self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-21 09:44:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
teleport/integrations/kube-agent-updater
History
dependabot-batcher[bot] 7e6b941dcd
Batched Dependabot updates (#28584) 
* Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 in /api

Bumps google.golang.org/protobuf from 1.30.0 to 1.31.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue

Bumps [github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue](https://github.com/aws/aws-sdk-go-v2) from 1.10.25 to 1.10.30.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/feature/dynamodb/attributevalue/v1.10.25...feature/dynamodb/attributevalue/v1.10.30)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/sashabaranov/go-openai from 1.10.1 to 1.12.0

Bumps [github.com/sashabaranov/go-openai](https://github.com/sashabaranov/go-openai) from 1.10.1 to 1.12.0.
- [Release notes](https://github.com/sashabaranov/go-openai/releases)
- [Commits](https://github.com/sashabaranov/go-openai/compare/v1.10.1...v1.12.0)

---
updated-dependencies:
- dependency-name: github.com/sashabaranov/go-openai
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump cloud.google.com/go/container from 1.21.0 to 1.22.1

Bumps [cloud.google.com/go/container](https://github.com/googleapis/google-cloud-go) from 1.21.0 to 1.22.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.21.0...pubsub/v1.22.1)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/container
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/google/go-attestation

Bumps [github.com/google/go-attestation](https://github.com/google/go-attestation) from 0.4.4-0.20220404204839-8820d49b18d9 to 0.5.0.
- [Release notes](https://github.com/google/go-attestation/releases)
- [Commits](https://github.com/google/go-attestation/commits/v0.5.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-attestation
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/aws/aws-sdk-go-v2/service/glue from 1.51.0 to 1.53.0

Bumps [github.com/aws/aws-sdk-go-v2/service/glue](https://github.com/aws/aws-sdk-go-v2) from 1.51.0 to 1.53.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.51.0...service/ec2/v1.53.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/glue
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump google.golang.org/protobuf from 1.30.0 to 1.31.0

Bumps google.golang.org/protobuf from 1.30.0 to 1.31.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/alicebob/miniredis/v2 from 2.30.2 to 2.30.4

Bumps [github.com/alicebob/miniredis/v2](https://github.com/alicebob/miniredis) from 2.30.2 to 2.30.4.
- [Release notes](https://github.com/alicebob/miniredis/releases)
- [Changelog](https://github.com/alicebob/miniredis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/alicebob/miniredis/compare/v2.30.2...v2.30.4)

---
updated-dependencies:
- dependency-name: github.com/alicebob/miniredis/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.15.1 to 1.16.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.15.1...v1.16.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/sigstore/cosign/v2 in /integrations/kube-agent-updater

Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/compare/v2.1.0...v2.1.1)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump golang.org/x/sys from 0.9.0 to 0.10.0

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/sys/compare/v0.9.0...v0.10.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/hashicorp/golang-lru/v2 from 2.0.2 to 2.0.4

Bumps [github.com/hashicorp/golang-lru/v2](https://github.com/hashicorp/golang-lru) from 2.0.2 to 2.0.4.
- [Release notes](https://github.com/hashicorp/golang-lru/releases)
- [Commits](https://github.com/hashicorp/golang-lru/compare/v2.0.2...v2.0.4)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/golang-lru/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump golang.org/x/text from 0.10.0 to 0.11.0

Bumps [golang.org/x/text](https://github.com/golang/text) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/elastic/go-elasticsearch/v8 from 8.8.1 to 8.8.2

Bumps [github.com/elastic/go-elasticsearch/v8](https://github.com/elastic/go-elasticsearch) from 8.8.1 to 8.8.2.
- [Release notes](https://github.com/elastic/go-elasticsearch/releases)
- [Changelog](https://github.com/elastic/go-elasticsearch/blob/v8.8.2/CHANGELOG.md)
- [Commits](https://github.com/elastic/go-elasticsearch/compare/v8.8.1...v8.8.2)

---
updated-dependencies:
- dependency-name: github.com/elastic/go-elasticsearch/v8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump cloud.google.com/go/storage from 1.30.1 to 1.31.0

Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) from 1.30.1 to 1.31.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.30.1...pubsub/v1.31.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump golang.org/x/mod in /integrations/kube-agent-updater

Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/mod/compare/v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump golang.org/x/net from 0.11.0 to 0.12.0 in /api

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/net/compare/v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump golang.org/x/mod from 0.11.0 to 0.12.0 in /build.assets/tooling

Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/mod/compare/v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* go mod tidy

* revert attestation and tpm updates

* fix: make grpc

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tim Ross <tim.ross@goteleport.com>
2023-07-05 21:15:42 +00:00
..
cmd/teleport-kube-agent-updater Fix the default teleport-kube-agent upgrade server (#27504) 2023-06-07 15:29:03 +00:00
hack kube-updater: add Dockerfile & GHA pipelines (#22983) 2023-03-22 13:05:02 +00:00
pkg Remove most t.Log() from tests (#28453) 2023-06-29 15:14:09 +00:00
DEBUG.md Fixes for teleport-kube-agent-updater (#24746) 2023-04-20 13:17:03 +00:00
Dockerfile Fixes for teleport-kube-agent-updater (#24746) 2023-04-20 13:17:03 +00:00
go.mod Batched Dependabot updates (#28584) 2023-07-05 21:15:42 +00:00
go.sum Batched Dependabot updates (#28584) 2023-07-05 21:15:42 +00:00
Makefile integrations: allow multiarch image builds (#23698) 2023-03-30 16:00:02 +00:00
README.md kube-updater: initial commit (#22067) 2023-03-06 18:40:28 +00:00
version.go Bump dev version to 14 (#24704) 2023-04-18 06:49:34 +00:00

README.md

Teleport Kubernetes Agent Updater (teleport-kube-agent-updater)

The Teleport kubernetes updater is a controller in charge of updating Teleport Kubernetes agents. This alleviates the cost of updating all agents on large-scale deployments.

Note: Teleport Kubernetes agents are not limited to Kubernetes Access. The term applies to every Teleport instance running in a Kubernetes cluster and not running the Proxy nor Auth Service. Agents are typically deployed by the teleport-kube-agent chart.

Design

This updater was designed first for cloud customers but can be adapter to run for on-prem users as well.

See the cloud update RFD for more context.

If an update goes wrong, a temporary downtime is acceptable until a correct version is pushed (this risk is mitigated by multi-replica deployments). However, the failure mode in which the deployment is stuck and the user has to take manual action must not happen.

The updater validates the image provenance to protect against registry compromise.

The updater logic is the following:

  • check if maintenance is allowed
  • check if a new version is available and version change is valid
  • check if the new image can be validated