Skip to content

[v14] fix agent config templating when using appResource and discovery #35783

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hugoShaka merged 2 commits into from
Dec 15, 2023
Merged

[v14] fix agent config templating when using appResource and discovery #35783

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
814a330
fix agent config tempalting when using appResource and discovery
hugoShaka Dec 15, 2023
2db11b2
add snapshot test
hugoShaka Dec 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions examples/chart/teleport-kube-agent/.lint/app-discovery-full.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
roles: app,discovery
proxyAddr: teleport.example.com
kubeClusterName: example
apps:
- name: test
uri: https://console.aws.amazon.com/ec2/v2/home
labels:
env: test
appResources:
- labels:
"*": "*"
0 ...eport-kube-agent/.lint/app-discovery.yaml → ...be-agent/.lint/app-discovery-minimal.yaml
View file
Open in desktop
File renamed without changes.
22 changes: 11 additions & 11 deletions examples/chart/teleport-kube-agent/templates/_config.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ teleport:
auth_servers: ["{{ required "proxyAddr is required in chart values" .Values.proxyAddr }}"]
{{- end }}
{{- if .Values.caPin }}
ca_pin: {{- toYaml .Values.caPin | nindent 8 }}
ca_pin: {{- toYaml .Values.caPin | nindent 4 }}
{{- end }}
log:
severity: {{ $logLevel }}
Expand All @@ -30,7 +30,7 @@ kubernetes_service:
enabled: true
kube_cluster_name: {{ required "kubeClusterName is required in chart values when kube role is enabled, see README" .Values.kubeClusterName }}
{{- if .Values.labels }}
labels: {{- toYaml .Values.labels | nindent 8 }}
labels: {{- toYaml .Values.labels | nindent 4 }}
{{- end }}
{{- else }}
enabled: false
Expand All @@ -56,16 +56,16 @@ app_service:
{{- end }}
{{- end }}
apps:
{{- toYaml .Values.apps | nindent 8 }}
{{- toYaml .Values.apps | nindent 4 }}
{{- end }}
resources:
{{- if .Values.appResources }}
{{- toYaml .Values.appResources | nindent 8 }}
{{- toYaml .Values.appResources | nindent 4 }}
{{- end }}
{{- if $appDiscoveryEnabled }}
- labels:
"teleport.dev/kubernetes-cluster": "{{ required "kubeClusterName is required in chart values when kube or discovery role is enabled, see README" .Values.kubeClusterName }}"
"teleport.dev/origin": "discovery-kubernetes"
- labels:
"teleport.dev/kubernetes-cluster": "{{ required "kubeClusterName is required in chart values when kube or discovery role is enabled, see README" .Values.kubeClusterName }}"
"teleport.dev/origin": "discovery-kubernetes"
{{- end }}
{{- else }}
enabled: false
Expand All @@ -90,11 +90,11 @@ db_service:
{{- fail "'tags' is required for all 'awsDatabases' in chart values when key is set and db role is enabled, see README" }}
{{- end }}
{{- end }}
{{- toYaml .Values.awsDatabases | nindent 6 }}
{{- toYaml .Values.awsDatabases | nindent 4 }}
{{- end }}
{{- if .Values.azureDatabases }}
azure:
{{- toYaml .Values.azureDatabases | nindent 6 }}
{{- toYaml .Values.azureDatabases | nindent 4 }}
{{- end}}
{{- if .Values.databases }}
databases:
Expand All @@ -109,11 +109,11 @@ db_service:
{{- fail "'protocol' is required for all 'databases' in chart values when db role is enabled, see README" }}
{{- end }}
{{- end }}
{{- toYaml .Values.databases | nindent 6 }}
{{- toYaml .Values.databases | nindent 4 }}
{{- end }}
{{- if .Values.databaseResources }}
resources:
{{- toYaml .Values.databaseResources | nindent 6 }}
{{- toYaml .Values.databaseResources | nindent 4 }}
{{- end }}
{{- else }}
enabled: false
Expand Down
162 changes: 110 additions & 52 deletions examples/chart/teleport-kube-agent/tests/__snapshot__/config_test.yaml.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -261,6 +261,116 @@ matches snapshot for all-v6.yaml:
kubernetes.io/config-different: 2
name: RELEASE-NAME
namespace: NAMESPACE
matches snapshot for app-discovery-full.yaml:
1: |
apiVersion: v1
data:
teleport.yaml: |-
app_service:
apps:
- labels:
env: test
name: test
uri: https://console.aws.amazon.com/ec2/v2/home
enabled: true
resources:
- labels:
'*': '*'
- labels:
teleport.dev/kubernetes-cluster: example
teleport.dev/origin: discovery-kubernetes
auth_service:
enabled: false
db_service:
enabled: false
discovery_service:
discovery_group: example
enabled: true
kubernetes:
- labels:
'*': '*'
namespaces:
- '*'
types:
- app
kubernetes_service:
enabled: false
proxy_service:
enabled: false
ssh_service:
enabled: false
teleport:
join_params:
method: token
token_name: /etc/teleport-secrets/auth-token
log:
format:
extra_fields:
- timestamp
- level
- component
- caller
output: text
output: stderr
severity: INFO
proxy_server: teleport.example.com
version: v3
kind: ConfigMap
metadata:
name: RELEASE-NAME
namespace: NAMESPACE
matches snapshot for app-discovery-minimal.yaml:
1: |
apiVersion: v1
data:
teleport.yaml: |-
app_service:
enabled: true
resources:
- labels:
teleport.dev/kubernetes-cluster: test-kube-cluster
teleport.dev/origin: discovery-kubernetes
auth_service:
enabled: false
db_service:
enabled: false
discovery_service:
discovery_group: test-kube-cluster
enabled: true
kubernetes:
- labels:
'*': '*'
namespaces:
- '*'
types:
- app
kubernetes_service:
enabled: true
kube_cluster_name: test-kube-cluster
proxy_service:
enabled: false
ssh_service:
enabled: false
teleport:
join_params:
method: token
token_name: /etc/teleport-secrets/auth-token
log:
format:
extra_fields:
- timestamp
- level
- component
- caller
output: text
output: stderr
severity: INFO
proxy_server: proxy.example.com:3080
version: v3
kind: ConfigMap
metadata:
name: RELEASE-NAME
namespace: NAMESPACE
matches snapshot for aws-databases.yaml:
1: |
apiVersion: v1
Expand Down Expand Up @@ -1185,55 +1295,3 @@ matches snapshot for volumes.yaml:
metadata:
name: RELEASE-NAME
namespace: NAMESPACE
matches snapshot when app discovery is enabled:
1: |
apiVersion: v1
data:
teleport.yaml: |-
app_service:
enabled: true
resources:
- labels:
teleport.dev/kubernetes-cluster: test-kube-cluster
teleport.dev/origin: discovery-kubernetes
auth_service:
enabled: false
db_service:
enabled: false
discovery_service:
discovery_group: test-kube-cluster
enabled: true
kubernetes:
- labels:
'*': '*'
namespaces:
- '*'
types:
- app
kubernetes_service:
enabled: true
kube_cluster_name: test-kube-cluster
proxy_service:
enabled: false
ssh_service:
enabled: false
teleport:
join_params:
method: token
token_name: /etc/teleport-secrets/auth-token
log:
format:
extra_fields:
- timestamp
- level
- component
- caller
output: text
output: stderr
severity: INFO
proxy_server: proxy.example.com:3080
version: v3
kind: ConfigMap
metadata:
name: RELEASE-NAME
namespace: NAMESPACE
14 changes: 12 additions & 2 deletions examples/chart/teleport-kube-agent/tests/config_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -290,9 +290,19 @@ tests:
of: ConfigMap
- matchSnapshot: {}

- it: matches snapshot when app discovery is enabled
- it: matches snapshot for app-discovery-minimal.yaml
values:
- ../.lint/app-discovery.yaml
- ../.lint/app-discovery-minimal.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ConfigMap
- matchSnapshot: {}

- it: matches snapshot for app-discovery-full.yaml
values:
- ../.lint/app-discovery-full.yaml
asserts:
- hasDocuments:
count: 1
Expand Down