jonny/charts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
master
charts/teleport-kube-agent-13.3.8/tests/__snapshot__/deployment_test.yaml.snap
Jonny Ervine b76e232ac2 Add teleport agent update
2024-08-15 22:45:43 +08:00

1951 lines
50 KiB
Plaintext
Raw Permalink Blame History

sets Deployment annotations when specified if action is Upgrade:
1: |
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kubernetes.io/deployment: test-annotation
kubernetes.io/deployment-different: 3
labels:
app: RELEASE-NAME
name: RELEASE-NAME
namespace: NAMESPACE
spec:
replicas: 1
selector:
matchLabels:
app: RELEASE-NAME
template:
metadata:
annotations:
checksum/config: 80088923d2d7ce4344db0f2174d29d7cfb2d599424adfabf6f6818a9434794ca
kubernetes.io/pod: test-annotation
kubernetes.io/pod-different: 4
labels:
app: RELEASE-NAME
spec:
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
sets Deployment labels when specified if action is Upgrade:
1: |
replicas: 1
selector:
matchLabels:
app: RELEASE-NAME
template:
metadata:
annotations:
checksum/config: db49feab9b174f73188febc30d2b01d27b16e5a76b586c6e87e6e62eb43620a2
labels:
app: RELEASE-NAME
app.kubernetes.io/name: teleport-kube-agent
resource: pod
spec:
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
sets Pod annotations when specified if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
sets Pod labels when specified if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
sets by default a container security context if action is Upgrade:
1: |
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
2: |
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
should add emptyDir for data when existingDataVolume is not set if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should add insecureSkipProxyTLSVerify to args when set in values if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
- --insecure
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should correctly configure existingDataVolume when set if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: teleport-kube-agent-data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
should expose diag port if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should have multiple replicas when replicaCount is set (using .replicaCount, deprecated) if action is Upgrade:
1: |
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- RELEASE-NAME
topologyKey: kubernetes.io/hostname
weight: 50
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should have multiple replicas when replicaCount is set (using highAvailability.replicaCount) if action is Upgrade:
1: |
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- RELEASE-NAME
topologyKey: kubernetes.io/hostname
weight: 50
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should have one replica when replicaCount is not set if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should mount extraVolumes and extraVolumeMounts if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
- mountPath: /path/to/mount
name: my-mount
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
- name: my-mount
secret:
secretName: mySecret
should mount tls.existingCASecretName and set environment when set in values if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
- mountPath: /etc/teleport-tls-ca
name: teleport-tls-ca
readOnly: true
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
- name: teleport-tls-ca
secret:
secretName: helm-lint-existing-tls-secret-ca
should mount tls.existingCASecretName and set extra environment when set in values if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
- mountPath: /etc/teleport-tls-ca
name: teleport-tls-ca
readOnly: true
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
- name: teleport-tls-ca
secret:
secretName: helm-lint-existing-tls-secret-ca
should provision initContainer correctly when set in values if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
resources:
limits:
cpu: 2
memory: 4Gi
requests:
cpu: 1
memory: 2Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
initContainers:
- args:
- echo test
image: alpine
name: teleport-init
resources:
limits:
cpu: 2
memory: 4Gi
requests:
cpu: 1
memory: 2Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set SecurityContext if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set affinity when set in values if action is Upgrade:
1: |
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: gravitational.io/dedicated
operator: In
values:
- teleport
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- teleport
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set default serviceAccountName when not set in values if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set dnsConfig when set in values if action is Upgrade:
1: |
nameservers:
- 1.2.3.4
options:
- name: ndots
value: "2"
- name: edns0
searches:
- ns1.svc.cluster-domain.example
- my.dns.search.suffix
should set environment when extraEnv set in values if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
- name: HTTPS_PROXY
value: http://username:password@my.proxy.host:3128
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set image and tag correctly if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:12.2.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set imagePullPolicy when set in values if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: Always
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set nodeSelector if set in values if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
nodeSelector:
gravitational.io/k8s-role: node
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set not set priorityClassName when not set in values if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set preferred affinity when more than one replica is used if action is Upgrade:
1: |
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- RELEASE-NAME
topologyKey: kubernetes.io/hostname
weight: 50
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set priorityClassName when set in values if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
priorityClassName: teleport-kube-agent
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set probeTimeoutSeconds when set in values if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set required affinity when highAvailability.requireAntiAffinity is set if action is Upgrade:
1: |
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- RELEASE-NAME
topologyKey: kubernetes.io/hostname
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set resources when set in values if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
resources:
limits:
cpu: 2
memory: 4Gi
requests:
cpu: 1
memory: 2Gi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set serviceAccountName when set in values if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: teleport-kube-agent-sa
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
should set tolerations when set in values if action is Upgrade:
1: |
containers:
- args:
- --diag-addr=0.0.0.0:3000
env:
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
value: "true"
image: public.ecr.aws/gravitational/teleport-distroless:13.3.8
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 9807
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /etc/teleport-secrets
name: auth-token
readOnly: true
- mountPath: /var/lib/teleport
name: data
serviceAccountName: RELEASE-NAME
tolerations:
- effect: NoExecute
key: dedicated
operator: Equal
value: teleport
- effect: NoSchedule
key: dedicated
operator: Equal
value: teleport
volumes:
- configMap:
name: RELEASE-NAME
name: config
- name: auth-token
secret:
secretName: teleport-kube-agent-join-token
- emptyDir: {}
name: data
Reference in New Issue View Git Blame Copy Permalink