7e6b941dcd
* Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 in /api Bumps google.golang.org/protobuf from 1.30.0 to 1.31.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue Bumps [github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue](https://github.com/aws/aws-sdk-go-v2) from 1.10.25 to 1.10.30. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/feature/dynamodb/attributevalue/v1.10.25...feature/dynamodb/attributevalue/v1.10.30) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/sashabaranov/go-openai from 1.10.1 to 1.12.0 Bumps [github.com/sashabaranov/go-openai](https://github.com/sashabaranov/go-openai) from 1.10.1 to 1.12.0. - [Release notes](https://github.com/sashabaranov/go-openai/releases) - [Commits](https://github.com/sashabaranov/go-openai/compare/v1.10.1...v1.12.0) --- updated-dependencies: - dependency-name: github.com/sashabaranov/go-openai dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump cloud.google.com/go/container from 1.21.0 to 1.22.1 Bumps [cloud.google.com/go/container](https://github.com/googleapis/google-cloud-go) from 1.21.0 to 1.22.1. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.21.0...pubsub/v1.22.1) --- updated-dependencies: - dependency-name: cloud.google.com/go/container dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/google/go-attestation Bumps [github.com/google/go-attestation](https://github.com/google/go-attestation) from 0.4.4-0.20220404204839-8820d49b18d9 to 0.5.0. - [Release notes](https://github.com/google/go-attestation/releases) - [Commits](https://github.com/google/go-attestation/commits/v0.5.0) --- updated-dependencies: - dependency-name: github.com/google/go-attestation dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/aws/aws-sdk-go-v2/service/glue from 1.51.0 to 1.53.0 Bumps [github.com/aws/aws-sdk-go-v2/service/glue](https://github.com/aws/aws-sdk-go-v2) from 1.51.0 to 1.53.0. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.51.0...service/ec2/v1.53.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/glue dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 Bumps google.golang.org/protobuf from 1.30.0 to 1.31.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/alicebob/miniredis/v2 from 2.30.2 to 2.30.4 Bumps [github.com/alicebob/miniredis/v2](https://github.com/alicebob/miniredis) from 2.30.2 to 2.30.4. - [Release notes](https://github.com/alicebob/miniredis/releases) - [Changelog](https://github.com/alicebob/miniredis/blob/master/CHANGELOG.md) - [Commits](https://github.com/alicebob/miniredis/compare/v2.30.2...v2.30.4) --- updated-dependencies: - dependency-name: github.com/alicebob/miniredis/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.15.1 to 1.16.0. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.15.1...v1.16.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/sigstore/cosign/v2 in /integrations/kube-agent-updater Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.0 to 2.1.1. - [Release notes](https://github.com/sigstore/cosign/releases) - [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/cosign/compare/v2.1.0...v2.1.1) --- updated-dependencies: - dependency-name: github.com/sigstore/cosign/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump golang.org/x/sys from 0.9.0 to 0.10.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/sys/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/hashicorp/golang-lru/v2 from 2.0.2 to 2.0.4 Bumps [github.com/hashicorp/golang-lru/v2](https://github.com/hashicorp/golang-lru) from 2.0.2 to 2.0.4. - [Release notes](https://github.com/hashicorp/golang-lru/releases) - [Commits](https://github.com/hashicorp/golang-lru/compare/v2.0.2...v2.0.4) --- updated-dependencies: - dependency-name: github.com/hashicorp/golang-lru/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump golang.org/x/text from 0.10.0 to 0.11.0 Bumps [golang.org/x/text](https://github.com/golang/text) from 0.10.0 to 0.11.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/elastic/go-elasticsearch/v8 from 8.8.1 to 8.8.2 Bumps [github.com/elastic/go-elasticsearch/v8](https://github.com/elastic/go-elasticsearch) from 8.8.1 to 8.8.2. - [Release notes](https://github.com/elastic/go-elasticsearch/releases) - [Changelog](https://github.com/elastic/go-elasticsearch/blob/v8.8.2/CHANGELOG.md) - [Commits](https://github.com/elastic/go-elasticsearch/compare/v8.8.1...v8.8.2) --- updated-dependencies: - dependency-name: github.com/elastic/go-elasticsearch/v8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump cloud.google.com/go/storage from 1.30.1 to 1.31.0 Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) from 1.30.1 to 1.31.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.30.1...pubsub/v1.31.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/storage dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump golang.org/x/mod in /integrations/kube-agent-updater Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/mod/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump golang.org/x/net from 0.11.0 to 0.12.0 in /api Bumps [golang.org/x/net](https://github.com/golang/net) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/net/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump golang.org/x/mod from 0.11.0 to 0.12.0 in /build.assets/tooling Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/mod/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * go mod tidy * revert attestation and tpm updates * fix: make grpc --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tim Ross <tim.ross@goteleport.com> |
||
---|---|---|
.. | ||
cmd/teleport-kube-agent-updater | ||
hack | ||
pkg | ||
DEBUG.md | ||
Dockerfile | ||
go.mod | ||
go.sum | ||
Makefile | ||
README.md | ||
version.go |
Teleport Kubernetes Agent Updater (teleport-kube-agent-updater
)
The Teleport kubernetes updater is a controller in charge of updating Teleport Kubernetes agents. This alleviates the cost of updating all agents on large-scale deployments.
Note: Teleport Kubernetes agents are not limited to Kubernetes Access. The term applies to every Teleport instance running in a Kubernetes cluster and not running the Proxy nor Auth Service. Agents are typically deployed by the teleport-kube-agent chart.
Design
This updater was designed first for cloud customers but can be adapter to run for on-prem users as well.
See the cloud update RFD for more context.
If an update goes wrong, a temporary downtime is acceptable until a correct version is pushed (this risk is mitigated by multi-replica deployments). However, the failure mode in which the deployment is stuck and the user has to take manual action must not happen.
The updater validates the image provenance to protect against registry compromise.
The updater logic is the following:
- check if maintenance is allowed
- check if a new version is available and version change is valid
- check if the new image can be validated