adds a proxy token by default: 1: | | --- kind: token version: v2 metadata: name: RELEASE-NAME-proxy expires: "2050-01-01T00:00:00Z" spec: roles: [Proxy] join_method: kubernetes kubernetes: allow: - service_account: "NAMESPACE:RELEASE-NAME-proxy" configures access monitoring when its values are set: 1: | |- auth_service: access_monitoring: enabled: true report_results: s3://example-athena-long-term/report_results role_arn: arn:aws:iam::123456789012:role/example_AccessMonitoringRole workgroup: example_access_monitoring_workgroup authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-aws-cluster cluster_name: test-aws-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-aws-cluster listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO storage: audit_events_uri: - athena://db.table?topicArn=arn:aws:sns:region:account_id:topic_name audit_sessions_uri: s3://test-s3-session-storage-bucket auto_scaling: false continuous_backups: false region: us-west-2 table_name: test-dynamodb-backend-table type: dynamodb version: v3 keeps the second factor type even when it's "off": 1: | |- auth_service: authentication: local_auth: true second_factor: "off" type: local cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 keeps the session_recording type even when it's "off": 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate session_recording: "off" kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for acme-off.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-cluster-name cluster_name: test-cluster-name enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-cluster-name listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for acme-on.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-acme-cluster cluster_name: test-acme-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-acme-cluster listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for acme-uri-staging.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-acme-cluster cluster_name: test-acme-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-acme-cluster listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for auth-connector-name.yaml: 1: | |- auth_service: authentication: connector_name: okta local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for auth-disable-local.yaml: 1: | |- auth_service: authentication: local_auth: false second_factor: "off" type: github cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for auth-locking-mode.yaml: 1: | |- auth_service: authentication: local_auth: true locking_mode: strict second_factors: - otp - webauthn type: local webauthn: rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for auth-passwordless.yaml: 1: | |- auth_service: authentication: connector_name: passwordless local_auth: true second_factor: webauthn type: local webauthn: rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for auth-secondfactors-sso.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - sso type: local cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for auth-secondfactors-webauthn.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - sso - webauthn type: local webauthn: attestation_allowed_cas: - /etc/ssl/certs/ca-certificates.crt attestation_denied_cas: - /etc/ssl/certs/ca-certificates.crt rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for auth-type-legacy.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: github webauthn: rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for auth-type.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: github webauthn: rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for auth-webauthn-legacy.yaml: 1: | |- auth_service: authentication: local_auth: true second_factor: "on" type: local webauthn: attestation_allowed_cas: - /etc/ssl/certs/ca-certificates.crt attestation_denied_cas: - /etc/ssl/certs/ca-certificates.crt rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for auth-webauthn.yaml: 1: | |- auth_service: authentication: local_auth: true second_factor: "on" type: local webauthn: attestation_allowed_cas: - /etc/ssl/certs/ca-certificates.crt attestation_denied_cas: - /etc/ssl/certs/ca-certificates.crt rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for aws-dynamodb-autoscaling.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-aws-cluster cluster_name: test-aws-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-aws-cluster listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO storage: audit_events_uri: - dynamodb://test-dynamodb-auditlog-table audit_sessions_uri: s3://test-s3-session-storage-bucket auto_scaling: true billing_mode: provisioned continuous_backups: false read_max_capacity: 100 read_min_capacity: 5 read_target_value: 50 region: us-west-2 table_name: test-dynamodb-backend-table type: dynamodb write_max_capacity: 100 write_min_capacity: 5 write_target_value: 50 version: v3 matches snapshot for aws-ha-acme.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-aws-cluster cluster_name: test-aws-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-aws-cluster labels: env: aws listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO storage: audit_events_uri: - dynamodb://test-dynamodb-auditlog-table audit_sessions_uri: s3://test-s3-session-storage-bucket auto_scaling: false continuous_backups: false region: us-west-2 table_name: test-dynamodb-backend-table type: dynamodb version: v3 matches snapshot for aws-ha-antiaffinity.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-aws-cluster cluster_name: test-aws-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-aws-cluster labels: env: aws listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO storage: audit_events_uri: - dynamodb://test-dynamodb-auditlog-table audit_sessions_uri: s3://test-s3-session-storage-bucket auto_scaling: false continuous_backups: false region: us-west-2 table_name: test-dynamodb-backend-table type: dynamodb version: v3 matches snapshot for aws-ha-log.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-aws-cluster cluster_name: test-aws-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-aws-cluster labels: env: aws listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: DEBUG storage: audit_events_uri: - dynamodb://test-dynamodb-auditlog-table - stdout:// audit_sessions_uri: s3://test-s3-session-storage-bucket auto_scaling: false continuous_backups: false region: us-west-2 table_name: test-dynamodb-backend-table type: dynamodb version: v3 matches snapshot for aws-ha.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-aws-cluster cluster_name: test-aws-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-aws-cluster labels: env: aws listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO storage: audit_events_uri: - dynamodb://test-dynamodb-auditlog-table audit_sessions_uri: s3://test-s3-session-storage-bucket auto_scaling: false continuous_backups: false region: us-west-2 table_name: test-dynamodb-backend-table type: dynamodb version: v3 matches snapshot for aws.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-aws-cluster cluster_name: test-aws-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-aws-cluster labels: env: aws listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO storage: audit_events_uri: - dynamodb://test-dynamodb-auditlog-table audit_sessions_uri: s3://test-s3-session-storage-bucket auto_scaling: false continuous_backups: false region: us-west-2 table_name: test-dynamodb-backend-table type: dynamodb version: v3 matches snapshot for azure.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-azure-cluster cluster_name: test-azure-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-azure-cluster listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO storage: audit_events_uri: - postgresql://teleport@mypostgresinstance.postgres.database.azure.com/teleport_audit?sslmode=verify-full#auth_mode=azure - stdout:// audit_sessions_uri: azblob://mystorageaccount.blob.core.windows.net auth_mode: azure conn_string: postgresql://teleport@mypostgresinstance.postgres.database.azure.com/teleport_backend?sslmode=verify-full&pool_max_conns=100 type: postgresql version: v3 matches snapshot for azure.yaml without pool_max_conn: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-azure-cluster cluster_name: test-azure-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-azure-cluster listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO storage: audit_events_uri: - postgresql://teleport@mypostgresinstance.postgres.database.azure.com/teleport_audit?sslmode=verify-full#auth_mode=azure - stdout:// audit_sessions_uri: azblob://mystorageaccount.blob.core.windows.net auth_mode: azure conn_string: postgresql://teleport@mypostgresinstance.postgres.database.azure.com/teleport_backend?sslmode=verify-full type: postgresql version: v3 matches snapshot for existing-tls-secret-with-ca.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-cluster-name cluster_name: test-cluster-name enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-cluster-name listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for existing-tls-secret.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-cluster-name cluster_name: test-cluster-name enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-cluster-name listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for gcp-ha-acme.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-gcp-cluster cluster_name: test-gcp-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-gcp-cluster labels: env: gcp listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO storage: audit_events_uri: - firestore://test-teleport-firestore-auditlog-collection?projectID=gcpproj-123456&credentialsPath=/etc/teleport-secrets/gcp-credentials.json audit_sessions_uri: gs://test-gcp-session-storage-bucket?projectID=gcpproj-123456&credentialsPath=/etc/teleport-secrets/gcp-credentials.json collection_name: test-teleport-firestore-storage-collection credentials_path: /etc/teleport-secrets/gcp-credentials.json project_id: gcpproj-123456 type: firestore version: v3 matches snapshot for gcp-ha-antiaffinity.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-gcp-cluster cluster_name: test-gcp-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-gcp-cluster labels: env: gcp listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO storage: audit_events_uri: - firestore://test-teleport-firestore-auditlog-collection?projectID=gcpproj-123456&credentialsPath=/etc/teleport-secrets/gcp-credentials.json audit_sessions_uri: gs://test-gcp-session-storage-bucket?projectID=gcpproj-123456&credentialsPath=/etc/teleport-secrets/gcp-credentials.json collection_name: test-teleport-firestore-storage-collection credentials_path: /etc/teleport-secrets/gcp-credentials.json project_id: gcpproj-123456 type: firestore version: v3 matches snapshot for gcp-ha-log.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-gcp-cluster cluster_name: test-gcp-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-gcp-cluster labels: env: gcp listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: DEBUG storage: audit_events_uri: - firestore://test-teleport-firestore-auditlog-collection?projectID=gcpproj-123456&credentialsPath=/etc/teleport-secrets/gcp-credentials.json - stdout:// audit_sessions_uri: gs://test-gcp-session-storage-bucket?projectID=gcpproj-123456&credentialsPath=/etc/teleport-secrets/gcp-credentials.json collection_name: test-teleport-firestore-storage-collection credentials_path: /etc/teleport-secrets/gcp-credentials.json project_id: gcpproj-123456 type: firestore version: v3 matches snapshot for gcp.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-gcp-cluster cluster_name: test-gcp-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-gcp-cluster labels: env: gcp listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO storage: audit_events_uri: - firestore://test-teleport-firestore-auditlog-collection?projectID=gcpproj-123456&credentialsPath=/etc/teleport-secrets/gcp-credentials.json audit_sessions_uri: gs://test-gcp-session-storage-bucket?projectID=gcpproj-123456&credentialsPath=/etc/teleport-secrets/gcp-credentials.json collection_name: test-teleport-firestore-storage-collection credentials_path: /etc/teleport-secrets/gcp-credentials.json project_id: gcpproj-123456 type: firestore version: v3 matches snapshot for initcontainers.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for kube-cluster-name.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-aws-cluster cluster_name: test-aws-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-kube-cluster listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for log-basic.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-log-cluster cluster_name: test-log-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-log-cluster listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: json output: stderr severity: INFO version: v3 matches snapshot for log-extra.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-log-cluster cluster_name: test-log-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-log-cluster listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - level - timestamp - component - caller output: json output: /var/lib/teleport/test.log severity: DEBUG version: v3 matches snapshot for log-legacy.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-log-cluster cluster_name: test-log-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-log-cluster listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: DEBUG version: v3 matches snapshot for priority-class-name.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for proxy-listener-mode-multiplex.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-proxy-listener-mode cluster_name: test-proxy-listener-mode enabled: true proxy_listener_mode: multiplex kubernetes_service: enabled: true kube_cluster_name: test-proxy-listener-mode listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for proxy-listener-mode-separate.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-proxy-listener-mode cluster_name: test-proxy-listener-mode enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-proxy-listener-mode listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for public-addresses.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for separate-mongo-listener.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for separate-postgres-listener.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for service.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for session-recording.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate session_recording: node-sync kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for standalone-customsize.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-standalone-cluster cluster_name: test-standalone-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-standalone-cluster labels: env: standalone listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for standalone-existingpvc.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-standalone-cluster cluster_name: test-standalone-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-standalone-cluster labels: env: standalone listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for tolerations.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-aws-cluster cluster_name: test-aws-cluster enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-aws-cluster listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO storage: audit_events_uri: - dynamodb://test-dynamodb-auditlog-table audit_sessions_uri: s3://test-s3-session-storage-bucket auto_scaling: false continuous_backups: false region: us-west-2 table_name: test-dynamodb-backend-table type: dynamodb version: v3 matches snapshot for version-override.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: test-cluster-name cluster_name: test-cluster-name enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: test-cluster-name labels: env: test version: 5.2.1 listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for volumes.yaml: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: helm-lint cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot when both secondFactor and secondFactors are set.: 1: | |- auth_service: authentication: local_auth: true second_factor: "off" type: local cluster_name: helm-lint enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: helm-lint listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 sets clusterDomain on Configmap: 1: | apiVersion: v1 data: apply-on-startup.yaml: | --- kind: token version: v2 metadata: name: RELEASE-NAME-proxy expires: "2050-01-01T00:00:00Z" spec: roles: [Proxy] join_method: kubernetes kubernetes: allow: - service_account: "NAMESPACE:RELEASE-NAME-proxy" teleport.yaml: |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: teleport.example.com cluster_name: teleport.example.com enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: teleport.example.com listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.test.com:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 kind: ConfigMap metadata: labels: app.kubernetes.io/component: auth app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster app.kubernetes.io/version: 17.4.9 helm.sh/chart: teleport-cluster-17.4.9 teleport.dev/majorVersion: "17" name: RELEASE-NAME-auth namespace: NAMESPACE uses athena as primary backend when configured: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: teleport.example.com cluster_name: teleport.example.com enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: teleport.example.com listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO storage: audit_events_uri: - athena://db.table?topicArn=arn:aws:sns:region:account_id:topic_name - dynamodb://my-dynamodb-table audit_sessions_uri: s3://asd auto_scaling: false continuous_backups: false region: asd table_name: asd type: dynamodb version: v3 uses athena, dynamo, and stdout when everything is on: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: teleport.example.com cluster_name: teleport.example.com enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: teleport.example.com listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO storage: audit_events_uri: - athena://db.table?topicArn=arn:aws:sns:region:account_id:topic_name - dynamodb://my-dynamodb-table - stdout:// audit_sessions_uri: s3://asd auto_scaling: false continuous_backups: false region: asd table_name: asd type: dynamodb version: v3 uses dynamo as primary backend when configured: 1: | |- auth_service: authentication: local_auth: true second_factors: - otp - webauthn type: local webauthn: rp_id: teleport.example.com cluster_name: teleport.example.com enabled: true proxy_listener_mode: separate kubernetes_service: enabled: true kube_cluster_name: teleport.example.com listen_addr: 0.0.0.0:3026 public_addr: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3026 proxy_service: enabled: false ssh_service: enabled: false teleport: auth_server: 127.0.0.1:3025 log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO storage: audit_events_uri: - dynamodb://my-dynamodb-table - athena://db.table?topicArn=arn:aws:sns:region:account_id:topic_name audit_sessions_uri: s3://asd auto_scaling: false continuous_backups: false region: asd table_name: asd type: dynamodb version: v3