diff --git a/docs/pages/kubernetes-access/helm/guides/aws.mdx b/docs/pages/kubernetes-access/helm/guides/aws.mdx index 94b1ad121858f..9053aa0e1cf68 100644 --- a/docs/pages/kubernetes-access/helm/guides/aws.mdx +++ b/docs/pages/kubernetes-access/helm/guides/aws.mdx @@ -235,6 +235,7 @@ The `--set` CLI method is more appropriate for quick test deployments. backendTable: teleport-helm-backend # DynamoDB table to use for the Teleport backend auditLogTable: teleport-helm-events # DynamoDB table to use for the Teleport audit log (must be different to the backend table) sessionRecordingBucket: teleport-helm-sessions # S3 bucket to use for Teleport session recordings + defaultServiceAnnotations: true # Use the default service annotations highAvailability: replicaCount: 2 # Number of replicas to configure certManager: @@ -265,6 +266,7 @@ The `--set` CLI method is more appropriate for quick test deployments. --set aws.backendTable=teleport-helm-backend `# DynamoDB table to use for the Teleport backend` \ --set aws.auditLogTable=teleport-helm-events `# DynamoDB table to use for the Teleport audit log (must be different to the backend table)` \ --set aws.sessionRecordingBucket=teleport-helm-sessions `# S3 bucket to use for Teleport session recordings` \ + --set aws.defaultServiceAnnotations=true `# Use the default service annotations` \ --set highAvailability.replicaCount=2 `# Number of replicas to configure` \ --set highAvailability.certManager.enabled=true `# Enable cert-manager support to get TLS certificates` \ --set highAvailability.certManager.issuerName=letsencrypt-production `# Name of the cert-manager Issuer to use` diff --git a/examples/chart/teleport-cluster/templates/service.yaml b/examples/chart/teleport-cluster/templates/service.yaml index de332eb635315..042720f709f6f 100644 --- a/examples/chart/teleport-cluster/templates/service.yaml +++ b/examples/chart/teleport-cluster/templates/service.yaml @@ -1,3 +1,6 @@ +{{- if and (eq .Values.chartMode "aws") ( not .Values.aws.defaultServiceAnnotations ) (not .Values.annotations.service)}} +{{- fail "AWS mode requires either the default AWS service annotations or define your own in .annotations.service" }} +{{- end }} apiVersion: v1 kind: Service metadata: @@ -10,7 +13,7 @@ metadata: {{- if .Values.annotations.service }} {{- toYaml .Values.annotations.service | nindent 4 }} {{- end }} - {{- if eq .Values.chartMode "aws" }} + {{- if and (eq .Values.chartMode "aws") (.Values.aws.defaultServiceAnnotations) }} service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" service.beta.kubernetes.io/aws-load-balancer-type: nlb diff --git a/examples/chart/teleport-cluster/values.schema.json b/examples/chart/teleport-cluster/values.schema.json index 943d8cd90f33d..0e2b2d851047b 100644 --- a/examples/chart/teleport-cluster/values.schema.json +++ b/examples/chart/teleport-cluster/values.schema.json @@ -118,6 +118,11 @@ "$id": "#/properties/aws/properties/sessionRecordingBucket", "type": "string", "default": "" + }, + "defaultServiceAnnotations": { + "$id": "#/properties/aws/properties/defaultServiceAnnotations", + "type": "boolean", + "default": true } } }, diff --git a/examples/chart/teleport-cluster/values.yaml b/examples/chart/teleport-cluster/values.yaml index 9cdf598d72b73..40a17a28df1f6 100644 --- a/examples/chart/teleport-cluster/values.yaml +++ b/examples/chart/teleport-cluster/values.yaml @@ -77,6 +77,10 @@ aws: # The S3 bucket name to use for recorded session storage. Teleport will attempt to create this bucket automatically if it does not exist. # The container will need an appropriately-provisioned IAM role with permissions to create S3 buckets. sessionRecordingBucket: "" + # If true, use the default AWS service annotations + # If using a different controller for your services (i.e. AWS Load Balancer Controller) + # set to false and define your own in annotations -> service + defaultServiceAnnotations: true ################################################## # GCP-specific settings (only used in "gcp" mode)