teleport

mirror of https://github.com/gravitational/teleport synced 2024-10-21 17:53:28 +00:00

History

dependabot-batcher[bot] 15aba3c190 Batched Dependabot updates (#26209 ) * Bump github.com/docker/distribution Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/docker/distribution in /integrations/kube-agent-updater Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Bump golang.org/x/net from 0.9.0 to 0.10.0 in /api Bumps [golang.org/x/net](https://github.com/golang/net) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/net/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump libc from 0.2.143 to 0.2.144 Bumps [libc](https://github.com/rust-lang/libc) from 0.2.143 to 0.2.144. - [Release notes](https://github.com/rust-lang/libc/releases) - [Commits](https://github.com/rust-lang/libc/compare/0.2.143...0.2.144) --- updated-dependencies: - dependency-name: libc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump rsa from 0.9.1 to 0.9.2 Bumps [rsa](https://github.com/RustCrypto/RSA) from 0.9.1 to 0.9.2. - [Changelog](https://github.com/RustCrypto/RSA/blob/master/CHANGELOG.md) - [Commits](https://github.com/RustCrypto/RSA/compare/v0.9.1...v0.9.2) --- updated-dependencies: - dependency-name: rsa dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/aws/aws-sdk-go-v2/service/sts from 1.18.11 to 1.19.0 Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) from 1.18.11 to 1.19.0. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.11...service/s3/v1.19.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump golang.org/x/sys from 0.7.0 to 0.8.0 Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.7.0 to 0.8.0. - [Commits](https://github.com/golang/sys/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/aws/aws-sdk-go-v2/config from 1.18.23 to 1.18.25 Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.23 to 1.18.25. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.23...config/v1.18.25) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.5.0 to 1.6.0 Bumps [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.5.0...sdk/azcore/v1.6.0) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/aws/aws-sdk-go from 1.44.244 to 1.44.262 Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.244 to 1.44.262. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.244...v1.44.262) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump google.golang.org/api from 0.118.0 to 0.122.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.118.0 to 0.122.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.118.0...v0.122.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump go.etcd.io/etcd/client/v3 from 3.5.8 to 3.5.9 Bumps [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) from 3.5.8 to 3.5.9. - [Release notes](https://github.com/etcd-io/etcd/releases) - [Commits](https://github.com/etcd-io/etcd/compare/v3.5.8...v3.5.9) --- updated-dependencies: - dependency-name: go.etcd.io/etcd/client/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump github.com/beevik/etree from 1.1.0 to 1.2.0 Bumps [github.com/beevik/etree](https://github.com/beevik/etree) from 1.1.0 to 1.2.0. - [Release notes](https://github.com/beevik/etree/releases) - [Changelog](https://github.com/beevik/etree/blob/master/RELEASE_NOTES.md) - [Commits](https://github.com/beevik/etree/compare/v1.1.0...v1.2.0) --- updated-dependencies: - dependency-name: github.com/beevik/etree dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump go.opentelemetry.io/otel/sdk from 1.14.0 to 1.15.1 Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.14.0 to 1.15.1. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.14.0...v1.15.1) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * go mod tidy --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dependabot-batcher[bot] <122306277+dependabot-batcher[bot]@users.noreply.github.com> Co-authored-by: Tim Ross <tim.ross@goteleport.com>		2023-05-15 16:52:30 +00:00
..
cmd/teleport-kube-agent-updater	Fixes for teleport-kube-agent-updater (#24746 )	2023-04-20 13:17:03 +00:00
hack	kube-updater: add Dockerfile & GHA pipelines (#22983 )	2023-03-22 13:05:02 +00:00
pkg	kube-updater: Wire up main executable (#23565 )	2023-03-31 18:46:44 +00:00
DEBUG.md	Fixes for teleport-kube-agent-updater (#24746 )	2023-04-20 13:17:03 +00:00
Dockerfile	Fixes for teleport-kube-agent-updater (#24746 )	2023-04-20 13:17:03 +00:00
go.mod	Batched Dependabot updates (#26209 )	2023-05-15 16:52:30 +00:00
go.sum	Batched Dependabot updates (#26209 )	2023-05-15 16:52:30 +00:00
Makefile	integrations: allow multiarch image builds (#23698 )	2023-03-30 16:00:02 +00:00
README.md	kube-updater: initial commit (#22067 )	2023-03-06 18:40:28 +00:00
version.go	Bump dev version to 14 (#24704 )	2023-04-18 06:49:34 +00:00

README.md

Teleport Kubernetes Agent Updater (`teleport-kube-agent-updater`)

The Teleport kubernetes updater is a controller in charge of updating Teleport Kubernetes agents. This alleviates the cost of updating all agents on large-scale deployments.

Note: Teleport Kubernetes agents are not limited to Kubernetes Access. The term applies to every Teleport instance running in a Kubernetes cluster and not running the Proxy nor Auth Service. Agents are typically deployed by the teleport-kube-agent chart.

Design

This updater was designed first for cloud customers but can be adapter to run for on-prem users as well.

See the cloud update RFD for more context.

If an update goes wrong, a temporary downtime is acceptable until a correct version is pushed (this risk is mitigated by multi-replica deployments). However, the failure mode in which the deployment is stuck and the user has to take manual action must not happen.

The updater validates the image provenance to protect against registry compromise.

The updater logic is the following:

check if maintenance is allowed
check if a new version is available and version change is valid
check if the new image can be validated

README.md

Teleport Kubernetes Agent Updater (teleport-kube-agent-updater)

Design

Teleport Kubernetes Agent Updater (`teleport-kube-agent-updater`)