Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Helm release teleport-kube-agent to v16.4.12 #74

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update Helm release teleport-kube-agent to v16.4.12 #74

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 4 additions & 12 deletions helm/teleport-kube-agent/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,9 @@
apiVersion: v2
name: teleport-kube-agent
version: [[ .Version ]]
appVersion: 16.1.7
appVersion: 16.4.12
description: Teleport provides a secure SSH, Kubernetes, database and application
remote access solution that doesn't get in the way.
icon: https://s.giantswarm.io/app-icons/teleport/1/light.png
type: application
sources:
- https://github.com/gravitational/teleport
icon: https://goteleport.com/static/teleport-symbol-bimi.svg
keywords:
- Teleport
annotations:
application.giantswarm.io/team: shield
maintainers:
- name: giantswarm/team-shield
email: [email protected]
name: teleport-kube-agent
version: 16.4.12
4 changes: 0 additions & 4 deletions helm/teleport-kube-agent/ci/ci-values.yaml
View file
Open in desktop

This file was deleted.

10 changes: 10 additions & 0 deletions helm/teleport-kube-agent/templates/_config.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,16 @@ discovery_service:
enabled: false
{{- end }}

jamf_service:
{{- if contains "jamf" (.Values.roles | toString) }}
enabled: true
api_endpoint: {{ required "jamfApiEndpoint is required in chart values when jamf role is enabled, see README" .Values.jamfApiEndpoint }}
client_id: {{ required "jamfClientId is required in chart values when jamf role is enabled, see README" .Values.jamfClientId }}
client_secret_file: "/etc/teleport-jamf-api-credentials/credential"
{{- else }}
enabled: false
{{- end }}

auth_service:
enabled: false
ssh_service:
Expand Down
12 changes: 2 additions & 10 deletions helm/teleport-kube-agent/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,26 +33,18 @@ if serviceAccount is not defined or serviceAccount.name is empty, use .Release.N
{{- if .Values.teleportVersionOverride -}}
{{- .Values.teleportVersionOverride -}}
{{- else -}}
{{- .Chart.AppVersion -}}
{{- .Chart.Version -}}
{{- end -}}
{{- end -}}

{{- define "teleport-kube-agent.baseImage" -}}
{{- if .Values.enterprise -}}
{{- .Values.enterpriseImage -}}
{{- else -}}
{{- .Values.image.repository -}}
{{- .Values.image -}}
{{- end -}}
{{- end -}}

{{- define "teleport-kube-agent.image" -}}
{{ include "teleport-kube-agent.baseImage" . }}:{{ include "teleport-kube-agent.version" . }}
{{- end -}}

{{- define "registry" }}
{{- $registry := .Values.image.registry -}}
{{- if and .Values.global (and .Values.global.image .Values.global.image.registry) -}}
{{- $registry = .Values.global.image.registry -}}
{{- end -}}
{{- printf "%s" $registry -}}
{{- end -}}
14 changes: 13 additions & 1 deletion helm/teleport-kube-agent/templates/delete_hook.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,15 @@ spec:
template:
metadata:
name: {{ .Release.Name }}-delete-hook
{{- if .Values.annotations.pod }}
annotations:
{{- toYaml .Values.annotations.pod | nindent 8 }}
{{- end }}
labels:
app: {{ .Release.Name }}
{{- if .Values.extraLabels.pod }}
{{- toYaml .Values.extraLabels.pod | nindent 8 }}
{{- end }}
spec:
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
Expand Down Expand Up @@ -100,7 +109,7 @@ spec:
fieldPath: metadata.namespace
- name: RELEASE_NAME
value: {{ .Release.Name }}
image: '{{ include "registry" . }}/{{ .Values.image.repository }}:{{ include "teleport-kube-agent.version" . }}'
image: {{ include "teleport-kube-agent.image" . | quote }}
{{- if .Values.imagePullPolicy }}
imagePullPolicy: {{ toYaml .Values.imagePullPolicy }}
{{- end }}
Expand All @@ -109,3 +118,6 @@ spec:
{{- if .Values.securityContext }}
securityContext: {{- toYaml .Values.securityContext | nindent 10 }}
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 10 }}
{{- end }}
32 changes: 16 additions & 16 deletions helm/teleport-kube-agent/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,11 +111,11 @@ spec:
name: "teleport-tls-ca"
readOnly: true
{{- end }}
# {{- if contains "jamf" (.Values.roles | toString) }}
#- mountPath: /etc/teleport-jamf-api-credentials
# name: "jamf-api-credentials"
# readOnly: true
# {{- end }}
{{- if contains "jamf" (.Values.roles | toString) }}
- mountPath: /etc/teleport-jamf-api-credentials
name: "jamf-api-credentials"
readOnly: true
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 8 }}
{{- end }}
Expand All @@ -126,7 +126,7 @@ spec:
{{- end }}
containers:
- name: "teleport"
image: '{{ include "registry" . }}/{{ .Values.image.repository }}:{{ include "teleport-kube-agent.version" . }}'
image: {{ include "teleport-kube-agent.image" . | quote }}
{{- if .Values.imagePullPolicy }}
imagePullPolicy: {{ toYaml .Values.imagePullPolicy }}
{{- end }}
Expand Down Expand Up @@ -201,11 +201,11 @@ spec:
name: "teleport-tls-ca"
readOnly: true
{{- end }}
# {{- if contains "jamf" (.Values.roles | toString) }}
#- mountPath: /etc/teleport-jamf-api-credentials
# name: "jamf-api-credentials"
# readOnly: true
# {{- end }}
{{- if contains "jamf" (.Values.roles | toString) }}
- mountPath: /etc/teleport-jamf-api-credentials
name: "jamf-api-credentials"
readOnly: true
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 8 }}
{{- end }}
Expand All @@ -228,11 +228,11 @@ spec:
secret:
secretName: {{ .Values.tls.existingCASecretName }}
{{- end }}
#{{- if contains "jamf" (.Values.roles | toString) }}
#- name: "jamf-api-credentials"
# secret:
# secretName: {{ .Values.jamfCredentialsSecret.name }}
#{{- end }}
{{- if contains "jamf" (.Values.roles | toString) }}
- name: "jamf-api-credentials"
secret:
secretName: {{ .Values.jamfCredentialsSecret.name }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 6 }}
{{- end }}
Expand Down
12 changes: 12 additions & 0 deletions helm/teleport-kube-agent/templates/hook.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,15 @@ spec:
template:
metadata:
name: {{ .Release.Name }}-hook
{{- if .Values.annotations.pod }}
annotations:
{{- toYaml .Values.annotations.pod | nindent 8 }}
{{- end }}
labels:
app: {{ .Release.Name }}
{{- if .Values.extraLabels.pod }}
{{- toYaml .Values.extraLabels.pod | nindent 8 }}
{{- end }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
Expand Down Expand Up @@ -94,4 +103,7 @@ spec:
{{- if .Values.securityContext }}
securityContext: {{- toYaml .Values.securityContext | nindent 10 }}
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 10 }}
{{- end }}
{{- end}}
18 changes: 0 additions & 18 deletions helm/teleport-kube-agent/templates/networkpolicy.yaml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion helm/teleport-kube-agent/templates/psp.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
We must remove them before 1.25 to ensure the Helm state doesn't corrupt. As this is a breaking change, this
only applies to v12+ charts. v11 and below will only show a warning from the NOTES.txt.
Users must use PSAs instead (beta in 1.23, GA in 1.25). The "teleport-cluster" chart runs in "baseline" mode */}}
{{- if and (not .Values.global.podSecurityStandards.enforced) .Values.podSecurityPolicy.enabled (semverCompare "<1.25.0" .Capabilities.KubeVersion.Version) -}}
{{- if and .Values.podSecurityPolicy.enabled (semverCompare "<1.23.0-0" .Capabilities.KubeVersion.Version) -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
Expand Down
39 changes: 20 additions & 19 deletions helm/teleport-kube-agent/templates/secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,22 +17,23 @@ stringData:
auth-token: |
{{ coalesce .Values.joinParams.tokenName .Values.authToken }}
{{- end}}
#{{- if and (contains "jamf" (.Values.roles | toString)) .Values.jamfCredentialsSecret.create }}
#---
#apiVersion: v1
#kind: Secret
#metadata:
# name: {{ .Values.jamfCredentialsSecret.name }}
# namespace: {{ .Release.Namespace }}
# {{- if .Values.extraLabels.secret }}
# labels:
# {{- toYaml .Values.extraLabels.secret | nindent 4 }}
# {{- end }}
# {{- if .Values.annotations.secret }}
# annotations:
# {{- toYaml .Values.annotations.secret | nindent 4 }}
# {{- end }}
#type: Opaque
#stringData:
# credential: {{ required "jamfClientSecret is required in chart values when jamf role is enabled, see README" .Values.jamfClientSecret }}
#{{- end}}

{{- if and (contains "jamf" (.Values.roles | toString)) .Values.jamfCredentialsSecret.create }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.jamfCredentialsSecret.name }}
namespace: {{ .Release.Namespace }}
{{- if .Values.extraLabels.secret }}
labels:
{{- toYaml .Values.extraLabels.secret | nindent 4 }}
{{- end }}
{{- if .Values.annotations.secret }}
annotations:
{{- toYaml .Values.annotations.secret | nindent 4 }}
{{- end }}
type: Opaque
stringData:
credential: {{ required "jamfClientSecret is required in chart values when jamf role is enabled, see README" .Values.jamfClientSecret }}
{{- end}}
55 changes: 24 additions & 31 deletions helm/teleport-kube-agent/templates/statefulset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@ metadata:
{{- if .Values.extraLabels.deployment }}
{{- toYaml .Values.extraLabels.deployment | nindent 4 }}
{{- end }}
{{- if .Values.annotations.deployment }}
annotations:
{{- toYaml .Values.annotations.deployment | nindent 4 }}
{{- end }}
spec:
serviceName: {{ .Release.Name }}
replicas: {{ $replicaCount }}
Expand Down Expand Up @@ -107,11 +111,11 @@ spec:
name: "teleport-tls-ca"
readOnly: true
{{- end }}
# {{- if contains "jamf" (.Values.roles | toString) }}
#- mountPath: /etc/teleport-jamf-api-credentials
# name: "jamf-api-credentials"
# readOnly: true
# {{- end }}
{{- if contains "jamf" (.Values.roles | toString) }}
- mountPath: /etc/teleport-jamf-api-credentials
name: "jamf-api-credentials"
readOnly: true
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 8 }}
{{- end }}
Expand All @@ -126,26 +130,11 @@ spec:
{{- end }}
containers:
- name: "teleport"
image: '{{ include "registry" . }}/{{ .Values.image.repository }}:{{ include "teleport-kube-agent.version" . }}'
image: {{ include "teleport-kube-agent.image" . | quote }}
{{- if .Values.imagePullPolicy }}
imagePullPolicy: {{ toYaml .Values.imagePullPolicy }}
{{- end }}
env:
{{- $proxy := deepCopy .Values.cluster.proxy | mustMerge .Values.proxy }}
{{- if and $proxy.noProxy $proxy.http $proxy.https }}
- name: NO_PROXY
value: {{ $proxy.noProxy }}
- name: no_proxy
value: {{ $proxy.noProxy }}
- name: HTTP_PROXY
value: {{ $proxy.http }}
- name: http_proxy
value: {{ $proxy.http }}
- name: HTTPS_PROXY
value: {{ $proxy.https }}
- name: https_proxy
value: {{ $proxy.https }}
{{- end }}
# This variable is set for telemetry purposes.
# Telemetry is opt-in and controlled at the auth level.
- name: TELEPORT_INSTALL_METHOD_HELM_KUBE_AGENT
Expand All @@ -166,6 +155,10 @@ spec:
- name: TELEPORT_EXT_UPGRADER_VERSION
value: {{ include "teleport-kube-agent.version" . }}
{{- end }}
{{- if .Values.clusterDomain }}
- name: TELEPORT_KUBE_CLUSTER_DOMAIN
value: {{ .Values.clusterDomain | quote }}
{{- end }}
{{- if .Values.tls.existingCASecretName }}
- name: SSL_CERT_FILE
value: /etc/teleport-tls-ca/ca.pem
Expand Down Expand Up @@ -227,11 +220,11 @@ spec:
name: "teleport-tls-ca"
readOnly: true
{{- end }}
#{{- if contains "jamf" (.Values.roles | toString) }}
# - mountPath: /etc/teleport-jamf-api-credentials
# name: "jamf-api-credentials"
# readOnly: true
#{{- end }}
{{- if contains "jamf" (.Values.roles | toString) }}
- mountPath: /etc/teleport-jamf-api-credentials
name: "jamf-api-credentials"
readOnly: true
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 8 }}
{{- end }}
Expand All @@ -254,11 +247,11 @@ spec:
secret:
secretName: {{ .Values.tls.existingCASecretName }}
{{- end }}
#{{- if contains "jamf" (.Values.roles | toString) }}
# - name: "jamf-api-credentials"
# secret:
# secretName: {{ .Values.jamfCredentialsSecret.name }}
#{{- end }}
{{- if contains "jamf" (.Values.roles | toString) }}
- name: "jamf-api-credentials"
secret:
secretName: {{ .Values.jamfCredentialsSecret.name }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 6 }}
{{- end }}
Expand Down
Loading
Loading