################################################## # Values that must always be provided by the user. ################################################## clusterName: "teleport.ervine.cloud" kubeClusterName: "homeK8s" ################################################## # Values that you may need to change. ################################################## proxyListenerMode: "multiplex" operator: enabled: true image: public.ecr.aws/gravitational/teleport-operator resources: {} # requests: # cpu: "0.5" # memory: "1Gi" # limits: # memory: "1Gi" joinMethod: "kubernetes" token: "teleport-operator" # This is needed to have a sensible name and predictable service account name. nameOverride: operator proxy: teleportConfig: teleport: storage: type: "s3" bucket: "teleport-sessions" region: "us-east-1" endpoint: "https://block.ervine.cloud" credentials: accessKeyId: "qY6$2AokP6%si8FdCaytoX8v" secretAccessKey: "Q6VBQ3b2MZGi4nqGVPVGQTkrLrxYZtk" auth: extraEnv: - name: TELEPORT_STORAGE_URI_SECRET valueFrom: secretKeyRef: name: teleport-postgres-credentials key: cluster-state-uri - name: TELEPORT_AUDIT_EVENTS_URI_SECRET valueFrom: secretKeyRef: name: teleport-postgres-credentials key: audit-events-uri teleportConfig: teleport: storage: type: postgres audit_sessions_uri: s3://teleport-sessions?region=us-east-1&endpoint=block.ervine.cloud conn_string: postgres://teleport:DmUVPLxNggZq2fE9bCW96meF@icarus.ipa.champion:5433/teleport_cluster_state audit_events_uri: - postgres://teleport:DmUVPLxNggZq2fE9bCW96meF@icarus.ipa.champion:5433/teleport_cluster_state podSecurityPolicy: enabled: false podMonitor: enabled: true additionalLabels: prometheus: k8s ###################################################################### # Persistence settings (only used in "standalone" and "scratch" modes) # NOTE: Changes in Kubernetes 1.23+ mean that persistent volumes will not automatically be provisioned in AWS EKS clusters # without additional configuration. See https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html for more details. # This driver addon must be configured to use persistent volumes in EKS clusters after Kubernetes 1.23. ###################################################################### persistence: # Enable persistence using a PersistentVolumeClaim enabled: false # Leave blank to automatically create a PersistentVolumeClaim for Teleport storage. # If you would like to use a pre-existing PersistentVolumeClaim, put its name here. existingClaimName: "" # Size of persistent volume to request when created by Teleport. # Ignored if existingClaimName is provided. volumeSize: 10Gi highAvailability: replicaCount: 1 requireAntiAffinity: true # If enabled will create a Pod Disruption Budget podDisruptionBudget: enabled: false minAvailable: 1 certManager: enabled: true addCommonName: true addPublicAddrs: true issuerName: "letsencrypt-prod" issuerKind: ClusterIssuer ################################## # Extra Kubernetes configuration # ################################## annotations: ingress: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" nginx.ingress.kubernetes.io/affinity: "cookie" nginx.ingress.kubernetes.io/session-cookie-name: "http-cookie" nginx.ingress.kubernetes.io/session-cookie-expires: "172800" nginx.ingress.kubernetes.io/session-cookie-max-age: "172800" service: type: ClusterIP ingress: enabled: true