jonny/charts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3892f5af72
charts/teleport-cluster-15.0.1/tests/__snapshot__/proxy_deployment_test.yaml.snap

496 lines
12 KiB
Plaintext
Raw Blame History

should provision initContainer correctly when set in values:
1: |
- command:
- teleport
- wait
- no-resolve
- RELEASE-NAME-auth-v14.NAMESPACE.svc.cluster.local
image: public.ecr.aws/gravitational/teleport-distroless:15.0.1
name: wait-auth-update
- args:
- echo test
image: alpine
name: teleport-init
resources:
limits:
cpu: 2
memory: 4Gi
requests:
cpu: 1
memory: 2Gi
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /var/lib/teleport
name: data
- args:
- echo test2
image: alpine
name: teleport-init2
resources:
limits:
cpu: 2
memory: 4Gi
requests:
cpu: 1
memory: 2Gi
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /var/lib/teleport
name: data
should set affinity when set in values:
1: |
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: gravitational.io/dedicated
operator: In
values:
- teleport
should set imagePullSecrets when set in values:
1: |
- name: myRegistryKeySecretName
should set nodeSelector when set in values:
1: |
affinity:
podAntiAffinity: null
automountServiceAccountToken: false
containers:
- args:
- --diag-addr=0.0.0.0:3000
image: public.ecr.aws/gravitational/teleport-distroless:15.0.1
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- teleport
- wait
- duration
- 30s
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3080
name: tls
protocol: TCP
- containerPort: 3023
name: sshproxy
protocol: TCP
- containerPort: 3024
name: sshtun
protocol: TCP
- containerPort: 3026
name: kube
protocol: TCP
- containerPort: 3036
name: mysql
protocol: TCP
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /var/lib/teleport
name: data
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: proxy-serviceaccount-token
readOnly: true
initContainers:
- command:
- teleport
- wait
- no-resolve
- RELEASE-NAME-auth-v14.NAMESPACE.svc.cluster.local
image: public.ecr.aws/gravitational/teleport-distroless:15.0.1
name: wait-auth-update
nodeSelector:
environment: security
role: bastion
serviceAccountName: RELEASE-NAME-proxy
terminationGracePeriodSeconds: 60
volumes:
- name: proxy-serviceaccount-token
projected:
sources:
- serviceAccountToken:
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.namespace
path: namespace
- configMap:
name: RELEASE-NAME-proxy
name: config
- emptyDir: {}
name: data
should set required affinity when highAvailability.requireAntiAffinity is set:
1: |
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- RELEASE-NAME
- key: app.kubernetes.io/component
operator: In
values:
- proxy
topologyKey: kubernetes.io/hostname
should set resources when set in values:
1: |
affinity:
podAntiAffinity: null
automountServiceAccountToken: false
containers:
- args:
- --diag-addr=0.0.0.0:3000
image: public.ecr.aws/gravitational/teleport-distroless:15.0.1
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- teleport
- wait
- duration
- 30s
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3080
name: tls
protocol: TCP
- containerPort: 3023
name: sshproxy
protocol: TCP
- containerPort: 3024
name: sshtun
protocol: TCP
- containerPort: 3026
name: kube
protocol: TCP
- containerPort: 3036
name: mysql
protocol: TCP
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
resources:
limits:
cpu: 2
memory: 4Gi
requests:
cpu: 1
memory: 2Gi
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /var/lib/teleport
name: data
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: proxy-serviceaccount-token
readOnly: true
initContainers:
- command:
- teleport
- wait
- no-resolve
- RELEASE-NAME-auth-v14.NAMESPACE.svc.cluster.local
image: public.ecr.aws/gravitational/teleport-distroless:15.0.1
name: wait-auth-update
serviceAccountName: RELEASE-NAME-proxy
terminationGracePeriodSeconds: 60
volumes:
- name: proxy-serviceaccount-token
projected:
sources:
- serviceAccountToken:
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.namespace
path: namespace
- configMap:
name: RELEASE-NAME-proxy
name: config
- emptyDir: {}
name: data
should set securityContext for initContainers when set in values:
1: |
affinity:
podAntiAffinity: null
automountServiceAccountToken: false
containers:
- args:
- --diag-addr=0.0.0.0:3000
image: public.ecr.aws/gravitational/teleport-distroless:15.0.1
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- teleport
- wait
- duration
- 30s
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3080
name: tls
protocol: TCP
- containerPort: 3023
name: sshproxy
protocol: TCP
- containerPort: 3024
name: sshtun
protocol: TCP
- containerPort: 3026
name: kube
protocol: TCP
- containerPort: 3036
name: mysql
protocol: TCP
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 99
runAsNonRoot: true
runAsUser: 99
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /var/lib/teleport
name: data
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: proxy-serviceaccount-token
readOnly: true
initContainers:
- command:
- teleport
- wait
- no-resolve
- RELEASE-NAME-auth-v14.NAMESPACE.svc.cluster.local
image: public.ecr.aws/gravitational/teleport-distroless:15.0.1
name: wait-auth-update
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 99
runAsNonRoot: true
runAsUser: 99
serviceAccountName: RELEASE-NAME-proxy
terminationGracePeriodSeconds: 60
volumes:
- name: proxy-serviceaccount-token
projected:
sources:
- serviceAccountToken:
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.namespace
path: namespace
- configMap:
name: RELEASE-NAME-proxy
name: config
- emptyDir: {}
name: data
should set securityContext when set in values:
1: |
affinity:
podAntiAffinity: null
automountServiceAccountToken: false
containers:
- args:
- --diag-addr=0.0.0.0:3000
image: public.ecr.aws/gravitational/teleport-distroless:15.0.1
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- teleport
- wait
- duration
- 30s
livenessProbe:
failureThreshold: 6
httpGet:
path: /healthz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
name: teleport
ports:
- containerPort: 3080
name: tls
protocol: TCP
- containerPort: 3023
name: sshproxy
protocol: TCP
- containerPort: 3024
name: sshtun
protocol: TCP
- containerPort: 3026
name: kube
protocol: TCP
- containerPort: 3036
name: mysql
protocol: TCP
- containerPort: 3000
name: diag
protocol: TCP
readinessProbe:
failureThreshold: 12
httpGet:
path: /readyz
port: diag
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 99
runAsNonRoot: true
runAsUser: 99
volumeMounts:
- mountPath: /etc/teleport
name: config
readOnly: true
- mountPath: /var/lib/teleport
name: data
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: proxy-serviceaccount-token
readOnly: true
initContainers:
- command:
- teleport
- wait
- no-resolve
- RELEASE-NAME-auth-v14.NAMESPACE.svc.cluster.local
image: public.ecr.aws/gravitational/teleport-distroless:15.0.1
name: wait-auth-update
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 99
runAsNonRoot: true
runAsUser: 99
serviceAccountName: RELEASE-NAME-proxy
terminationGracePeriodSeconds: 60
volumes:
- name: proxy-serviceaccount-token
projected:
sources:
- serviceAccountToken:
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
fieldPath: metadata.namespace
path: namespace
- configMap:
name: RELEASE-NAME-proxy
name: config
- emptyDir: {}
name: data
should set tolerations when set in values:
1: |
- effect: NoExecute
key: dedicated
operator: Equal
value: teleport
- effect: NoSchedule
key: dedicated
operator: Equal
value: teleport
Reference in New Issue View Git Blame Copy Permalink