jonny/charts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3e500a8fb5
charts/teleport-kube-agent/templates/_config.tpl
Jonny Ervine b76e232ac2 Add teleport agent update
2024-08-15 22:45:43 +08:00

148 lines
5.9 KiB
Smarty
Raw Blame History

{{- define "teleport-kube-agent.config" -}}
{{- $logLevel := (coalesce .Values.logLevel .Values.log.level "INFO") -}}
{{- $appRolePresent := contains "app" (.Values.roles | toString) -}}
{{- $discoveryEnabled := contains "discovery" (.Values.roles | toString) -}}
{{- $appDiscoveryEnabled := and ($appRolePresent) ($discoveryEnabled) -}}
{{- if (ge (include "teleport-kube-agent.version" . | semver).Major 11) }}
version: v3
{{- end }}
teleport:
join_params:
method: "{{ .Values.joinParams.method }}"
token_name: "/etc/teleport-secrets/auth-token"
{{- if (ge (include "teleport-kube-agent.version" . | semver).Major 11) }}
proxy_server: {{ required "proxyAddr is required in chart values" .Values.proxyAddr }}
{{- else }}
auth_servers: ["{{ required "proxyAddr is required in chart values" .Values.proxyAddr }}"]
{{- end }}
{{- if .Values.caPin }}
ca_pin: {{- toYaml .Values.caPin | nindent 4 }}
{{- end }}
log:
severity: {{ $logLevel }}
output: {{ .Values.log.output }}
format:
output: {{ .Values.log.format }}
extra_fields: {{ .Values.log.extraFields | toJson }}
kubernetes_service:
{{- if or (contains "kube" (.Values.roles | toString)) (empty .Values.roles) }}
enabled: true
kube_cluster_name: {{ required "kubeClusterName is required in chart values when kube role is enabled, see README" .Values.kubeClusterName }}
{{- if .Values.labels }}
labels: {{- toYaml .Values.labels | nindent 4 }}
{{- end }}
{{- else }}
enabled: false
{{- end }}
{{- if and (or (.Values.apps) (.Values.appResources)) (not ($appRolePresent)) }}
{{- fail "app role should be enabled if one of 'apps' or 'appResources' is set, see README" }}
{{- end }}
app_service:
{{- if $appRolePresent }}
{{- if not (or (.Values.apps) (.Values.appResources) ($appDiscoveryEnabled)) }}
{{- fail "app service is enabled, but no application source is enabled. You must either statically define apps through `apps`, dynamically through `appResources`, or enable in-cluster discovery." }}
{{- end }}
enabled: true
{{- if .Values.apps }}
{{- range $app := .Values.apps }}
{{- if not (hasKey $app "name") }}
{{- fail "'name' is required for all 'apps' in chart values when app role is enabled, see README" }}
{{- end }}
{{- if not (hasKey $app "uri") }}
{{- fail "'uri' is required for all 'apps' in chart values when app role is enabled, see README" }}
{{- end }}
{{- end }}
apps:
{{- toYaml .Values.apps | nindent 4 }}
{{- end }}
resources:
{{- if .Values.appResources }}
{{- toYaml .Values.appResources | nindent 4 }}
{{- end }}
{{- if $appDiscoveryEnabled }}
- labels:
"teleport.dev/kubernetes-cluster": "{{ required "kubeClusterName is required in chart values when kube or discovery role is enabled, see README" .Values.kubeClusterName }}"
"teleport.dev/origin": "discovery-kubernetes"
{{- end }}
{{- else }}
enabled: false
{{- end }}
db_service:
{{- if contains "db" (.Values.roles | toString) }}
enabled: true
{{- if not (or (.Values.awsDatabases) (.Values.azureDatabases) (.Values.databases) (.Values.databaseResources)) }}
{{- fail "at least one of 'awsDatabases', 'azureDatabases', 'databases' or 'databaseResources' is required in chart values when db role is enabled, see README" }}
{{- end }}
{{- if .Values.awsDatabases }}
aws:
{{- range $awsDb := .Values.awsDatabases }}
{{- if not (hasKey $awsDb "types") }}
{{- fail "'types' is required for all 'awsDatabases' in chart values when key is set and db role is enabled, see README" }}
{{- end }}
{{- if not (hasKey $awsDb "regions") }}
{{- fail "'regions' is required for all 'awsDatabases' in chart values when key is set and db role is enabled, see README" }}
{{- end }}
{{- if not (hasKey $awsDb "tags") }}
{{- fail "'tags' is required for all 'awsDatabases' in chart values when key is set and db role is enabled, see README" }}
{{- end }}
{{- end }}
{{- toYaml .Values.awsDatabases | nindent 4 }}
{{- end }}
{{- if .Values.azureDatabases }}
azure:
{{- toYaml .Values.azureDatabases | nindent 4 }}
{{- end}}
{{- if .Values.databases }}
databases:
{{- range $db := .Values.databases }}
{{- if not (hasKey $db "name") }}
{{- fail "'name' is required for all 'databases' in chart values when db role is enabled, see README" }}
{{- end }}
{{- if not (hasKey $db "uri") }}
{{- fail "'uri' is required for all 'databases' is required in chart values when db role is enabled, see README" }}
{{- end }}
{{- if not (hasKey $db "protocol") }}
{{- fail "'protocol' is required for all 'databases' in chart values when db role is enabled, see README" }}
{{- end }}
{{- end }}
{{- toYaml .Values.databases | nindent 4 }}
{{- end }}
{{- if .Values.databaseResources }}
resources:
{{- toYaml .Values.databaseResources | nindent 4 }}
{{- end }}
{{- else }}
enabled: false
{{- end }}
discovery_service:
{{- if $discoveryEnabled }}
enabled: true
discovery_group: {{ required "kubeClusterName is required in chart values when kube or discovery role is enabled, see README" .Values.kubeClusterName }}
kubernetes: {{- toYaml .Values.kubernetesDiscovery | nindent 4 }}
{{- else }}
enabled: false
{{- end }}
jamf_service:
{{- if contains "jamf" (.Values.roles | toString) }}
enabled: true
api_endpoint: {{ required "jamfApiEndpoint is required in chart values when jamf role is enabled, see README" .Values.jamfApiEndpoint }}
client_id: {{ required "jamfClientId is required in chart values when jamf role is enabled, see README" .Values.jamfClientId }}
client_secret_file: "/etc/teleport-jamf-api-credentials/credential"
{{- else }}
enabled: false
{{- end }}
auth_service:
enabled: false
ssh_service:
enabled: false
proxy_service:
enabled: false
{{- end -}}
Reference in New Issue View Git Blame Copy Permalink