shown.
@ -1,13 +1,13 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 13.3.8
|
appVersion: 14.0.1
|
||||||
dependencies:
|
dependencies:
|
||||||
- condition: installCRDs,operator.enabled
|
- condition: installCRDs,operator.enabled
|
||||||
name: teleport-operator
|
name: teleport-operator
|
||||||
repository: ""
|
repository: ""
|
||||||
version: 13.3.8
|
version: 14.0.1
|
||||||
description: Teleport is an access platform for your infrastructure
|
description: Teleport is an access platform for your infrastructure
|
||||||
icon: https://goteleport.com/images/logos/logo-teleport-square.svg
|
icon: https://goteleport.com/images/logos/logo-teleport-square.svg
|
||||||
keywords:
|
keywords:
|
||||||
- Teleport
|
- Teleport
|
||||||
name: teleport-cluster
|
name: teleport-cluster
|
||||||
version: 13.3.8
|
version: 14.0.1
|
||||||
@ -1,8 +1,8 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 13.3.8
|
appVersion: 14.0.1
|
||||||
description: Teleport Operator provides management of select Teleport resources.
|
description: Teleport Operator provides management of select Teleport resources.
|
||||||
icon: https://goteleport.com/images/logos/logo-teleport-square.svg
|
icon: https://goteleport.com/images/logos/logo-teleport-square.svg
|
||||||
keywords:
|
keywords:
|
||||||
- Teleport
|
- Teleport
|
||||||
name: teleport-operator
|
name: teleport-operator
|
||||||
version: 13.3.8
|
version: 14.0.1
|
||||||
@ -235,6 +235,19 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
nullable: true
|
nullable: true
|
||||||
type: array
|
type: array
|
||||||
|
static_jwks:
|
||||||
|
description: StaticJWKS is the configuration specific to the `static_jwks`
|
||||||
|
type.
|
||||||
|
nullable: true
|
||||||
|
properties:
|
||||||
|
jwks:
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type:
|
||||||
|
description: 'Type controls which behavior should be used for
|
||||||
|
validating the Kubernetes Service Account token. Support values:
|
||||||
|
- `in_cluster` - `static_jwks` If unset, this defaults to `in_cluster`.'
|
||||||
|
type: string
|
||||||
type: object
|
type: object
|
||||||
roles:
|
roles:
|
||||||
description: Roles is a list of roles associated with the token, that
|
description: Roles is a list of roles associated with the token, that
|
||||||
@ -236,6 +236,13 @@ spec:
|
|||||||
description: Namespace is the resource namespace. It supports
|
description: Namespace is the resource namespace. It supports
|
||||||
wildcards.
|
wildcards.
|
||||||
type: string
|
type: string
|
||||||
|
verbs:
|
||||||
|
description: Verbs are the allowed Kubernetes verbs for
|
||||||
|
the following resource.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
nullable: true
|
||||||
|
type: array
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
kubernetes_users:
|
kubernetes_users:
|
||||||
@ -690,6 +697,13 @@ spec:
|
|||||||
description: Namespace is the resource namespace. It supports
|
description: Namespace is the resource namespace. It supports
|
||||||
wildcards.
|
wildcards.
|
||||||
type: string
|
type: string
|
||||||
|
verbs:
|
||||||
|
description: Verbs are the allowed Kubernetes verbs for
|
||||||
|
the following resource.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
nullable: true
|
||||||
|
type: array
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
kubernetes_users:
|
kubernetes_users:
|
||||||
@ -949,8 +963,7 @@ spec:
|
|||||||
mode:
|
mode:
|
||||||
description: Mode is the type of extension to be used --
|
description: Mode is the type of extension to be used --
|
||||||
currently critical-option is not supported
|
currently critical-option is not supported
|
||||||
format: int32
|
x-kubernetes-int-or-string: true
|
||||||
type: integer
|
|
||||||
name:
|
name:
|
||||||
description: Name specifies the key to be used in the cert
|
description: Name specifies the key to be used in the cert
|
||||||
extension.
|
extension.
|
||||||
@ -958,8 +971,7 @@ spec:
|
|||||||
type:
|
type:
|
||||||
description: Type represents the certificate type being
|
description: Type represents the certificate type being
|
||||||
extended, only ssh is supported at this time.
|
extended, only ssh is supported at this time.
|
||||||
format: int32
|
x-kubernetes-int-or-string: true
|
||||||
type: integer
|
|
||||||
value:
|
value:
|
||||||
description: Value specifies the value to be used in the
|
description: Value specifies the value to be used in the
|
||||||
cert extension.
|
cert extension.
|
||||||
@ -992,8 +1004,7 @@ spec:
|
|||||||
create_host_user_mode:
|
create_host_user_mode:
|
||||||
description: CreateHostUserMode allows users to be automatically
|
description: CreateHostUserMode allows users to be automatically
|
||||||
created on a host when not set to off
|
created on a host when not set to off
|
||||||
format: int32
|
x-kubernetes-int-or-string: true
|
||||||
type: integer
|
|
||||||
desktop_clipboard:
|
desktop_clipboard:
|
||||||
description: DesktopClipboard indicates whether clipboard sharing
|
description: DesktopClipboard indicates whether clipboard sharing
|
||||||
is allowed between the user's workstation and the remote desktop.
|
is allowed between the user's workstation and the remote desktop.
|
||||||
@ -1099,13 +1110,12 @@ spec:
|
|||||||
type: string
|
type: string
|
||||||
request_prompt:
|
request_prompt:
|
||||||
description: RequestPrompt is an optional message which tells
|
description: RequestPrompt is an optional message which tells
|
||||||
users what they aught to
|
users what they aught to request.
|
||||||
type: string
|
type: string
|
||||||
require_session_mfa:
|
require_session_mfa:
|
||||||
description: RequireMFAType is the type of MFA requirement enforced
|
description: RequireMFAType is the type of MFA requirement enforced
|
||||||
for this user.
|
for this user.
|
||||||
format: int32
|
x-kubernetes-int-or-string: true
|
||||||
type: integer
|
|
||||||
ssh_file_copy:
|
ssh_file_copy:
|
||||||
description: SSHFileCopy indicates whether remote file operations
|
description: SSHFileCopy indicates whether remote file operations
|
||||||
via SCP or SFTP are allowed over an SSH session. It defaults
|
via SCP or SFTP are allowed over an SSH session. It defaults
|
||||||
@ -1419,6 +1429,13 @@ spec:
|
|||||||
description: Namespace is the resource namespace. It supports
|
description: Namespace is the resource namespace. It supports
|
||||||
wildcards.
|
wildcards.
|
||||||
type: string
|
type: string
|
||||||
|
verbs:
|
||||||
|
description: Verbs are the allowed Kubernetes verbs for
|
||||||
|
the following resource.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
nullable: true
|
||||||
|
type: array
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
kubernetes_users:
|
kubernetes_users:
|
||||||
@ -1873,6 +1890,13 @@ spec:
|
|||||||
description: Namespace is the resource namespace. It supports
|
description: Namespace is the resource namespace. It supports
|
||||||
wildcards.
|
wildcards.
|
||||||
type: string
|
type: string
|
||||||
|
verbs:
|
||||||
|
description: Verbs are the allowed Kubernetes verbs for
|
||||||
|
the following resource.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
nullable: true
|
||||||
|
type: array
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
kubernetes_users:
|
kubernetes_users:
|
||||||
@ -2132,8 +2156,7 @@ spec:
|
|||||||
mode:
|
mode:
|
||||||
description: Mode is the type of extension to be used --
|
description: Mode is the type of extension to be used --
|
||||||
currently critical-option is not supported
|
currently critical-option is not supported
|
||||||
format: int32
|
x-kubernetes-int-or-string: true
|
||||||
type: integer
|
|
||||||
name:
|
name:
|
||||||
description: Name specifies the key to be used in the cert
|
description: Name specifies the key to be used in the cert
|
||||||
extension.
|
extension.
|
||||||
@ -2141,8 +2164,7 @@ spec:
|
|||||||
type:
|
type:
|
||||||
description: Type represents the certificate type being
|
description: Type represents the certificate type being
|
||||||
extended, only ssh is supported at this time.
|
extended, only ssh is supported at this time.
|
||||||
format: int32
|
x-kubernetes-int-or-string: true
|
||||||
type: integer
|
|
||||||
value:
|
value:
|
||||||
description: Value specifies the value to be used in the
|
description: Value specifies the value to be used in the
|
||||||
cert extension.
|
cert extension.
|
||||||
@ -2175,8 +2197,7 @@ spec:
|
|||||||
create_host_user_mode:
|
create_host_user_mode:
|
||||||
description: CreateHostUserMode allows users to be automatically
|
description: CreateHostUserMode allows users to be automatically
|
||||||
created on a host when not set to off
|
created on a host when not set to off
|
||||||
format: int32
|
x-kubernetes-int-or-string: true
|
||||||
type: integer
|
|
||||||
desktop_clipboard:
|
desktop_clipboard:
|
||||||
description: DesktopClipboard indicates whether clipboard sharing
|
description: DesktopClipboard indicates whether clipboard sharing
|
||||||
is allowed between the user's workstation and the remote desktop.
|
is allowed between the user's workstation and the remote desktop.
|
||||||
@ -2282,13 +2303,12 @@ spec:
|
|||||||
type: string
|
type: string
|
||||||
request_prompt:
|
request_prompt:
|
||||||
description: RequestPrompt is an optional message which tells
|
description: RequestPrompt is an optional message which tells
|
||||||
users what they aught to
|
users what they aught to request.
|
||||||
type: string
|
type: string
|
||||||
require_session_mfa:
|
require_session_mfa:
|
||||||
description: RequireMFAType is the type of MFA requirement enforced
|
description: RequireMFAType is the type of MFA requirement enforced
|
||||||
for this user.
|
for this user.
|
||||||
format: int32
|
x-kubernetes-int-or-string: true
|
||||||
type: integer
|
|
||||||
ssh_file_copy:
|
ssh_file_copy:
|
||||||
description: SSHFileCopy indicates whether remote file operations
|
description: SSHFileCopy indicates whether remote file operations
|
||||||
via SCP or SFTP are allowed over an SSH session. It defaults
|
via SCP or SFTP are allowed over an SSH session. It defaults
|
||||||
@ -248,6 +248,13 @@ spec:
|
|||||||
port: 8081
|
port: 8081
|
||||||
initialDelaySeconds: 5
|
initialDelaySeconds: 5
|
||||||
periodSeconds: 10
|
periodSeconds: 10
|
||||||
|
ports:
|
||||||
|
- name: op-metrics
|
||||||
|
containerPort: 8080
|
||||||
|
protocol: TCP
|
||||||
|
- name: op-health
|
||||||
|
containerPort: 8081
|
||||||
|
protocol: TCP
|
||||||
{{- if .Values.operator.resources }}
|
{{- if .Values.operator.resources }}
|
||||||
resources: {{- toYaml .Values.operator.resources | nindent 10 }}
|
resources: {{- toYaml .Values.operator.resources | nindent 10 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user