Sasha Klizhentas
4c2e221b44
Adds cloud and database preview pages
...
Creates preview navigation section.
Adds cloud preview pages.
2020-11-30 14:45:02 -08:00
Gus Luxton
c59293675a
Implement DEB repo creation via Drone ( #4996 )
2020-11-30 17:44:48 -04:00
Gus Luxton
4dd96115b7
Update quickstart docs ( #5006 )
2020-11-30 16:28:55 -04:00
Gus Luxton
7936a9234b
[docs] Firestore audit_events_uri needs projectID set otherwise it fails to work ( #4983 )
2020-11-29 21:17:43 -08:00
Sasha Klizhentas
258c002938
Adds RBAC in OSS proposal
2020-11-28 10:03:15 -08:00
Vladimir Kochnev
b911f4b551
Fix JWK kty from "rsa" to "RSA" ( #4993 )
...
JWKS libraries expect it to be "RSA", not "rsa", example:
6cfa98f8ac/src/JwksClient.js (L79-L81)
According to RFCs, "kty" field seems to be case-sensitive, though there
cannot be names matching in a case-insensitive manner:
https://tools.ietf.org/html/rfc7518#section-7.4.1
The list of key types available in RFC 7518:
https://tools.ietf.org/html/rfc7518#section-6.1
Co-authored-by: Gus Luxton <gus@gravitational.com>
2020-11-27 11:07:41 -04:00
a-palchikov
9b73af55ab
Fix local etcd backend tests ( #4986 )
...
* Fix etcd backend tests to properly skip if etcd is not requested/availalable
* Address review comments
2020-11-26 13:56:28 +01:00
jane (quin)
6eaaf3a27e
Linear benchmark generator ( #4588 )
...
* benchmark package
* use default config if path is not specified
* progressiveBench as a config method
* implement a main.go approach to run progressive tests
* make teleport client, run specified benchmark
* function and method descriptions
* make teleport client
* testing
* change interface method signatures
* dry up bench.go code, move producer goroutines to own function
* output formatting
* remove yaml
* fix linter errors
* remove print
* PR suggested changes, moved export latency profile functionality to the benchmark package
* PR fixes
* method description
* update testing
* linter
* docs and example
* PR suggestion changes
* PR changes
* wrap errors
* move bench to benchmark & testing updates
* PR changes
* PR suggestions
2020-11-25 15:47:39 -08:00
Gus Luxton
a51596d8d7
Update metrics endpoint from 3434 to default 3000 as per docs ( #4955 )
2020-11-25 17:47:59 -04:00
Gus Luxton
553d632b2d
Post-release checklist for 5.0 ( #4982 )
2020-11-25 17:23:00 -04:00
Gus Luxton
22c4915799
[auto] Update AMI IDs for 5.0.0 ( #4981 )
2020-11-25 17:04:19 -04:00
Gus Luxton
ff8d85b9cf
Add Slack notification on failure ( #4971 )
2020-11-25 16:52:29 -04:00
Andrew Lytvynov
c6832ec606
Set server_addr in audit events from connection info ( #4985 )
...
This sets a useful server IP, when no advertise_ip is set. Previously,
the address was taken from the listener, and is usually "0.0.0.0:3022"
or "[::]:3022".
Also, add some test cases in utils for IPv6 handling.
2020-11-25 12:08:37 -08:00
Ben Arent
09928a7f2b
Cherry pick Gravitational -> GoTeleport ( #4932 )
2020-11-25 11:18:55 -08:00
Ben Arent
0f38826047
Readme Update ( #4967 )
...
* Readme Update
2020-11-25 09:45:57 -08:00
a-palchikov
e75d158cc4
Trim duration suffix to avoid redundant 0 suffix ( #4905 )
...
* Trim duration suffix to avoid 0 redundancy
* Address review comments
* Fix linter warnings
2020-11-25 11:55:48 +01:00
Andrew Lytvynov
1159c4ba7b
Adda a helm chart for in-cluster kubernetes_service agent ( #4963 )
...
* Add helm chart for in-cluster kubernetes_service agent
This is a simplified version of the teleport chart, intended to only run
a "stateless" `kubernetes_service` instance within a kubernetes cluster.
This instance joins an externally-managed teleport cluster, given a
proxy address and a join token. The connection is always over a reverse
tunnel, per our recommended approach.
The chart is opinionated and only lets the user modify the bare minimum.
* Apply suggestions from code review
Co-authored-by: Gus Luxton <gus@gravitational.com>
* Move join token into a secret
Secret can be more tightly restricted via RBAC, and encrypted at rest
with KMSs.
Also, a few other small tweaks for UX.
Co-authored-by: Andrew Lytvynov <andrew@gravitational.com>
Co-authored-by: Gus Luxton <gus@gravitational.com>
2020-11-24 20:20:00 -08:00
Gus Luxton
9e8db67df8
Update CHANGELOG.md
2020-11-24 11:26:35 -08:00
Russell Jones
5e225522d9
Updated CHANGELOG.md.
2020-11-24 11:26:35 -08:00
Ben Arent
1fdf1e6fc4
Updated CHANGELOG.md.
2020-11-24 11:26:35 -08:00
Ben Arent
ea508e9f63
Make changelog more easily avabile
2020-11-24 07:44:44 -08:00
Andrew Lytvynov
835bfaa5a1
Add Kubernetes 5.0 migration guide ( #4933 )
...
* Add Kubernetes 5.0 migration guide
This guide lists 3 common pre-5.0 setups and how to migrate them to 5.0.
2020-11-24 00:15:42 +00:00
Andrew Lytvynov
9ccfab0e96
Use the absolute tsh path in kube exec plugin ( #4973 )
...
Using `os.Args[0]` is unreliable - it could be a relative path (e.g.
running `./build/tsh login ...`). Use `os.Executable()` instead, which
should give an absolute path (minus resolving symlinks).
2020-11-23 23:18:53 +00:00
Andrew Lytvynov
cdf26c74e5
Change log about missing kube clusters on login to debug ( #4935 )
...
This is a totally OK situation in clusters without k8s integration, so
it shouldn't be a warning.
2020-11-23 18:02:35 +00:00
Ben Arent
acd43f0e94
[docs] Add Meta / Desc to Database Access Page ( #4962 )
2020-11-20 18:40:41 -08:00
Russell Jones
e3aaf86753
Updated Application Access RFD.
...
Updated Application Access RFD to include a small example program that
can be used to verify a JWT.
2020-11-20 17:19:18 -08:00
Russell Jones
687c3b7d19
Updated Application Access RFD.
...
Added section on Audit Events to RFD.
2020-11-20 17:00:44 -08:00
Russell Jones
d0a202f1bc
Added error checking to Application Access CLI.
...
Check if both application name and URI are provided when attempting to
join an application service process to a cluster.
2020-11-20 16:38:52 -08:00
Russell Jones
b66ca14f61
Added HTTP method to app.session.request.
...
Added HTTP method field to "app.session.request" events.
2020-11-20 16:38:40 -08:00
Lisa Kim
c6fded6b43
[auto] Update webassets in master ( #4957 )
...
2d100fd Grab auth type from config for manual step flag --auth (#201 ) https://github.com/gravitational/webapps/commit/2d100fd
[source: -w master] [target: -t master]
2020-11-20 17:14:57 -05:00
Lisa Kim
c56df637d1
Add AuthType field for web config ( #4946 )
2020-11-20 11:21:07 -08:00
Brian Joerger
1439f35902
[docs] Go API Docs CA ( #4777 )
2020-11-20 10:17:39 -08:00
a-palchikov
673b697da8
Add stdin support to 'tctl create' ( #4906 )
...
* Add stdin support to 'tctl create'
* Address review comments
* Close the file handle on Create if reading from a file
2020-11-20 18:19:57 +01:00
Ben Arent
ce9628dce6
Fix Demo and Application Access ( #4927 )
2020-11-20 08:59:50 -08:00
Gus Luxton
89feaea7d1
[docs] Update descriptions for short-lived dynamic tokens ( #4952 )
2020-11-20 08:44:58 -08:00
Gus Luxton
e7b8cda3ee
Update Terraform to 0.13 ( #4950 )
2020-11-20 10:05:23 -04:00
Russell Jones
759455aef4
Updated Application Access Test Plan.
2020-11-19 17:41:39 -08:00
Gus Luxton
626624d46e
Only test internal docs links with milv via Makefile ( #4830 )
2020-11-19 20:21:05 -04:00
Gus Luxton
3dfc56624b
[auto] Update AMI IDs for 4.4.5 ( #4868 )
2020-11-19 19:13:23 -04:00
Gus Luxton
a2743c1408
Adds a note about installing for MacOS via Homebrew ( #4926 )
2020-11-19 18:13:46 -04:00
Russell Jones
82e39fae2b
Added Application Access support to test plan.
2020-11-19 10:58:41 -08:00
Ben Arent
0f4b5bea72
[docs] Fixes to make milv happy ( #4925 )
2020-11-19 10:22:48 -08:00
a-palchikov
09064cbc6f
Configure etcd client's message size ( #4800 )
...
* lib/backend/etcdbk: add a configuration attribute to set the client's
send message size limit.
* Update etcd backend section w.r.t new client configuration attribute
Updates https://github.com/gravitational/teleport/issues/4786 .
2020-11-19 14:03:51 +01:00
a-palchikov
ab205963f5
Fix typos ( #4903 )
2020-11-19 13:39:16 +01:00
Ben Arent
524cfa84d9
[docs] Fix theme switcher ( #4918 )
2020-11-18 20:28:17 -08:00
Ben Arent
338b480155
[docs] Teleport 5.0 Quick Start ( #4795 )
2020-11-18 17:59:16 -08:00
Ben Arent
5579bef2bb
[docs] Application Access ( #4791 )
2020-11-18 17:36:20 -08:00
Forrest Marshall
5ad1a9025c
fix early watcher closure
2020-11-18 15:40:56 -08:00
Forrest Marshall
68adee36a9
fix tsh login with trusted clusters
2020-11-18 15:40:56 -08:00
Andrew Lytvynov
645ac573c5
UX improvements for kube CLI interactions ( #4893 )
...
- 'tsh kube login' fetches the latest list of kube clusters instead of
only using existing kubeconfig contexts.
This makes 'tsh kube login' succeed when a kube cluster was added
after last 'tsh login'.
- 'tsh kube ls' no longer wrongly marks selected clusters, if they
weren't generated by tsh.
- 'tctl rm' now works with kube_service objects.
- 'tsh login' now updates kubeconfig entries when a login session is
already active
- 'teleport.yaml' now uses 'labels' and 'commands' for RBAC labels on
kubernetes_service; this is consistent with ssh and app services.
2020-11-18 22:31:04 +00:00