-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Refactored controller to support tbot credentials & added tests * Reordered imports * Improvements in tests * Updated nancyignore * Added configmap for tbot * Added tbot rbac * Fixed tbot charts * Added a delay to requeue in case i(re-)connnection to Teleport fails * Added requeue delay on failed identity renewal * Adjusted tests * Improved loging of identity age * Removed rescheduling of failed teleport identity renewal * Cleaned up Helm charts * Fixed controller test * Cleaned up unused Helm charts * Adjusted tbot configmap * Cleaned up
- Loading branch information
1 parent
6fbefce
commit 7a5f735
Showing
20 changed files
with
529 additions
and
297 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
#pkg:golang/k8s.io/[email protected] | ||
CVE-2020-8561 until=2024-01-08 # k8s.io/[email protected] | ||
CVE-2023-47108 until=2024-01-08 # go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/[email protected] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,27 +1,15 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: tbot-config | ||
namespace: {{ include "resource.default.namespace" . }} | ||
name: {{ include "resource.default.name" . }} | ||
namespace: {{ include "resource.default.namespace" . }} | ||
labels: | ||
{{- include "labels.common" . | nindent 4 }} | ||
{{- include "labels.common" . | nindent 4 }} | ||
type: Opaque | ||
data: | ||
tbot.yaml: | | ||
version: v2 | ||
onboarding: | ||
join_method: kubernetes | ||
# ensure token is set to the name of the join token you created earlier | ||
token: {{ .Values.teleport.managementClusterName }} | ||
storage: | ||
# a memory destination is used for the bots own state since the kubernetes | ||
# join method does not require persistence. | ||
type: memory | ||
# ensure this is configured to the address of your Teleport Proxy or | ||
# Auth Server. Prefer the address of the Teleport Proxy. | ||
auth_server: {{ .Values.teleport.proxyAddr }} | ||
# outputs will be filled in during the completion of an access guide. | ||
outputs: | ||
- type: identity | ||
destination: | ||
type: kubernetes_secret | ||
name: identity-output | ||
appCatalog: {{ .Values.teleport.appCatalog | quote }} | ||
appName: {{ .Values.teleport.appName | quote }} | ||
appVersion: {{ .Values.teleport.appVersion | quote }} | ||
managementClusterName: {{ .Values.teleport.managementClusterName | quote }} | ||
proxyAddr: {{ .Values.teleport.proxyAddr | quote }} | ||
teleportVersion: {{ .Values.teleport.teleportVersion | quote }} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: tbot-config | ||
namespace: {{ include "resource.default.namespace" . }} | ||
labels: | ||
{{- include "labels.common" . | nindent 4 }} | ||
data: | ||
tbot.yaml: | | ||
version: v2 | ||
onboarding: | ||
join_method: kubernetes | ||
# ensure token is set to the name of the join token you created earlier | ||
token: {{ .Values.teleport.managementClusterName }}-bot | ||
storage: | ||
# a memory destination is used for the bots own state since the kubernetes | ||
# join method does not require persistence. | ||
type: memory | ||
# ensure this is configured to the address of your Teleport Proxy or | ||
# Auth Server. Prefer the address of the Teleport Proxy. | ||
auth_server: {{ .Values.teleport.proxyAddr }} | ||
# outputs will be filled in during the completion of an access guide. | ||
outputs: | ||
- type: identity | ||
destination: | ||
type: kubernetes_secret | ||
name: identity-output |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.