104 lines
3.2 KiB
YAML
104 lines
3.2 KiB
YAML
{{- $auth := mustMergeOverwrite (mustDeepCopy .Values) .Values.auth -}}
|
|
{{- if $auth.validateConfigOnDeploy }}
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: {{ .Release.Name }}-auth-test
|
|
namespace: {{ .Release.Namespace }}
|
|
labels: {{- include "teleport-cluster.labels" . | nindent 4 }}
|
|
annotations:
|
|
"helm.sh/hook": pre-install,pre-upgrade
|
|
"helm.sh/hook-weight": "5"
|
|
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
|
spec:
|
|
backoffLimit: 1
|
|
template:
|
|
spec:
|
|
{{- if $auth.affinity }}
|
|
affinity: {{- toYaml $auth.affinity | nindent 8 }}
|
|
{{- end }}
|
|
{{- if $auth.tolerations }}
|
|
tolerations: {{- toYaml $auth.tolerations | nindent 6 }}
|
|
{{- end }}
|
|
{{- if $auth.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml $auth.imagePullSecrets | nindent 6 }}
|
|
{{- end }}
|
|
restartPolicy: Never
|
|
containers:
|
|
- name: "teleport-config-check"
|
|
image: '{{ if $auth.enterprise }}{{ $auth.enterpriseImage }}{{ else }}{{ $auth.image }}{{ end }}:{{ include "teleport-cluster.version" . }}'
|
|
imagePullPolicy: {{ $auth.imagePullPolicy }}
|
|
{{- if $auth.resources }}
|
|
resources:
|
|
{{- toYaml $auth.resources | nindent 10 }}
|
|
{{- end }}
|
|
{{- if or $auth.extraEnv $auth.tls.existingCASecretName }}
|
|
env:
|
|
{{- if (gt (len $auth.extraEnv) 0) }}
|
|
{{- toYaml $auth.extraEnv | nindent 8 }}
|
|
{{- end }}
|
|
{{- if $auth.tls.existingCASecretName }}
|
|
- name: SSL_CERT_FILE
|
|
value: /etc/teleport-tls-ca/ca.pem
|
|
{{- end }}
|
|
{{- end }}
|
|
command:
|
|
- "teleport"
|
|
- "configure"
|
|
args:
|
|
- "--test"
|
|
- "/etc/teleport/teleport.yaml"
|
|
{{- if .Values.securityContext }}
|
|
securityContext: {{- toYaml .Values.securityContext | nindent 10 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
{{- if .Values.enterprise }}
|
|
- mountPath: /var/lib/license
|
|
name: "license"
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if and (.Values.gcp.credentialSecretName) (eq .Values.chartMode "gcp") }}
|
|
- mountPath: /etc/teleport-secrets
|
|
name: "gcp-credentials"
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if .Values.tls.existingCASecretName }}
|
|
- mountPath: /etc/teleport-tls-ca
|
|
name: "teleport-tls-ca"
|
|
readOnly: true
|
|
{{- end }}
|
|
- mountPath: /etc/teleport
|
|
name: "config"
|
|
readOnly: true
|
|
- mountPath: /var/lib/teleport
|
|
name: "data"
|
|
{{- if .Values.extraVolumeMounts }}
|
|
{{- toYaml .Values.extraVolumeMounts | nindent 8 }}
|
|
{{- end }}
|
|
volumes:
|
|
{{- if .Values.enterprise }}
|
|
- name: license
|
|
secret:
|
|
secretName: "license"
|
|
{{- end }}
|
|
{{- if and (.Values.gcp.credentialSecretName) (eq .Values.chartMode "gcp") }}
|
|
- name: gcp-credentials
|
|
secret:
|
|
secretName: {{ .Values.gcp.credentialSecretName | quote }}
|
|
{{- end }}
|
|
{{- if .Values.tls.existingCASecretName }}
|
|
- name: teleport-tls-ca
|
|
secret:
|
|
secretName: {{ .Values.tls.existingCASecretName }}
|
|
{{- end }}
|
|
- name: "config"
|
|
configMap:
|
|
name: {{ .Release.Name }}-auth-test
|
|
- name: "data"
|
|
emptyDir: {}
|
|
{{- if .Values.extraVolumes }}
|
|
{{- toYaml .Values.extraVolumes | nindent 6 }}
|
|
{{- end }}
|
|
{{- end }}
|