helm: add job validating configuration on deploy#19333
helm: add job validating configuration on deploy#19333hugoShaka merged 4 commits intohugo/chart-split-proxy-authfrom
Conversation
|
I wish Github supported stacked diffs... Maybe change the base of your PR to your custom branch temporarily so it only shows the relevant changes? |
My bad, I forgot to change the base |
hugoShaka
changed the base branch from
master
to
hugo/chart-split-proxy-auth
hugoShaka
force-pushed
the
hugo/chart-split-proxy-auth
branch
from
f844519 to
620b06f
Compare
hugoShaka
changed the title
webvictim
left a comment
webvictim
left a comment
There was a problem hiding this comment.
Looks good, I skimmed most of the stuff that I'd already reviewed because Github isn't smart enough to show me a merged view I guess?!
| @@ -0,0 +1,7 @@ | |||
| # This setup is not safe for production because the proxy will self-sign its certificate. | |||
| # Use those values for testing only | |||
There was a problem hiding this comment.
| # Use those values for testing only | |
| # Use these values for testing only |
| {{- end -}} | ||
|
|
||
| {{- define "teleport-cluster.auth.config.custom" -}} | ||
| {{ fail "'custom' mode has been depreacted with chart v12 because of the proxy/auth split, see http://link" }} |
There was a problem hiding this comment.
Reminder to update this one when we know what the link will be :D
| {{- end }} | ||
| teleport.yaml: |2 | ||
| {{- mustMergeOverwrite (include $configTemplate . | fromYaml) $auth.teleportConfig | toYaml | nindent 4 -}} | ||
| {{- end }} No newline at end of file |
There was a problem hiding this comment.
nit: No trailing line break
|
|
||
| {{- define "teleport-cluster.proxy.config.custom" -}} | ||
| {{ fail "'custom' mode has been depreacted with chart v12 because of the proxy/auth split, see http://link" }} | ||
| {{- end -}} No newline at end of file |
There was a problem hiding this comment.
nit: No trailing line break
Also missing link ofc
| data: | ||
| teleport.yaml: |2 | ||
| {{- mustMergeOverwrite (include $configTemplate . | fromYaml) $proxy.teleportConfig | toYaml | nindent 4 -}} | ||
| {{- end }} No newline at end of file |
There was a problem hiding this comment.
nit: No trailing line break
| validateConfigOnDeploy: false | ||
| asserts: | ||
| - hasDocuments: | ||
| count: 0 No newline at end of file |
There was a problem hiding this comment.
nit: No trailing line break
| @@ -0,0 +1 @@ | |||
| {} | |||
There was a problem hiding this comment.
I'm not sure why this is blank? I guess there's no snapshotting needed, so rather than have no file it just has an empty object?
| {{- end -}} | ||
|
|
||
| {{- define "teleport-cluster.auth.config.custom" -}} | ||
| {{ fail "'custom' mode has been depreacted with chart v12 because of the proxy/auth split, see http://link" }} |
There was a problem hiding this comment.
| {{ fail "'custom' mode has been depreacted with chart v12 because of the proxy/auth split, see http://link" }} | |
| {{ fail "'custom' mode has been deprecated with chart v12 because of the proxy/auth split, see http://link" }} |
| {{- end -}} | ||
|
|
||
| {{- define "teleport-cluster.proxy.config.custom" -}} | ||
| {{ fail "'custom' mode has been depreacted with chart v12 because of the proxy/auth split, see http://link" }} |
There was a problem hiding this comment.
| {{ fail "'custom' mode has been depreacted with chart v12 because of the proxy/auth split, see http://link" }} | |
| {{ fail "'custom' mode has been deprecated with chart v12 because of the proxy/auth split, see http://link" }} |
Ugh, I rebased the base branch and now it's lost.I'll rebase again all the satellite branches. |
marcoandredinis
left a comment
marcoandredinis
left a comment
There was a problem hiding this comment.
LGTM 👍
Just one question:
Do we have to recreate everything in order to run the teleport configure test?
Things can get out of sync between
examples/chart/teleport-cluster/templates/auth/predeploy_job.yaml and
examples/chart/teleport-cluster/templates/auth/statefulset.yaml
It seems we even create another token for the proxy to join, even though is not used (or is it?)
In its current state, we need the config and whatever is mounted (because it can contain parts of the config). So we have to duplicate at least the podSpec and the configMap. Ideally, the I don't know if putting some parts of the podSpec in a template would improve maintainability. This becomes a challenge, especially as we don't want to deploy additional containers like the operator. |
JFYI it doesn't (but it should 😁) |
hugoShaka
force-pushed
the
hugo/chart-validate-conf-job
branch
from
402b5d1 to
8be205d
Compare
Co-authored-by: Gus Luxton <gus@goteleport.com>
Part of [RFD-0096](#18274) This PR adds helm hooks deploying a test configuration job and running `teleport configure --test` to validate the `teleport.yaml` configuration is sane.
3 participants
Part of RFD-0096
This PR adds helm hooks deploying a test configuration job and running
teleport configure --testto validate theteleport.yamlconfiguration is sane.Note: merge only once the #18857 has been merged