diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7a68c17f2c72b..6734b2874fd92 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,13 @@
# Changelog
+## 14.3.36 (02/13/25)
+
+### Security Fixes
+
+* Fixed security issue with arbitrary file reads on SSH nodes. [#52139](https://github.com/gravitational/teleport/pull/52139)
+* Verify that cluster name of TLS peer certs matches the cluster name of the CA that issued it to prevent Auth bypasses. [#52133](https://github.com/gravitational/teleport/pull/52133)
+* Updated golang.org/x/crypto to v0.31.0 (CVE-2024-45337). [#50081](https://github.com/gravitational/teleport/pull/50081)
+
## 14.3.34 (11/27/24)
* Fixed a bug in the `teleport-cluster` Helm chart that can cause token mount to fail when using ArgoCD. [#49071](https://github.com/gravitational/teleport/pull/49071)
diff --git a/Makefile b/Makefile
index 628922376dc45..f36b95d6e91ff 100644
--- a/Makefile
+++ b/Makefile
@@ -11,7 +11,7 @@
# Stable releases: "1.0.0"
# Pre-releases: "1.0.0-alpha.1", "1.0.0-beta.2", "1.0.0-rc.3"
# Master/dev branch: "1.0.0-dev"
-VERSION=14.3.34
+VERSION=14.3.36
DOCKER_IMAGE ?= teleport
diff --git a/api/version.go b/api/version.go
index 1a44f7787d518..3eda5a7653605 100644
--- a/api/version.go
+++ b/api/version.go
@@ -3,6 +3,6 @@ package api
import "github.com/coreos/go-semver/semver"
-const Version = "14.3.34"
+const Version = "14.3.36"
var SemVersion = semver.New(Version)
diff --git a/build.assets/macos/tsh/tsh.app/Contents/Info.plist b/build.assets/macos/tsh/tsh.app/Contents/Info.plist
index 71e878e8e6b90..b9321792a7770 100644
--- a/build.assets/macos/tsh/tsh.app/Contents/Info.plist
+++ b/build.assets/macos/tsh/tsh.app/Contents/Info.plist
@@ -19,13 +19,13 @@
CFBundlePackageType
APPL
CFBundleShortVersionString
- 14.3.34
+ 14.3.36
CFBundleSupportedPlatforms
MacOSX
CFBundleVersion
- 14.3.34
+ 14.3.36
DTCompiler
com.apple.compilers.llvm.clang.1_0
DTPlatformBuild
diff --git a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
index e92bd5c3de195..26107fd6ce605 100644
--- a/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
+++ b/build.assets/macos/tshdev/tsh.app/Contents/Info.plist
@@ -17,13 +17,13 @@
CFBundlePackageType
APPL
CFBundleShortVersionString
- 14.3.34
+ 14.3.36
CFBundleSupportedPlatforms
MacOSX
CFBundleVersion
- 14.3.34
+ 14.3.36
DTCompiler
com.apple.compilers.llvm.clang.1_0
DTPlatformBuild
diff --git a/examples/chart/teleport-cluster/Chart.yaml b/examples/chart/teleport-cluster/Chart.yaml
index 374274e49f0bb..5374437cfb4d3 100644
--- a/examples/chart/teleport-cluster/Chart.yaml
+++ b/examples/chart/teleport-cluster/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "14.3.34"
+.version: &version "14.3.36"
name: teleport-cluster
apiVersion: v2
diff --git a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
index 0ef668eb2d7c2..ab1f4905292bb 100644
--- a/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
+++ b/examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "14.3.34"
+.version: &version "14.3.36"
name: teleport-operator
apiVersion: v2
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap
index a406742a7ac46..1b84f5b18c883 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_clusterrole_test.yaml.snap
@@ -8,8 +8,8 @@ adds operator permissions to ClusterRole:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
- app.kubernetes.io/version: 14.3.34
- helm.sh/chart: teleport-cluster-14.3.34
+ app.kubernetes.io/version: 14.3.36
+ helm.sh/chart: teleport-cluster-14.3.36
teleport.dev/majorVersion: "14"
name: RELEASE-NAME
rules:
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap
index ab75ec04444f4..b40405d6e1e21 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_config_test.yaml.snap
@@ -1797,8 +1797,8 @@ sets clusterDomain on Configmap:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
- app.kubernetes.io/version: 14.3.34
- helm.sh/chart: teleport-cluster-14.3.34
+ app.kubernetes.io/version: 14.3.36
+ helm.sh/chart: teleport-cluster-14.3.36
teleport.dev/majorVersion: "14"
name: RELEASE-NAME-auth
namespace: NAMESPACE
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
index 4de84b40be518..a5f48514b17b9 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap
@@ -1,6 +1,6 @@
should add an operator side-car when operator is enabled:
1: |
- image: public.ecr.aws/gravitational/teleport-operator:14.3.34
+ image: public.ecr.aws/gravitational/teleport-operator:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -41,7 +41,7 @@ should add an operator side-car when operator is enabled:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -174,7 +174,7 @@ should set nodeSelector when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -271,7 +271,7 @@ should set resources when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -357,7 +357,7 @@ should set securityContext when set in values:
- args:
- --diag-addr=0.0.0.0:3000
- --apply-on-startup=/etc/teleport/apply-on-startup.yaml
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap
index dd61aed029ccb..b0af34deb5960 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_config_test.yaml.snap
@@ -567,8 +567,8 @@ sets clusterDomain on Configmap:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
- app.kubernetes.io/version: 14.3.34
- helm.sh/chart: teleport-cluster-14.3.34
+ app.kubernetes.io/version: 14.3.36
+ helm.sh/chart: teleport-cluster-14.3.36
teleport.dev/majorVersion: "14"
name: RELEASE-NAME-proxy
namespace: NAMESPACE
diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
index 5436a9f0c9d69..d976d96cda621 100644
--- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
+++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap
@@ -11,8 +11,8 @@ sets clusterDomain on Deployment Pods:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
- app.kubernetes.io/version: 14.3.34
- helm.sh/chart: teleport-cluster-14.3.34
+ app.kubernetes.io/version: 14.3.36
+ helm.sh/chart: teleport-cluster-14.3.36
teleport.dev/majorVersion: "14"
name: RELEASE-NAME-proxy
namespace: NAMESPACE
@@ -26,7 +26,7 @@ sets clusterDomain on Deployment Pods:
template:
metadata:
annotations:
- checksum/config: 86bc053300d968e11b90f5fc900381e8309275c6976b95ee7e5463abd8750dcd
+ checksum/config: 5f89f5a4075c5ca9358c36cfe06fd7d07787f7ff2b4484c434a6e08f7af7e256
kubernetes.io/pod: test-annotation
kubernetes.io/pod-different: 4
labels:
@@ -34,8 +34,8 @@ sets clusterDomain on Deployment Pods:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-cluster
- app.kubernetes.io/version: 14.3.34
- helm.sh/chart: teleport-cluster-14.3.34
+ app.kubernetes.io/version: 14.3.36
+ helm.sh/chart: teleport-cluster-14.3.36
teleport.dev/majorVersion: "14"
spec:
affinity:
@@ -44,7 +44,7 @@ sets clusterDomain on Deployment Pods:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -105,7 +105,7 @@ sets clusterDomain on Deployment Pods:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.test.com
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
name: wait-auth-update
serviceAccountName: RELEASE-NAME-proxy
terminationGracePeriodSeconds: 60
@@ -137,7 +137,7 @@ should provision initContainer correctly when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
name: wait-auth-update
- args:
- echo test
@@ -194,7 +194,7 @@ should set nodeSelector when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -255,7 +255,7 @@ should set nodeSelector when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
name: wait-auth-update
nodeSelector:
environment: security
@@ -306,7 +306,7 @@ should set resources when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -374,7 +374,7 @@ should set resources when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
name: wait-auth-update
serviceAccountName: RELEASE-NAME-proxy
terminationGracePeriodSeconds: 60
@@ -407,7 +407,7 @@ should set securityContext for initContainers when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -475,7 +475,7 @@ should set securityContext for initContainers when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
name: wait-auth-update
securityContext:
allowPrivilegeEscalation: false
@@ -515,7 +515,7 @@ should set securityContext when set in values:
containers:
- args:
- --diag-addr=0.0.0.0:3000
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
@@ -583,7 +583,7 @@ should set securityContext when set in values:
- wait
- no-resolve
- RELEASE-NAME-auth-v13.NAMESPACE.svc.cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
name: wait-auth-update
securityContext:
allowPrivilegeEscalation: false
diff --git a/examples/chart/teleport-kube-agent/Chart.yaml b/examples/chart/teleport-kube-agent/Chart.yaml
index 01e84306ee168..753add416131a 100644
--- a/examples/chart/teleport-kube-agent/Chart.yaml
+++ b/examples/chart/teleport-kube-agent/Chart.yaml
@@ -1,4 +1,4 @@
-.version: &version "14.3.34"
+.version: &version "14.3.36"
name: teleport-kube-agent
apiVersion: v2
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
index d6ba8b314d321..876a78d92d737 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
@@ -32,7 +32,7 @@ sets Deployment annotations when specified if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -107,7 +107,7 @@ sets Deployment labels when specified if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -169,7 +169,7 @@ sets Pod annotations when specified if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -231,7 +231,7 @@ sets Pod labels when specified if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -310,7 +310,7 @@ should add emptyDir for data when existingDataVolume is not set if action is Upg
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -373,7 +373,7 @@ should add insecureSkipProxyTLSVerify to args when set in values if action is Up
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -435,7 +435,7 @@ should correctly configure existingDataVolume when set if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -495,7 +495,7 @@ should expose diag port if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -569,7 +569,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -643,7 +643,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -705,7 +705,7 @@ should have one replica when replicaCount is not set if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -767,7 +767,7 @@ should mount extraVolumes and extraVolumeMounts if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -836,7 +836,7 @@ should mount tls.existingCASecretName and set environment when set in values if
value: cluster.local
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -908,7 +908,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
value: http://username:password@my.proxy.host:3128
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -976,7 +976,7 @@ should provision initContainer correctly when set in values if action is Upgrade
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1074,7 +1074,7 @@ should set SecurityContext if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1156,7 +1156,7 @@ should set affinity when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1218,7 +1218,7 @@ should set default serviceAccountName when not set in values if action is Upgrad
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1293,7 +1293,7 @@ should set environment when extraEnv set in values if action is Upgrade:
value: cluster.local
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1417,7 +1417,7 @@ should set imagePullPolicy when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: Always
livenessProbe:
failureThreshold: 6
@@ -1479,7 +1479,7 @@ should set nodeSelector if set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1543,7 +1543,7 @@ should set not set priorityClassName when not set in values if action is Upgrade
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1617,7 +1617,7 @@ should set preferred affinity when more than one replica is used if action is Up
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1679,7 +1679,7 @@ should set priorityClassName when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1742,7 +1742,7 @@ should set probeTimeoutSeconds when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1814,7 +1814,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set if
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1876,7 +1876,7 @@ should set resources when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1945,7 +1945,7 @@ should set serviceAccountName when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2007,7 +2007,7 @@ should set tolerations when set in values if action is Upgrade:
value: "true"
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
index d704dfd579932..f11b59e84a261 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/job_test.yaml.snap
@@ -25,7 +25,7 @@ should create ServiceAccount for post-delete hook by default:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -106,7 +106,7 @@ should not create ServiceAccount for post-delete hook if serviceAccount.create i
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -134,7 +134,7 @@ should not create ServiceAccount, Role or RoleBinding for post-delete hook if se
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -162,7 +162,7 @@ should set nodeSelector in post-delete hook:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
@@ -192,7 +192,7 @@ should set resources in the Job's pod spec if resources is set in values:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
name: post-delete-job
resources:
@@ -227,7 +227,7 @@ should set securityContext in post-delete hook:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: RELEASE-NAME
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
name: post-delete-job
securityContext:
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
index f20857e2f6776..3bdd2af6377d1 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
@@ -18,7 +18,7 @@ sets Pod annotations when specified:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -88,7 +88,7 @@ sets Pod labels when specified:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -182,7 +182,7 @@ sets StatefulSet labels when specified:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -280,7 +280,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -350,7 +350,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and action
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -440,7 +440,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet and is Fre
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -520,7 +520,7 @@ should add volumeMount for data volume when using StatefulSet:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -590,7 +590,7 @@ should expose diag port:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -660,7 +660,7 @@ should generate Statefulset when storage is disabled and mode is a Upgrade:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -744,7 +744,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -826,7 +826,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -896,7 +896,7 @@ should have one replica when replicaCount is not set:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -966,7 +966,7 @@ should install Statefulset when storage is disabled and mode is a Fresh Install:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1038,7 +1038,7 @@ should mount extraVolumes and extraVolumeMounts:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1115,7 +1115,7 @@ should mount tls.existingCASecretName and set environment when set in values:
value: cluster.local
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1197,7 +1197,7 @@ should mount tls.existingCASecretName and set extra environment when set in valu
value: /etc/teleport-tls-ca/ca.pem
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1275,7 +1275,7 @@ should not add emptyDir for data when using StatefulSet:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1345,7 +1345,7 @@ should provision initContainer correctly when set in values:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1451,7 +1451,7 @@ should set SecurityContext:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1541,7 +1541,7 @@ should set affinity when set in values:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1611,7 +1611,7 @@ should set default serviceAccountName when not set in values:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1694,7 +1694,7 @@ should set environment when extraEnv set in values:
value: cluster.local
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1834,7 +1834,7 @@ should set imagePullPolicy when set in values:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: Always
livenessProbe:
failureThreshold: 6
@@ -1904,7 +1904,7 @@ should set nodeSelector if set in values:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -1988,7 +1988,7 @@ should set preferred affinity when more than one replica is used:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2058,7 +2058,7 @@ should set probeTimeoutSeconds when set in values:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2138,7 +2138,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2208,7 +2208,7 @@ should set resources when set in values:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2285,7 +2285,7 @@ should set serviceAccountName when set in values:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2355,7 +2355,7 @@ should set storage.requests when set in values and action is an Upgrade:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2425,7 +2425,7 @@ should set storage.storageClassName when set in values and action is an Upgrade:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -2495,7 +2495,7 @@ should set tolerations when set in values:
value: RELEASE-NAME
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: cluster.local
- image: public.ecr.aws/gravitational/teleport-distroless:14.3.34
+ image: public.ecr.aws/gravitational/teleport-distroless:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
diff --git a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
index cd718f07d2bc1..52350fc2fa6ac 100644
--- a/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
+++ b/examples/chart/teleport-kube-agent/tests/__snapshot__/updater_deployment_test.yaml.snap
@@ -27,7 +27,7 @@ sets the affinity:
- --base-image=public.ecr.aws/gravitational/teleport-distroless
- --version-server=https://my-custom-version-server/v1
- --version-channel=custom/preview
- image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.34
+ image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
@@ -71,7 +71,7 @@ sets the tolerations:
- --base-image=public.ecr.aws/gravitational/teleport-distroless
- --version-server=https://my-custom-version-server/v1
- --version-channel=custom/preview
- image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.34
+ image: public.ecr.aws/gravitational/teleport-kube-agent-updater:14.3.36
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6