From d85af16c938638ab05340ba1b291a80736fe6f80 Mon Sep 17 00:00:00 2001 From: dsk-minchulahn Date: Mon, 22 Jan 2024 13:22:46 +0900 Subject: [PATCH] =?UTF-8?q?Teleport=20-=20version=20=EC=97=85=EA=B7=B8?= =?UTF-8?q?=EB=A0=88=EC=9D=B4=EB=93=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- helm/teleport-cluster/Chart.yaml | 6 +++--- .../charts/teleport-operator/Chart.yaml | 4 ++-- ...resources.teleport.dev_provisiontokens.yaml | 10 ++++++++++ .../auth_deployment_test.yaml.snap | 10 +++++----- .../proxy_deployment_test.yaml.snap | 18 +++++++++--------- helm/teleport-cluster/values.yaml | 15 ++++++++++----- 6 files changed, 39 insertions(+), 24 deletions(-) diff --git a/helm/teleport-cluster/Chart.yaml b/helm/teleport-cluster/Chart.yaml index d8ce69d..d215736 100644 --- a/helm/teleport-cluster/Chart.yaml +++ b/helm/teleport-cluster/Chart.yaml @@ -1,13 +1,13 @@ apiVersion: v2 -appVersion: 14.2.0 +appVersion: 14.3.0 dependencies: - condition: installCRDs,operator.enabled name: teleport-operator repository: "" - version: 14.2.0 + version: 14.3.0 description: Teleport is an access platform for your infrastructure icon: https://goteleport.com/images/logos/logo-teleport-square.svg keywords: - Teleport name: teleport-cluster -version: 14.2.0 +version: 14.3.0 diff --git a/helm/teleport-cluster/charts/teleport-operator/Chart.yaml b/helm/teleport-cluster/charts/teleport-operator/Chart.yaml index 2d264d9..08584e1 100644 --- a/helm/teleport-cluster/charts/teleport-operator/Chart.yaml +++ b/helm/teleport-cluster/charts/teleport-operator/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 14.2.0 +appVersion: 14.3.0 description: Teleport Operator provides management of select Teleport resources. icon: https://goteleport.com/images/logos/logo-teleport-square.svg keywords: - Teleport name: teleport-operator -version: 14.2.0 +version: 14.3.0 diff --git a/helm/teleport-cluster/charts/teleport-operator/templates/resources.teleport.dev_provisiontokens.yaml b/helm/teleport-cluster/charts/teleport-operator/templates/resources.teleport.dev_provisiontokens.yaml index af6aa9c..dda4dd5 100644 --- a/helm/teleport-cluster/charts/teleport-operator/templates/resources.teleport.dev_provisiontokens.yaml +++ b/helm/teleport-cluster/charts/teleport-operator/templates/resources.teleport.dev_provisiontokens.yaml @@ -181,6 +181,16 @@ spec: must be accessible over HTTPS at this hostname and the certificate must be trusted by the Auth Server. type: string + enterprise_slug: + description: EnterpriseSlug allows the slug of a GitHub Enterprise + organisation to be included in the expected issuer of the OIDC + tokens. This is for compatibility with the `include_enterprise_slug` + option in GHE. This field should be set to the slug of your + enterprise if this is enabled. If this is not enabled, then + this field must be left empty. This field cannot be specified + if `enterprise_server_host` is specified. See https://docs.github.com/en/enterprise-cloud@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-issuer-value-for-an-enterprise + for more information about customised issuer values. + type: string type: object gitlab: description: GitLab allows the configuration of options specific to diff --git a/helm/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap b/helm/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap index 14d5a57..d7b1104 100644 --- a/helm/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap +++ b/helm/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap @@ -1,6 +1,6 @@ should add an operator side-car when operator is enabled: 1: | - image: public.ecr.aws/gravitational/teleport-operator:14.2.0 + image: public.ecr.aws/gravitational/teleport-operator:14.3.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -41,7 +41,7 @@ should add an operator side-car when operator is enabled: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.0 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -174,7 +174,7 @@ should set nodeSelector when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.0 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -271,7 +271,7 @@ should set resources when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.0 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -357,7 +357,7 @@ should set securityContext when set in values: - args: - --diag-addr=0.0.0.0:3000 - --apply-on-startup=/etc/teleport/apply-on-startup.yaml - image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.0 imagePullPolicy: IfNotPresent lifecycle: preStop: diff --git a/helm/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap b/helm/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap index e8362a0..26489d6 100644 --- a/helm/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap +++ b/helm/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap @@ -5,7 +5,7 @@ should provision initContainer correctly when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.0 name: wait-auth-update - args: - echo test @@ -62,7 +62,7 @@ should set nodeSelector when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.0 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -123,7 +123,7 @@ should set nodeSelector when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.0 name: wait-auth-update nodeSelector: environment: security @@ -174,7 +174,7 @@ should set resources when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.0 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -242,7 +242,7 @@ should set resources when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.0 name: wait-auth-update serviceAccountName: RELEASE-NAME-proxy terminationGracePeriodSeconds: 60 @@ -275,7 +275,7 @@ should set securityContext for initContainers when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.0 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -343,7 +343,7 @@ should set securityContext for initContainers when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.0 name: wait-auth-update securityContext: allowPrivilegeEscalation: false @@ -383,7 +383,7 @@ should set securityContext when set in values: containers: - args: - --diag-addr=0.0.0.0:3000 - image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.0 imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -451,7 +451,7 @@ should set securityContext when set in values: - wait - no-resolve - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 + image: public.ecr.aws/gravitational/teleport-distroless:14.3.0 name: wait-auth-update securityContext: allowPrivilegeEscalation: false diff --git a/helm/teleport-cluster/values.yaml b/helm/teleport-cluster/values.yaml index 1a11af3..045802f 100644 --- a/helm/teleport-cluster/values.yaml +++ b/helm/teleport-cluster/values.yaml @@ -55,9 +55,10 @@ teleportVersionOverride: "" # proxyProtocol: on # The `teleport-cluster` charts deploys two sets of pods: auth and proxy. -# `auth` contains values specific for the auth pods. You can use it to -# set specific values for auth pods, taking precedence over chart-scoped values. -# For example, to override the [`postStart`](#postStart) value only for auth pods: +# +# `auth` allows you to set chart values only for Kubernetes resources related to the Teleport Auth Service. +# This is merged with chart-scoped values and takes precedence in case of conflict. +# For example: # # auth: # postStart: ["curl", "http://hook"] @@ -79,11 +80,15 @@ auth: # client_idle_timeout_message: "Connection closed after 2hours without activity" teleportConfig: {} -# proxy contains values specific for the proxy pods -# You can override chart-scoped values, for example +# `proxy` allows you to set chart values only for Kubernetes resources related to the Teleport Proxy Service. +# This is merged with chart-scoped values and takes precedence in case of conflict. +# For example: # proxy: # postStart: ["curl", "http://hook"] # imagePullPolicy: Always +# annotations: +# service: +# external-dns.alpha.kubernetes.io/hostname: "teleport.example.com" proxy: # proxy.teleportConfig contains YAML teleport configuration for proxy pods # The configuration will be merged with the chart-generated configuration