generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version < 14.0.0 and ingress.enabled is not set: 1: | |- auth_service: enabled: false proxy_service: enabled: true kube_listen_addr: 0.0.0.0:3026 listen_addr: 0.0.0.0:3023 mysql_listen_addr: 0.0.0.0:3036 public_addr: helm-test.example.com:443 tunnel_listen_addr: 0.0.0.0:3024 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version < 14.0.0 and ingress.enabled=true: 1: | |- auth_service: enabled: false proxy_service: enabled: true public_addr: helm-test.example.com:443 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 generates a config WITHOUT proxy_service.trust_x_forwarded_for=true when version >=14.0.0 and ingress.enabled is not set: 1: | |- auth_service: enabled: false proxy_service: enabled: true kube_listen_addr: 0.0.0.0:3026 listen_addr: 0.0.0.0:3023 mysql_listen_addr: 0.0.0.0:3036 public_addr: helm-test.example.com:443 tunnel_listen_addr: 0.0.0.0:3024 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 generates a config with a clusterName containing a regular string: 1: | |- auth_service: enabled: false proxy_service: enabled: true kube_listen_addr: 0.0.0.0:3026 listen_addr: 0.0.0.0:3023 mysql_listen_addr: 0.0.0.0:3036 public_addr: helm-test.example.com:443 tunnel_listen_addr: 0.0.0.0:3024 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 generates a config with proxy_service.trust_x_forwarded_for=true when version = 14.0.0-rc.1 and ingress.enabled=true: 1: | |- auth_service: enabled: false proxy_service: enabled: true public_addr: helm-test.example.com:443 trust_x_forwarded_for: true ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 generates a config with proxy_service.trust_x_forwarded_for=true when version >=14.0.0 and ingress.enabled=true: 1: | |- auth_service: enabled: false proxy_service: enabled: true public_addr: helm-test.example.com:443 trust_x_forwarded_for: true ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for acme-on.yaml: 1: | |- auth_service: enabled: false proxy_service: acme: email: test@email.com enabled: true enabled: true kube_listen_addr: 0.0.0.0:3026 listen_addr: 0.0.0.0:3023 mysql_listen_addr: 0.0.0.0:3036 public_addr: test-acme-cluster:443 tunnel_listen_addr: 0.0.0.0:3024 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for acme-uri-staging.yaml: 1: | |- auth_service: enabled: false proxy_service: acme: email: test@email.com enabled: true uri: https://acme-staging-v02.api.letsencrypt.org/directory enabled: true kube_listen_addr: 0.0.0.0:3026 listen_addr: 0.0.0.0:3023 mysql_listen_addr: 0.0.0.0:3036 public_addr: test-acme-cluster:443 tunnel_listen_addr: 0.0.0.0:3024 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for aws-ha-acme.yaml: 1: | |- auth_service: enabled: false proxy_service: enabled: true https_keypairs: - cert_file: /etc/teleport-tls/tls.crt key_file: /etc/teleport-tls/tls.key https_keypairs_reload_interval: 12h kube_listen_addr: 0.0.0.0:3026 listen_addr: 0.0.0.0:3023 mysql_listen_addr: 0.0.0.0:3036 public_addr: test-aws-cluster:443 tunnel_listen_addr: 0.0.0.0:3024 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for existing-tls-secret.yaml: 1: | |- auth_service: enabled: false proxy_service: enabled: true https_keypairs: - cert_file: /etc/teleport-tls/tls.crt key_file: /etc/teleport-tls/tls.key https_keypairs_reload_interval: 12h kube_listen_addr: 0.0.0.0:3026 listen_addr: 0.0.0.0:3023 mysql_listen_addr: 0.0.0.0:3036 public_addr: test-cluster-name:443 tunnel_listen_addr: 0.0.0.0:3024 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for log-basic.yaml: 1: | |- auth_service: enabled: false proxy_service: enabled: true kube_listen_addr: 0.0.0.0:3026 listen_addr: 0.0.0.0:3023 mysql_listen_addr: 0.0.0.0:3036 public_addr: test-log-cluster:443 tunnel_listen_addr: 0.0.0.0:3024 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: json output: stderr severity: INFO version: v3 matches snapshot for log-extra.yaml: 1: | |- auth_service: enabled: false proxy_service: enabled: true kube_listen_addr: 0.0.0.0:3026 listen_addr: 0.0.0.0:3023 mysql_listen_addr: 0.0.0.0:3036 public_addr: test-log-cluster:443 tunnel_listen_addr: 0.0.0.0:3024 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - level - timestamp - component - caller output: json output: /var/lib/teleport/test.log severity: DEBUG version: v3 matches snapshot for proxy-listener-mode-multiplex.yaml: 1: | |- auth_service: enabled: false proxy_service: enabled: true public_addr: test-proxy-listener-mode:443 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for proxy-listener-mode-separate.yaml: 1: | |- auth_service: enabled: false proxy_service: enabled: true kube_listen_addr: 0.0.0.0:3026 listen_addr: 0.0.0.0:3023 mysql_listen_addr: 0.0.0.0:3036 public_addr: test-proxy-listener-mode:443 tunnel_listen_addr: 0.0.0.0:3024 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for public-addresses.yaml: 1: | |- auth_service: enabled: false proxy_service: enabled: true kube_listen_addr: 0.0.0.0:3026 kube_public_addr: - loadbalancer.example.com:3026 listen_addr: 0.0.0.0:3023 mongo_listen_addr: 0.0.0.0:27017 mongo_public_addr: - loadbalancer.example.com:27017 mysql_listen_addr: 0.0.0.0:3036 mysql_public_addr: - loadbalancer.example.com:3036 postgres_listen_addr: 0.0.0.0:5432 postgres_public_addr: - loadbalancer.example.com:5432 public_addr: - loadbalancer.example.com:443 ssh_public_addr: - loadbalancer.example.com:3023 tunnel_listen_addr: 0.0.0.0:3024 tunnel_public_addr: - loadbalancer.example.com:3024 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for separate-mongo-listener.yaml: 1: | |- auth_service: enabled: false proxy_service: enabled: true kube_listen_addr: 0.0.0.0:3026 listen_addr: 0.0.0.0:3023 mongo_listen_addr: 0.0.0.0:27017 mongo_public_addr: helm-lint:27017 mysql_listen_addr: 0.0.0.0:3036 public_addr: helm-lint:443 tunnel_listen_addr: 0.0.0.0:3024 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 matches snapshot for separate-postgres-listener.yaml: 1: | |- auth_service: enabled: false proxy_service: enabled: true kube_listen_addr: 0.0.0.0:3026 listen_addr: 0.0.0.0:3023 mysql_listen_addr: 0.0.0.0:3036 postgres_listen_addr: 0.0.0.0:5432 postgres_public_addr: helm-lint:5432 public_addr: helm-lint:443 tunnel_listen_addr: 0.0.0.0:3024 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.cluster.local:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 sets clusterDomain on Configmap: 1: | apiVersion: v1 data: teleport.yaml: |- auth_service: enabled: false proxy_service: enabled: true kube_listen_addr: 0.0.0.0:3026 listen_addr: 0.0.0.0:3023 mysql_listen_addr: 0.0.0.0:3036 public_addr: teleport.example.com:443 tunnel_listen_addr: 0.0.0.0:3024 ssh_service: enabled: false teleport: auth_server: RELEASE-NAME-auth.NAMESPACE.svc.test.com:3025 join_params: method: kubernetes token_name: RELEASE-NAME-proxy log: format: extra_fields: - timestamp - level - component - caller output: text output: stderr severity: INFO version: v3 kind: ConfigMap metadata: labels: app.kubernetes.io/component: proxy app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: teleport-cluster app.kubernetes.io/version: 17.4.9 helm.sh/chart: teleport-cluster-17.4.9 teleport.dev/majorVersion: "17" name: RELEASE-NAME-proxy namespace: NAMESPACE