Update teleport to 14.0.3
This commit is contained in:
parent
0e8ab34db6
commit
bf398a60bc
@ -1,27 +0,0 @@
|
||||
{{- $proxy := mustMergeOverwrite (mustDeepCopy .Values) .Values.proxy -}}
|
||||
{{- if $proxy.highAvailability.certManager.enabled }}
|
||||
{{- $domain := (required "clusterName is required in chartValues when certManager is enabled" $proxy.clusterName) }}
|
||||
{{- $domainWildcard := printf "*.%s" (required "clusterName is required in chartValues when certManager is enabled" $proxy.clusterName) }}
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ .Release.Name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{- include "teleport-cluster.proxy.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretName: teleport-tls
|
||||
{{- if $proxy.highAvailability.certManager.addCommonName }}
|
||||
commonName: {{ quote $domain }}
|
||||
{{- end }}
|
||||
dnsNames:
|
||||
- {{ quote $domain }}
|
||||
- {{ quote $domainWildcard }}
|
||||
issuerRef:
|
||||
name: {{ required "highAvailability.certManager.issuerName is required in chart values" $proxy.highAvailability.certManager.issuerName }}
|
||||
kind: {{ required "highAvailability.certManager.issuerKind is required in chart values" $proxy.highAvailability.certManager.issuerKind }}
|
||||
group: {{ required "highAvailability.certManager.issuerGroup is required in chart values" $proxy.highAvailability.certManager.issuerGroup }}
|
||||
{{- with $proxy.annotations.certSecret }}
|
||||
secretTemplate:
|
||||
annotations: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@ -1,16 +0,0 @@
|
||||
should request a certificate for cluster name when cert-manager is enabled (cert-manager.yaml):
|
||||
1: |
|
||||
- test-cluster
|
||||
- '*.test-cluster'
|
||||
2: |
|
||||
group: custom.cert-manager.io
|
||||
kind: CustomClusterIssuer
|
||||
name: custom
|
||||
should request a certificate for cluster name when cert-manager is enabled (cert-secret.yaml):
|
||||
1: |
|
||||
- test-cluster
|
||||
- '*.test-cluster'
|
||||
2: |
|
||||
group: cert-manager.io
|
||||
kind: Issuer
|
||||
name: letsencrypt
|
||||
@ -1,29 +0,0 @@
|
||||
suite: Proxy Certificate
|
||||
templates:
|
||||
- proxy/certificate.yaml
|
||||
tests:
|
||||
- it: should request a certificate for cluster name when cert-manager is enabled (cert-manager.yaml)
|
||||
values:
|
||||
- ../.lint/cert-manager.yaml
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: Certificate
|
||||
- matchSnapshot:
|
||||
path: spec.dnsNames
|
||||
- matchSnapshot:
|
||||
path: spec.issuerRef
|
||||
|
||||
- it: should request a certificate for cluster name when cert-manager is enabled (cert-secret.yaml)
|
||||
values:
|
||||
- ../.lint/cert-secret.yaml
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- isKind:
|
||||
of: Certificate
|
||||
- matchSnapshot:
|
||||
path: spec.dnsNames
|
||||
- matchSnapshot:
|
||||
path: spec.issuerRef
|
||||
BIN
teleport-cluster-14.0.1/.values.home.yaml.swp
Normal file
BIN
teleport-cluster-14.0.1/.values.home.yaml.swp
Normal file
Binary file not shown.
@ -1,13 +1,13 @@
|
||||
apiVersion: v2
|
||||
appVersion: 13.3.8
|
||||
appVersion: 14.0.1
|
||||
dependencies:
|
||||
- condition: installCRDs,operator.enabled
|
||||
name: teleport-operator
|
||||
repository: ""
|
||||
version: 13.3.8
|
||||
version: 14.0.1
|
||||
description: Teleport is an access platform for your infrastructure
|
||||
icon: https://goteleport.com/images/logos/logo-teleport-square.svg
|
||||
keywords:
|
||||
- Teleport
|
||||
name: teleport-cluster
|
||||
version: 13.3.8
|
||||
version: 14.0.1
|
||||
@ -1,8 +1,8 @@
|
||||
apiVersion: v2
|
||||
appVersion: 13.3.8
|
||||
appVersion: 14.0.1
|
||||
description: Teleport Operator provides management of select Teleport resources.
|
||||
icon: https://goteleport.com/images/logos/logo-teleport-square.svg
|
||||
keywords:
|
||||
- Teleport
|
||||
name: teleport-operator
|
||||
version: 13.3.8
|
||||
version: 14.0.1
|
||||
@ -235,6 +235,19 @@ spec:
|
||||
type: object
|
||||
nullable: true
|
||||
type: array
|
||||
static_jwks:
|
||||
description: StaticJWKS is the configuration specific to the `static_jwks`
|
||||
type.
|
||||
nullable: true
|
||||
properties:
|
||||
jwks:
|
||||
type: string
|
||||
type: object
|
||||
type:
|
||||
description: 'Type controls which behavior should be used for
|
||||
validating the Kubernetes Service Account token. Support values:
|
||||
- `in_cluster` - `static_jwks` If unset, this defaults to `in_cluster`.'
|
||||
type: string
|
||||
type: object
|
||||
roles:
|
||||
description: Roles is a list of roles associated with the token, that
|
||||
@ -236,6 +236,13 @@ spec:
|
||||
description: Namespace is the resource namespace. It supports
|
||||
wildcards.
|
||||
type: string
|
||||
verbs:
|
||||
description: Verbs are the allowed Kubernetes verbs for
|
||||
the following resource.
|
||||
items:
|
||||
type: string
|
||||
nullable: true
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
kubernetes_users:
|
||||
@ -690,6 +697,13 @@ spec:
|
||||
description: Namespace is the resource namespace. It supports
|
||||
wildcards.
|
||||
type: string
|
||||
verbs:
|
||||
description: Verbs are the allowed Kubernetes verbs for
|
||||
the following resource.
|
||||
items:
|
||||
type: string
|
||||
nullable: true
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
kubernetes_users:
|
||||
@ -949,8 +963,7 @@ spec:
|
||||
mode:
|
||||
description: Mode is the type of extension to be used --
|
||||
currently critical-option is not supported
|
||||
format: int32
|
||||
type: integer
|
||||
x-kubernetes-int-or-string: true
|
||||
name:
|
||||
description: Name specifies the key to be used in the cert
|
||||
extension.
|
||||
@ -958,8 +971,7 @@ spec:
|
||||
type:
|
||||
description: Type represents the certificate type being
|
||||
extended, only ssh is supported at this time.
|
||||
format: int32
|
||||
type: integer
|
||||
x-kubernetes-int-or-string: true
|
||||
value:
|
||||
description: Value specifies the value to be used in the
|
||||
cert extension.
|
||||
@ -992,8 +1004,7 @@ spec:
|
||||
create_host_user_mode:
|
||||
description: CreateHostUserMode allows users to be automatically
|
||||
created on a host when not set to off
|
||||
format: int32
|
||||
type: integer
|
||||
x-kubernetes-int-or-string: true
|
||||
desktop_clipboard:
|
||||
description: DesktopClipboard indicates whether clipboard sharing
|
||||
is allowed between the user's workstation and the remote desktop.
|
||||
@ -1099,13 +1110,12 @@ spec:
|
||||
type: string
|
||||
request_prompt:
|
||||
description: RequestPrompt is an optional message which tells
|
||||
users what they aught to
|
||||
users what they aught to request.
|
||||
type: string
|
||||
require_session_mfa:
|
||||
description: RequireMFAType is the type of MFA requirement enforced
|
||||
for this user.
|
||||
format: int32
|
||||
type: integer
|
||||
x-kubernetes-int-or-string: true
|
||||
ssh_file_copy:
|
||||
description: SSHFileCopy indicates whether remote file operations
|
||||
via SCP or SFTP are allowed over an SSH session. It defaults
|
||||
@ -1419,6 +1429,13 @@ spec:
|
||||
description: Namespace is the resource namespace. It supports
|
||||
wildcards.
|
||||
type: string
|
||||
verbs:
|
||||
description: Verbs are the allowed Kubernetes verbs for
|
||||
the following resource.
|
||||
items:
|
||||
type: string
|
||||
nullable: true
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
kubernetes_users:
|
||||
@ -1873,6 +1890,13 @@ spec:
|
||||
description: Namespace is the resource namespace. It supports
|
||||
wildcards.
|
||||
type: string
|
||||
verbs:
|
||||
description: Verbs are the allowed Kubernetes verbs for
|
||||
the following resource.
|
||||
items:
|
||||
type: string
|
||||
nullable: true
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
kubernetes_users:
|
||||
@ -2132,8 +2156,7 @@ spec:
|
||||
mode:
|
||||
description: Mode is the type of extension to be used --
|
||||
currently critical-option is not supported
|
||||
format: int32
|
||||
type: integer
|
||||
x-kubernetes-int-or-string: true
|
||||
name:
|
||||
description: Name specifies the key to be used in the cert
|
||||
extension.
|
||||
@ -2141,8 +2164,7 @@ spec:
|
||||
type:
|
||||
description: Type represents the certificate type being
|
||||
extended, only ssh is supported at this time.
|
||||
format: int32
|
||||
type: integer
|
||||
x-kubernetes-int-or-string: true
|
||||
value:
|
||||
description: Value specifies the value to be used in the
|
||||
cert extension.
|
||||
@ -2175,8 +2197,7 @@ spec:
|
||||
create_host_user_mode:
|
||||
description: CreateHostUserMode allows users to be automatically
|
||||
created on a host when not set to off
|
||||
format: int32
|
||||
type: integer
|
||||
x-kubernetes-int-or-string: true
|
||||
desktop_clipboard:
|
||||
description: DesktopClipboard indicates whether clipboard sharing
|
||||
is allowed between the user's workstation and the remote desktop.
|
||||
@ -2282,13 +2303,12 @@ spec:
|
||||
type: string
|
||||
request_prompt:
|
||||
description: RequestPrompt is an optional message which tells
|
||||
users what they aught to
|
||||
users what they aught to request.
|
||||
type: string
|
||||
require_session_mfa:
|
||||
description: RequireMFAType is the type of MFA requirement enforced
|
||||
for this user.
|
||||
format: int32
|
||||
type: integer
|
||||
x-kubernetes-int-or-string: true
|
||||
ssh_file_copy:
|
||||
description: SSHFileCopy indicates whether remote file operations
|
||||
via SCP or SFTP are allowed over an SSH session. It defaults
|
||||
@ -248,6 +248,13 @@ spec:
|
||||
port: 8081
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
ports:
|
||||
- name: op-metrics
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
- name: op-health
|
||||
containerPort: 8081
|
||||
protocol: TCP
|
||||
{{- if .Values.operator.resources }}
|
||||
resources: {{- toYaml .Values.operator.resources | nindent 10 }}
|
||||
{{- end }}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user