Teleport 7.0 is a major release of Teleport that contains new features, improvements, and bug fixes.
New Features
MongoDB
Added support for MongoDB to Teleport Database Access. #6600.
View the Database Access with MongoDB for more details.
Cloud SQL MySQL
Added support for GCP Cloud SQL MySQL to Teleport Database Access. #7302
View the Cloud SQL MySQL guide for more details.
AWS Console
Added support for AWS Console to Teleport Application Access. #7590
Teleport Application Access can now automatically sign users into the AWS Management Console using Identity federation. View AWS Management Console guide for more details.
Restricted Sessions
Added the ability to block network traffic (IPv4 and IPv6) on a per-SSH session basis. Implemented using BPF tooling which required kernel 5.8 or above. #7099
Enhanced Session Recording
Updated Enhanced Session Recording to no longer require the installation of external compilers like bcc-tools
. Implemented using BPF tooling which required kernel 5.8 or above. #6027
Improvements
- Added the ability to terminate Database Access certificates when the certificate expires. #5476
- Added additional FedRAMP compliance controls, such as custom disconnect and MOTD messages. #6091 #7396
- Added the ability to export Audit Log and session recordings using the Teleport API. #6731 #7360
- Added the ability to partially configure a cluster. #5857 RFD #28
- Added the ability to disable port forwarding on a per-host basis. #6989
- Added ability to configure
tsh
home directory. #7035 - Added ability to generate OpenSSH client configuration snippets using
tsh config
. #7437 - Added default-port detection to
tsh
#6374 - Improved performance of the Web UI for users with many roles. #7588
Fixes
- Fixed a memory leak that could affect etcd users. #7631
- Fixed an issue where
tsh login
could fail if the user had multiple public addresses defined on the proxy. #7368
Breaking Changes
Enhanced Session Recording
Enhanced Session Recording has been updated to use CO-RE BPF executables. This makes deployment much simpler, you no longer have to install bcc-tools
, but comes with a higher minimum kernel version of 5.8 and above. #6027
Kubernetes Access
Kubernetes Access will no longer automatically register a cluster named after the Teleport cluster if the proxy is running within a Kubernetes cluster. Users wishing to retain this functionality now have to explicitly set kube_cluster_name
. #6786
tsh
tsh login
has been updated to no longer change the current Kubernetes context. While tsh login
will write credentials to kubeconfig
it will only update your context if tsh login --kube-cluster
or tsh kube login <kubeCluster>
is used. #6045
Download
Download the current and previous releases of Teleport at https://gravitational.com/teleport/download.