From 16918a075a9a3fe28a0f5142edaa73594f4789e3 Mon Sep 17 00:00:00 2001 From: Tim Ross Date: Fri, 1 Nov 2024 15:01:18 -0400 Subject: [PATCH 1/4] updates to make azure work --- assets/loadtest/azure/.terraform.lock.hcl | 130 +++++++++++----------- assets/loadtest/azure/main.tf | 3 +- assets/loadtest/azure/teleport_kube.tf | 10 +- assets/loadtest/azure/terraform.tfvars | 2 +- assets/loadtest/azure/variables.tf | 7 ++ 5 files changed, 80 insertions(+), 72 deletions(-) diff --git a/assets/loadtest/azure/.terraform.lock.hcl b/assets/loadtest/azure/.terraform.lock.hcl index 94d0b50aeeeef..90aa612ea6d1b 100644 --- a/assets/loadtest/azure/.terraform.lock.hcl +++ b/assets/loadtest/azure/.terraform.lock.hcl @@ -2,95 +2,95 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/alekc/kubectl" { - version = "2.0.4" + version = "2.1.2" constraints = ">= 2.0.4" hashes = [ - "h1:mCz0lOwNsFCZEcFf7DBSe6b4hZgn5piiy0mZDwRGUIU=", - "zh:15c227886bac78c8b8827f85595648212574ec81febc39e1055e1a6bf048fe65", - "zh:2211ebeeb0918dbb3587d206e32adca9e1f343a93bbffcd37d8d99bf4d8dea9a", - "zh:2303836cdea12ece8dbe39c2d7d30a9378fd06e9c2ebda66cbe5e01cc096ee2e", - "zh:3687f69e531c70845682b214888a9959b93f2be3c2531801228a4b1965d59921", - "zh:4dd686b4c55e2eedd80464984c9bb736c2df7a96d9dd59a692d91d09173f5f64", - "zh:51e29c13a87e56867b4be0b0c68da874149bf6d4014d7259b62d91162142c1bd", - "zh:5d9d99260f2adfb8867068a3d7644336d57cfa7710062c5221dcbb5a7ec90c7d", - "zh:901c19d73da6688437b19a85e3cd60e8f2090c84699e108b31953bb87f6d3141", - "zh:9547743606a36fa6b6748c5e2e1959b6f185730a1da53a3c351cfa0d8c096687", - "zh:9772a30704e69b54de5a332858a39591f52286121cffcba702346830b1c6e362", - "zh:b44792f99d7c90b9a364dd922f861e459ae1b1edc039f6b3078549021fec4511", - "zh:b5eb871ed2e39b9236dce06170b1fd5dda29f3c1d53f8e08285ccb9a4f574201", - "zh:e8bb4c3d9f680977b560e9dec24662650f790259b2c1311ee07a72157f6492b3", - "zh:f4772cfa0f9c73fdef008bb917cd268620009dc7ff270a4d819125c642b5acce", + "h1:Zg2NyooKVNq6YeYmD8hrV/TMBFNswjIlFzn+BcaxshQ=", + "zh:1b104c527b448e48cfee2fad304470c477fd692558d1795d427f27da219c57be", + "zh:376f9277264de986f2eeb9aa8fa0d69ba8c8a0e4a26138aa7a3636d8121643da", + "zh:37d0497e60bfb15e6f7085a5f86e3629be097e74d84de104a154bdffcadedc5d", + "zh:6f3d76982de4d304576c9797bb98ca5ff245c33843038359366077fd985c7695", + "zh:7a6ba743d724fc024a315d6f2425f233b69a0974d3572dbe57bf76586b2a376b", + "zh:8399a2dbb0e52a0155b430da3e9fe20b68067b5b528b01145db0b6cce24c9a35", + "zh:908d5a4fc588c2dea94851426efe2617e1c3e50e788203b5f4ac806bdc8ef978", + "zh:93278c2c123564354e67fe010bab8f777694d849381f04fd62dcc8bbc6f9b6e5", + "zh:9ee7de67441051ac12e3adbadc28caeb0142daaf3badb8517f8228d1444a4e64", + "zh:ae203afcfa7e82bf962736aec7f5af0409ef7580f4fa63aa90710a58fd51cc45", + "zh:c1a70ba89f2aa70e7d09dfb697200672716083211f6266c944b7f71f82a7e518", + "zh:d1f7e852c105a7a66e2b54afe5892a6542c8074b078eff4eb18245419be4def7", + "zh:e75dd818c98a8f5e3f3812dc960a3b69369c149bd030ad955c3f06322f667b67", + "zh:e7cb0eb48bca00235efcdcd453c9448c60a0559bebe4159092c1bac82c43a8df", ] } provider "registry.opentofu.org/hashicorp/azurerm" { - version = "3.87.0" - constraints = ">= 3.87.0" + version = "4.8.0" + constraints = ">= 4.8.0" hashes = [ - "h1:nqczt1EgcQodjbxshKq4jPqNYwuX9hB52DJaJQIUEjw=", - "zh:2d3c1e7c3a2aedf3e827f48dc4667f5591b3be046b4c1f279ad9093212d644bc", - "zh:49a716728d63eb1b81b04fde072eb20a70e2882074e2a19ef1702eef3ec79b24", - "zh:6bd7f489cd69ec74bd33673061d37b2f6f29418ae7e71538a5a26ef05a06e7e4", - "zh:893f5eb2e94bf50894b493980cf9b6afc4a1187f973270ea4ba0a1a98c10e126", - "zh:8967e9f64033c153f7a83e9a06b1d9813f16d11efff84732490d14ccfef7a0e8", - "zh:8bd63aa4aea99d4d22c6c4dd2ab9211bc670c326a408dadec904a9f3ba3c8aa1", - "zh:8ce8ec38a86f0d708286d9115f8098278ec31be8b2cd63c80b5543bbd91310f7", - "zh:aee09db9b30821244e5c0e0deb972a149f6f36eb6d73379813e02c9f0ae37f73", - "zh:bdf7e5c7f8a0b5fa3ee7a56a678b962b37bd129f2b7acfe45d8cd7598353bfc5", - "zh:be7c282dfe6c0fcbed62f1ae6a6da90e81fb9bdea8aaebd9cc50589f67234478", + "h1:s8EqJc6f8eYEp82o7Ep/npF0imIc387jcw9EZdKF7NM=", + "zh:332af876544e8b64367c796b821a77b4d4f9caff11b7d970781f7b3c6639c17c", + "zh:467a3c2e04fa0a2cf2c029454188db667672eed1915d7b6534441d0b7747704c", + "zh:5d7080293830bee8467165fa8e8e6e6e363648829a9f36ab3433705ec13e9fdd", + "zh:672eaaa60cb47949baea760249de8950bde1376d32e4aa2d10ecb256b1a378a1", + "zh:7acfec123e0726228d1efd8e39e307342bf296978a23211a453bb6e389224228", + "zh:7b0abee5b3a013711811da8570743786974757b21dcc5cd79dcd0f2e0e985376", + "zh:985db9c536492fa45491009acfd7b3dde90e4fc066996ae404c551adcf8aa5e6", + "zh:aacb2954f73724a5271af8f1e20ef72ec2c749615afc5925459cdc403caf6895", + "zh:d422b0c0bcdd58c613b3626b40e7d958554567d6881906cf1d1eef3916d9f07e", + "zh:d70d3b0c581575cb95e01cda211fb67871532434f13aacae0ff75058d24a5bdd", ] } provider "registry.opentofu.org/hashicorp/helm" { - version = "2.12.1" + version = "2.16.1" constraints = ">= 2.12.1" hashes = [ - "h1:ajWSFsohX3kQNLs8DbQd93UJlKTUy4HnccLZ2xWCfFM=", - "zh:0349149992646530c33314cb973eba68757606a037017ba47e56db695d4b3afe", - "zh:3138ffe23c481b01419a4a21adf83538efe6e698b421c4a8f7d142b198518709", - "zh:44658e3070405b88fbd76161ecddde62f478dc31aaebee3b93c2f2783a6d45f9", - "zh:5600a3407dfb8b77da7561490157afa8ad505c864a5dd35ed8d678e9ad8378ca", - "zh:6445e359c813ecbb7c2edf722ed0d1f33dfb171b6a7b470f40cf1e24045b7441", - "zh:7973054604c7f5a51600f6e63fa0327d05b29fac2bffd222c21660cbdd2939f9", - "zh:7c59e2d4602ab5d9de0ba8e442ec1fc425c8f143581018d1e7f645298a124f01", - "zh:8c0fb411dd5de664ac5e801d70507781790c4fc196518a56966d66d0963c240c", - "zh:a6a988c91bbf1828a8fc55001f10c7d06c5c53dc718ee7cd6814bdfa2e6652e0", - "zh:b7935d7dacd7e5a91ff9d17cfb04ce88c9100e563fd88487d14519e8d8d8b2e1", + "h1:VRNzXynt9zAlCwuwyylvsRPmpbQY+LNo82F/tK7sYl4=", + "zh:1c820d7997377c80c320b3bb4f257258af6c499bf2f2082a87975854b156b82b", + "zh:223dc3ba691a03eeb32d14160b3c6adc77d55a767274c728250cd4f1d4238a2a", + "zh:332095747133eb558da1455056f993314b16346d46065967ffe5f7b243614591", + "zh:46155a04e08e9790e22cb7b70d83cdf908e36121597c801a9300f8c100f1ad01", + "zh:51974f6ceb6b4c2aa575384a0cc1fbad22b8b868558e969a196575d43e9d0198", + "zh:7da302779eb39e63a62a0928e391852054ad83eb2025c190475c94a5afc77d29", + "zh:947bbf2a4d8461ec4a544ef7b76f45815602563123987a63dce843258440aa24", + "zh:b84a6658447bbd46daff26010771f0e2168423f0f7f1c1bc2b4ba53f9e891263", + "zh:dd21fdb13d85467b848682c63f440974cef99472d988794f019630f20ac3d2e6", + "zh:e0f77d2f7cf84d6c0d7f30f6cdc325c319ff4eadd525c6fb6979da62e5ff843d", ] } provider "registry.opentofu.org/hashicorp/kubernetes" { - version = "2.25.2" + version = "2.33.0" constraints = ">= 2.25.2" hashes = [ - "h1:9ovdI6lk1kqU2uMp6pyZ8fPn2tEP0C1U4DTUSS1JlH8=", - "zh:38d35c069a7f5a7c360ce2ddf6da7f22fd25290f76697d5ab0adbc9e7cae4db8", - "zh:4b1967b873c6262d8c8f57e8cea2cd029c43912555f688cdff4f824193be4e50", - "zh:57e6cfda60c084bb141ea1d8f0ad5881b1bbda92dfcb090e752b09d2cc153b84", - "zh:5af23ccba04c2fef7cff9cb17ed5c10ac9d89098706244d1be4d2acbf44f2ae2", - "zh:67cd0b02deba8361b2689afe4b2f67e38ca68539a89eb88ceaef7fae6f7e6f0b", - "zh:7b4d1fa9d9612919e29a9424a316af6b4c5de766debd8a823b8ad0f28ac2d9c6", - "zh:b7a9ca5d1a734675de32c9bbdc78e8569a10aef140fe6d176efed393e64e1d71", - "zh:c97777211b3f46ede86fce794ab515185e1145af6a4cd57effdfcddc3cccdcf7", - "zh:e7921548f82f68694ad51974bad7cc6c853134a9851912a04da4cdba34eb6214", - "zh:fa7b37554ed32422a239b707380ae778a8918e4917a76aadd92fe559a353a10c", + "h1:A3/ATHzm2IhQQTSbkUPiZv1+oPZFMKinfEdwn/9DUL0=", + "zh:00aed83f28880460431f70e5a057c9324d1228b3f76e6554199700632ca62361", + "zh:4aac46187fd23bdabd801290070fa718609a2064ed5c876c4ab61fdf6e46ea04", + "zh:676dd70c2ff3df25a962bae4b11a2896d4313b0fd39132ec78ae3418bb1b2ef5", + "zh:6a01808157d2c9b415b49ea1d294cd19262a89b3b02e0de8d1db6cdc393dffa9", + "zh:941a0ef4b851ad37cff9ef9d38849529b5fb0c6b3ad149a6c2457d50b7964adf", + "zh:9a7b0ec7d84a481d9c7544056e0639d240e1373a1d61d4aebce049cc9673a6a6", + "zh:a6c68f47f72089f426b9a9040cc8a9fcb98d362b5b35d26028781f9fec3f0293", + "zh:a6ccb8f33dd52ceaca754cb51aea667fc9a8e3bfd5a192002005b7cfece65ee5", + "zh:e63a6fb4a72a0634f2fb0c261d5dea0182f13b5f9f0cd1560344602cc7482b68", + "zh:f0b79ba3c5f28b688b802ef0f052b6b4f99aa45a70e8d4efe21fd824f7a69c6c", ] } provider "registry.opentofu.org/hashicorp/random" { - version = "3.6.0" + version = "3.6.3" constraints = ">= 3.6.0" hashes = [ - "h1:6QMZ6JACl+V2t8daN5GTlw22EtG7nhc3BbkbJDw2a5M=", - "zh:486a1c921eab5c51a480f2eb0ad85173f207c9b7bb215f3893e58bc38d3b7c75", - "zh:6901b3afa4607d1e31934ba91ed2625215ada42b3518c3a9adeeac7a5f656dc3", - "zh:7e93752c9de710e417191353ad1a41b5a60432ab7ef4f8b556bf248297ec5e23", - "zh:c795d3d319e8ee7be972746b935963b7e772a6a14080261a35c03915c1f9ccb2", - "zh:cd4f8bcaf332828d1736c73874549c25e427737f136173c7b61e2df3db50e5d9", - "zh:e0103eb2e280989c3d9ffda5d6b413e8f583be21bc1d5754c6e9ca87ecc1c44a", - "zh:f4fbec2510322d5b7ad584a92436b5dbd0f2e897a3ec538932af59e245a4c8e4", - "zh:f5418842afd4aa7676e2456e425e8f573cb2b9bffd29bd7de09d91845644ab24", - "zh:f572a26f93d00ec42461ce478678366e570fa4497e2273f9d47f24cdfc4b42b4", - "zh:ff1f07c561a3f7f219b6fee1647a559933b5dd6181753e164c3978fd47a11685", + "h1:32/UZofQoXk8zPj9vpIDiSEmERA3Mx2VPvk1lHTTHvw=", + "zh:1bfd2e54b4eee8c761a40b6d99d45880b3a71abc18a9a7a5319204da9c8363b2", + "zh:21a15ac74adb8ba499aab989a4248321b51946e5431219b56fc827e565776714", + "zh:221acfac3f7a5bcd6cb49f79a1fca99da7679bde01017334bad1f951a12d85ba", + "zh:3026fcdc0c1258e32ab519df878579160b1050b141d6f7883b39438244e08954", + "zh:50d07a7066ea46873b289548000229556908c3be746059969ab0d694e053ee4c", + "zh:54280cdac041f2c2986a585f62e102bc59ef412cad5f4ebf7387c2b3a357f6c0", + "zh:632adf40f1f63b0c5707182853c10ae23124c00869ffff05f310aef2ed26fcf3", + "zh:b8c2876cce9a38501d14880a47e59a5182ee98732ad7e576e9a9ce686a46d8f5", + "zh:f27e6995e1e9fe3914a2654791fc8d67cdce44f17bf06e614ead7dfd2b13d3ae", + "zh:f423f2b7e5c814799ad7580b5c8ae23359d8d342264902f821c357ff2b3c6d3d", ] } diff --git a/assets/loadtest/azure/main.tf b/assets/loadtest/azure/main.tf index 274cc2ad405cc..39299017d70f5 100644 --- a/assets/loadtest/azure/main.tf +++ b/assets/loadtest/azure/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">= 3.87.0" + version = ">= 4.8.0" } random = { @@ -52,6 +52,7 @@ provider "kubectl" { } provider "azurerm" { + subscription_id = vars.subscription_id features {} } diff --git a/assets/loadtest/azure/teleport_kube.tf b/assets/loadtest/azure/teleport_kube.tf index 41b4442333d7e..2ec72b9cd91c9 100644 --- a/assets/loadtest/azure/teleport_kube.tf +++ b/assets/loadtest/azure/teleport_kube.tf @@ -13,7 +13,7 @@ resource "helm_release" "teleport" { name = local.teleport_release chart = "teleport-cluster" - repository = "https://charts.releases.teleport.dev" + repository = "https://charts.releases.development.teleport.dev" version = var.teleport_version namespace = kubernetes_namespace_v1.teleport.metadata.0.name @@ -27,7 +27,7 @@ resource "helm_release" "teleport" { "databaseUser" = azurerm_postgresql_flexible_server_active_directory_administrator.pgbk_teleport.principal_name "sessionRecordingStorageAccount" = azurerm_storage_account.azsessions.primary_blob_host "clientID" = azurerm_user_assigned_identity.teleport_identity.client_id - "databasePoolMaxConnections" = 50 + "databasePoolMaxConnections" = 100 } "log" = { @@ -35,8 +35,8 @@ resource "helm_release" "teleport" { "level" = "DEBUG" } "extraArgs" = ["--debug"] - "image" = "public.ecr.aws/gravitational/teleport-distroless-debug" - "enterpriseImage" = "public.ecr.aws/gravitational/teleport-ent-distroless-debug" + "image" = "public.ecr.aws/gravitational-staging/teleport-distroless-debug" + "enterpriseImage" = "public.ecr.aws/gravitational-staging/teleport-ent-distroless-debug" "proxyListenerMode" = "multiplex" @@ -73,7 +73,7 @@ resource "helm_release" "teleport" { } "authentication" = { - "secondFactor" = "off" + "secondFactor" = "webauthn" } "highAvailability" = { diff --git a/assets/loadtest/azure/terraform.tfvars b/assets/loadtest/azure/terraform.tfvars index c3f7ef932fd6d..a8267aa40e8e8 100644 --- a/assets/loadtest/azure/terraform.tfvars +++ b/assets/loadtest/azure/terraform.tfvars @@ -13,5 +13,5 @@ cluster_prefix = "loadtest" dns_zone = "az.teleportdemo.net" dns_zone_rg = "teleportdemo-dns" -teleport_version = "15.0.0" +teleport_version = "17.0.0-alpha.2" deploy_teleport = true diff --git a/assets/loadtest/azure/variables.tf b/assets/loadtest/azure/variables.tf index ec2ce0b8c7436..e118368b51ba8 100644 --- a/assets/loadtest/azure/variables.tf +++ b/assets/loadtest/azure/variables.tf @@ -27,8 +27,15 @@ variable "deploy_teleport" { nullable = false description = "Install the Teleport helm release" } + variable "teleport_version" { type = string nullable = false description = "Version of Teleport" } + +variable "subscription_id" { + type = string + nullable = false + description = "The Azure subscription_id" +} From 573d11f32c8fa338e8f53aa6bfc229abbad95fd4 Mon Sep 17 00:00:00 2001 From: Tim Ross Date: Fri, 1 Nov 2024 17:27:12 -0400 Subject: [PATCH 2/4] updates to make firestore work --- assets/loadtest/cluster/gcp/Makefile | 10 +++++----- assets/loadtest/control-plane/dns/update-record.sh | 4 ++++ .../loadtest/control-plane/policies/attach-policies.sh | 2 +- .../loadtest/control-plane/policies/create-policies.sh | 2 +- .../loadtest/control-plane/policies/delete-policies.sh | 4 ++++ assets/loadtest/control-plane/policies/gen-policies.sh | 5 +++++ .../control-plane/teleport/gen-etcd-teleport.sh | 4 ++-- .../control-plane/teleport/gen-firestore-teleport.sh | 4 ++-- 8 files changed, 24 insertions(+), 11 deletions(-) mode change 100644 => 100755 assets/loadtest/control-plane/teleport/gen-firestore-teleport.sh diff --git a/assets/loadtest/cluster/gcp/Makefile b/assets/loadtest/cluster/gcp/Makefile index e914b70fceebb..0de39cc986d76 100644 --- a/assets/loadtest/cluster/gcp/Makefile +++ b/assets/loadtest/cluster/gcp/Makefile @@ -1,12 +1,12 @@ # preview cluster configuration .PHONY: plan plan: - terraform plan + tofu plan # apply cluster configuration .PHONY: create-cluster create-cluster: - terraform apply + tofu apply # authorize kubectl to manage the cluster .PHONY: get-creds @@ -16,14 +16,14 @@ get-creds: # destroy the cluster .PHONY: destroy destroy: - terraform destroy + tofu destroy # print cluster name .PHONY: get-cluster-name get-cluster-name: - @terraform output -raw cluster_name + @tofu output -raw cluster_name # print project name .PHONY: get-project get-project: - @terraform output -raw project \ No newline at end of file + @tofu output -raw project \ No newline at end of file diff --git a/assets/loadtest/control-plane/dns/update-record.sh b/assets/loadtest/control-plane/dns/update-record.sh index 1b4b2f5d52cae..efbbd960bb1fc 100755 --- a/assets/loadtest/control-plane/dns/update-record.sh +++ b/assets/loadtest/control-plane/dns/update-record.sh @@ -4,6 +4,10 @@ set -euo pipefail source vars.env +if [[ "$TELEPORT_BACKEND" == "firestore" ]]; then + exit 0 +fi + action="${1}" case "$action" in diff --git a/assets/loadtest/control-plane/policies/attach-policies.sh b/assets/loadtest/control-plane/policies/attach-policies.sh index a4497e5785e9b..5073e01d2df8f 100755 --- a/assets/loadtest/control-plane/policies/attach-policies.sh +++ b/assets/loadtest/control-plane/policies/attach-policies.sh @@ -16,7 +16,7 @@ esac source vars.env -if [[ "$TELEPORT_BACKEND" == "firestore" ]]; then +if [[ "$TELEPORT_BACKEND" != "dynamo" ]]; then exit 0 fi diff --git a/assets/loadtest/control-plane/policies/create-policies.sh b/assets/loadtest/control-plane/policies/create-policies.sh index 9e93f77c60a95..61eb944fc8410 100755 --- a/assets/loadtest/control-plane/policies/create-policies.sh +++ b/assets/loadtest/control-plane/policies/create-policies.sh @@ -4,7 +4,7 @@ set -euo pipefail source vars.env -if [[ "$TELEPORT_BACKEND" == "firestore" ]]; then +if [[ "$TELEPORT_BACKEND" != "dynamo" ]]; then exit 0 fi diff --git a/assets/loadtest/control-plane/policies/delete-policies.sh b/assets/loadtest/control-plane/policies/delete-policies.sh index 0389d3af6b7d7..42ccc4e3f0567 100755 --- a/assets/loadtest/control-plane/policies/delete-policies.sh +++ b/assets/loadtest/control-plane/policies/delete-policies.sh @@ -4,6 +4,10 @@ set -euo pipefail source vars.env +if [[ "$TELEPORT_BACKEND" != "dynamo" ]]; then + exit 0 +fi + dynamo_policy_arn="arn:aws:iam::${ACCOUNT_ID}:policy/${CLUSTER_NAME}-dynamo" s3_policy_arn="arn:aws:iam::${ACCOUNT_ID}:policy/${CLUSTER_NAME}-s3" diff --git a/assets/loadtest/control-plane/policies/gen-policies.sh b/assets/loadtest/control-plane/policies/gen-policies.sh index f91286eeb6e4d..655318b05d359 100755 --- a/assets/loadtest/control-plane/policies/gen-policies.sh +++ b/assets/loadtest/control-plane/policies/gen-policies.sh @@ -4,6 +4,11 @@ set -euo pipefail source vars.env +if [[ "$TELEPORT_BACKEND" != "dynamo" ]]; then + exit 0 +fi + + dynamo_policy="$STATE_DIR/dynamo-iam-policy" s3_policy="$STATE_DIR/s3-iam-policy" diff --git a/assets/loadtest/control-plane/teleport/gen-etcd-teleport.sh b/assets/loadtest/control-plane/teleport/gen-etcd-teleport.sh index 19036fe271934..38358d73e5e61 100755 --- a/assets/loadtest/control-plane/teleport/gen-etcd-teleport.sh +++ b/assets/loadtest/control-plane/teleport/gen-etcd-teleport.sh @@ -14,8 +14,8 @@ clusterName: ${CLUSTER_NAME}.${ROUTE53_ZONE} # Name of your cluster. Use th teleportVersionOverride: ${TELEPORT_VERSION} extraArgs: ['--debug'] -image: "public.ecr.aws/gravitational/teleport-distroless-debug" -enterpriseImage: "public.ecr.aws/gravitational/teleport-ent-distroless-debug" +image: "public.ecr.aws/gravitational-staging/teleport-distroless-debug" +enterpriseImage: "public.ecr.aws/gravitational-staging/teleport-ent-distroless-debug" persistence: enabled: false diff --git a/assets/loadtest/control-plane/teleport/gen-firestore-teleport.sh b/assets/loadtest/control-plane/teleport/gen-firestore-teleport.sh old mode 100644 new mode 100755 index e5dca8fca4026..292a9acb39564 --- a/assets/loadtest/control-plane/teleport/gen-firestore-teleport.sh +++ b/assets/loadtest/control-plane/teleport/gen-firestore-teleport.sh @@ -33,8 +33,8 @@ podMonitor: enabled: true extraArgs: - --debug -image: "public.ecr.aws/gravitational/teleport-distroless-debug" -enterpriseImage: "public.ecr.aws/gravitational/teleport-ent-distroless-debug" +image: "public.ecr.aws/gravitational-staging/teleport-distroless-debug" +enterpriseImage: "public.ecr.aws/gravitational-staging/teleport-ent-distroless-debug" auth: teleportConfig: kubernetes_service: From f542ca8313a7a07c0fcd4cf5cd8890ffb8c53d38 Mon Sep 17 00:00:00 2001 From: Tim Ross Date: Mon, 4 Nov 2024 15:30:56 -0500 Subject: [PATCH 3/4] update to make etcd work --- assets/loadtest/Makefile | 5 +++-- assets/loadtest/cluster/aws/cluster.yaml | 6 +++++- assets/loadtest/control-plane/policies/attach-policies.sh | 2 +- assets/loadtest/control-plane/policies/create-policies.sh | 2 +- assets/loadtest/control-plane/policies/delete-policies.sh | 2 +- assets/loadtest/control-plane/policies/gen-policies.sh | 2 +- .../control-plane/teleport/gen-dynamo-teleport.sh | 8 ++++++++ .../loadtest/control-plane/teleport/gen-etcd-teleport.sh | 2 +- .../control-plane/teleport/gen-firestore-teleport.sh | 8 ++++++++ assets/loadtest/helm/trusted-cluster/Chart.yaml | 2 +- assets/loadtest/helm/trusted-cluster/values.yaml | 2 +- 11 files changed, 31 insertions(+), 10 deletions(-) diff --git a/assets/loadtest/Makefile b/assets/loadtest/Makefile index bf83b50b47e2a..e85c3365a9b0b 100644 --- a/assets/loadtest/Makefile +++ b/assets/loadtest/Makefile @@ -117,13 +117,14 @@ deploy-tc: .PHONY: join-tc join-tc: kubectl get pod -n tc -o name --no-headers \ - | xargs -P 20 -n 1 -I {} kubectl -n tc exec {} -- tctl create -f /etc/teleport/tc.yaml + | xargs -P 10 -n 1 -I {} kubectl -n tc exec {} -- tctl create -f /etc/teleport/tc.yaml # deletes trusted clusters .PHONY: delete-tc delete-tc: helm delete -n tc trusted-cluster - tctl get rc | grep ' name:' | cut -d ':' -f2- | xargs -P 20 -n 1 -I {} tctl rm rc/{} + kubectl --namespace teleport exec deploy/teleport-auth \ + -- /busybox/sh -c "tctl get rc | grep ' name:' | cut -d ':' -f2- | xargs -P 20 -n 1 -I {} tctl rm rc/{}" # creates a bot used by the soak tests to authenticate with the cluster .PHONY: create-soaktest-bot diff --git a/assets/loadtest/cluster/aws/cluster.yaml b/assets/loadtest/cluster/aws/cluster.yaml index 31efb36a9f548..41870d0c0ab5e 100644 --- a/assets/loadtest/cluster/aws/cluster.yaml +++ b/assets/loadtest/cluster/aws/cluster.yaml @@ -4,6 +4,8 @@ metadata: name: region: version: "1.29" + tags: + teleport.dev/creator: iam: withOIDC: true @@ -16,5 +18,7 @@ addons: managedNodeGroups: - name: instanceType: m5.4xlarge - minSize: 2 + minSize: 3 maxSize: 10 + tags: + teleport.dev/creator: diff --git a/assets/loadtest/control-plane/policies/attach-policies.sh b/assets/loadtest/control-plane/policies/attach-policies.sh index 5073e01d2df8f..a4497e5785e9b 100755 --- a/assets/loadtest/control-plane/policies/attach-policies.sh +++ b/assets/loadtest/control-plane/policies/attach-policies.sh @@ -16,7 +16,7 @@ esac source vars.env -if [[ "$TELEPORT_BACKEND" != "dynamo" ]]; then +if [[ "$TELEPORT_BACKEND" == "firestore" ]]; then exit 0 fi diff --git a/assets/loadtest/control-plane/policies/create-policies.sh b/assets/loadtest/control-plane/policies/create-policies.sh index 61eb944fc8410..9e93f77c60a95 100755 --- a/assets/loadtest/control-plane/policies/create-policies.sh +++ b/assets/loadtest/control-plane/policies/create-policies.sh @@ -4,7 +4,7 @@ set -euo pipefail source vars.env -if [[ "$TELEPORT_BACKEND" != "dynamo" ]]; then +if [[ "$TELEPORT_BACKEND" == "firestore" ]]; then exit 0 fi diff --git a/assets/loadtest/control-plane/policies/delete-policies.sh b/assets/loadtest/control-plane/policies/delete-policies.sh index 42ccc4e3f0567..17aeb341e8103 100755 --- a/assets/loadtest/control-plane/policies/delete-policies.sh +++ b/assets/loadtest/control-plane/policies/delete-policies.sh @@ -4,7 +4,7 @@ set -euo pipefail source vars.env -if [[ "$TELEPORT_BACKEND" != "dynamo" ]]; then +if [[ "$TELEPORT_BACKEND" == "firestore" ]]; then exit 0 fi diff --git a/assets/loadtest/control-plane/policies/gen-policies.sh b/assets/loadtest/control-plane/policies/gen-policies.sh index 655318b05d359..01c74286927ee 100755 --- a/assets/loadtest/control-plane/policies/gen-policies.sh +++ b/assets/loadtest/control-plane/policies/gen-policies.sh @@ -4,7 +4,7 @@ set -euo pipefail source vars.env -if [[ "$TELEPORT_BACKEND" != "dynamo" ]]; then +if [[ "$TELEPORT_BACKEND" == "firestore" ]]; then exit 0 fi diff --git a/assets/loadtest/control-plane/teleport/gen-dynamo-teleport.sh b/assets/loadtest/control-plane/teleport/gen-dynamo-teleport.sh index 2ab1ad5a1d659..d631b402622a2 100755 --- a/assets/loadtest/control-plane/teleport/gen-dynamo-teleport.sh +++ b/assets/loadtest/control-plane/teleport/gen-dynamo-teleport.sh @@ -13,6 +13,14 @@ chartMode: aws clusterName: ${CLUSTER_NAME}.${ROUTE53_ZONE} # Name of your cluster. Use the FQDN you intend to configure in DNS below. teleportVersionOverride: ${TELEPORT_VERSION} proxyListenerMode: "multiplex" +authentication: + type: local + secondFactor: "webauthn" + webauthn: + rp_id: ${CLUSTER_NAME}.${ROUTE53_ZONE} + connector_name: passwordless + device_trust: + mode: "off" aws: region: ${REGION} # AWS region backendTable: ${CLUSTER_NAME}-backend # DynamoDB table to use for the Teleport backend diff --git a/assets/loadtest/control-plane/teleport/gen-etcd-teleport.sh b/assets/loadtest/control-plane/teleport/gen-etcd-teleport.sh index 38358d73e5e61..69d14183d81c4 100755 --- a/assets/loadtest/control-plane/teleport/gen-etcd-teleport.sh +++ b/assets/loadtest/control-plane/teleport/gen-etcd-teleport.sh @@ -28,7 +28,7 @@ highAvailability: authentication: type: local - secondFactor: "optional" + secondFactor: "webauthn" webauthn: rp_id: ${CLUSTER_NAME}.${ROUTE53_ZONE} connector_name: passwordless diff --git a/assets/loadtest/control-plane/teleport/gen-firestore-teleport.sh b/assets/loadtest/control-plane/teleport/gen-firestore-teleport.sh index 292a9acb39564..d604f44167d7f 100755 --- a/assets/loadtest/control-plane/teleport/gen-firestore-teleport.sh +++ b/assets/loadtest/control-plane/teleport/gen-firestore-teleport.sh @@ -13,6 +13,14 @@ chartMode: gcp clusterName: ${CLUSTER_NAME}.${ROUTE53_ZONE} # Name of your cluster. Use the FQDN you intend to configure in DNS below. teleportVersionOverride: ${TELEPORT_VERSION} proxyListenerMode: "multiplex" +authentication: + type: local + secondFactor: "webauthn" + webauthn: + rp_id: ${CLUSTER_NAME}.${ROUTE53_ZONE} + connector_name: passwordless + device_trust: + mode: "off" gcp: projectId: ${GCP_PROJECT} region: ${REGION} # AWS region diff --git a/assets/loadtest/helm/trusted-cluster/Chart.yaml b/assets/loadtest/helm/trusted-cluster/Chart.yaml index ec004aad00310..a7a7f4c8ba4a5 100644 --- a/assets/loadtest/helm/trusted-cluster/Chart.yaml +++ b/assets/loadtest/helm/trusted-cluster/Chart.yaml @@ -6,4 +6,4 @@ type: application version: 0.1.0 -appVersion: "15.0.0" \ No newline at end of file +appVersion: "17.0.0-alpha.2" \ No newline at end of file diff --git a/assets/loadtest/helm/trusted-cluster/values.yaml b/assets/loadtest/helm/trusted-cluster/values.yaml index a02bd2ca41050..38688d16385f3 100644 --- a/assets/loadtest/helm/trusted-cluster/values.yaml +++ b/assets/loadtest/helm/trusted-cluster/values.yaml @@ -1,7 +1,7 @@ replicaCount: 1 image: - repository: public.ecr.aws/gravitational/teleport-ent-distroless-debug + repository: public.ecr.aws/gravitational-staging/teleport-distroless-debug pullPolicy: IfNotPresent tag: "" From 84980a6aea05266a26c3f9ad43233bc831c8428b Mon Sep 17 00:00:00 2001 From: rosstimothy <39066650+rosstimothy@users.noreply.github.com> Date: Mon, 18 Nov 2024 14:54:16 -0500 Subject: [PATCH 4/4] Update assets/loadtest/azure/main.tf Co-authored-by: Gavin Frazar --- assets/loadtest/azure/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/loadtest/azure/main.tf b/assets/loadtest/azure/main.tf index 39299017d70f5..7b1f689d53af9 100644 --- a/assets/loadtest/azure/main.tf +++ b/assets/loadtest/azure/main.tf @@ -52,7 +52,7 @@ provider "kubectl" { } provider "azurerm" { - subscription_id = vars.subscription_id + subscription_id = var.subscription_id features {} }