mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 01:34:01 +00:00
* Allow for probe timeouts to be configurable When setting up a new Teleport enterprise cluster on GCP, I noticed that I needed to set the probe timeouts to get the cluster to be healthy. This seems to be a known issue (https://github.com/kubernetes/kubernetes/issues/89898). As a "stopgap", I've updated the helm chart to allow for end users to be able to configure these timeouts. * Update configuration option name and add documentation * Update docs/pages/kubernetes-access/helm/reference.mdx Co-authored-by: Gus Luxton <gus@goteleport.com> * Add tests for probeTimeoutSeconds * Add probeTimeoutSeconds to required values * Add probeTimeoutSeconds to teleport-kube-agent * Add tests for probeTimeoutSeconds to teleport-kube-agent * Add probeTimeoutSeconds to teleport-kube-agent reference Co-authored-by: Hunter Madison <hunter.madison@instana.com> Co-authored-by: Hunter Madison <hmadison@users.noreply.github.com>
This commit is contained in:
parent
90a0ff54b9
commit
d2a656ef3f
|
@ -16,4 +16,4 @@ Deploy the Teleport Auth Service and Proxy Service on Kubernetes.
|
|||
Deploy the Teleport Kubernetes Service, Application Service, or Database Service on Kubernetes.
|
||||
|
||||
</Tile>
|
||||
</TileSet>
|
||||
</TileSet>
|
||||
|
|
|
@ -1423,3 +1423,25 @@ Kubernetes PriorityClass to set for pod.
|
|||
</TabItem>
|
||||
</Tabs>
|
||||
|
||||
## `probeTimeoutSeconds`
|
||||
|
||||
| Type | Default value | Can be used in `custom` mode? |
|
||||
| - | - | - |
|
||||
| `integer` | `1` | ✅ |
|
||||
|
||||
[Kubernetes reference](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
|
||||
|
||||
Kubernetes timeouts for the liveness and readiness probes.
|
||||
|
||||
<Tabs>
|
||||
<TabItem label="values.yaml">
|
||||
```yaml
|
||||
probeTimeoutSeconds: 5
|
||||
```
|
||||
</TabItem>
|
||||
<TabItem label="--set">
|
||||
```code
|
||||
$ --set probeTimeoutSeconds=5
|
||||
```
|
||||
</TabItem>
|
||||
</Tabs>
|
||||
|
|
|
@ -1332,3 +1332,26 @@ Kubernetes Tolerations to set for pod assignment.
|
|||
```
|
||||
</TabItem>
|
||||
</Tabs>
|
||||
|
||||
## `probeTimeoutSeconds`
|
||||
|
||||
| Type | Default value |
|
||||
| - | - |
|
||||
| `integer` | `1` |
|
||||
|
||||
[Kubernetes reference](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
|
||||
|
||||
Kubernetes timeouts for the liveness and readiness probes.
|
||||
|
||||
<Tabs>
|
||||
<TabItem label="values.yaml">
|
||||
```yaml
|
||||
probeTimeoutSeconds: 5
|
||||
```
|
||||
</TabItem>
|
||||
<TabItem label="--set">
|
||||
```code
|
||||
$ --set probeTimeoutSeconds=5
|
||||
```
|
||||
</TabItem>
|
||||
</Tabs>
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
clusterName: helm-lint
|
||||
# These are just sample values to test the chart.
|
||||
# They are not intended to be guidelines or suggestions for running teleport.
|
||||
probeTimeoutSeconds: 5
|
|
@ -129,6 +129,7 @@ spec:
|
|||
initialDelaySeconds: 5 # wait 5s for agent to start
|
||||
periodSeconds: 5 # poll health every 5s
|
||||
failureThreshold: 6 # consider agent unhealthy after 30s (6 * 5s)
|
||||
timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /readyz
|
||||
|
@ -136,6 +137,7 @@ spec:
|
|||
initialDelaySeconds: 5 # wait 5s for agent to register
|
||||
periodSeconds: 5 # poll health every 5s
|
||||
failureThreshold: 12 # consider agent unhealthy after 60s (12 * 5s)
|
||||
timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
|
||||
{{- if .Values.postStart.command }}
|
||||
lifecycle:
|
||||
postStart:
|
||||
|
|
|
@ -12,6 +12,7 @@ sets Deployment annotations when specified:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -24,6 +25,7 @@ sets Deployment annotations when specified:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -55,6 +57,7 @@ sets Pod annotations when specified:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -67,6 +70,7 @@ sets Pod annotations when specified:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -98,6 +102,7 @@ should add PersistentVolumeClaim as volume when in standalone mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -110,6 +115,7 @@ should add PersistentVolumeClaim as volume when in standalone mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -153,6 +159,7 @@ should add emptyDir for data in AWS mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -165,6 +172,7 @@ should add emptyDir for data in AWS mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -207,6 +215,7 @@ should add emptyDir for data in GCP mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -219,6 +228,7 @@ should add emptyDir for data in GCP mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport-secrets
|
||||
name: gcp-credentials
|
||||
|
@ -252,6 +262,7 @@ should add emptyDir for data in custom mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -264,6 +275,7 @@ should add emptyDir for data in custom mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -295,6 +307,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -307,6 +320,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -338,6 +352,7 @@ should add named PersistentVolumeClaim as volume when in standalone mode and sta
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -350,6 +365,7 @@ should add named PersistentVolumeClaim as volume when in standalone mode and sta
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -381,6 +397,7 @@ should do enterprise things when when enterprise is set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -393,6 +410,7 @@ should do enterprise things when when enterprise is set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /var/lib/license
|
||||
name: license
|
||||
|
@ -430,6 +448,7 @@ should expose diag port:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -442,6 +461,7 @@ should expose diag port:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -485,6 +505,7 @@ should have multiple replicas when replicaCount is set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -497,6 +518,7 @@ should have multiple replicas when replicaCount is set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -539,6 +561,7 @@ should mount ConfigMap for config in AWS mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -551,6 +574,7 @@ should mount ConfigMap for config in AWS mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -593,6 +617,7 @@ should mount ConfigMap for config in GCP mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -605,6 +630,7 @@ should mount ConfigMap for config in GCP mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport-secrets
|
||||
name: gcp-credentials
|
||||
|
@ -638,6 +664,7 @@ should mount ConfigMap for config in custom mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -650,6 +677,7 @@ should mount ConfigMap for config in custom mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -680,6 +708,7 @@ should mount ConfigMap for config in standalone mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -692,6 +721,7 @@ should mount ConfigMap for config in standalone mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -735,6 +765,7 @@ should mount GCP credentials for initContainer in GCP mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -747,6 +778,7 @@ should mount GCP credentials for initContainer in GCP mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport-secrets
|
||||
name: gcp-credentials
|
||||
|
@ -806,6 +838,7 @@ should mount GCP credentials in GCP mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -818,6 +851,7 @@ should mount GCP credentials in GCP mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport-secrets
|
||||
name: gcp-credentials
|
||||
|
@ -863,6 +897,7 @@ should mount TLS certs for initContainer when cert-manager is enabled:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -875,6 +910,7 @@ should mount TLS certs for initContainer when cert-manager is enabled:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport-secrets
|
||||
name: gcp-credentials
|
||||
|
@ -943,6 +979,7 @@ should mount TLS certs when cert-manager is enabled:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -955,6 +992,7 @@ should mount TLS certs when cert-manager is enabled:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport-secrets
|
||||
name: gcp-credentials
|
||||
|
@ -994,6 +1032,7 @@ should mount extraVolumes and extraVolumeMounts:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1006,6 +1045,7 @@ should mount extraVolumes and extraVolumeMounts:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -1042,6 +1082,7 @@ should not do enterprise things when when enterprise is not set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1054,6 +1095,7 @@ should not do enterprise things when when enterprise is not set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -1085,6 +1127,7 @@ should not have more than one replica in standalone mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1097,6 +1140,7 @@ should not have more than one replica in standalone mode:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -1131,6 +1175,7 @@ should provision initContainer correctly when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1143,6 +1188,7 @@ should provision initContainer correctly when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
resources:
|
||||
limits:
|
||||
cpu: 2
|
||||
|
@ -1208,6 +1254,7 @@ should set affinity when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1220,6 +1267,7 @@ should set affinity when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -1253,6 +1301,7 @@ should set environment when extraEnv set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1265,6 +1314,7 @@ should set environment when extraEnv set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -1296,6 +1346,7 @@ should set imagePullPolicy when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1308,6 +1359,7 @@ should set imagePullPolicy when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -1345,6 +1397,7 @@ should set postStart command if set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1357,6 +1410,7 @@ should set postStart command if set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -1388,6 +1442,7 @@ should set priorityClassName when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1400,6 +1455,7 @@ should set priorityClassName when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -1418,6 +1474,51 @@ should set priorityClassName when set in values:
|
|||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: RELEASE-NAME
|
||||
should set probeTimeoutSeconds when set in values:
|
||||
1: |
|
||||
containers:
|
||||
- args:
|
||||
- --diag-addr=0.0.0.0:3000
|
||||
image: quay.io/gravitational/teleport:10.0.0-dev
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
failureThreshold: 6
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 5
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
name: diag
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 12
|
||||
httpGet:
|
||||
path: /readyz
|
||||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 5
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
readOnly: true
|
||||
- mountPath: /var/lib/teleport
|
||||
name: data
|
||||
serviceAccountName: RELEASE-NAME
|
||||
volumes:
|
||||
- name: gcp-credentials
|
||||
secret:
|
||||
secretName: teleport-gcp-credentials
|
||||
- configMap:
|
||||
name: RELEASE-NAME
|
||||
name: config
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: RELEASE-NAME
|
||||
should set required affinity when highAvailability.requireAntiAffinity is set:
|
||||
1: |
|
||||
affinity:
|
||||
|
@ -1442,6 +1543,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1454,6 +1556,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
@ -1484,6 +1587,7 @@ should set resources when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1496,6 +1600,7 @@ should set resources when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
resources:
|
||||
limits:
|
||||
cpu: 2
|
||||
|
@ -1546,6 +1651,7 @@ should set tolerations when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1558,6 +1664,7 @@ should set tolerations when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
|
|
|
@ -531,3 +531,16 @@ tests:
|
|||
value: system-cluster-critical
|
||||
- matchSnapshot:
|
||||
path: spec.template.spec
|
||||
|
||||
- it: should set probeTimeoutSeconds when set in values
|
||||
values:
|
||||
- ../.lint/probe-timeout-seconds.yaml
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].livenessProbe.timeoutSeconds
|
||||
value: 5
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].readinessProbe.timeoutSeconds
|
||||
value: 5
|
||||
- matchSnapshot:
|
||||
path: spec.template.spec
|
||||
|
|
|
@ -19,7 +19,8 @@
|
|||
"imagePullPolicy",
|
||||
"initContainers",
|
||||
"resources",
|
||||
"tolerations"
|
||||
"tolerations",
|
||||
"probeTimeoutSeconds"
|
||||
],
|
||||
"properties": {
|
||||
"clusterName": {
|
||||
|
@ -495,6 +496,11 @@
|
|||
"$id": "#/properties/priorityClassName",
|
||||
"type": "string",
|
||||
"default": ""
|
||||
},
|
||||
"probeTimeoutSeconds": {
|
||||
"$id": "#/properties/probeTimeoutSeconds",
|
||||
"type": "integer",
|
||||
"default": 1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -270,3 +270,7 @@ priorityClassName: ""
|
|||
# Tolerations for pod assignment
|
||||
# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
tolerations: []
|
||||
|
||||
# Timeouts for the readiness and liveness probes
|
||||
# https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
|
||||
probeTimeoutSeconds: 1
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
authToken: auth-token
|
||||
proxyAddr: proxy.example.com:3080
|
||||
roles: kube
|
||||
kubeClusterName: test-kube-cluster-name
|
||||
# These are just sample values to test the chart.
|
||||
# They are not intended to be guidelines or suggestions for running teleport.
|
||||
probeTimeoutSeconds: 5
|
|
@ -139,6 +139,7 @@ spec:
|
|||
initialDelaySeconds: 5 # wait 5s for agent to start
|
||||
periodSeconds: 5 # poll health every 5s
|
||||
failureThreshold: 6 # consider agent unhealthy after 30s (6 * 5s)
|
||||
timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /readyz
|
||||
|
@ -146,6 +147,7 @@ spec:
|
|||
initialDelaySeconds: 5 # wait 5s for agent to register
|
||||
periodSeconds: 5 # poll health every 5s
|
||||
failureThreshold: 12 # consider agent unhealthy after 60s (12 * 5s)
|
||||
timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
|
||||
{{- if .Values.resources }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 10 }}
|
||||
|
|
|
@ -135,6 +135,7 @@ spec:
|
|||
initialDelaySeconds: 5 # wait 5s for agent to start
|
||||
periodSeconds: 5 # poll health every 5s
|
||||
failureThreshold: 6 # consider agent unhealthy after 30s (6 * 5s)
|
||||
timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /readyz
|
||||
|
@ -142,6 +143,7 @@ spec:
|
|||
initialDelaySeconds: 5 # wait 5s for agent to register
|
||||
periodSeconds: 5 # poll health every 5s
|
||||
failureThreshold: 12 # consider agent unhealthy after 60s (12 * 5s)
|
||||
timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
|
||||
{{- if .Values.resources }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 10 }}
|
||||
|
|
|
@ -12,6 +12,7 @@ sets Deployment annotations when specified:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -24,6 +25,7 @@ sets Deployment annotations when specified:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -65,6 +67,7 @@ sets Pod annotations when specified:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -77,6 +80,7 @@ sets Pod annotations when specified:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -118,6 +122,7 @@ should add emptyDir for data when existingDataVolume is not set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -130,6 +135,7 @@ should add emptyDir for data when existingDataVolume is not set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -172,6 +178,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -184,6 +191,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -225,6 +233,7 @@ should correctly configure existingDataVolume when set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -237,6 +246,7 @@ should correctly configure existingDataVolume when set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -276,6 +286,7 @@ should expose diag port:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -288,6 +299,7 @@ should expose diag port:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -341,6 +353,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -353,6 +366,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -406,6 +420,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -418,6 +433,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -459,6 +475,7 @@ should have one replica when replicaCount is not set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -471,6 +488,7 @@ should have one replica when replicaCount is not set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -512,6 +530,7 @@ should mount extraVolumes and extraVolumeMounts:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -524,6 +543,7 @@ should mount extraVolumes and extraVolumeMounts:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -570,6 +590,7 @@ should provision initContainer correctly when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -582,6 +603,7 @@ should provision initContainer correctly when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
resources:
|
||||
limits:
|
||||
cpu: 2
|
||||
|
@ -659,6 +681,7 @@ should set SecurityContext:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -671,6 +694,7 @@ should set SecurityContext:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -732,6 +756,7 @@ should set affinity when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -744,6 +769,7 @@ should set affinity when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -785,6 +811,7 @@ should set default serviceAccountName when not set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -797,6 +824,7 @@ should set default serviceAccountName when not set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -841,6 +869,7 @@ should set environment when extraEnv set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -853,6 +882,7 @@ should set environment when extraEnv set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -894,6 +924,7 @@ should set image and tag correctly:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -906,6 +937,7 @@ should set image and tag correctly:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -947,6 +979,7 @@ should set imagePullPolicy when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -959,6 +992,7 @@ should set imagePullPolicy when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -1000,6 +1034,7 @@ should set nodeSelector if set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1012,6 +1047,7 @@ should set nodeSelector if set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -1067,6 +1103,7 @@ should set preferred affinity when more than one replica is used:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1079,6 +1116,62 @@ should set preferred affinity when more than one replica is used:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 9807
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
readOnly: true
|
||||
- mountPath: /etc/teleport-secrets
|
||||
name: auth-token
|
||||
readOnly: true
|
||||
- mountPath: /var/lib/teleport
|
||||
name: data
|
||||
serviceAccountName: RELEASE-NAME
|
||||
volumes:
|
||||
- configMap:
|
||||
name: RELEASE-NAME
|
||||
name: config
|
||||
- name: auth-token
|
||||
secret:
|
||||
secretName: teleport-kube-agent-join-token
|
||||
- emptyDir: {}
|
||||
name: data
|
||||
should set probeTimeoutSeconds when set in values:
|
||||
1: |
|
||||
containers:
|
||||
- args:
|
||||
- --diag-addr=0.0.0.0:3000
|
||||
image: quay.io/gravitational/teleport:10.0.0-dev
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
failureThreshold: 6
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 5
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
name: diag
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 12
|
||||
httpGet:
|
||||
path: /readyz
|
||||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 5
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -1130,6 +1223,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1142,6 +1236,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -1183,6 +1278,7 @@ should set resources when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1195,6 +1291,7 @@ should set resources when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
resources:
|
||||
limits:
|
||||
cpu: 2
|
||||
|
@ -1243,6 +1340,7 @@ should set serviceAccountName when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1255,6 +1353,7 @@ should set serviceAccountName when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -1296,6 +1395,7 @@ should set tolerations when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1308,6 +1408,7 @@ should set tolerations when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
|
|
@ -12,6 +12,7 @@ sets Pod annotations when specified:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -24,6 +25,7 @@ sets Pod annotations when specified:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -66,6 +68,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -78,6 +81,7 @@ should add insecureSkipProxyTLSVerify to args when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -119,6 +123,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -131,6 +136,7 @@ should add volumeClaimTemplate for data volume when using StatefulSet:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -172,6 +178,7 @@ should add volumeMount for data volume when using StatefulSet:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -184,6 +191,7 @@ should add volumeMount for data volume when using StatefulSet:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -225,6 +233,7 @@ should expose diag port:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -237,6 +246,7 @@ should expose diag port:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -290,6 +300,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -302,6 +313,7 @@ should have multiple replicas when replicaCount is set (using .replicaCount, dep
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -355,6 +367,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -367,6 +380,7 @@ should have multiple replicas when replicaCount is set (using highAvailability.r
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -408,6 +422,7 @@ should have one replica when replicaCount is not set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -420,6 +435,7 @@ should have one replica when replicaCount is not set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -461,6 +477,7 @@ should mount extraVolumes and extraVolumeMounts:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -473,6 +490,7 @@ should mount extraVolumes and extraVolumeMounts:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -519,6 +537,7 @@ should not add emptyDir for data when using StatefulSet:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -531,6 +550,7 @@ should not add emptyDir for data when using StatefulSet:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -572,6 +592,7 @@ should provision initContainer correctly when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -584,6 +605,7 @@ should provision initContainer correctly when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
resources:
|
||||
limits:
|
||||
cpu: 2
|
||||
|
@ -661,6 +683,7 @@ should set SecurityContext:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -673,6 +696,7 @@ should set SecurityContext:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -734,6 +758,7 @@ should set affinity when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -746,6 +771,7 @@ should set affinity when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -787,6 +813,7 @@ should set default serviceAccountName when not set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -799,6 +826,7 @@ should set default serviceAccountName when not set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -843,6 +871,7 @@ should set environment when extraEnv set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -855,6 +884,7 @@ should set environment when extraEnv set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -896,6 +926,7 @@ should set image and tag correctly:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -908,6 +939,7 @@ should set image and tag correctly:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -949,6 +981,7 @@ should set imagePullPolicy when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -961,6 +994,7 @@ should set imagePullPolicy when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -1002,6 +1036,7 @@ should set nodeSelector if set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1014,6 +1049,7 @@ should set nodeSelector if set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -1069,6 +1105,7 @@ should set preferred affinity when more than one replica is used:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1081,6 +1118,62 @@ should set preferred affinity when more than one replica is used:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 9807
|
||||
volumeMounts:
|
||||
- mountPath: /etc/teleport
|
||||
name: config
|
||||
readOnly: true
|
||||
- mountPath: /etc/teleport-secrets
|
||||
name: auth-token
|
||||
readOnly: true
|
||||
- mountPath: /var/lib/teleport
|
||||
name: RELEASE-NAME-teleport-data
|
||||
securityContext:
|
||||
fsGroup: 9807
|
||||
serviceAccountName: RELEASE-NAME
|
||||
volumes:
|
||||
- configMap:
|
||||
name: RELEASE-NAME
|
||||
name: config
|
||||
- name: auth-token
|
||||
secret:
|
||||
secretName: teleport-kube-agent-join-token
|
||||
should set probeTimeoutSeconds when set in values:
|
||||
1: |
|
||||
containers:
|
||||
- args:
|
||||
- --diag-addr=0.0.0.0:3000
|
||||
image: quay.io/gravitational/teleport:10.0.0-dev
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
failureThreshold: 6
|
||||
httpGet:
|
||||
path: /readyz
|
||||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 5
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
name: diag
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 12
|
||||
httpGet:
|
||||
path: /readyz
|
||||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 5
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -1132,6 +1225,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1144,6 +1238,7 @@ should set required affinity when highAvailability.requireAntiAffinity is set:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -1185,6 +1280,7 @@ should set resources when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1197,6 +1293,7 @@ should set resources when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
resources:
|
||||
limits:
|
||||
cpu: 2
|
||||
|
@ -1245,6 +1342,7 @@ should set serviceAccountName when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1257,6 +1355,7 @@ should set serviceAccountName when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -1298,6 +1397,7 @@ should set storage.requests when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1310,6 +1410,7 @@ should set storage.requests when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -1351,6 +1452,7 @@ should set storage.storageClassName when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1363,6 +1465,7 @@ should set storage.storageClassName when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
@ -1404,6 +1507,7 @@ should set tolerations when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
name: teleport
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
|
@ -1416,6 +1520,7 @@ should set tolerations when set in values:
|
|||
port: diag
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
|
|
|
@ -347,3 +347,16 @@ tests:
|
|||
value: RELEASE-NAME
|
||||
- matchSnapshot:
|
||||
path: spec.template.spec
|
||||
|
||||
- it: should set probeTimeoutSeconds when set in values
|
||||
values:
|
||||
- ../.lint/probe-timeout-seconds.yaml
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].livenessProbe.timeoutSeconds
|
||||
value: 5
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].readinessProbe.timeoutSeconds
|
||||
value: 5
|
||||
- matchSnapshot:
|
||||
path: spec.template.spec
|
||||
|
|
|
@ -367,3 +367,17 @@ tests:
|
|||
value: RELEASE-NAME
|
||||
- matchSnapshot:
|
||||
path: spec.template.spec
|
||||
|
||||
- it: should set probeTimeoutSeconds when set in values
|
||||
values:
|
||||
- ../.lint/stateful.yaml
|
||||
- ../.lint/probe-timeout-seconds.yaml
|
||||
asserts:
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].livenessProbe.timeoutSeconds
|
||||
value: 5
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].readinessProbe.timeoutSeconds
|
||||
value: 5
|
||||
- matchSnapshot:
|
||||
path: spec.template.spec
|
||||
|
|
|
@ -27,7 +27,8 @@
|
|||
"imagePullPolicy",
|
||||
"initContainers",
|
||||
"resources",
|
||||
"tolerations"
|
||||
"tolerations",
|
||||
"probeTimeoutSeconds"
|
||||
],
|
||||
"properties": {
|
||||
"authToken": {
|
||||
|
@ -328,6 +329,11 @@
|
|||
"$id": "#/properties/tolerations",
|
||||
"type": "array",
|
||||
"default": []
|
||||
},
|
||||
"probeTimeoutSeconds": {
|
||||
"$id": "#/properties/probeTimeoutSeconds",
|
||||
"type": "integer",
|
||||
"default": 1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -217,3 +217,7 @@ resources: {}
|
|||
# Tolerations for pod assignment
|
||||
# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
tolerations: []
|
||||
|
||||
# Timeouts for the readiness and liveness probes
|
||||
# https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
|
||||
probeTimeoutSeconds: 1
|
||||
|
|
Loading…
Reference in a new issue