From dda1a1bf0c71aab5c4a0b9d5d69348eb9e99a0d8 Mon Sep 17 00:00:00 2001 From: Guntis Karulis Date: Fri, 8 Nov 2024 16:10:18 +0000 Subject: [PATCH] feat(helm-teleport-cluster): allow to override enterprise license name Signed-off-by: Guntis Karulis Signed-off-by: Tiago Silva --- .../helm-reference/teleport-cluster.mdx | 16 +++++++++++++ .../.lint/auth-enterprise-license.yaml | 4 ++++ .../templates/auth/deployment.yaml | 2 +- .../templates/auth/predeploy_job.yaml | 2 +- .../tests/auth_deployment_test.yaml | 24 +++++++++++++++++++ .../chart/teleport-cluster/values.schema.json | 5 ++++ examples/chart/teleport-cluster/values.yaml | 3 ++- 7 files changed, 53 insertions(+), 3 deletions(-) create mode 100644 examples/chart/teleport-cluster/.lint/auth-enterprise-license.yaml diff --git a/docs/pages/reference/helm-reference/teleport-cluster.mdx b/docs/pages/reference/helm-reference/teleport-cluster.mdx index 962e64582c9b1..ed15418849fe9 100644 --- a/docs/pages/reference/helm-reference/teleport-cluster.mdx +++ b/docs/pages/reference/helm-reference/teleport-cluster.mdx @@ -606,6 +606,22 @@ $ kubectl --namespace teleport create secret generic license --from-file=/path/t enterprise: true ``` +### `licenseSecretName` + +| Type | Default value | +|----------|----------------| +| `string` | `license` | + +`licenseSecretName` controls Kubernetes secret name for the Enterprise license. + +By using this value you will update the Kubernetes volume specification to mount Secret based volume to the container using custom name. + +`values.yaml` example: + + ```yaml + licenseSecretName: enterprise-license + ``` + ## `installCRDs` | Type | Default value | diff --git a/examples/chart/teleport-cluster/.lint/auth-enterprise-license.yaml b/examples/chart/teleport-cluster/.lint/auth-enterprise-license.yaml new file mode 100644 index 0000000000000..a86c5261469fc --- /dev/null +++ b/examples/chart/teleport-cluster/.lint/auth-enterprise-license.yaml @@ -0,0 +1,4 @@ +clusterName: helm-lint +enterprise: true +licenseSecretName: enterprise-license + diff --git a/examples/chart/teleport-cluster/templates/auth/deployment.yaml b/examples/chart/teleport-cluster/templates/auth/deployment.yaml index 088cb4648d887..a01b0c6f01779 100644 --- a/examples/chart/teleport-cluster/templates/auth/deployment.yaml +++ b/examples/chart/teleport-cluster/templates/auth/deployment.yaml @@ -305,7 +305,7 @@ spec: {{- if $auth.enterprise }} - name: license secret: - secretName: "license" + secretName: {{ $auth.licenseSecretName | quote }} {{- end }} {{- if and ($auth.gcp.credentialSecretName) (eq $auth.chartMode "gcp") }} - name: gcp-credentials diff --git a/examples/chart/teleport-cluster/templates/auth/predeploy_job.yaml b/examples/chart/teleport-cluster/templates/auth/predeploy_job.yaml index 860c790645fa4..e75c0f20a55e8 100644 --- a/examples/chart/teleport-cluster/templates/auth/predeploy_job.yaml +++ b/examples/chart/teleport-cluster/templates/auth/predeploy_job.yaml @@ -84,7 +84,7 @@ spec: {{- if .Values.enterprise }} - name: license secret: - secretName: "license" + secretName: {{ .Values.licenseSecretName | quote }} {{- end }} {{- if and (.Values.gcp.credentialSecretName) (eq .Values.chartMode "gcp") }} - name: gcp-credentials diff --git a/examples/chart/teleport-cluster/tests/auth_deployment_test.yaml b/examples/chart/teleport-cluster/tests/auth_deployment_test.yaml index bb26ae7df0864..145ef628d7bbc 100644 --- a/examples/chart/teleport-cluster/tests/auth_deployment_test.yaml +++ b/examples/chart/teleport-cluster/tests/auth_deployment_test.yaml @@ -215,6 +215,30 @@ tests: secret: secretName: license + - it: should use enterprise image and mount license with custom secret name when enterprise is set in values + template: auth/deployment.yaml + set: + clusterName: helm-lint.example.com + enterprise: true + licenseSecretName: enterprise-license + teleportVersionOverride: 12.2.1 + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: public.ecr.aws/gravitational/teleport-ent-distroless:12.2.1 + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /var/lib/license + name: "license" + readOnly: true + - contains: + path: spec.template.spec.volumes + content: + name: license + secret: + secretName: enterprise-license + - it: should use OSS image and not mount license when enterprise is not set in values template: auth/deployment.yaml set: diff --git a/examples/chart/teleport-cluster/values.schema.json b/examples/chart/teleport-cluster/values.schema.json index 2c4a6da0c5e73..6e3796ca8c9e5 100644 --- a/examples/chart/teleport-cluster/values.schema.json +++ b/examples/chart/teleport-cluster/values.schema.json @@ -286,6 +286,11 @@ "type": "boolean", "default": false }, + "licenseSecretName": { + "$id": "#/properties/licenseSecretName", + "type": "string", + "default": "license" + }, "installCRDs": { "$id": "#/properties/installCRDs", "type": "boolean" diff --git a/examples/chart/teleport-cluster/values.yaml b/examples/chart/teleport-cluster/values.yaml index 689810cb17bb8..d9658662fb8ea 100644 --- a/examples/chart/teleport-cluster/values.yaml +++ b/examples/chart/teleport-cluster/values.yaml @@ -245,7 +245,8 @@ acmeURI: "" # You will need to download your Enterprise license from the Teleport dashboard and create a secret to use this: # kubectl -n ${TELEPORT_NAMESPACE?} create secret generic license --from-file=/path/to/downloaded/license.pem enterprise: false - +# Override default Enterprise license name +licenseSecretName: "license" # CRDs are installed by default when the operator is enabled. This manual override allows to disable CRD installation # when deploying multiple releases in the same cluster. # installCRDs: