* feat(helm): add priorityClassName and extraLabels to kube-agent
Signed-off-by: Roman Tkachenko <roman@goteleport.com>
Co-authored-by: daquinoaldo <aldd@bendingspoons.com>
Updates the Terraform getting started guide to reflect the use of a
custome provider registry:
* Removes the now-superfluous installation step
* Updates examples to reflect actual location of terraform provider
Most of the changes are related to the strictness of TF v0.12
https://www.terraform.io/language/upgrade-guides/0-12
> Due to the design of the configuration language decoder in
> Terraform v0.11 and earlier, it was in many cases possible to
> interchange the argument syntax (with =) and the block syntax
> (with just braces) when dealing with map arguments vs. nested
> blocks. However, this led to some subtle bugs and limitations,
> so Terraform v0.12 now requires consistent usage of argument
> syntax for arguments and nested block syntax for nested blocks.
This commit validates both examples against Terraform 1
The min terraform version is going to be updated to 1.0.0
https://github.com/gravitational/teleport/pull/11650Fixes#11652
* examples/chart/teleport-cluster/templates/deployment.yaml: set strategy to 'Recreate' if chartMode is 'standalone' (fixes#11484)
Signed-off-by: Johannes Kastl <kastl@b1-systems.de>
* examples/chart/teleport-cluster/tests/deployment_test.yaml: add test for strategy in standalone mode
Signed-off-by: Johannes Kastl <kastl@b1-systems.de>
* update examples/chart/teleport-cluster/tests/__snapshot__/deployment_test.yaml.snap after running local tests
Co-authored-by: Johannes Kastl <kastl@b1-systems.de>
* Allow for probe timeouts to be configurable
When setting up a new Teleport enterprise cluster on GCP,
I noticed that I needed to set the probe timeouts to get the
cluster to be healthy. This seems to be a known issue (https://github.com/kubernetes/kubernetes/issues/89898).
As a "stopgap", I've updated the helm chart to allow for end users
to be able to configure these timeouts.
* Update configuration option name and add documentation
* Update docs/pages/kubernetes-access/helm/reference.mdx
Co-authored-by: Gus Luxton <gus@goteleport.com>
* Add tests for probeTimeoutSeconds
* Add probeTimeoutSeconds to required values
* Add probeTimeoutSeconds to teleport-kube-agent
* Add tests for probeTimeoutSeconds to teleport-kube-agent
* Add probeTimeoutSeconds to teleport-kube-agent reference
Co-authored-by: Hunter Madison <hunter.madison@instana.com>
Co-authored-by: Hunter Madison <hmadison@users.noreply.github.com>
* helm: Update NOTES.txt for AWS ACM
* Add support for separate Postgres/MongoDB listeners in teleport-cluster chart
* Special case backend listener protocol based on presence of ACM annotation
* Add tests for separate listeners
* Add tests for ACM annotation setting backend protocol
* Don't add AWS annotations when not in AWS mode
* Adds for separatePostgresListener/separateMongoListener
Also adds missing example for setitng proxyListenerMode
* Add continuous backups permission to DynamoDB policy
Fixes#11411
https://github.com/gravitational/teleport/pull/10817 states in the docs that the default for `authenticationSecondFactor.secondfactor` is `otp`, but it didn't actually update the values.yaml file to make this change the default. This PR addresses that mistake and brings the chart in-line with the docs.
See #10633
Terraform Provider guide
- Add tabbed prerequisites so users only see information relevant to
their scopes.
- Add the impersonation section as an H3 rather than an Admonition. If
users are learning how to use our Terraform provider, they likely
will not have enabled impersonation for the Terraform user, and would
always need to read the Admonition, so this would work better as an
H3.
- Add a scoped Notice indicating which address to use for the cluster
address in the sample Terraform config.
Fluentd plugin guide
- Add tabbed instructions for users of different scopes.
- Move the impersonation Admonition to an H3 so readers can configure
impersonation without running into an error.
- Misc clarity/style edits.
Certificate Authority Rotation
- Add tabbed prerequisites so users of one scope don't see information
intended for other scopes.
* POC for Helm unit tests
This uses https://github.com/vbehar/helm3-unittest to define
expectations of our helm templates
* Test that enterprise is configured correctly
* Added tests for teleport-cluster
* Added tests for teleport-kube-agent
* Removed tests for teleport chart
* Add tests for teleport-cluster Deployment
* Run shorter tests first
* Fix Docker plugin installation and add update-helm-snapshots target
* Add README
* Fix lint syntax error and add some missing linters
* Add missing ImagePullPolicy to Deployment and StatefulSet
* Add Deployment tests for teleport-kube-agent
* Fix replicaCount logic
* Add clarification to values
* Add StatefulSet suite for teleport-kube-agent
* Update snapshots after merge with master
* Helm tests are quicker than bash tests
* Add tests for extraEnv
* Random space
* Tidy up formatting of multiple tests
* [debug] List helm plugins and directories
* Special case Helm linting when running in CI
* Make trailing line breaks consistent
* Special case Helm linting when running in CI
* Add contribution guidelines for Helm charts
* Add contribution guidelines to READMEs
* Deprecate old charts
* Typo
* Spacing
* Clarification
* Update examples/chart/CONTRIBUTING.md
* Don't erroneously set extraEnv for initContainers
* Rename update-helm-snapshots -> test-helm-update-snapshots for clarity
Co-authored-by: Gus Luxton <gus@goteleport.com>
Co-authored-by: Roman Tkachenko <roman@goteleport.com>
* helm: Adds extraArgs and extraEnv to teleport-kube-agent
These were present in teleport-cluster but not teleport-kube-agent. This PR fixes that.
* Line breaks
* Also add to StatefulSet
* Add plugin setup instructions for cloud users
- Turn the identity file export and RBAC instructions into
includes, since these instructions are the same for each
plugin.
- Change the tab set re: an impersonation role to a detail box
scoped to cloud users.
- Add separate example config files for cloud and self-hosted
deployments of each plugin.
- Misc. changes for clarity
Fixes#8936
* Respond to PR feedback
Also make minor stylistic tweaks
* Respond to PR feedback with stylistic tweaks