114 lines
3.7 KiB
YAML
114 lines
3.7 KiB
YAML
##################################################
|
|
# Values that must always be provided by the user.
|
|
##################################################
|
|
|
|
clusterName: "teleport.ervine.cloud"
|
|
kubeClusterName: "homeK8s"
|
|
|
|
##################################################
|
|
# Values that you may need to change.
|
|
##################################################
|
|
|
|
proxyListenerMode: "multiplex"
|
|
operator:
|
|
enabled: true
|
|
image: public.ecr.aws/gravitational/teleport-operator
|
|
resources: {}
|
|
# requests:
|
|
# cpu: "0.5"
|
|
# memory: "1Gi"
|
|
# limits:
|
|
# memory: "1Gi"
|
|
joinMethod: "kubernetes"
|
|
token: "teleport-operator"
|
|
# This is needed to have a sensible name and predictable service account name.
|
|
nameOverride: operator
|
|
|
|
proxy:
|
|
teleportConfig:
|
|
teleport:
|
|
storage:
|
|
type: "s3"
|
|
bucket: "teleport-sessions"
|
|
region: "us-east-1"
|
|
endpoint: "https://block.ervine.cloud"
|
|
credentials:
|
|
accessKeyId: "qY6$2AokP6%si8FdCaytoX8v"
|
|
secretAccessKey: "Q6VBQ3b2MZGi4nqGVPVGQTkrLrxYZtk"
|
|
|
|
auth:
|
|
extraEnv:
|
|
- name: TELEPORT_STORAGE_URI_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: teleport-postgres-credentials
|
|
key: cluster-state-uri
|
|
- name: TELEPORT_AUDIT_EVENTS_URI_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: teleport-postgres-credentials
|
|
key: audit-events-uri
|
|
teleportConfig:
|
|
teleport:
|
|
storage:
|
|
type: postgres
|
|
conn_string: postgres://teleport:DmUVPLxNggZq2fE9bCW96meF@icarus.ipa.champion:5432/teleport_cluster_state
|
|
audit_events_uri:
|
|
- postgres://teleport:DmUVPLxNggZq2fE9bCW96meF@icarus.ipa.champion:5432/teleport_cluster_state
|
|
|
|
podSecurityPolicy:
|
|
enabled: false
|
|
podMonitor:
|
|
enabled: true
|
|
additionalLabels:
|
|
prometheus: k8s
|
|
|
|
######################################################################
|
|
# Persistence settings (only used in "standalone" and "scratch" modes)
|
|
# NOTE: Changes in Kubernetes 1.23+ mean that persistent volumes will not automatically be provisioned in AWS EKS clusters
|
|
# without additional configuration. See https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html for more details.
|
|
# This driver addon must be configured to use persistent volumes in EKS clusters after Kubernetes 1.23.
|
|
######################################################################
|
|
persistence:
|
|
# Enable persistence using a PersistentVolumeClaim
|
|
enabled: false
|
|
# Leave blank to automatically create a PersistentVolumeClaim for Teleport storage.
|
|
# If you would like to use a pre-existing PersistentVolumeClaim, put its name here.
|
|
existingClaimName: ""
|
|
# Size of persistent volume to request when created by Teleport.
|
|
# Ignored if existingClaimName is provided.
|
|
volumeSize: 10Gi
|
|
|
|
highAvailability:
|
|
replicaCount: 1
|
|
requireAntiAffinity: true
|
|
# If enabled will create a Pod Disruption Budget
|
|
podDisruptionBudget:
|
|
enabled: false
|
|
minAvailable: 1
|
|
certManager:
|
|
enabled: true
|
|
addCommonName: false
|
|
addPublicAddrs: false
|
|
issuerName: "letsencrypt-prod"
|
|
issuerKind: ClusterIssuer
|
|
|
|
##################################
|
|
# Extra Kubernetes configuration #
|
|
##################################
|
|
|
|
annotations:
|
|
ingress:
|
|
kubernetes.io/ingress.class: nginx
|
|
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
|
|
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
|
|
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
|
|
nginx.ingress.kubernetes.io/affinity: "cookie"
|
|
nginx.ingress.kubernetes.io/session-cookie-name: "http-cookie"
|
|
nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
|
|
nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
|
|
service:
|
|
type: ClusterIP
|
|
ingress:
|
|
enabled: true
|