diff --git a/argocd-helm-charts/teleport-kube-agent/Chart.lock b/argocd-helm-charts/teleport-kube-agent/Chart.lock
index 033c4421c..eee5e3772 100644
--- a/argocd-helm-charts/teleport-kube-agent/Chart.lock
+++ b/argocd-helm-charts/teleport-kube-agent/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: teleport-kube-agent
repository: https://charts.releases.teleport.dev
- version: 16.0.4
-digest: sha256:68b13b46d2c79e6f9c2feab9ec5b4dde8dfccdd3597a8c26e8de006a9a2c0b4c
-generated: "2024-07-09T02:58:38.063403484+05:30"
+ version: 16.1.0
+digest: sha256:0143a30c9a8743d273dc6a9251052a0eba44b6d28c497bd4049b80da0ae675eb
+generated: "2024-07-22T18:05:11.466380369+05:30"
diff --git a/argocd-helm-charts/teleport-kube-agent/Chart.yaml b/argocd-helm-charts/teleport-kube-agent/Chart.yaml
index 2eaebbe77..04b46e901 100644
--- a/argocd-helm-charts/teleport-kube-agent/Chart.yaml
+++ b/argocd-helm-charts/teleport-kube-agent/Chart.yaml
@@ -7,6 +7,6 @@ keywords:
- Teleport
dependencies:
- name: teleport-kube-agent
- version: 16.0.4
+ version: 16.1.0
repository: https://charts.releases.teleport.dev
#repository: "oci://ghcr.io/Obmondo"
diff --git a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/.lint/extra-labels.yaml b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/.lint/extra-labels.yaml
index 293e8b3c1..edcbde52b 100644
--- a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/.lint/extra-labels.yaml
+++ b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/.lint/extra-labels.yaml
@@ -20,6 +20,9 @@ extraLabels:
deployment:
app.kubernetes.io/name: "teleport-kube-agent"
resource: "deployment"
+ job:
+ app.kubernetes.io/name: "teleport-kube-agent"
+ resource: "job"
pod:
app.kubernetes.io/name: "teleport-kube-agent"
resource: "pod"
diff --git a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/Chart.yaml b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/Chart.yaml
index 7cc6d2e74..1308fc6f2 100644
--- a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/Chart.yaml
+++ b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/Chart.yaml
@@ -1,9 +1,9 @@
apiVersion: v2
-appVersion: 16.0.4
+appVersion: 16.1.0
description: Teleport provides a secure SSH, Kubernetes, database and application
remote access solution that doesn't get in the way.
icon: https://goteleport.com/static/teleport-symbol-bimi.svg
keywords:
- Teleport
name: teleport-kube-agent
-version: 16.0.4
+version: 16.1.0
diff --git a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/templates/delete_hook.yaml b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/templates/delete_hook.yaml
index eb2c17de1..3690ae754 100644
--- a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/templates/delete_hook.yaml
+++ b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/templates/delete_hook.yaml
@@ -8,6 +8,10 @@ metadata:
"helm.sh/hook": post-delete
"helm.sh/hook-weight": "-4"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+{{- if .Values.extraLabels.serviceAccount }}
+ labels:
+ {{- toYaml .Values.extraLabels.serviceAccount | nindent 4 }}
+{{- end }}
---
{{- end }}
{{- if .Values.rbac.create }}
@@ -20,6 +24,10 @@ metadata:
"helm.sh/hook": post-delete
"helm.sh/hook-weight": "-3"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+{{- if .Values.extraLabels.role }}
+ labels:
+ {{- toYaml .Values.extraLabels.role | nindent 4 }}
+{{- end }}
rules:
- apiGroups: [""]
resources: ["secrets",]
@@ -34,6 +42,10 @@ metadata:
"helm.sh/hook": post-delete
"helm.sh/hook-weight": "-2"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+{{- if .Values.extraLabels.roleBinding }}
+ labels:
+ {{- toYaml .Values.extraLabels.roleBinding | nindent 4 }}
+{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@@ -53,6 +65,10 @@ metadata:
"helm.sh/hook": post-delete
"helm.sh/hook-weight": "-1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+{{- if .Values.extraLabels.job }}
+ labels:
+ {{- toYaml .Values.extraLabels.job | nindent 4 }}
+{{- end }}
spec:
template:
metadata:
diff --git a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
index a9c6b7dfb..e23333cb6 100644
--- a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
+++ b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
@@ -32,7 +32,7 @@ sets Deployment annotations when specified if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -109,7 +109,7 @@ sets Deployment labels when specified if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -173,7 +173,7 @@ sets Pod annotations when specified if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -237,7 +237,7 @@ sets Pod labels when specified if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -322,7 +322,7 @@ should add emptyDir for data when existingDataVolume is not set if action is Upg
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -387,7 +387,7 @@ should add insecureSkipProxyTLSVerify to args when set in values if action is Up
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -451,7 +451,7 @@ should correctly configure existingDataVolume when set if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -513,7 +513,7 @@ should expose diag port if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -589,7 +589,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -665,7 +665,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -729,7 +729,7 @@ should have one replica when replicaCount is not set if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -793,7 +793,7 @@ should mount extraVolumes and extraVolumeMounts if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -862,7 +862,7 @@ should mount jamfCredentialsSecret if it already exists and when role is jamf an
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -932,7 +932,7 @@ should mount jamfCredentialsSecret.name when role is jamf and action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1004,7 +1004,7 @@ should mount tls.existingCASecretName and set environment when set in values if
value: cluster.local
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1078,7 +1078,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
value: http://username:password@my.proxy.host:3128
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1148,7 +1148,7 @@ should provision initContainer correctly when set in values if action is Upgrade
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1270,7 +1270,7 @@ should set affinity when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1334,7 +1334,7 @@ should set default serviceAccountName when not set in values if action is Upgrad
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1411,7 +1411,7 @@ should set environment when extraEnv set in values if action is Upgrade:
value: cluster.local
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1539,7 +1539,7 @@ should set imagePullPolicy when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: Always
livenessProbe:
failureThreshold: 6
@@ -1603,7 +1603,7 @@ should set nodeSelector if set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1669,7 +1669,7 @@ should set not set priorityClassName when not set in values if action is Upgrade
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1745,7 +1745,7 @@ should set preferred affinity when more than one replica is used if action is Up
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1809,7 +1809,7 @@ should set priorityClassName when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1874,7 +1874,7 @@ should set probeTimeoutSeconds when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1948,7 +1948,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set if
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2012,7 +2012,7 @@ should set resources when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2083,7 +2083,7 @@ should set serviceAccountName when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2147,7 +2147,7 @@ should set tolerations when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
diff --git a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
index b76068f8f..82105dc40 100644
--- a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
+++ b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
@@ -25,7 +25,7 @@ should create ServiceAccount for post-delete hook by default:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -106,7 +106,7 @@ should not create ServiceAccount for post-delete hook if serviceAccount.create i
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -136,7 +136,7 @@ should not create ServiceAccount, Role or RoleBinding for post-delete hook if se
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -166,7 +166,7 @@ should set nodeSelector in post-delete hook:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
diff --git a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
index bf2ddb4e4..e668ef11f 100644
--- a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
+++ b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
@@ -16,7 +16,7 @@ sets Pod annotations when specified:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -86,7 +86,7 @@ sets Pod labels when specified:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -180,7 +180,7 @@ sets StatefulSet labels when specified:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -282,7 +282,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -352,7 +352,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and action
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -442,7 +442,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and is Fre
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -522,7 +522,7 @@ should add volumeMount for data volume when using StatefulSet:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -592,7 +592,7 @@ should expose diag port:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -662,7 +662,7 @@ should generate Statefulset when storage is disabled and mode is a Upgrade:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -746,7 +746,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -828,7 +828,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -898,7 +898,7 @@ should have one replica when replicaCount is not set:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -968,7 +968,7 @@ should install Statefulset when storage is disabled and mode is a Fresh Install:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1040,7 +1040,7 @@ should mount extraVolumes and extraVolumeMounts:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1115,7 +1115,7 @@ should mount jamfCredentialsSecret if it already exists and when role is jamf:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1193,7 +1193,7 @@ should mount jamfCredentialsSecret.name when role is jamf:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1273,7 +1273,7 @@ should mount tls.existingCASecretName and set environment when set in values:
value: RELEASE-NAME
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1355,7 +1355,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
value: /etc/teleport-tls-ca/ca.pem
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1433,7 +1433,7 @@ should not add emptyDir for data when using StatefulSet:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1503,7 +1503,7 @@ should provision initContainer correctly when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1631,7 +1631,7 @@ should set affinity when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1701,7 +1701,7 @@ should set default serviceAccountName when not set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1784,7 +1784,7 @@ should set environment when extraEnv set in values:
value: RELEASE-NAME
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1924,7 +1924,7 @@ should set imagePullPolicy when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: Always
livenessProbe:
failureThreshold: 6
@@ -1994,7 +1994,7 @@ should set nodeSelector if set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2078,7 +2078,7 @@ should set preferred affinity when more than one replica is used:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2148,7 +2148,7 @@ should set probeTimeoutSeconds when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2228,7 +2228,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2298,7 +2298,7 @@ should set resources when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2375,7 +2375,7 @@ should set serviceAccountName when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2445,7 +2445,7 @@ should set storage.requests when set in values and action is an Upgrade:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2515,7 +2515,7 @@ should set storage.storageClassName when set in values and action is an Upgrade:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2585,7 +2585,7 @@ should set tolerations when set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:16.0.4
+ image: public.ecr.aws/gravitational/teleport-distroless:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
diff --git a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
index 88a7a5ddb..326ca9952 100644
--- a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
+++ b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
@@ -27,7 +27,7 @@ sets the affinity:
- --base-image=public.ecr.aws/gravitational/teleport-distroless
- --version-server=https://my-custom-version-server/v1
- --version-channel=custom/preview
- image: public.ecr.aws/gravitational/teleport-kube-agent-updater:16.0.4
+ image: public.ecr.aws/gravitational/teleport-kube-agent-updater:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -73,7 +73,7 @@ sets the tolerations:
- --base-image=public.ecr.aws/gravitational/teleport-distroless
- --version-server=https://my-custom-version-server/v1
- --version-channel=custom/preview
- image: public.ecr.aws/gravitational/teleport-kube-agent-updater:16.0.4
+ image: public.ecr.aws/gravitational/teleport-kube-agent-updater:16.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
diff --git a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/job_test.yaml b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/job_test.yaml
index 39bbf378b..febb020f6 100644
--- a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/job_test.yaml
+++ b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/tests/job_test.yaml
@@ -43,6 +43,19 @@ tests:
seccompProfile:
type: RuntimeDefault
+ - it: should set extraLabels for Job in post-delete hook
+ template: delete_hook.yaml
+ # documentIndex: 0=ServiceAccount 1=Role 2=RoleBinding 3=Job
+ documentIndex: 3
+ values:
+ - ../.lint/extra-labels.yaml
+ asserts:
+ - equal:
+ path: metadata.labels
+ value:
+ app.kubernetes.io/name: "teleport-kube-agent"
+ resource: "job"
+
- it: should set nodeSelector in post-delete hook
template: delete_hook.yaml
# documentIndex: 0=ServiceAccount 1=Role 2=RoleBinding 3=Job
@@ -91,6 +104,19 @@ tests:
path: metadata.name
value: lint-serviceaccount-delete-hook
+ - it: should set extraLabels for ServiceAccount in post-delete hook
+ template: delete_hook.yaml
+ # documentIndex: 0=ServiceAccount 1=Role 2=RoleBinding 3=Job
+ documentIndex: 0
+ values:
+ - ../.lint/extra-labels.yaml
+ asserts:
+ - equal:
+ path: metadata.labels
+ value:
+ app.kubernetes.io/name: "teleport-kube-agent"
+ resource: "serviceaccount"
+
- it: should create Role for post-delete hook by default
template: delete_hook.yaml
values:
@@ -100,6 +126,19 @@ tests:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
+ - it: should set extraLabels for Role in post-delete hook
+ template: delete_hook.yaml
+ # documentIndex: 0=ServiceAccount 1=Role 2=RoleBinding 3=Job
+ documentIndex: 1
+ values:
+ - ../.lint/extra-labels.yaml
+ asserts:
+ - equal:
+ path: metadata.labels
+ value:
+ app.kubernetes.io/name: "teleport-kube-agent"
+ resource: "role"
+
- it: should create RoleBinding for post-delete hook by default
template: delete_hook.yaml
values:
@@ -109,6 +148,19 @@ tests:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
+ - it: should set extraLabels for RoleBinding in post-delete hook
+ template: delete_hook.yaml
+ # documentIndex: 0=ServiceAccount 1=Role 2=RoleBinding 3=Job
+ documentIndex: 2
+ values:
+ - ../.lint/extra-labels.yaml
+ asserts:
+ - equal:
+ path: metadata.labels
+ value:
+ app.kubernetes.io/name: "teleport-kube-agent"
+ resource: "rolebinding"
+
- it: should not create ServiceAccount for post-delete hook if serviceAccount.create is false
template: delete_hook.yaml
values:
diff --git a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/values.schema.json b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/values.schema.json
index 33e9fdcd7..e18952337 100644
--- a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/values.schema.json
+++ b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/values.schema.json
@@ -558,6 +558,11 @@
"type": "object",
"default": {}
},
+ "job": {
+ "$id": "#/properties/extraLabels/properties/job",
+ "type": "object",
+ "default": {}
+ },
"pod": {
"$id": "#/properties/extraLabels/properties/pod",
"type": "object",
diff --git a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/values.yaml b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/values.yaml
index 3bdb0dece..94923a3bc 100644
--- a/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/values.yaml
+++ b/argocd-helm-charts/teleport-kube-agent/charts/teleport-kube-agent/values.yaml
@@ -109,7 +109,7 @@ kubeClusterName: ""
################################################################
# apps(list) -- is a static list of applications that should be proxied by
-# the agent. See [the Teleport Application access documentation](../../../application-access/introduction.mdx)
+# the agent. See [the Teleport Application access documentation](../../../enroll-resources/application-access/introduction.mdx)
# for more details.
#
# Proxied applications can be defined statically (through this value) or dynamically
@@ -134,13 +134,13 @@ kubeClusterName: ""
#
# You can see a list of all the supported values that can be used in a Teleport
# Application Service configuration in the [Application Service Configuration
-# Reference](../../../application-access/reference.mdx#configuration).
+# Reference](../../../enroll-resources/application-access/reference.mdx#configuration).
#
apps: []
# appResources(list) -- is a set of labels the agent will monitor. Any application
# matching those labels will be proxied by the agent. See [the Teleport
-# Application access documentation](../../../application-access/introduction.mdx)
+# Application access documentation](../../../enroll-resources/application-access/introduction.mdx)
# for more details.
#
# Proxied applications can be defined statically (through [`apps`](#apps)) or
@@ -159,7 +159,7 @@ apps: []
#
#
# Once `appResources` is set, you can dynamically register application with
-# `tsh` by following [the Dynamic App Registration guide](../../../application-access/guides/dynamic-registration.mdx).
+# `tsh` by following [the Dynamic App Registration guide](../../../enroll-resources/application-access/guides/dynamic-registration.mdx).
#
appResources: []
@@ -179,7 +179,7 @@ clusterDomain: "cluster.local"
# awsDatabases(list) -- configures AWS database auto-discovery.
#
#
-# For AWS database auto-discovery to work, your Database Service pods will need to use a role which has appropriate IAM permissions as per the [database documentation](../../../database-access/enroll-aws-databases/rds.mdx#step-36-create-iam-policies-for-teleport).
+# For AWS database auto-discovery to work, your Database Service pods will need to use a role which has appropriate IAM permissions as per the [database documentation](../../../enroll-resources/database-access/enroll-aws-databases/rds.mdx#step-36-create-iam-policies-for-teleport).
# After configuring a role, you can use an `eks.amazonaws.com/role-arn` annotation with the `annotations.serviceAccount` value to associate it with the service account and grant permissions:
#
# ```yaml
@@ -219,7 +219,7 @@ awsDatabases: []
# azureDatabases(list) -- configures Azure database auto-discovery.
#
-# For Azure database auto-discovery to work, your Database Service pods will need to have appropriate IAM permissions as per the [database documentation](../../../database-access/enroll-azure-databases/azure-postgres-mysql.mdx#step-35-configure-iam-permissions-for-teleport).
+# For Azure database auto-discovery to work, your Database Service pods will need to have appropriate IAM permissions as per the [database documentation](../../../enroll-resources/database-access/enroll-azure-databases/azure-postgres-mysql.mdx#step-35-configure-iam-permissions-for-teleport).
#
# After configuring a service principal with appropriate IAM permissions, you must pass credentials to the pods.
# The easiest way is to use an Azure client secret.
@@ -291,7 +291,7 @@ awsDatabases: []
azureDatabases: []
# databases(list) -- is a static list of databases that should be proxied by
-# the agent. See [the Teleport Database access documentation](../../../database-access/introduction.mdx)
+# the agent. See [the Teleport Database access documentation](../../../enroll-resources/database-access/database-access.mdx)
# for more details.
#
# Proxied applications can be defined statically (through this value) or dynamically
@@ -320,7 +320,7 @@ azureDatabases: []
# ```
#
#
-# You can see a list of all the supported [values which can be used in a Teleport database service configuration here](../../../database-access/reference/configuration.mdx).
+# You can see a list of all the supported [values which can be used in a Teleport database service configuration here](../../../enroll-resources/database-access/reference/configuration.mdx).
#
#
#
@@ -354,7 +354,8 @@ databases: []
# databaseResources(list) -- is a set of labels the agent will monitor.
# Any database matching those labels will be proxied by the agent. See [the Teleport
-# Database access documentation](../../../database-access/introduction.mdx)
+# Database access
+# documentation](../../../enroll-resources/database-access/database-access.mdx)
# for more details.
#
# Proxied databases can be defined statically (through [`databases`](#databases)) or
@@ -374,7 +375,7 @@ databases: []
#
#
# Once `databaseResources` is set, you can dynamically register database with
-# `tsh` by following [this guide](../../../database-access/guides/dynamic-registration.mdx).
+# `tsh` by following [this guide](../../../enroll-resources/database-access/guides/dynamic-registration.mdx).
#
databaseResources: []
@@ -388,7 +389,7 @@ databaseResources: []
# The Discovery Service is enabled when the agent `roles` contains "discovery".
# The Discovery service automatically detects Kubernetes Services and configures
# the agent to provide access to them. See [the Kubernetes App Discovery
-# documentation](../../../auto-discovery/kubernetes-applications/architecture.mdx)
+# documentation](../../../enroll-resources/auto-discovery/kubernetes-applications/architecture.mdx)
# for more details.
#
#
@@ -1116,6 +1117,8 @@ extraLabels:
config: {}
# extraLabels.deployment(object) -- are labels to set on the Deployment or StatefulSet.
deployment: {}
+ # extraLabels.job(object) -- are labels to set on the post-delete Job created by the chart.
+ job: {}
# extraLabels.pod(object) -- are labels to set on the Pods created by the
# Deployment or StatefulSet.
pod: {}
diff --git a/changelog.md b/changelog.md
index e0e0fd47b..7eefbab68 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,3 +1,4 @@
[2024-07-10 13:36:18] Updated argocd-image-updater from version 0.10.2 to 0.11.0
[2024-07-12 14:26:41] Added ccm-hetzner version 1.1.15
[2024-07-22 17:44:28] Updated teleport-cluster from version 15.4.9 to 16.1.0
+[2024-07-22 18:05:57] Updated teleport-kube-agent from version 16.0.4 to 16.1.0