diff --git a/examples/chart/teleport-kube-agent/templates/_helpers.tpl b/examples/chart/teleport-kube-agent/templates/_helpers.tpl index 3e00e271bf9a7..43668b015dce7 100644 --- a/examples/chart/teleport-kube-agent/templates/_helpers.tpl +++ b/examples/chart/teleport-kube-agent/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{- define "teleport.kube.agent.isUpgrade" -}} {{- /* Checks if action is an upgrade from an old release that didn't support Secret storage */}} {{- if .Release.IsUpgrade }} - {{- $deployment := (lookup "apps/v1" "Deployment" .Release.Namespace .Release.Name ) -}} + {{- $deployment := (lookup "apps/v1" "Deployment" .Release.Namespace ( include "teleport-kube-agent.releaseName" . ) ) -}} {{- if ($deployment) }} true {{- else if .Values.unitTestUpgrade }} @@ -11,15 +11,15 @@ true {{- end -}} {{/* Create the name of the service account to use -if serviceAccount is not defined or serviceAccount.name is empty, use .Release.Name +if serviceAccount is not defined or serviceAccount.name is empty, use teleport-kube-agent.releaseName */}} {{- define "teleport-kube-agent.serviceAccountName" -}} -{{- coalesce .Values.serviceAccount.name .Values.serviceAccountName .Release.Name -}} +{{- coalesce .Values.serviceAccount.name .Values.serviceAccountName ( include "teleport-kube-agent.releaseName" . ) -}} {{- end -}} {{/* Create the name of the service account to use for the post-delete hook -if serviceAccount is not defined or serviceAccount.name is empty, use .Release.Name-delete-hook +if serviceAccount is not defined or serviceAccount.name is empty, use teleport-kube-agent.releaseName-delete-hook */}} {{- define "teleport-kube-agent.deleteHookServiceAccountName" -}} {{- if .Values.serviceAccount.create -}} @@ -48,3 +48,11 @@ if serviceAccount is not defined or serviceAccount.name is empty, use .Release.N {{- define "teleport-kube-agent.image" -}} {{ include "teleport-kube-agent.baseImage" . }}:{{ include "teleport-kube-agent.version" . }} {{- end -}} + +{{- define "teleport-kube-agent.releaseName" -}} +{{- if .Values.releaseNameOverwrite -}} + {{- .Values.releaseNameOverwrite -}} +{{- else -}} + {{- .Release.Name -}} +{{- end -}} +{{- end -}} diff --git a/examples/chart/teleport-kube-agent/templates/clusterrole.yaml b/examples/chart/teleport-kube-agent/templates/clusterrole.yaml index b987fabd2a5c7..9beb3263cc683 100644 --- a/examples/chart/teleport-kube-agent/templates/clusterrole.yaml +++ b/examples/chart/teleport-kube-agent/templates/clusterrole.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ .Values.clusterRoleName | default .Release.Name }} + name: {{ .Values.clusterRoleName | default ( include "teleport-kube-agent.releaseName" . ) }} {{- if .Values.extraLabels.clusterRole }} labels: {{- toYaml .Values.extraLabels.clusterRole | nindent 4 }} diff --git a/examples/chart/teleport-kube-agent/templates/clusterrolebinding.yaml b/examples/chart/teleport-kube-agent/templates/clusterrolebinding.yaml index af2a7b100c7a4..828d5850aa65e 100644 --- a/examples/chart/teleport-kube-agent/templates/clusterrolebinding.yaml +++ b/examples/chart/teleport-kube-agent/templates/clusterrolebinding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ .Values.clusterRoleBindingName | default .Release.Name }} + name: {{ .Values.clusterRoleBindingName | default ( include "teleport-kube-agent.releaseName" . ) }} {{- if .Values.extraLabels.clusterRoleBinding }} labels: {{- toYaml .Values.extraLabels.clusterRoleBinding | nindent 4 }} @@ -10,7 +10,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ .Values.clusterRoleName | default .Release.Name }} + name: {{ .Values.clusterRoleName | default ( include "teleport-kube-agent.releaseName" . ) }} subjects: - kind: ServiceAccount name: {{ template "teleport-kube-agent.serviceAccountName" . }} diff --git a/examples/chart/teleport-kube-agent/templates/config.yaml b/examples/chart/teleport-kube-agent/templates/config.yaml index d97ebaed567ca..b4990900cc7d4 100644 --- a/examples/chart/teleport-kube-agent/templates/config.yaml +++ b/examples/chart/teleport-kube-agent/templates/config.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }} + name: {{ include "teleport-kube-agent.releaseName" . }} namespace: {{ .Release.Namespace }} {{- if .Values.extraLabels.config }} labels: diff --git a/examples/chart/teleport-kube-agent/templates/delete_hook.yaml b/examples/chart/teleport-kube-agent/templates/delete_hook.yaml index 3cf584a323896..384b58347cc37 100644 --- a/examples/chart/teleport-kube-agent/templates/delete_hook.yaml +++ b/examples/chart/teleport-kube-agent/templates/delete_hook.yaml @@ -18,7 +18,7 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ .Release.Name }}-delete-hook + name: {{ include "teleport-kube-agent.releaseName" . }}-delete-hook namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": post-delete @@ -36,7 +36,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ .Release.Name }}-delete-hook + name: {{ include "teleport-kube-agent.releaseName" . }}-delete-hook namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": post-delete @@ -49,7 +49,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ .Release.Name }}-delete-hook + name: {{ include "teleport-kube-agent.releaseName" . }}-delete-hook subjects: - kind: ServiceAccount name: {{ template "teleport-kube-agent.deleteHookServiceAccountName" . }} @@ -59,7 +59,7 @@ subjects: apiVersion: batch/v1 kind: Job metadata: - name: {{ .Release.Name }}-delete-hook + name: {{ include "teleport-kube-agent.releaseName" . }}-delete-hook namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": post-delete @@ -72,13 +72,13 @@ metadata: spec: template: metadata: - name: {{ .Release.Name }}-delete-hook + name: {{ include "teleport-kube-agent.releaseName" . }}-delete-hook {{- if .Values.annotations.pod }} annotations: {{- toYaml .Values.annotations.pod | nindent 8 }} {{- end }} labels: - app: {{ .Release.Name }} + app: {{ include "teleport-kube-agent.releaseName" . }} {{- if .Values.extraLabels.pod }} {{- toYaml .Values.extraLabels.pod | nindent 8 }} {{- end }} @@ -108,7 +108,7 @@ spec: fieldRef: fieldPath: metadata.namespace - name: RELEASE_NAME - value: {{ .Release.Name }} + value: {{ include "teleport-kube-agent.releaseName" . }} image: {{ include "teleport-kube-agent.image" . | quote }} {{- if .Values.imagePullPolicy }} imagePullPolicy: {{ toYaml .Values.imagePullPolicy }} diff --git a/examples/chart/teleport-kube-agent/templates/pdb.yaml b/examples/chart/teleport-kube-agent/templates/pdb.yaml index 6b6e17ae09e10..d46fb7a026c8c 100644 --- a/examples/chart/teleport-kube-agent/templates/pdb.yaml +++ b/examples/chart/teleport-kube-agent/templates/pdb.yaml @@ -6,10 +6,10 @@ apiVersion: policy/v1beta1 {{- end }} kind: PodDisruptionBudget metadata: - name: {{ .Release.Name }} + name: {{ include "teleport-kube-agent.releaseName" . }} namespace: {{ .Release.Namespace }} labels: - app: {{ .Release.Name }} + app: {{ include "teleport-kube-agent.releaseName" . }} {{- if .Values.extraLabels.podDisruptionBudget }} {{- toYaml .Values.extraLabels.podDisruptionBudget | nindent 4 }} {{- end }} @@ -17,5 +17,5 @@ spec: minAvailable: {{ .Values.highAvailability.podDisruptionBudget.minAvailable }} selector: matchLabels: - app: {{ .Release.Name }} + app: {{ include "teleport-kube-agent.releaseName" . }} {{- end }} diff --git a/examples/chart/teleport-kube-agent/templates/podmonitor.yaml b/examples/chart/teleport-kube-agent/templates/podmonitor.yaml index 6bc0ccdaf51e1..7bed5b56ed8d8 100644 --- a/examples/chart/teleport-kube-agent/templates/podmonitor.yaml +++ b/examples/chart/teleport-kube-agent/templates/podmonitor.yaml @@ -2,20 +2,20 @@ apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: - name: {{ .Release.Name }} + name: {{ include "teleport-kube-agent.releaseName" . }} namespace: {{ .Release.Namespace }} labels: {{- with .Values.podMonitor.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} spec: - jobLabel: {{ .Release.Name }} + jobLabel: {{ include "teleport-kube-agent.releaseName" . }} namespaceSelector: matchNames: - {{ .Release.Namespace }} selector: matchLabels: - app: {{ .Release.Name }} + app: {{ include "teleport-kube-agent.releaseName" . }} podMetricsEndpoints: - port: diag path: /metrics diff --git a/examples/chart/teleport-kube-agent/templates/psp.yaml b/examples/chart/teleport-kube-agent/templates/psp.yaml index bdf8b10d898dc..732bba96382d5 100644 --- a/examples/chart/teleport-kube-agent/templates/psp.yaml +++ b/examples/chart/teleport-kube-agent/templates/psp.yaml @@ -6,7 +6,7 @@ apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: - name: {{ .Release.Name }} + name: {{ include "teleport-kube-agent.releaseName" . }} {{- if .Values.extraLabels.podSecurityPolicy }} labels: {{- toYaml .Values.extraLabels.podSecurityPolicy | nindent 4 }} @@ -45,7 +45,7 @@ spec: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ .Release.Name }}-psp + name: {{ include "teleport-kube-agent.releaseName" . }}-psp rules: - apiGroups: - policy @@ -54,16 +54,16 @@ rules: verbs: - use resourceNames: - - {{ .Release.Name }} + - {{ include "teleport-kube-agent.releaseName" . }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ .Release.Name }}-psp + name: {{ include "teleport-kube-agent.releaseName" . }}-psp roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ .Release.Name }}-psp + name: {{ include "teleport-kube-agent.releaseName" . }}-psp subjects: - kind: ServiceAccount name: {{ template "teleport-kube-agent.serviceAccountName" . }} diff --git a/examples/chart/teleport-kube-agent/templates/role.yaml b/examples/chart/teleport-kube-agent/templates/role.yaml index 22b53a136a616..17179c69d0ebd 100644 --- a/examples/chart/teleport-kube-agent/templates/role.yaml +++ b/examples/chart/teleport-kube-agent/templates/role.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ .Values.roleName | default .Release.Name }} + name: {{ .Values.roleName | default ( include "teleport-kube-agent.releaseName" . ) }} namespace: {{ .Release.Namespace }} {{- if .Values.extraLabels.role }} labels: diff --git a/examples/chart/teleport-kube-agent/templates/rolebinding.yaml b/examples/chart/teleport-kube-agent/templates/rolebinding.yaml index 563853e6e46a1..1df7020de1de6 100644 --- a/examples/chart/teleport-kube-agent/templates/rolebinding.yaml +++ b/examples/chart/teleport-kube-agent/templates/rolebinding.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ .Values.roleBindingName | default .Release.Name }} + name: {{ .Values.roleBindingName | default ( include "teleport-kube-agent.releaseName" . ) }} namespace: {{ .Release.Namespace }} {{- if .Values.extraLabels.roleBinding }} labels: @@ -10,7 +10,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ .Values.roleName | default .Release.Name }} + name: {{ .Values.roleName | default ( include "teleport-kube-agent.releaseName" . ) }} subjects: - kind: ServiceAccount name: {{ template "teleport-kube-agent.serviceAccountName" . }} diff --git a/examples/chart/teleport-kube-agent/templates/statefulset.yaml b/examples/chart/teleport-kube-agent/templates/statefulset.yaml index 98a549fa3447f..af6324e815234 100644 --- a/examples/chart/teleport-kube-agent/templates/statefulset.yaml +++ b/examples/chart/teleport-kube-agent/templates/statefulset.yaml @@ -7,10 +7,10 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - name: {{ .Release.Name }} + name: {{ include "teleport-kube-agent.releaseName" . }} namespace: {{ .Release.Namespace }} labels: - app: {{ .Release.Name }} + app: {{ include "teleport-kube-agent.releaseName" . }} {{- if .Values.extraLabels.deployment }} {{- toYaml .Values.extraLabels.deployment | nindent 4 }} {{- end }} @@ -19,11 +19,11 @@ metadata: {{- toYaml .Values.annotations.deployment | nindent 4 }} {{- end }} spec: - serviceName: {{ .Release.Name }} + serviceName: {{ include "teleport-kube-agent.releaseName" . }} replicas: {{ $replicaCount }} selector: matchLabels: - app: {{ .Release.Name }} + app: {{ include "teleport-kube-agent.releaseName" . }} template: metadata: annotations: @@ -33,7 +33,7 @@ spec: {{- toYaml .Values.annotations.pod | nindent 8 }} {{- end }} labels: - app: {{ .Release.Name }} + app: {{ include "teleport-kube-agent.releaseName" . }} {{- if .Values.extraLabels.pod }} {{- toYaml .Values.extraLabels.pod | nindent 8 }} {{- end }} @@ -69,7 +69,7 @@ spec: - key: app operator: In values: - - {{ .Release.Name }} + - {{ include "teleport-kube-agent.releaseName" . }} topologyKey: "kubernetes.io/hostname" {{- else if gt (int $replicaCount) 1 }} preferredDuringSchedulingIgnoredDuringExecution: @@ -80,7 +80,7 @@ spec: - key: app operator: In values: - - {{ .Release.Name }} + - {{ include "teleport-kube-agent.releaseName" . }} topologyKey: "kubernetes.io/hostname" {{- end }} {{- end }} @@ -95,13 +95,13 @@ spec: whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: - app: {{ .Release.Name }} + app: {{ include "teleport-kube-agent.releaseName" . }} - maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: - app: {{ .Release.Name }} + app: {{ include "teleport-kube-agent.releaseName" . }} {{- end }} {{- end }} {{- if .Values.tolerations }} @@ -128,7 +128,7 @@ spec: name: "auth-token" readOnly: true - mountPath: /var/lib/teleport - name: "{{ .Release.Name }}-teleport-data" + name: "{{ include "teleport-kube-agent.releaseName" . }}-teleport-data" {{- if .Values.tls.existingCASecretName }} - mountPath: /etc/teleport-tls-ca name: "teleport-tls-ca" @@ -171,7 +171,7 @@ spec: fieldRef: fieldPath: metadata.namespace - name: RELEASE_NAME - value: {{ .Release.Name }} + value: {{ include "teleport-kube-agent.releaseName" . }} {{- if .Values.updater.enabled }} - name: TELEPORT_EXT_UPGRADER value: kube @@ -242,7 +242,7 @@ spec: {{- end }} {{- if .Values.storage.enabled }} - mountPath: /var/lib/teleport - name: "{{ .Release.Name }}-teleport-data" + name: "{{ include "teleport-kube-agent.releaseName" . }}-teleport-data" {{- else }} - mountPath: /var/lib/teleport name: "data" @@ -266,7 +266,7 @@ spec: volumes: - name: "config" configMap: - name: {{ .Release.Name }} + name: {{ include "teleport-kube-agent.releaseName" . }} - name: "auth-token" secret: secretName: {{ coalesce .Values.secretName .Values.joinTokenSecret.name }} @@ -303,7 +303,7 @@ spec: {{- if and .Values.storage.enabled }} volumeClaimTemplates: - metadata: - name: "{{ .Release.Name }}-teleport-data" + name: {{ include "teleport-kube-agent.releaseName" . }}-teleport-data spec: accessModes: [ "ReadWriteOnce" ] storageClassName: {{ .Values.storage.storageClassName }} diff --git a/examples/chart/teleport-kube-agent/templates/updater/_helpers.tpl b/examples/chart/teleport-kube-agent/templates/updater/_helpers.tpl index 59fb0c27d27da..4bca925603bb7 100644 --- a/examples/chart/teleport-kube-agent/templates/updater/_helpers.tpl +++ b/examples/chart/teleport-kube-agent/templates/updater/_helpers.tpl @@ -1,6 +1,6 @@ {{/* Create the name of the service account to use -if serviceAccount is not defined or serviceAccount.name is empty, use .Release.Name +if serviceAccount is not defined or serviceAccount.name is empty, use teleport-kube-agent.releaseName */}} {{- define "teleport-kube-agent-updater.serviceAccountName" -}} {{- coalesce .Values.updater.serviceAccount.name (include "teleport-kube-agent.serviceAccountName" . | printf "%s-updater") -}} diff --git a/examples/chart/teleport-kube-agent/templates/updater/deployment.yaml b/examples/chart/teleport-kube-agent/templates/updater/deployment.yaml index 5790f16cd8dfc..f1770bb9aca4c 100644 --- a/examples/chart/teleport-kube-agent/templates/updater/deployment.yaml +++ b/examples/chart/teleport-kube-agent/templates/updater/deployment.yaml @@ -4,10 +4,10 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-updater + name: {{ include "teleport-kube-agent.releaseName" . }}-updater namespace: {{ .Release.Namespace }} labels: - app: {{ .Release.Name }}-updater + app: {{ include "teleport-kube-agent.releaseName" . }}-updater {{- if $updater.extraLabels.deployment }} {{- toYaml $updater.extraLabels.deployment | nindent 4 }} {{- end }} @@ -18,7 +18,7 @@ spec: replicas: 1 selector: matchLabels: - app: {{ .Release.Name }}-updater + app: {{ include "teleport-kube-agent.releaseName" . }}-updater template: metadata: annotations: @@ -26,7 +26,7 @@ spec: {{- toYaml $updater.annotations.pod | nindent 8 }} {{- end }} labels: - app: {{ .Release.Name }}-updater + app: {{ include "teleport-kube-agent.releaseName" . }}-updater {{- if $updater.extraLabels.pod }} {{- toYaml $updater.extraLabels.pod | nindent 8 }} {{- end }} @@ -60,7 +60,7 @@ spec: {{- end }} {{- end }} args: - - "--agent-name={{ .Release.Name }}" + - "--agent-name={{ include "teleport-kube-agent.releaseName" . }}" - "--agent-namespace={{ .Release.Namespace }}" - "--base-image={{ include "teleport-kube-agent.baseImage" . }}" {{- if $updater.versionServer}} diff --git a/examples/chart/teleport-kube-agent/templates/updater/role.yaml b/examples/chart/teleport-kube-agent/templates/updater/role.yaml index 12608478fdb9b..c513ccdec8818 100644 --- a/examples/chart/teleport-kube-agent/templates/updater/role.yaml +++ b/examples/chart/teleport-kube-agent/templates/updater/role.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ .Release.Name }}-updater + name: {{ include "teleport-kube-agent.releaseName" . }}-updater namespace: {{ .Release.Namespace }} {{- if $updater.extraLabels.role }} labels: {{- toYaml $updater.extraLabels.role | nindent 4 }} diff --git a/examples/chart/teleport-kube-agent/templates/updater/rolebinding.yaml b/examples/chart/teleport-kube-agent/templates/updater/rolebinding.yaml index 6cacc3d8202ef..c8dd8468f901e 100644 --- a/examples/chart/teleport-kube-agent/templates/updater/rolebinding.yaml +++ b/examples/chart/teleport-kube-agent/templates/updater/rolebinding.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ .Release.Name }}-updater + name: {{ include "teleport-kube-agent.releaseName" . }}-updater namespace: {{ .Release.Namespace }} {{- if $updater.extraLabels.roleBinding }} labels: @@ -13,7 +13,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ .Release.Name }}-updater + name: {{ include "teleport-kube-agent.releaseName" . }}-updater subjects: - kind: ServiceAccount name: {{ template "teleport-kube-agent-updater.serviceAccountName" . }} diff --git a/examples/chart/teleport-kube-agent/values.yaml b/examples/chart/teleport-kube-agent/values.yaml index 03ec6eaf8a54b..4ca5f2fc2cbf0 100644 --- a/examples/chart/teleport-kube-agent/values.yaml +++ b/examples/chart/teleport-kube-agent/values.yaml @@ -503,6 +503,12 @@ jamfCredentialsSecret: # teleportVersionOverride: "" +# releaseNameOverwrite(string) -- sets a custom string to replace the default +# release name. +# This is useful if you want to deploy multiple instances of the +# teleport-kube-agent in one cluster or even in one namespace. +releaseNameOverwrite: "" + # caPin(list) -- is a list of CA pins the agent must validate when joining # the Teleport cluster to ensure it is connecting to the correct Auth Service. #