Conversation
github-actions
Bot
requested review from
kimlisa,
mdwn,
ptgott,
r0mant,
xinding33 and
zmb3
|
The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with |
|
🤖 Vercel preview here: https://docs-hnjr3c8rh-goteleport.vercel.app/docs/ver/preview |
tigrato
force-pushed
the
tigrato/kube-discovery-extend-labels
branch
from
63b0831 to
635e3ce
Compare
…tes App Discovery This PR extends existing supported annotations to be able to import applications from Kubernetes that require disabling TLS verification. It also adds `teleport.dev/ignore` annotation when users want to exclude single Kubernetes services from being imported when they share the same labels as other services that must be imported. Fixes #36328 Fixes #36177 Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
tigrato
force-pushed
the
tigrato/kube-discovery-extend-labels
branch
from
635e3ce to
b68a04a
Compare
tigrato
changed the title
|
🤖 Vercel preview here: https://docs-bq1bcz0np-goteleport.vercel.app/docs/ver/preview |
|
🤖 Vercel preview here: https://docs-mazrdakdz-goteleport.vercel.app/docs/ver/preview |
| // DiscoveryAppInsecureSkipVerify specifies the TLS verification enforcement for a discovered app created from Kubernetes service. | ||
| DiscoveryAppInsecureSkipVerify = TeleportNamespace + "/insecure-skip-verify" | ||
| // DiscoveryAppIgnore specifies if a Kubernetes service should be ignored by discovery service. | ||
| DiscoveryAppIgnore = TeleportNamespace + "/ignore" |
There was a problem hiding this comment.
should we rename the constant to something more generic for operator usage as well? should the operator use resources.teleport.dev/ignore instead?
I would prefer a single annotation though.
There was a problem hiding this comment.
I used teleport.dev to keep consistency with all other labels used by app discovery 😭
public-teleport-github-review-bot
Bot
removed request for
kimlisa,
r0mant,
xinding33 and
zmb3
4 participants
This PR extends existing supported annotations to be able to import applications from Kubernetes that require disabling TLS verification.
It also adds
teleport.dev/ignoreannotation when users want to exclude single Kubernetes services from being imported when they share the same labels as other services that must be imported.Fixes #36328
Fixes #36177
Changelog: Enhance Kubernetes App Discovery functionality to provide the ability to disable specific Service imports and configure the TLS Skip Verify option using an Annotation.