Teleport Chart 업데이트

helm/teleport-cluster/templates/auth/deployment.yaml

@@ -248,6 +248,13 @@ spec:
             port: 8081
           initialDelaySeconds: 5
           periodSeconds: 10
+        ports:
+          - name: op-metrics
+            containerPort: 8080
+            protocol: TCP
+          - name: op-health
+            containerPort: 8081
+            protocol: TCP
   {{- if .Values.operator.resources }}
         resources: {{- toYaml .Values.operator.resources | nindent 10 }}
   {{- end }}
@@ -263,6 +270,9 @@ spec:
           readOnly: true
   {{- end }}
 {{ end }}
+{{- if $auth.extraContainers }}
+  {{- toYaml $auth.extraContainers | nindent 6 }}
+{{- end }}
 {{- if $projectedServiceAccountToken }}
       automountServiceAccountToken: false
 {{- end }}

helm/teleport-cluster/templates/proxy/_config.common.tpl

@@ -70,7 +70,10 @@ proxy_service:
     uri: {{ .Values.acmeURI }}
   {{- end }}
 {{- end }}
-{{- if and .Values.ingress.enabled (semverCompare ">= 13.2.0-0" (include "teleport-cluster.version" .)) }}
+{{- if .Values.proxyProtocol }}
+  proxy_protocol: {{ .Values.proxyProtocol | quote }}
+{{- end }}
+{{- if and .Values.ingress.enabled (semverCompare ">= 14.0.0-0" (include "teleport-cluster.version" .)) }}
   trust_x_forwarded_for: true
 {{- end }}
 {{- end -}}

helm/teleport-cluster/templates/proxy/certificate.yaml

@@ -1,7 +1,22 @@
 {{- $proxy := mustMergeOverwrite (mustDeepCopy .Values) .Values.proxy -}}
-{{- if $proxy.highAvailability.certManager.enabled }}
-  {{- $domain := (required "clusterName is required in chartValues when certManager is enabled" $proxy.clusterName) }}
-  {{- $domainWildcard := printf "*.%s" (required "clusterName is required in chartValues when certManager is enabled" $proxy.clusterName) }}
+{{- if $proxy.highAvailability.certManager.enabled -}}
+  {{- /* Append clusterName and wildcard version to list of dnsNames on certificate request (original functionality) */ -}}
+  {{- $domainList := list (required "clusterName is required in chartValues when certManager is enabled" $proxy.clusterName) -}}
+  {{- $domainList := append $domainList (printf "*.%s" (required "clusterName is required in chartValues when certManager is enabled" $proxy.clusterName)) -}}
+  {{- /* If the config option is enabled and at least one publicAddr is set, append all public addresses to the list of dnsNames */ -}}
+  {{- if and $proxy.highAvailability.certManager.addPublicAddrs (gt (len .Values.publicAddr) 0) -}}
+    {{- /* Trim ports from all public addresses if present */ -}}
+    {{- range .Values.publicAddr -}}
+      {{- $address := . -}}
+      {{- if (contains ":" $address) -}}
+        {{- $split := split ":" $address -}}
+        {{- $address = $split._0 -}}
+      {{- end -}}
+      {{- $domainList = append (mustWithout $domainList .) $address -}}
+    {{- end -}}
+  {{- end -}}
+  {{- /* Finally, remove any duplicate entries from the list of domains */ -}}
+  {{- $domainList := mustUniq $domainList -}}
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
@@ -11,11 +26,12 @@ metadata:
 spec:
   secretName: teleport-tls
   {{- if $proxy.highAvailability.certManager.addCommonName }}
-  commonName: {{ quote $domain }}
+  commonName: {{ quote $proxy.clusterName }}
   {{- end }}
   dnsNames:
-  - {{ quote $domain }}
-  - {{ quote $domainWildcard }}
+  {{- range $domainList }}
+  - {{ quote . }}
+  {{- end }}
   issuerRef:
     name: {{ required "highAvailability.certManager.issuerName is required in chart values" $proxy.highAvailability.certManager.issuerName }}
     kind: {{ required "highAvailability.certManager.issuerKind is required in chart values" $proxy.highAvailability.certManager.issuerKind }}

helm/teleport-cluster/templates/proxy/deployment.yaml

@@ -255,6 +255,9 @@ spec:
 {{- if $proxy.extraVolumeMounts }}
   {{- toYaml $proxy.extraVolumeMounts | nindent 8 }}
 {{- end }}
+{{- if $proxy.extraContainers }}
+  {{- toYaml $proxy.extraContainers | nindent 6 }}
+{{- end }}
 {{- if $projectedServiceAccountToken }}
       automountServiceAccountToken: false
 {{- end }}