디렉토리 구조 및 각 서비스 추가

helm/teleport-cluster/.lint/acme-off.yaml

@@ -0,0 +1,3 @@
+clusterName: test-cluster-name
+extraArgs:
+- "--insecure"

helm/teleport-cluster/.lint/acme-on.yaml

@@ -0,0 +1,3 @@
+clusterName: test-acme-cluster
+acme: true
+acmeEmail: test@email.com

helm/teleport-cluster/.lint/acme-uri-staging.yaml

@@ -0,0 +1,4 @@
+clusterName: test-acme-cluster
+acme: true
+acmeEmail: test@email.com
+acmeURI: https://acme-staging-v02.api.letsencrypt.org/directory

helm/teleport-cluster/.lint/affinity.yaml

@@ -0,0 +1,29 @@
+clusterName: test-gcp-cluster
+chartMode: gcp
+gcp:
+  projectId: gcpproj-123456
+  backendTable: test-teleport-firestore-storage-collection
+  auditLogTable: test-teleport-firestore-auditlog-collection
+  sessionRecordingBucket: test-gcp-session-storage-bucket
+highAvailability:
+  replicaCount: 2
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: gravitational.io/dedicated
+          operator: In
+          values:
+          - teleport
+  podAntiAffinity:
+    preferredDuringSchedulingIgnoredDuringExecution:
+    - podAffinityTerm:
+        labelSelector:
+          matchExpressions:
+          - key: app
+            operator: In
+            values:
+            - teleport
+        topologyKey: kubernetes.io/hostname
+      weight: 1

helm/teleport-cluster/.lint/annotations.yaml

@@ -0,0 +1,17 @@
+clusterName: helm-lint
+annotations:
+  config:
+    kubernetes.io/config: "test-annotation"
+    kubernetes.io/config-different: 2
+  deployment:
+    kubernetes.io/deployment: "test-annotation"
+    kubernetes.io/deployment-different: 3
+  pod:
+    kubernetes.io/pod: "test-annotation"
+    kubernetes.io/pod-different: 4
+  service:
+    kubernetes.io/service: "test-annotation"
+    kubernetes.io/service-different: 5
+  serviceAccount:
+    kubernetes.io/serviceaccount: "test-annotation"
+    kubernetes.io/serviceaccount-different: 6

helm/teleport-cluster/.lint/auth-connector-name.yaml

@@ -0,0 +1,3 @@
+clusterName: helm-lint
+authentication:
+  connectorName: "okta"

helm/teleport-cluster/.lint/auth-disable-local.yaml

@@ -0,0 +1,5 @@
+clusterName: helm-lint
+authentication:
+  type: "github"
+  localAuth: false
+  secondFactor: "off"

helm/teleport-cluster/.lint/auth-locking-mode.yaml

@@ -0,0 +1,3 @@
+clusterName: helm-lint
+authentication:
+  lockingMode: "strict"

helm/teleport-cluster/.lint/auth-passwordless.yaml

@@ -0,0 +1,4 @@
+clusterName: helm-lint
+authentication:
+  connectorName: passwordless
+  secondFactor: webauthn

helm/teleport-cluster/.lint/auth-type-legacy.yaml

@@ -0,0 +1,4 @@
+clusterName: helm-lint
+authentication:
+  type: "this-should-be-ignored"
+authenticationType: "github"

helm/teleport-cluster/.lint/auth-type.yaml

@@ -0,0 +1,3 @@
+clusterName: helm-lint
+authentication:
+  type: "github"

helm/teleport-cluster/.lint/auth-webauthn-legacy.yaml

@@ -0,0 +1,10 @@
+clusterName: helm-lint
+authentication:
+  secondFactor: "off" # this should be overridden
+authenticationSecondFactor:
+  secondFactor: "on"
+  webauthn:
+    attestationAllowedCas:
+      - "/etc/ssl/certs/ca-certificates.crt"
+    attestationDeniedCas:
+      - "/etc/ssl/certs/ca-certificates.crt"

helm/teleport-cluster/.lint/auth-webauthn.yaml

@@ -0,0 +1,8 @@
+clusterName: helm-lint
+authentication:
+  secondFactor: "on"
+  webauthn:
+    attestationAllowedCas:
+      - "/etc/ssl/certs/ca-certificates.crt"
+    attestationDeniedCas:
+      - "/etc/ssl/certs/ca-certificates.crt"

helm/teleport-cluster/.lint/aws-dynamodb-autoscaling.yaml

@@ -0,0 +1,14 @@
+clusterName: test-aws-cluster
+chartMode: aws
+aws:
+  region: us-west-2
+  backendTable: test-dynamodb-backend-table
+  auditLogTable: test-dynamodb-auditlog-table
+  sessionRecordingBucket: test-s3-session-storage-bucket
+  dynamoAutoScaling: true
+  readMinCapacity: 5
+  readMaxCapacity: 100
+  readTargetValue: 50.0
+  writeMinCapacity: 5
+  writeMaxCapacity: 100
+  writeTargetValue: 50.0

helm/teleport-cluster/.lint/aws-ha-acme.yaml

@@ -0,0 +1,14 @@
+clusterName: test-aws-cluster
+chartMode: aws
+aws:
+  region: us-west-2
+  backendTable: test-dynamodb-backend-table
+  auditLogTable: test-dynamodb-auditlog-table
+  sessionRecordingBucket: test-s3-session-storage-bucket
+highAvailability:
+  replicaCount: 3
+  certManager:
+    enabled: true
+    issuerName: letsencrypt-production
+labels:
+  env: aws

helm/teleport-cluster/.lint/aws-ha-antiaffinity.yaml

@@ -0,0 +1,12 @@
+clusterName: test-aws-cluster
+chartMode: aws
+aws:
+  region: us-west-2
+  backendTable: test-dynamodb-backend-table
+  auditLogTable: test-dynamodb-auditlog-table
+  sessionRecordingBucket: test-s3-session-storage-bucket
+highAvailability:
+  replicaCount: 3
+  requireAntiAffinity: true
+labels:
+  env: aws

helm/teleport-cluster/.lint/aws-ha-log.yaml

@@ -0,0 +1,17 @@
+clusterName: test-aws-cluster
+chartMode: aws
+log:
+  level: DEBUG
+aws:
+  region: us-west-2
+  backendTable: test-dynamodb-backend-table
+  auditLogTable: test-dynamodb-auditlog-table
+  auditLogMirrorOnStdout: true
+  sessionRecordingBucket: test-s3-session-storage-bucket
+highAvailability:
+  replicaCount: 2
+  certManager:
+    enabled: true
+    issuerName: letsencrypt-production
+labels:
+  env: aws

helm/teleport-cluster/.lint/aws-ha.yaml

@@ -0,0 +1,11 @@
+clusterName: test-aws-cluster
+chartMode: aws
+aws:
+  region: us-west-2
+  backendTable: test-dynamodb-backend-table
+  auditLogTable: test-dynamodb-auditlog-table
+  sessionRecordingBucket: test-s3-session-storage-bucket
+highAvailability:
+  replicaCount: 3
+labels:
+  env: aws

helm/teleport-cluster/.lint/aws.yaml

@@ -0,0 +1,11 @@
+clusterName: test-aws-cluster
+chartMode: aws
+aws:
+  region: us-west-2
+  backendTable: test-dynamodb-backend-table
+  auditLogTable: test-dynamodb-auditlog-table
+  sessionRecordingBucket: test-s3-session-storage-bucket
+acme: true
+acmeEmail: test@email.com
+labels:
+  env: aws

helm/teleport-cluster/.lint/azure.yaml

@@ -0,0 +1,11 @@
+clusterName: test-azure-cluster
+chartMode: azure
+azure:
+  databaseHost: "mypostgresinstance.postgres.database.azure.com"
+  databaseUser: "teleport"
+  backendDatabase: "teleport_backend"
+  auditLogDatabase: "teleport_audit"
+  auditLogMirrorOnStdout: true
+  sessionRecordingStorageAccount: "mystorageaccount.blob.core.windows.net"
+  clientID: "1234"
+  databasePoolMaxConnections: 100

helm/teleport-cluster/.lint/cert-manager.yaml

@@ -0,0 +1,15 @@
+clusterName: test-cluster
+chartMode: aws
+aws:
+  region: us-west-2
+  backendTable: test-dynamodb-backend-table
+  auditLogTable: test-dynamodb-auditlog-table
+  sessionRecordingBucket: test-s3-session-storage-bucket
+highAvailability:
+  replicaCount: 3
+  certManager:
+    addCommonName: true
+    enabled: true
+    issuerGroup: custom.cert-manager.io
+    issuerName: custom
+    issuerKind: CustomClusterIssuer

helm/teleport-cluster/.lint/cert-secret.yaml

@@ -0,0 +1,15 @@
+clusterName: test-cluster
+chartMode: aws
+aws:
+  region: us-west-2
+  backendTable: test-dynamodb-backend-table
+  auditLogTable: test-dynamodb-auditlog-table
+  sessionRecordingBucket: test-s3-session-storage-bucket
+annotations:
+  certSecret:
+    kubernetes.io/cert-secret: value
+highAvailability:
+  replicaCount: 3
+  certManager:
+    enabled: true
+    issuerName: letsencrypt

helm/teleport-cluster/.lint/example-minimal-standalone.yaml

@@ -0,0 +1,7 @@
+# This setup is not safe for production because the proxy will self-sign its certificate.
+# Use those values for testing only
+
+# The chart should deploy and work only with a clusterName.
+# This setup can also cause redirection issues if the proxy is contacted with a hostName instead of an IP address
+# as it is not aware of its external hostname and will attempt to perform a redirection.
+clusterName: helm-lint

helm/teleport-cluster/.lint/existing-tls-secret-with-ca.yaml

@@ -0,0 +1,4 @@
+clusterName: test-cluster-name
+tls:
+  existingSecretName: helm-lint-existing-tls-secret
+  existingCASecretName: helm-lint-existing-tls-secret-ca

helm/teleport-cluster/.lint/existing-tls-secret.yaml

@@ -0,0 +1,3 @@
+clusterName: test-cluster-name
+tls:
+  existingSecretName: helm-lint-existing-tls-secret

helm/teleport-cluster/.lint/extra-env.yaml

@@ -0,0 +1,4 @@
+clusterName: helm-lint.example.com
+extraEnv:
+  - name: SOME_ENVIRONMENT_VARIABLE
+    value: "some-value"

helm/teleport-cluster/.lint/gcp-ha-acme.yaml

@@ -0,0 +1,14 @@
+clusterName: test-gcp-cluster
+chartMode: gcp
+gcp:
+  projectId: gcpproj-123456
+  backendTable: test-teleport-firestore-storage-collection
+  auditLogTable: test-teleport-firestore-auditlog-collection
+  sessionRecordingBucket: test-gcp-session-storage-bucket
+highAvailability:
+  replicaCount: 3
+  certManager:
+    enabled: true
+    issuerName: letsencrypt-production
+labels:
+  env: gcp

helm/teleport-cluster/.lint/gcp-ha-antiaffinity.yaml

@@ -0,0 +1,12 @@
+clusterName: test-gcp-cluster
+chartMode: gcp
+gcp:
+  projectId: gcpproj-123456
+  backendTable: test-teleport-firestore-storage-collection
+  auditLogTable: test-teleport-firestore-auditlog-collection
+  sessionRecordingBucket: test-gcp-session-storage-bucket
+highAvailability:
+  replicaCount: 3
+  requireAntiAffinity: true
+labels:
+  env: gcp

helm/teleport-cluster/.lint/gcp-ha-log.yaml

@@ -0,0 +1,17 @@
+clusterName: test-gcp-cluster
+chartMode: gcp
+log:
+  level: DEBUG
+gcp:
+  projectId: gcpproj-123456
+  backendTable: test-teleport-firestore-storage-collection
+  auditLogTable: test-teleport-firestore-auditlog-collection
+  auditLogMirrorOnStdout: true
+  sessionRecordingBucket: test-gcp-session-storage-bucket
+highAvailability:
+  replicaCount: 3
+  certManager:
+    enabled: true
+    issuerName: letsencrypt-production
+labels:
+  env: gcp

helm/teleport-cluster/.lint/gcp-ha-workload.yaml

@@ -0,0 +1,12 @@
+clusterName: test-gcp-cluster
+chartMode: gcp
+gcp:
+  projectId: gcpproj-123456
+  backendTable: test-teleport-firestore-storage-collection
+  auditLogTable: test-teleport-firestore-auditlog-collection
+  sessionRecordingBucket: test-gcp-session-storage-bucket
+  credentialSecretName: ""
+highAvailability:
+  replicaCount: 3
+labels:
+  env: gcp

helm/teleport-cluster/.lint/gcp-ha.yaml

@@ -0,0 +1,11 @@
+clusterName: test-gcp-cluster
+chartMode: gcp
+gcp:
+  projectId: gcpproj-123456
+  backendTable: test-teleport-firestore-storage-collection
+  auditLogTable: test-teleport-firestore-auditlog-collection
+  sessionRecordingBucket: test-gcp-session-storage-bucket
+highAvailability:
+  replicaCount: 3
+labels:
+  env: gcp

helm/teleport-cluster/.lint/gcp.yaml

@@ -0,0 +1,11 @@
+clusterName: test-gcp-cluster
+chartMode: gcp
+gcp:
+  projectId: gcpproj-123456
+  backendTable: test-teleport-firestore-storage-collection
+  auditLogTable: test-teleport-firestore-auditlog-collection
+  sessionRecordingBucket: test-gcp-session-storage-bucket
+acme: true
+acmeEmail: test@email.com
+labels:
+  env: gcp

helm/teleport-cluster/.lint/imagepullsecrets.yaml

@@ -0,0 +1,4 @@
+clusterName: test-standalone-cluster
+chartMode: standalone
+imagePullSecrets:
+- name: myRegistryKeySecretName

helm/teleport-cluster/.lint/ingress-publicaddr.yaml

@@ -0,0 +1,8 @@
+clusterName: teleport.example.com
+publicAddr: ["my-teleport-ingress.example.com:443"]
+ingress:
+  enabled: true
+  suppressAutomaticWildcards: true
+proxyListenerMode: multiplex
+service:
+  type: ClusterIP

helm/teleport-cluster/.lint/ingress.yaml

@@ -0,0 +1,6 @@
+clusterName: teleport.example.com
+ingress:
+  enabled: true
+proxyListenerMode: multiplex
+service:
+  type: ClusterIP

helm/teleport-cluster/.lint/initcontainers.yaml

@@ -0,0 +1,8 @@
+clusterName: helm-lint
+initContainers:
+- name: "teleport-init"
+  image: "alpine"
+  args: ["echo test"]
+- name: "teleport-init2"
+  image: "alpine"
+  args: ["echo test2"]

helm/teleport-cluster/.lint/kube-cluster-name.yaml

@@ -0,0 +1,2 @@
+clusterName: test-aws-cluster
+kubeClusterName: test-kube-cluster

helm/teleport-cluster/.lint/log-basic.yaml

@@ -0,0 +1,4 @@
+clusterName: test-log-cluster
+log:
+  format: json
+  level: INFO

helm/teleport-cluster/.lint/log-extra.yaml

@@ -0,0 +1,6 @@
+clusterName: test-log-cluster
+log:
+  format: json
+  level: DEBUG
+  output: /var/lib/teleport/test.log
+  extraFields: ["level", "timestamp", "component", "caller"]

helm/teleport-cluster/.lint/log-legacy.yaml

@@ -0,0 +1,2 @@
+clusterName: test-log-cluster
+logLevel: DEBUG

helm/teleport-cluster/.lint/node-selector.yaml

@@ -0,0 +1,4 @@
+clusterName: test-cluster-name
+nodeSelector:
+  role: bastion
+  environment: security

helm/teleport-cluster/.lint/operator.yaml

@@ -0,0 +1,4 @@
+clusterName: test-cluster-name
+operator:
+  enabled: true
+installCRDs: true

helm/teleport-cluster/.lint/pdb.yaml

@@ -0,0 +1,12 @@
+clusterName: helm-lint
+chartMode: aws
+aws:
+  region: us-west-2
+  backendTable: test-dynamodb-backend-table
+  auditLogTable: test-dynamodb-auditlog-table
+  sessionRecordingBucket: test-s3-session-storage-bucket
+highAvailability:
+  replicaCount: 3
+  podDisruptionBudget:
+    enabled: true
+    minAvailable: 2

helm/teleport-cluster/.lint/persistence-legacy.yaml

@@ -0,0 +1,4 @@
+clusterName: test-persistence-cluster
+standalone:
+  existingClaimName: ""
+  volumeSize: 10Gi

helm/teleport-cluster/.lint/podmonitor.yaml

@@ -0,0 +1,6 @@
+clusterName: test-kube-cluster-name
+podMonitor:
+  enabled: true
+  additionalLabels:
+    prometheus: default
+  interval: 30s

helm/teleport-cluster/.lint/priority-class-name.yaml

@@ -0,0 +1,4 @@
+clusterName: helm-lint
+# These are just sample values to test the chart.
+# They are not intended to be guidelines or suggestions for running teleport.
+priorityClassName: "system-cluster-critical"

helm/teleport-cluster/.lint/probe-timeout-seconds.yaml

@@ -0,0 +1,4 @@
+clusterName: helm-lint
+# These are just sample values to test the chart.
+# They are not intended to be guidelines or suggestions for running teleport.
+probeTimeoutSeconds: 5

helm/teleport-cluster/.lint/proxy-listener-mode-multiplex.yaml

@@ -0,0 +1,2 @@
+clusterName: test-proxy-listener-mode
+proxyListenerMode: multiplex

helm/teleport-cluster/.lint/proxy-listener-mode-separate.yaml

@@ -0,0 +1,2 @@
+clusterName: test-proxy-listener-mode
+proxyListenerMode: separate

helm/teleport-cluster/.lint/public-addresses.yaml

@@ -0,0 +1,11 @@
+clusterName: helm-lint
+publicAddr: ["loadbalancer.example.com:443"]
+sshPublicAddr: ["loadbalancer.example.com:3023"]
+tunnelPublicAddr: ["loadbalancer.example.com:3024"]
+postgresPublicAddr: ["loadbalancer.example.com:5432"]
+mongoPublicAddr: ["loadbalancer.example.com:27017"]
+mysqlPublicAddr: ["loadbalancer.example.com:3036"]
+kubePublicAddr: ["loadbalancer.example.com:3026"]
+
+separatePostgresListener: true
+separateMongoListener: true

helm/teleport-cluster/.lint/resources.yaml

@@ -0,0 +1,10 @@
+clusterName: helm-lint
+# These are just sample values to test the chart.
+# They are not intended to be guidelines or suggestions for running teleport.
+resources:
+  limits:
+    cpu: 2
+    memory: 4Gi
+  requests:
+    cpu: 1
+    memory: 2Gi

helm/teleport-cluster/.lint/security-context-empty.yaml

@@ -0,0 +1 @@
+clusterName: helm-lint

helm/teleport-cluster/.lint/security-context.yaml

@@ -0,0 +1,8 @@
+clusterName: helm-lint
+securityContext:
+  allowPrivilegeEscalation: false
+  privileged: false
+  readOnlyRootFilesystem: false
+  runAsGroup: 99
+  runAsNonRoot: true
+  runAsUser: 99

helm/teleport-cluster/.lint/separate-mongo-listener.yaml

@@ -0,0 +1,2 @@
+clusterName: helm-lint
+separateMongoListener: true

helm/teleport-cluster/.lint/separate-postgres-listener.yaml

@@ -0,0 +1,2 @@
+clusterName: helm-lint
+separatePostgresListener: true

helm/teleport-cluster/.lint/service-account.yaml

@@ -0,0 +1,7 @@
+clusterName: helm-lint
+serviceAccount:
+  create: true
+  name: helm-lint
+annotations:
+  serviceAccount:
+    kubernetes.io/serviceaccount: "test-annotation"

helm/teleport-cluster/.lint/service.yaml

@@ -0,0 +1,5 @@
+clusterName: helm-lint
+service:
+  type: LoadBalancer
+  spec:
+    loadBalancerIP: 1.2.3.4

helm/teleport-cluster/.lint/session-recording.yaml

@@ -0,0 +1,2 @@
+clusterName: helm-lint
+sessionRecording: "node-sync"

helm/teleport-cluster/.lint/standalone-custom-storage-class.yaml

@@ -0,0 +1,9 @@
+clusterName: test-standalone-cluster
+chartMode: standalone
+persistence:
+  enabled: true
+  storageClassName: ebs-ssd
+acme: true
+acmeEmail: test@email.com
+labels:
+  env: standalone

helm/teleport-cluster/.lint/standalone-customsize.yaml

@@ -0,0 +1,9 @@
+clusterName: test-standalone-cluster
+chartMode: standalone
+persistence:
+  enabled: true
+  volumeSize: 50Gi
+acme: true
+acmeEmail: test@email.com
+labels:
+  env: standalone

helm/teleport-cluster/.lint/standalone-existingpvc.yaml

@@ -0,0 +1,9 @@
+clusterName: test-standalone-cluster
+chartMode: standalone
+persistence:
+  enabled: true
+  existingClaimName: teleport-storage
+acme: true
+acmeEmail: test@email.com
+labels:
+  env: standalone

helm/teleport-cluster/.lint/tolerations.yaml

@@ -0,0 +1,18 @@
+clusterName: test-aws-cluster
+chartMode: aws
+aws:
+  region: us-west-2
+  backendTable: test-dynamodb-backend-table
+  auditLogTable: test-dynamodb-auditlog-table
+  sessionRecordingBucket: test-s3-session-storage-bucket
+highAvailability:
+  replicaCount: 3
+tolerations:
+- key: "dedicated"
+  operator: "Equal"
+  value: "teleport"
+  effect: "NoExecute"
+- key: "dedicated"
+  operator: "Equal"
+  value: "teleport"
+  effect: "NoSchedule"

helm/teleport-cluster/.lint/version-override.yaml

@@ -0,0 +1,5 @@
+clusterName: test-cluster-name
+teleportVersionOverride: 5.2.1
+labels:
+  env: test
+  version: 5.2.1

helm/teleport-cluster/.lint/volumes.yaml

@@ -0,0 +1,8 @@
+clusterName: helm-lint
+extraVolumeMounts:
+- name: "my-mount"
+  mountPath: "/path/to/mount"
+extraVolumes:
+- name: "my-mount"
+  secret:
+    secretName: "mySecret"