The easiest, and most secure way to access and protect all of your infrastructure.
teleport-cluster
Helm chart that happened when sessionRecording
was off
. #40921
teleport-kube-agent-updater
to output debug logs by default. #39955
Download the current and previous releases of Teleport at https://goteleport.com/download.
tbot
is used with OpenSSH. #40838
kubernetes_secret
destination in tbot
. #40551
Download the current and previous releases of Teleport at https://goteleport.com/download.
tbot
is used with OpenSSH. #40837
regexp.match
to access request filter
and where
expressions. #40642
kubernetes_secret
destination in tbot
. #40550
Download the current and previous releases of Teleport at https://goteleport.com/download.
tsh proxy kube --exec
mode that spawns kube proxy in the background, which re-executes the user shell with the appropriate kubeconfig. #40395
invalid session TTL
error when creating access request with tsh
. #40335
Download the current and previous releases of Teleport at https://goteleport.com/download.
foo=bar,baz,bang
, it is now possible to match on any resources with a label foo
that contains the element bar
via contains(split(labels[foo], ","), bar)
. #40183
disable_exec_plugin
option to the Machine ID Kubernetes Output to remove the dependency on tbot
existing in the target environment. #40162
database-tunnel
service to tbot
which allows an authenticated database tunnel to be opened by tbot
. This is an improvement over the original technique of using tbot proxy db
. #40151
show_desktop_wallpaper
flag. #40088
Download the current and previous releases of Teleport at https://goteleport.com/download.
The access requests page of the web UI will be backed by a paginated API, ensuring fast load times even on clusters with many access requests.
Additionally, the UI allows you to search for access requests, sort them based on various attributes, and includes several new filtering options.
Teleport 15.2 changes the way that web assets are served and cached, which will allow multiple compatible versions of the Teleport Proxy to run behind the same load balancer.
With Teleport 15.2, Machine ID can bootstrap and issue identity to services across multiple computing environments and organizational boundaries. Workload Identity issues SPIFFE-compatible x509 certificates that can be used for mTLS between services.
The Kubernetes project is deprecating the SPDY protocol for streaming commands (kubectl exec, kubectl port-forward, etc) and replacing it with a new websocket-based subprotocol. Teleport 15.2.0 will support the new protocol to ensure compatibility with newer Kubernetes clusters.
Both tsh db connect and tsh proxy db will offer the option to submit an access request if the user attempts to connect to a database that they don't already have access to.
Teleport administrators will be able to setup access to GCP web console through Workforce Identity Federation using Teleport as a SAML identity provider.
Users will be able to register OpenSSH nodes in the cluster using Terraform and Kubernetes Operator.
Users submitting access requests via web UI will be able to request specific access start time up to a week in advance.
The Teleport Terraform provider and Kubernetes operator now support declaring agentless OpenSSH and OpenSSH EC2 ICE servers. You can follow this guide to register OpenSSH agents with infrastructure as code.
Setting up EC2 ICE automatic discovery with IaC will come in a future update.
The teleport-operator
and teleport-cluster
charts now support deploying only
the CRD, the CRD and the operator, or only the operator.
From the teleport-cluster
Helm chart:
operator:
enabled: true|false
installCRDs: always|never|dynamic
From the teleport-operator
Helm chart:
enabled: true|false
installCRDs: always|never|dynamic
In dynamic mode (by default), the chart will install CRDs if the operator is enabled, but will not remove the CRDs if you temporarily disable the operator.
Kubernetes CR labels are now copied to the Teleport resource when applicable. This allows you to configure RBAC for operator-created resources, and to filter Teleport resources more easily.
Teleport v15 introduced two Terraform provider changes:
The second change was too disruptive, especially for roles, as they cannot be deleted if a user or an access list references them. Teleport 15.2 lifts this restriction and allows version change without forcing the resource deletion.
Another change to ensure resource defaults are correctly set during version upgrades will happen in v16.
tls auth export --type tls-spiffe
and the /webapi/auth/export
endpoint. #40007
kubectl get
. #39993
teleport-kube-agent-updater
to output debug logs by default. #39953
teleport-cluster
Helm chart now supports using the Amazon Athena event backend. #39907
Download the current and previous releases of Teleport at https://goteleport.com/download.
jq
was not installed. #39601
Download the current and previous releases of Teleport at https://goteleport.com/download.
Download the current and previous releases of Teleport at https://goteleport.com/download.
tsh db login
, tsh db connect
and tsh proxy db
. #39617
jq
was not installed. #39599
Download the current and previous releases of Teleport at https://goteleport.com/download.
jq
was not installed. #39600
Download the current and previous releases of Teleport at https://goteleport.com/download.