self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-21 01:34:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

helm: Allow probe timeouts to be configurable (buddy merge of #11176) (#11396)

Browse source 
* Allow for probe timeouts to be configurable

When setting up a new Teleport enterprise cluster on GCP,
I noticed that I needed to set the probe timeouts to get the
cluster to be healthy. This seems to be a known issue (https://github.com/kubernetes/kubernetes/issues/89898).

As a "stopgap", I've updated the helm chart to allow for end users
to be able to configure these timeouts.

* Update configuration option name and add documentation

* Update docs/pages/kubernetes-access/helm/reference.mdx

Co-authored-by: Gus Luxton <gus@goteleport.com>

* Add tests for probeTimeoutSeconds

* Add probeTimeoutSeconds to required values

* Add probeTimeoutSeconds to teleport-kube-agent

* Add tests for probeTimeoutSeconds to teleport-kube-agent

* Add probeTimeoutSeconds to teleport-kube-agent reference

Co-authored-by: Hunter Madison <hunter.madison@instana.com>
Co-authored-by: Hunter Madison <hmadison@users.noreply.github.com>
This commit is contained in:
Gus Luxton 2022-03-24 22:56:22 -03:00 committed by GitHub
parent 90a0ff54b9
commit d2a656ef3f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 438 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/pages/kubernetes-access/helm/reference.mdx
View file

@ -16,4 +16,4 @@ Deploy the Teleport Auth Service and Proxy Service on Kubernetes.
Deploy the Teleport Kubernetes Service, Application Service, or Database Service on Kubernetes.
</Tile>
</TileSet>
</TileSet>

22
docs/pages/kubernetes-access/helm/reference/teleport-cluster.mdx
View file

@ -1423,3 +1423,25 @@ Kubernetes PriorityClass to set for pod.
</TabItem>
</Tabs>
## `probeTimeoutSeconds`
| Type | Default value | Can be used in `custom` mode? |
| - | - | - |
| `integer` | `1` | ✅ |
[Kubernetes reference](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
Kubernetes timeouts for the liveness and readiness probes.
<Tabs>
<TabItem label="values.yaml">
```yaml
probeTimeoutSeconds: 5
```
</TabItem>
<TabItem label="--set">
```code
$ --set probeTimeoutSeconds=5
```
</TabItem>
</Tabs>

23
docs/pages/kubernetes-access/helm/reference/teleport-kube-agent.mdx
View file

@ -1332,3 +1332,26 @@ Kubernetes Tolerations to set for pod assignment.
```
</TabItem>
</Tabs>
## `probeTimeoutSeconds`
| Type | Default value |
| - | - |
| `integer` | `1` |
[Kubernetes reference](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
Kubernetes timeouts for the liveness and readiness probes.
<Tabs>
<TabItem label="values.yaml">
```yaml
probeTimeoutSeconds: 5
```
</TabItem>
<TabItem label="--set">
```code
$ --set probeTimeoutSeconds=5
```
</TabItem>
</Tabs>

4
examples/chart/teleport-cluster/.lint/probe-timeout-seconds.yaml Normal file
View file

@ -0,0 +1,4 @@
clusterName: helm-lint
# These are just sample values to test the chart.
# They are not intended to be guidelines or suggestions for running teleport.
probeTimeoutSeconds: 5

2
examples/chart/teleport-cluster/templates/deployment.yaml
View file

@ -129,6 +129,7 @@ spec:
initialDelaySeconds: 5 # wait 5s for agent to start
periodSeconds: 5 # poll health every 5s
failureThreshold: 6 # consider agent unhealthy after 30s (6 * 5s)
timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
readinessProbe:
httpGet:
path: /readyz
@ -136,6 +137,7 @@ spec:
initialDelaySeconds: 5 # wait 5s for agent to register
periodSeconds: 5 # poll health every 5s
failureThreshold: 12 # consider agent unhealthy after 60s (12 * 5s)
timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
{{- if .Values.postStart.command }}
lifecycle:
postStart:

107
examples/chart/teleport-cluster/tests/__snapshot__/deployment_test.yaml.snap
View file

@ -12,6 +12,7 @@ sets Deployment annotations when specified:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -24,6 +25,7 @@ sets Deployment annotations when specified:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -55,6 +57,7 @@ sets Pod annotations when specified:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -67,6 +70,7 @@ sets Pod annotations when specified:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -98,6 +102,7 @@ should add PersistentVolumeClaim as volume when in standalone mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -110,6 +115,7 @@ should add PersistentVolumeClaim as volume when in standalone mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -153,6 +159,7 @@ should add emptyDir for data in AWS mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -165,6 +172,7 @@ should add emptyDir for data in AWS mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -207,6 +215,7 @@ should add emptyDir for data in GCP mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -219,6 +228,7 @@ should add emptyDir for data in GCP mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport-secrets
name: gcp-credentials
@ -252,6 +262,7 @@ should add emptyDir for data in custom mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -264,6 +275,7 @@ should add emptyDir for data in custom mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -295,6 +307,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -307,6 +320,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -338,6 +352,7 @@ should add named PersistentVolumeClaim as volume when in standalone mode and sta
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -350,6 +365,7 @@ should add named PersistentVolumeClaim as volume when in standalone mode and sta
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -381,6 +397,7 @@ should do enterprise things when when enterprise is set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -393,6 +410,7 @@ should do enterprise things when when enterprise is set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /var/lib/license
name: license
@ -430,6 +448,7 @@ should expose diag port:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -442,6 +461,7 @@ should expose diag port:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -485,6 +505,7 @@ should have multiple replicas when replicaCount is set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -497,6 +518,7 @@ should have multiple replicas when replicaCount is set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -539,6 +561,7 @@ should mount ConfigMap for config in AWS mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -551,6 +574,7 @@ should mount ConfigMap for config in AWS mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -593,6 +617,7 @@ should mount ConfigMap for config in GCP mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -605,6 +630,7 @@ should mount ConfigMap for config in GCP mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport-secrets
name: gcp-credentials
@ -638,6 +664,7 @@ should mount ConfigMap for config in custom mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -650,6 +677,7 @@ should mount ConfigMap for config in custom mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -680,6 +708,7 @@ should mount ConfigMap for config in standalone mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -692,6 +721,7 @@ should mount ConfigMap for config in standalone mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -735,6 +765,7 @@ should mount GCP credentials for initContainer in GCP mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -747,6 +778,7 @@ should mount GCP credentials for initContainer in GCP mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport-secrets
name: gcp-credentials
@ -806,6 +838,7 @@ should mount GCP credentials in GCP mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -818,6 +851,7 @@ should mount GCP credentials in GCP mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport-secrets
name: gcp-credentials
@ -863,6 +897,7 @@ should mount TLS certs for initContainer when cert-manager is enabled:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -875,6 +910,7 @@ should mount TLS certs for initContainer when cert-manager is enabled:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport-secrets
name: gcp-credentials
@ -943,6 +979,7 @@ should mount TLS certs when cert-manager is enabled:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -955,6 +992,7 @@ should mount TLS certs when cert-manager is enabled:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport-secrets
name: gcp-credentials
@ -994,6 +1032,7 @@ should mount extraVolumes and extraVolumeMounts:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1006,6 +1045,7 @@ should mount extraVolumes and extraVolumeMounts:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -1042,6 +1082,7 @@ should not do enterprise things when when enterprise is not set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1054,6 +1095,7 @@ should not do enterprise things when when enterprise is not set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -1085,6 +1127,7 @@ should not have more than one replica in standalone mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1097,6 +1140,7 @@ should not have more than one replica in standalone mode:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -1131,6 +1175,7 @@ should provision initContainer correctly when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1143,6 +1188,7 @@ should provision initContainer correctly when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
resources:
limits:
cpu: 2
@ -1208,6 +1254,7 @@ should set affinity when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1220,6 +1267,7 @@ should set affinity when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -1253,6 +1301,7 @@ should set environment when extraEnv set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1265,6 +1314,7 @@ should set environment when extraEnv set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -1296,6 +1346,7 @@ should set imagePullPolicy when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1308,6 +1359,7 @@ should set imagePullPolicy when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -1345,6 +1397,7 @@ should set postStart command if set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1357,6 +1410,7 @@ should set postStart command if set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -1388,6 +1442,7 @@ should set priorityClassName when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1400,6 +1455,7 @@ should set priorityClassName when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -1418,6 +1474,51 @@ should set priorityClassName when set in values:
- name: data
persistentVolumeClaim:
claimName: RELEASE-NAME
should set probeTimeoutSeconds when set in values:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
image: quay.io/gravitational/teleport:10.0.0-dev
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- name: gcp-credentials
secret:
secretName: teleport-gcp-credentials
- configMap:
name: RELEASE-NAME
name: config
- name: data
persistentVolumeClaim:
claimName: RELEASE-NAME
should set required affinity when highAvailability.requireAntiAffinity is set:
1: |
affinity:
@ -1442,6 +1543,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1454,6 +1556,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
@ -1484,6 +1587,7 @@ should set resources when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1496,6 +1600,7 @@ should set resources when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
resources:
limits:
cpu: 2
@ -1546,6 +1651,7 @@ should set tolerations when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1558,6 +1664,7 @@ should set tolerations when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config

13
examples/chart/teleport-cluster/tests/deployment_test.yaml
View file

@ -531,3 +531,16 @@ tests:
value: system-cluster-critical
- matchSnapshot:
path: spec.template.spec
- it: should set probeTimeoutSeconds when set in values
values:
- ../.lint/probe-timeout-seconds.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].livenessProbe.timeoutSeconds
value: 5
- equal:
path: spec.template.spec.containers[0].readinessProbe.timeoutSeconds
value: 5
- matchSnapshot:
path: spec.template.spec

8
examples/chart/teleport-cluster/values.schema.json
View file

@ -19,7 +19,8 @@
"imagePullPolicy",
"initContainers",
"resources",
"tolerations"
"tolerations",
"probeTimeoutSeconds"
],
"properties": {
"clusterName": {
@ -495,6 +496,11 @@
"$id": "#/properties/priorityClassName",
"type": "string",
"default": ""
},
"probeTimeoutSeconds": {
"$id": "#/properties/probeTimeoutSeconds",
"type": "integer",
"default": 1
}
}
}

4
examples/chart/teleport-cluster/values.yaml
View file

@ -270,3 +270,7 @@ priorityClassName: ""
# Tolerations for pod assignment
# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# Timeouts for the readiness and liveness probes
# https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
probeTimeoutSeconds: 1

7
examples/chart/teleport-kube-agent/.lint/probe-timeout-seconds.yaml Normal file
View file

@ -0,0 +1,7 @@
authToken: auth-token
proxyAddr: proxy.example.com:3080
roles: kube
kubeClusterName: test-kube-cluster-name
# These are just sample values to test the chart.
# They are not intended to be guidelines or suggestions for running teleport.
probeTimeoutSeconds: 5

2
examples/chart/teleport-kube-agent/templates/deployment.yaml
View file

@ -139,6 +139,7 @@ spec:
initialDelaySeconds: 5 # wait 5s for agent to start
periodSeconds: 5 # poll health every 5s
failureThreshold: 6 # consider agent unhealthy after 30s (6 * 5s)
timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
readinessProbe:
httpGet:
path: /readyz
@ -146,6 +147,7 @@ spec:
initialDelaySeconds: 5 # wait 5s for agent to register
periodSeconds: 5 # poll health every 5s
failureThreshold: 12 # consider agent unhealthy after 60s (12 * 5s)
timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
{{- if .Values.resources }}
resources:
{{- toYaml .Values.resources | nindent 10 }}

2
examples/chart/teleport-kube-agent/templates/statefulset.yaml
View file

@ -135,6 +135,7 @@ spec:
initialDelaySeconds: 5 # wait 5s for agent to start
periodSeconds: 5 # poll health every 5s
failureThreshold: 6 # consider agent unhealthy after 30s (6 * 5s)
timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
readinessProbe:
httpGet:
path: /readyz
@ -142,6 +143,7 @@ spec:
initialDelaySeconds: 5 # wait 5s for agent to register
periodSeconds: 5 # poll health every 5s
failureThreshold: 12 # consider agent unhealthy after 60s (12 * 5s)
timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
{{- if .Values.resources }}
resources:
{{- toYaml .Values.resources | nindent 10 }}

101
examples/chart/teleport-kube-agent/tests/__snapshot__/deployment_test.yaml.snap
View file

@ -12,6 +12,7 @@ sets Deployment annotations when specified:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -24,6 +25,7 @@ sets Deployment annotations when specified:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -65,6 +67,7 @@ sets Pod annotations when specified:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -77,6 +80,7 @@ sets Pod annotations when specified:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -118,6 +122,7 @@ should add emptyDir for data when existingDataVolume is not set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -130,6 +135,7 @@ should add emptyDir for data when existingDataVolume is not set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -172,6 +178,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -184,6 +191,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -225,6 +233,7 @@ should correctly configure existingDataVolume when set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -237,6 +246,7 @@ should correctly configure existingDataVolume when set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -276,6 +286,7 @@ should expose diag port:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -288,6 +299,7 @@ should expose diag port:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -341,6 +353,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -353,6 +366,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -406,6 +420,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -418,6 +433,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -459,6 +475,7 @@ should have one replica when replicaCount is not set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -471,6 +488,7 @@ should have one replica when replicaCount is not set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -512,6 +530,7 @@ should mount extraVolumes and extraVolumeMounts:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -524,6 +543,7 @@ should mount extraVolumes and extraVolumeMounts:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -570,6 +590,7 @@ should provision initContainer correctly when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -582,6 +603,7 @@ should provision initContainer correctly when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
resources:
limits:
cpu: 2
@ -659,6 +681,7 @@ should set SecurityContext:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -671,6 +694,7 @@ should set SecurityContext:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -732,6 +756,7 @@ should set affinity when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -744,6 +769,7 @@ should set affinity when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -785,6 +811,7 @@ should set default serviceAccountName when not set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -797,6 +824,7 @@ should set default serviceAccountName when not set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -841,6 +869,7 @@ should set environment when extraEnv set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -853,6 +882,7 @@ should set environment when extraEnv set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -894,6 +924,7 @@ should set image and tag correctly:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -906,6 +937,7 @@ should set image and tag correctly:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -947,6 +979,7 @@ should set imagePullPolicy when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -959,6 +992,7 @@ should set imagePullPolicy when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -1000,6 +1034,7 @@ should set nodeSelector if set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1012,6 +1047,7 @@ should set nodeSelector if set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -1067,6 +1103,7 @@ should set preferred affinity when more than one replica is used:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1079,6 +1116,62 @@ should set preferred affinity when more than one replica is used:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set probeTimeoutSeconds when set in values:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
image: quay.io/gravitational/teleport:10.0.0-dev
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -1130,6 +1223,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1142,6 +1236,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -1183,6 +1278,7 @@ should set resources when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1195,6 +1291,7 @@ should set resources when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
resources:
limits:
cpu: 2
@ -1243,6 +1340,7 @@ should set serviceAccountName when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1255,6 +1353,7 @@ should set serviceAccountName when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -1296,6 +1395,7 @@ should set tolerations when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1308,6 +1408,7 @@ should set tolerations when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:

105
examples/chart/teleport-kube-agent/tests/__snapshot__/statefulset_test.yaml.snap
View file

@ -12,6 +12,7 @@ sets Pod annotations when specified:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -24,6 +25,7 @@ sets Pod annotations when specified:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -66,6 +68,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -78,6 +81,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -119,6 +123,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -131,6 +136,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -172,6 +178,7 @@ should add volumeMount for data volume when using StatefulSet:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -184,6 +191,7 @@ should add volumeMount for data volume when using StatefulSet:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -225,6 +233,7 @@ should expose diag port:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -237,6 +246,7 @@ should expose diag port:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -290,6 +300,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -302,6 +313,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -355,6 +367,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -367,6 +380,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -408,6 +422,7 @@ should have one replica when replicaCount is not set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -420,6 +435,7 @@ should have one replica when replicaCount is not set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -461,6 +477,7 @@ should mount extraVolumes and extraVolumeMounts:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -473,6 +490,7 @@ should mount extraVolumes and extraVolumeMounts:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -519,6 +537,7 @@ should not add emptyDir for data when using StatefulSet:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -531,6 +550,7 @@ should not add emptyDir for data when using StatefulSet:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -572,6 +592,7 @@ should provision initContainer correctly when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -584,6 +605,7 @@ should provision initContainer correctly when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
resources:
limits:
cpu: 2
@ -661,6 +683,7 @@ should set SecurityContext:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -673,6 +696,7 @@ should set SecurityContext:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -734,6 +758,7 @@ should set affinity when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -746,6 +771,7 @@ should set affinity when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -787,6 +813,7 @@ should set default serviceAccountName when not set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -799,6 +826,7 @@ should set default serviceAccountName when not set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -843,6 +871,7 @@ should set environment when extraEnv set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -855,6 +884,7 @@ should set environment when extraEnv set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -896,6 +926,7 @@ should set image and tag correctly:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -908,6 +939,7 @@ should set image and tag correctly:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -949,6 +981,7 @@ should set imagePullPolicy when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -961,6 +994,7 @@ should set imagePullPolicy when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -1002,6 +1036,7 @@ should set nodeSelector if set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1014,6 +1049,7 @@ should set nodeSelector if set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -1069,6 +1105,7 @@ should set preferred affinity when more than one replica is used:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1081,6 +1118,62 @@ should set preferred affinity when more than one replica is used:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: RELEASE-NAME-teleport-data
securityContext:
fsGroup: 9807
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
should set probeTimeoutSeconds when set in values:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
image: quay.io/gravitational/teleport:10.0.0-dev
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -1132,6 +1225,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1144,6 +1238,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -1185,6 +1280,7 @@ should set resources when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1197,6 +1293,7 @@ should set resources when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
resources:
limits:
cpu: 2
@ -1245,6 +1342,7 @@ should set serviceAccountName when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1257,6 +1355,7 @@ should set serviceAccountName when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -1298,6 +1397,7 @@ should set storage.requests when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1310,6 +1410,7 @@ should set storage.requests when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -1351,6 +1452,7 @@ should set storage.storageClassName when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1363,6 +1465,7 @@ should set storage.storageClassName when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -1404,6 +1507,7 @@ should set tolerations when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
@ -1416,6 +1520,7 @@ should set tolerations when set in values:
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:

13
examples/chart/teleport-kube-agent/tests/deployment_test.yaml
View file

@ -347,3 +347,16 @@ tests:
value: RELEASE-NAME
- matchSnapshot:
path: spec.template.spec
- it: should set probeTimeoutSeconds when set in values
values:
- ../.lint/probe-timeout-seconds.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].livenessProbe.timeoutSeconds
value: 5
- equal:
path: spec.template.spec.containers[0].readinessProbe.timeoutSeconds
value: 5
- matchSnapshot:
path: spec.template.spec

14
examples/chart/teleport-kube-agent/tests/statefulset_test.yaml
View file

@ -367,3 +367,17 @@ tests:
value: RELEASE-NAME
- matchSnapshot:
path: spec.template.spec
- it: should set probeTimeoutSeconds when set in values
values:
- ../.lint/stateful.yaml
- ../.lint/probe-timeout-seconds.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].livenessProbe.timeoutSeconds
value: 5
- equal:
path: spec.template.spec.containers[0].readinessProbe.timeoutSeconds
value: 5
- matchSnapshot:
path: spec.template.spec

8
examples/chart/teleport-kube-agent/values.schema.json
View file

@ -27,7 +27,8 @@
"imagePullPolicy",
"initContainers",
"resources",
"tolerations"
"tolerations",
"probeTimeoutSeconds"
],
"properties": {
"authToken": {
@ -328,6 +329,11 @@
"$id": "#/properties/tolerations",
"type": "array",
"default": []
},
"probeTimeoutSeconds": {
"$id": "#/properties/probeTimeoutSeconds",
"type": "integer",
"default": 1
}
}
}

4
examples/chart/teleport-kube-agent/values.yaml
View file

@ -217,3 +217,7 @@ resources: {}
# Tolerations for pod assignment
# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# Timeouts for the readiness and liveness probes
# https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
probeTimeoutSeconds: 1