sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Teleport - version 업그레이드

Browse Source
This commit is contained in:
dsk-minchulahn
2024-01-22 13:22:46 +09:00
parent f331ea9bc4
commit d85af16c93
6 changed files with 39 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
helm/teleport-cluster/Chart.yaml
View File

@@ -1,13 +1,13 @@
apiVersion: v2 apiVersion: v2
appVersion: 14.2.0 appVersion: 14.3.0
dependencies: dependencies:
- condition: installCRDs,operator.enabled - condition: installCRDs,operator.enabled
name: teleport-operator name: teleport-operator
repository: "" repository: ""
version: 14.2.0 version: 14.3.0
description: Teleport is an access platform for your infrastructure description: Teleport is an access platform for your infrastructure
icon: https://goteleport.com/images/logos/logo-teleport-square.svg icon: https://goteleport.com/images/logos/logo-teleport-square.svg
keywords: keywords:
- Teleport - Teleport
name: teleport-cluster name: teleport-cluster
version: 14.2.0 version: 14.3.0

4
helm/teleport-cluster/charts/teleport-operator/Chart.yaml
View File

@@ -1,8 +1,8 @@
apiVersion: v2 apiVersion: v2
appVersion: 14.2.0 appVersion: 14.3.0
description: Teleport Operator provides management of select Teleport resources. description: Teleport Operator provides management of select Teleport resources.
icon: https://goteleport.com/images/logos/logo-teleport-square.svg icon: https://goteleport.com/images/logos/logo-teleport-square.svg
keywords: keywords:
- Teleport - Teleport
name: teleport-operator name: teleport-operator
version: 14.2.0 version: 14.3.0

10
helm/teleport-cluster/charts/teleport-operator/templates/resources.teleport.dev_provisiontokens.yaml
View File

@@ -181,6 +181,16 @@ spec:
must be accessible over HTTPS at this hostname and the certificate must be accessible over HTTPS at this hostname and the certificate
must be trusted by the Auth Server. must be trusted by the Auth Server.
type: string type: string
enterprise_slug:
description: EnterpriseSlug allows the slug of a GitHub Enterprise
organisation to be included in the expected issuer of the OIDC
tokens. This is for compatibility with the `include_enterprise_slug`
option in GHE. This field should be set to the slug of your
enterprise if this is enabled. If this is not enabled, then
this field must be left empty. This field cannot be specified
if `enterprise_server_host` is specified. See https://docs.github.com/en/enterprise-cloud@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-issuer-value-for-an-enterprise
for more information about customised issuer values.
type: string
type: object type: object
gitlab: gitlab:
description: GitLab allows the configuration of options specific to description: GitLab allows the configuration of options specific to

10
helm/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
View File

@@ -1,6 +1,6 @@
should add an operator side-car when operator is enabled: should add an operator side-car when operator is enabled:
1: | 1: |
image: public.ecr.aws/gravitational/teleport-operator:14.2.0 image: public.ecr.aws/gravitational/teleport-operator:14.3.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
httpGet: httpGet:
@@ -41,7 +41,7 @@ should add an operator side-car when operator is enabled:
- args: - args:
- --diag-addr=0.0.0.0:3000 - --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 image: public.ecr.aws/gravitational/teleport-distroless:14.3.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -174,7 +174,7 @@ should set nodeSelector when set in values:
- args: - args:
- --diag-addr=0.0.0.0:3000 - --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 image: public.ecr.aws/gravitational/teleport-distroless:14.3.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -271,7 +271,7 @@ should set resources when set in values:
- args: - args:
- --diag-addr=0.0.0.0:3000 - --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 image: public.ecr.aws/gravitational/teleport-distroless:14.3.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -357,7 +357,7 @@ should set securityContext when set in values:
- args: - args:
- --diag-addr=0.0.0.0:3000 - --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml - --apply-on-startup=/etc/teleport/apply-on-startup.yaml
image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 image: public.ecr.aws/gravitational/teleport-distroless:14.3.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:

18
helm/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
View File

@@ -5,7 +5,7 @@ should provision initContainer correctly when set in values:
- wait - wait
- no-resolve - no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 image: public.ecr.aws/gravitational/teleport-distroless:14.3.0
name: wait-auth-update name: wait-auth-update
- args: - args:
- echo test - echo test
@@ -62,7 +62,7 @@ should set nodeSelector when set in values:
containers: containers:
- args: - args:
- --diag-addr=0.0.0.0:3000 - --diag-addr=0.0.0.0:3000
image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 image: public.ecr.aws/gravitational/teleport-distroless:14.3.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -123,7 +123,7 @@ should set nodeSelector when set in values:
- wait - wait
- no-resolve - no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 image: public.ecr.aws/gravitational/teleport-distroless:14.3.0
name: wait-auth-update name: wait-auth-update
nodeSelector: nodeSelector:
environment: security environment: security
@@ -174,7 +174,7 @@ should set resources when set in values:
containers: containers:
- args: - args:
- --diag-addr=0.0.0.0:3000 - --diag-addr=0.0.0.0:3000
image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 image: public.ecr.aws/gravitational/teleport-distroless:14.3.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -242,7 +242,7 @@ should set resources when set in values:
- wait - wait
- no-resolve - no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 image: public.ecr.aws/gravitational/teleport-distroless:14.3.0
name: wait-auth-update name: wait-auth-update
serviceAccountName: RELEASE-NAME-proxy serviceAccountName: RELEASE-NAME-proxy
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60
@@ -275,7 +275,7 @@ should set securityContext for initContainers when set in values:
containers: containers:
- args: - args:
- --diag-addr=0.0.0.0:3000 - --diag-addr=0.0.0.0:3000
image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 image: public.ecr.aws/gravitational/teleport-distroless:14.3.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -343,7 +343,7 @@ should set securityContext for initContainers when set in values:
- wait - wait
- no-resolve - no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 image: public.ecr.aws/gravitational/teleport-distroless:14.3.0
name: wait-auth-update name: wait-auth-update
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
@@ -383,7 +383,7 @@ should set securityContext when set in values:
containers: containers:
- args: - args:
- --diag-addr=0.0.0.0:3000 - --diag-addr=0.0.0.0:3000
image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 image: public.ecr.aws/gravitational/teleport-distroless:14.3.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
lifecycle: lifecycle:
preStop: preStop:
@@ -451,7 +451,7 @@ should set securityContext when set in values:
- wait - wait
- no-resolve - no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local - RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
image: public.ecr.aws/gravitational/teleport-distroless:14.2.0 image: public.ecr.aws/gravitational/teleport-distroless:14.3.0
name: wait-auth-update name: wait-auth-update
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false

15
helm/teleport-cluster/values.yaml
View File

@@ -55,9 +55,10 @@ teleportVersionOverride: ""
# proxyProtocol: on # proxyProtocol: on
# The `teleport-cluster` charts deploys two sets of pods: auth and proxy. # The `teleport-cluster` charts deploys two sets of pods: auth and proxy.
# `auth` contains values specific for the auth pods. You can use it to #
# set specific values for auth pods, taking precedence over chart-scoped values. # `auth` allows you to set chart values only for Kubernetes resources related to the Teleport Auth Service.
# For example, to override the [`postStart`](#postStart) value only for auth pods: # This is merged with chart-scoped values and takes precedence in case of conflict.
# For example:
# #
# auth: # auth:
# postStart: ["curl", "http://hook"] # postStart: ["curl", "http://hook"]
@@ -79,11 +80,15 @@ auth:
# client_idle_timeout_message: "Connection closed after 2hours without activity" # client_idle_timeout_message: "Connection closed after 2hours without activity"
teleportConfig: {} teleportConfig: {}
# proxy contains values specific for the proxy pods # `proxy` allows you to set chart values only for Kubernetes resources related to the Teleport Proxy Service.
# You can override chart-scoped values, for example # This is merged with chart-scoped values and takes precedence in case of conflict.
# For example:
# proxy: # proxy:
# postStart: ["curl", "http://hook"] # postStart: ["curl", "http://hook"]
# imagePullPolicy: Always # imagePullPolicy: Always
# annotations:
# service:
# external-dns.alpha.kubernetes.io/hostname: "teleport.example.com"
proxy: proxy:
# proxy.teleportConfig contains YAML teleport configuration for proxy pods # proxy.teleportConfig contains YAML teleport configuration for proxy pods
# The configuration will be merged with the chart-generated configuration # The configuration will be merged with the chart-generated configuration