Proxy Version Endpoint configuration #38034
programmerq
started this conversation in
Show and tell
Replies: 1 comment 1 reply
-
Is this available in the Community version as well? |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Instead of using the upstream
updates.releases.teleport.dev
endpoint or hosting your own, you can configure the Teleport Proxy to host version endpoint channels. This was added in #36220. At the time of writing, Teleport 14.3.4 15.0.1 are the current versions of Teleport, and they support this feature.To configure automatic upgrade channels, modifications must be made to the proxy_service section of the Teleport configuration file (teleport.yaml). The configuration allows specifying multiple channels, each with its own version and criticality settings.
This Discussion will follow the structure of https://goteleport.com/docs/upgrading/self-hosted-automatic-agent-updates/ but share specific information about any deviations.
Step 1/5 - Configure Teleport Proxy to serve channels
This step replaces Step 1/5. Create release channel files in the upstream document.
Edit your Teleport Proxy teleport.yaml file. In the
proxy_service
section, define your release channels. You can define more than one channel if desired.Restart your proxies.
Test the channel by navigating to the
default
version endpoint for your channel:You can define multiple channels. Defining a
default
channel will be required in the future, so it is shown here. The original guide shows a channel name calledcurrent
. Other valid names includestable/v14
,stable/v15
, etc.Step 2/5.
Skip the upstream Step 2/5. Create a Terraform configuration step, as it is unnecessary when using an in-proxy version endpoint.
Step 3/5. Configure the maintenance schedule
Follow the upstream guide Step 3/5. Configure the maintenance schedule. No changes are needed!
Step 4/5. Enroll Kubernetes agents in automatic upgrades
Follow the upstream Step 4/5. Enroll Kubernetes agents in automatic upgrades
versionServer:
value will behttps://<proxy_url>/v1/webapi/automaticupgrades/channel
releaseChannel:
value will correspond to the channel name you picked in Step 1/5.default
is the value in this example guide.Step 5/5. Enroll Linux agents in automatic upgrades
Follow the upstream Step 5/5. Enroll Linux agents in automatic upgrades
In the "Configure the upgrader" section,
version-server-url/path
value will be<proxy_url>/v1/webapi/automaticupgrades/channel
. Do not includehttps://
release-channel:
value will correspond to the channel name you picked in Step 1/5.default
is the value in this example guide.Appendix
teleport.yaml
Syntax ReferenceThe
automatic_upgrades_channels
configuration is a map where each entrycorresponds to a channel with specific versioning and criticality settings.
Below is the structure of the channel configuration:
Additional note
Unlike in Teleport Cloud, It is necessary to specifically configure your upgrades with a self-hosted proxy version endpoint.
In a Teleport Cloud environment, the auto upgrader will use
https://<teleport_proxy>/v1/webapi/automaticupgrades/channel/stable/cloud
when it detects that theproxy_server
value as seen in/etc/teleport.yaml
is a cloud endpoint.edit: use
default
for the channel name throughout the guide. minor changes in YAML reference section.Beta Was this translation helpful? Give feedback.
All reactions