From 1d7b895fea77873709406dd88a73adb98de991b4 Mon Sep 17 00:00:00 2001 From: Hugo Shaka Date: Mon, 29 Jan 2024 11:41:07 -0500 Subject: [PATCH] helm: make proxies replicable when usign an ingress --- .../reference/helm-reference/teleport-cluster.mdx | 3 ++- .../teleport-cluster/templates/proxy/deployment.yaml | 2 +- .../tests/proxy_deployment_test.yaml | 12 ++++++++++++ examples/chart/teleport-cluster/values.yaml | 3 ++- 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/docs/pages/reference/helm-reference/teleport-cluster.mdx b/docs/pages/reference/helm-reference/teleport-cluster.mdx index 673255615b5fa..b87803156bc0f 100644 --- a/docs/pages/reference/helm-reference/teleport-cluster.mdx +++ b/docs/pages/reference/helm-reference/teleport-cluster.mdx @@ -960,7 +960,8 @@ is not supported with multiple replicas. ### For proxy pods Proxy pods need to be provided a certificate to be replicated (via either -`tls.existingSecretName` or `highAvailability.certManager`). +`tls.existingSecretName` or `highAvailability.certManager`) or be exposed +via an ingress (`ingress.enabled`). If proxy pods are replicable, they will default to 2 replicas, even if `highAvailability.replicaCount` is 1. To force a single proxy replica, set `proxy.highAvailability.replicaCount: 1`. diff --git a/examples/chart/teleport-cluster/templates/proxy/deployment.yaml b/examples/chart/teleport-cluster/templates/proxy/deployment.yaml index 68cfbd5a48c63..0011b4cc743ab 100644 --- a/examples/chart/teleport-cluster/templates/proxy/deployment.yaml +++ b/examples/chart/teleport-cluster/templates/proxy/deployment.yaml @@ -1,5 +1,5 @@ {{- $proxy := mustMergeOverwrite (mustDeepCopy .Values) .Values.proxy -}} -{{- $replicable := or $proxy.highAvailability.certManager.enabled $proxy.tls.existingSecretName -}} +{{- $replicable := or $proxy.highAvailability.certManager.enabled $proxy.tls.existingSecretName $proxy.ingress.enabled -}} {{- $projectedServiceAccountToken := semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }} # Deployment is {{ if not $replicable }}not {{end}}replicable {{- if and $proxy.highAvailability.certManager.enabled $proxy.tls.existingSecretName }} diff --git a/examples/chart/teleport-cluster/tests/proxy_deployment_test.yaml b/examples/chart/teleport-cluster/tests/proxy_deployment_test.yaml index c4cbfcc8fad2d..2d6dda92a5a0a 100644 --- a/examples/chart/teleport-cluster/tests/proxy_deployment_test.yaml +++ b/examples/chart/teleport-cluster/tests/proxy_deployment_test.yaml @@ -87,6 +87,18 @@ tests: path: spec.replicas value: 1 + - it: should have multiple replicas by default when an ingress is terminating TLS + template: proxy/deployment.yaml + set: + clusterName: helm-lint.example.com + proxyListenerMode: multiplex + ingress: + enabled: true + asserts: + - equal: + path: spec.replicas + value: 2 + - it: should set affinity when set in values template: proxy/deployment.yaml set: diff --git a/examples/chart/teleport-cluster/values.yaml b/examples/chart/teleport-cluster/values.yaml index 302fe7a7aae90..8afb2359ebb68 100644 --- a/examples/chart/teleport-cluster/values.yaml +++ b/examples/chart/teleport-cluster/values.yaml @@ -418,7 +418,8 @@ azure: # is not supported with multiple replicas. # For proxy pods: # Proxy pods need to be provided a certificate to be replicated (either via -# `tls.existingSecretName` or via `highAvailability.certManager`). +# `tls.existingSecretName` or via `highAvailability.certManager`) or be exposed +# via an ingress (`ingress.enabled`). # If proxy pods are replicable, they will default to 2 replicas, # even if `highAvailability.replicaCount` is 1. To force a single proxy replica, # set `proxy.highAvailability.replicaCount: 1`.