Teleport Chart 업데이트

helm/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap

@@ -1,6 +1,6 @@
 should add an operator side-car when operator is enabled:
   1: |
-    image: public.ecr.aws/gravitational/teleport-operator:13.3.9
+    image: public.ecr.aws/gravitational/teleport-operator:14.2.0
     imagePullPolicy: IfNotPresent
     livenessProbe:
       httpGet:
@@ -9,6 +9,13 @@ should add an operator side-car when operator is enabled:
       initialDelaySeconds: 15
       periodSeconds: 20
     name: operator
+    ports:
+    - containerPort: 8080
+      name: op-metrics
+      protocol: TCP
+    - containerPort: 8081
+      name: op-health
+      protocol: TCP
     readinessProbe:
       httpGet:
         path: /readyz
@@ -34,7 +41,7 @@ should add an operator side-car when operator is enabled:
     - args:
       - --diag-addr=0.0.0.0:3000
       - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
-      image: public.ecr.aws/gravitational/teleport-distroless:13.3.9
+      image: public.ecr.aws/gravitational/teleport-distroless:14.2.0
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -167,7 +174,7 @@ should set nodeSelector when set in values:
     - args:
       - --diag-addr=0.0.0.0:3000
       - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
-      image: public.ecr.aws/gravitational/teleport-distroless:13.3.9
+      image: public.ecr.aws/gravitational/teleport-distroless:14.2.0
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -264,7 +271,7 @@ should set resources when set in values:
     - args:
       - --diag-addr=0.0.0.0:3000
       - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
-      image: public.ecr.aws/gravitational/teleport-distroless:13.3.9
+      image: public.ecr.aws/gravitational/teleport-distroless:14.2.0
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -350,7 +357,7 @@ should set securityContext when set in values:
     - args:
       - --diag-addr=0.0.0.0:3000
       - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
-      image: public.ecr.aws/gravitational/teleport-distroless:13.3.9
+      image: public.ecr.aws/gravitational/teleport-distroless:14.2.0
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:

helm/teleport-cluster/tests/__snapshot__/proxy_certificate_test.yaml.snap

@@ -1,3 +1,55 @@
+? should not request a certificate for cluster name and publicAddrs when cert-manager
+  is enabled and proxy.highAvailability.certManager.addPublicAddrs is not set (cert-manager.yaml)
+: 1: |
+    - test-cluster
+    - '*.test-cluster'
+  2: |
+    group: custom.cert-manager.io
+    kind: CustomClusterIssuer
+    name: custom
+? should not request a certificate for cluster name and publicAddrs when cert-manager
+  is enabled and proxy.highAvailability.certManager.addPublicAddrs is not set (cert-secret.yaml)
+: 1: |
+    - test-cluster
+    - '*.test-cluster'
+  2: |
+    group: cert-manager.io
+    kind: Issuer
+    name: letsencrypt
+? should request a certificate for cluster name and publicAddrs when cert-manager
+  is enabled and proxy.highAvailability.certManager.addPublicAddrs is set (cert-manager.yaml)
+: 1: |
+    - test-cluster
+    - '*.test-cluster'
+    - teleport.test.com
+    - teleport.shared-services.old-domain.com
+  2: |
+    group: custom.cert-manager.io
+    kind: CustomClusterIssuer
+    name: custom
+? should request a certificate for cluster name and publicAddrs when cert-manager
+  is enabled and proxy.highAvailability.certManager.addPublicAddrs is set (cert-secret.yaml)
+: 1: |
+    - test-cluster
+    - '*.test-cluster'
+    - teleport.test.com
+    - teleport.shared-services.old-domain.com
+  2: |
+    group: cert-manager.io
+    kind: Issuer
+    name: letsencrypt
+? should request a certificate for cluster name and publicAddrs when cert-manager
+  is enabled and proxy.highAvailability.certManager.addPublicAddrs is set, removing
+  duplicates
+: 1: |
+    - test-cluster
+    - '*.test-cluster'
+    - teleport.test.com
+    - teleport.shared-services.old-domain.com
+  2: |
+    group: custom.cert-manager.io
+    kind: CustomClusterIssuer
+    name: custom
 should request a certificate for cluster name when cert-manager is enabled (cert-manager.yaml):
   1: |
     - test-cluster

helm/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap

@@ -1,4 +1,4 @@
-generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version < 13.2.0 and ingress.enabled is not set:
+generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version < 14.0.0 and ingress.enabled is not set:
   1: |
     |-
       auth_service:
@@ -28,7 +28,7 @@ generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version
           output: stderr
           severity: INFO
       version: v3
-generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version < 13.2.0 and ingress.enabled=true:
+generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version < 14.0.0 and ingress.enabled=true:
   1: |
     |-
       auth_service:
@@ -54,7 +54,7 @@ generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version
           output: stderr
           severity: INFO
       version: v3
-generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version >=13.2.0 and ingress.enabled is not set:
+generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version >=14.0.0 and ingress.enabled is not set:
   1: |
     |-
       auth_service:
@@ -141,7 +141,7 @@ generates a config with proxy_service.trust_x_forwarded_for=true when version =
           output: stderr
           severity: INFO
       version: v3
-generates a config with proxy_service.trust_x_forwarded_for=true when version >=13.2.0 and ingress.enabled=true:
+generates a config with proxy_service.trust_x_forwarded_for=true when version >=14.0.0 and ingress.enabled=true:
   1: |
     |-
       auth_service:

helm/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap

@@ -4,8 +4,8 @@ should provision initContainer correctly when set in values:
       - teleport
       - wait
       - no-resolve
-      - RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:13.3.9
+      - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
+      image: public.ecr.aws/gravitational/teleport-distroless:14.2.0
       name: wait-auth-update
     - args:
       - echo test
@@ -62,7 +62,7 @@ should set nodeSelector when set in values:
     containers:
     - args:
       - --diag-addr=0.0.0.0:3000
-      image: public.ecr.aws/gravitational/teleport-distroless:13.3.9
+      image: public.ecr.aws/gravitational/teleport-distroless:14.2.0
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -122,8 +122,8 @@ should set nodeSelector when set in values:
       - teleport
       - wait
       - no-resolve
-      - RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:13.3.9
+      - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
+      image: public.ecr.aws/gravitational/teleport-distroless:14.2.0
       name: wait-auth-update
     nodeSelector:
       environment: security
@@ -174,7 +174,7 @@ should set resources when set in values:
     containers:
     - args:
       - --diag-addr=0.0.0.0:3000
-      image: public.ecr.aws/gravitational/teleport-distroless:13.3.9
+      image: public.ecr.aws/gravitational/teleport-distroless:14.2.0
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -241,8 +241,8 @@ should set resources when set in values:
       - teleport
       - wait
       - no-resolve
-      - RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:13.3.9
+      - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
+      image: public.ecr.aws/gravitational/teleport-distroless:14.2.0
       name: wait-auth-update
     serviceAccountName: RELEASE-NAME-proxy
     terminationGracePeriodSeconds: 60
@@ -275,7 +275,7 @@ should set securityContext for initContainers when set in values:
     containers:
     - args:
       - --diag-addr=0.0.0.0:3000
-      image: public.ecr.aws/gravitational/teleport-distroless:13.3.9
+      image: public.ecr.aws/gravitational/teleport-distroless:14.2.0
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -342,8 +342,8 @@ should set securityContext for initContainers when set in values:
       - teleport
       - wait
       - no-resolve
-      - RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:13.3.9
+      - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
+      image: public.ecr.aws/gravitational/teleport-distroless:14.2.0
       name: wait-auth-update
       securityContext:
         allowPrivilegeEscalation: false
@@ -383,7 +383,7 @@ should set securityContext when set in values:
     containers:
     - args:
       - --diag-addr=0.0.0.0:3000
-      image: public.ecr.aws/gravitational/teleport-distroless:13.3.9
+      image: public.ecr.aws/gravitational/teleport-distroless:14.2.0
       imagePullPolicy: IfNotPresent
       lifecycle:
         preStop:
@@ -450,8 +450,8 @@ should set securityContext when set in values:
       - teleport
       - wait
       - no-resolve
-      - RELEASE-NAME-auth-v12.NAMESPACE.svc.cluster.local
-      image: public.ecr.aws/gravitational/teleport-distroless:13.3.9
+      - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
+      image: public.ecr.aws/gravitational/teleport-distroless:14.2.0
       name: wait-auth-update
       securityContext:
         allowPrivilegeEscalation: false