diff --git a/Makefile b/Makefile index cf6089e1636be..8e58f803012a2 100644 --- a/Makefile +++ b/Makefile @@ -284,7 +284,7 @@ integration: # changes (or last commit). # .PHONY: lint -lint: lint-go lint-sh +lint: lint-sh lint-helm lint-go .PHONY: lint-go lint-go: GO_LINT_FLAGS ?= @@ -318,6 +318,23 @@ lint-sh: --exclude=SC1091 \ $(SH_LINT_FLAGS) +# Lints all the Helm charts found in directories under examples/chart and exits on failure +# If there is a .lint directory inside, the chart gets linted once for each .yaml file in that directory +.PHONY: lint-helm +lint-helm: + for CHART in $$(find examples/chart -mindepth 1 -maxdepth 1 -type d); do \ + if [ -d $$CHART/.lint ]; then \ + for VALUES in $$CHART/.lint/*.yaml; do \ + echo "$$CHART: $$VALUES"; \ + helm lint --strict $$CHART -f $$VALUES || exit 1; \ + helm template test $$CHART -f $$VALUES 1>/dev/null || exit 1; \ + done \ + else \ + helm lint --strict $$CHART || exit 1; \ + helm template test $$CHART 1>/dev/null || exit 1; \ + fi \ + done + # This rule triggers re-generation of version.go and gitref.go if Makefile changes $(VERSRC): Makefile VERSION=$(VERSION) $(MAKE) -f version.mk setver diff --git a/build.assets/Dockerfile b/build.assets/Dockerfile index 79828062181b2..1b2c178ab0ce2 100644 --- a/build.assets/Dockerfile +++ b/build.assets/Dockerfile @@ -68,6 +68,11 @@ RUN (curl -L https://github.com/golangci/golangci-lint/releases/download/v1.24.0 cp golangci-lint-1.24.0-$(go env GOOS)-$(go env GOARCH)/golangci-lint /bin/ && \ rm -r golangci-lint*) +# Install helm. +RUN (mkdir -p helm-tarball && curl -L https://get.helm.sh/helm-v3.5.2-$(go env GOOS)-$(go env GOARCH).tar.gz | tar -C helm-tarball -xz && \ + cp helm-tarball/$(go env GOOS)-$(go env GOARCH)/helm /bin/ && \ + rm -r helm-tarball*) + # Install PAM module and policies for testing. COPY pam/ /opt/pam_teleport/ RUN make -C /opt/pam_teleport install diff --git a/examples/chart/teleport-cluster/.lint/lint-values.yaml b/examples/chart/teleport-cluster/.lint/lint-values.yaml new file mode 100644 index 0000000000000..47a090280333a --- /dev/null +++ b/examples/chart/teleport-cluster/.lint/lint-values.yaml @@ -0,0 +1 @@ +clusterName: test-cluster-name diff --git a/examples/chart/teleport-cluster/templates/psp.yaml b/examples/chart/teleport-cluster/templates/psp.yaml index 69799eea61faa..5e997421a64c8 100644 --- a/examples/chart/teleport-cluster/templates/psp.yaml +++ b/examples/chart/teleport-cluster/templates/psp.yaml @@ -48,7 +48,7 @@ rules: resourceNames: - {{ .Release.Name }} --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ .Release.Name }}-psp diff --git a/examples/chart/teleport-kube-agent/.lint/lint-values-all-v5.yaml b/examples/chart/teleport-kube-agent/.lint/lint-values-all-v5.yaml new file mode 100644 index 0000000000000..b6ee39ea744ff --- /dev/null +++ b/examples/chart/teleport-kube-agent/.lint/lint-values-all-v5.yaml @@ -0,0 +1,11 @@ +authToken: auth-token +proxyAddr: proxy.example.com:3080 +roles: kube,app,db +kubeClusterName: test-kube-cluster-name +labels: + cluster: testing +apps: + - name: grafana + uri: http://localhost:3000 + labels: + environment: test diff --git a/examples/chart/teleport-kube-agent/.lint/lint-values-all-v6.yaml b/examples/chart/teleport-kube-agent/.lint/lint-values-all-v6.yaml new file mode 100644 index 0000000000000..7a2edc125c885 --- /dev/null +++ b/examples/chart/teleport-kube-agent/.lint/lint-values-all-v6.yaml @@ -0,0 +1,18 @@ +teleportVersionOverride: 6 +authToken: auth-token +proxyAddr: proxy.example.com:3080 +roles: kube,app,db +kubeClusterName: test-kube-cluster-name +labels: + cluster: testing +apps: + - name: grafana + uri: http://localhost:3000 + labels: + environment: test +databases: + - name: aurora + uri: "postgres-aurora-instance-1.xxx.us-east-1.rds.amazonaws.com:5432" + protocol: "postgres" + labels: + database: staging diff --git a/examples/chart/teleport-kube-agent/.lint/lint-values-backwards-compatibility.yaml b/examples/chart/teleport-kube-agent/.lint/lint-values-backwards-compatibility.yaml new file mode 100644 index 0000000000000..c452f866b3d1d --- /dev/null +++ b/examples/chart/teleport-kube-agent/.lint/lint-values-backwards-compatibility.yaml @@ -0,0 +1,3 @@ +authToken: auth-token +proxyAddr: proxy.example.com:3080 +kubeClusterName: test-kube-cluster-name diff --git a/examples/chart/teleport-kube-agent/.lint/lint-values-db.yaml b/examples/chart/teleport-kube-agent/.lint/lint-values-db.yaml new file mode 100644 index 0000000000000..45bf76ba1cb7e --- /dev/null +++ b/examples/chart/teleport-kube-agent/.lint/lint-values-db.yaml @@ -0,0 +1,10 @@ +teleportVersionOverride: 6 +authToken: auth-token +proxyAddr: proxy.example.com:3080 +roles: db +databases: + - name: aurora + uri: "postgres-aurora-instance-1.xxx.us-east-1.rds.amazonaws.com:5432" + protocol: "postgres" + labels: + database: staging diff --git a/examples/chart/teleport-kube-agent/README.md b/examples/chart/teleport-kube-agent/README.md index 21bb7e20a7c2d..b77b6bd84a119 100644 --- a/examples/chart/teleport-kube-agent/README.md +++ b/examples/chart/teleport-kube-agent/README.md @@ -111,7 +111,7 @@ $ helm install teleport-kube-agent . \ --set authToken=${JOIN_TOKEN?} \ --set "databases[0].name=${DB_NAME?}" \ --set "databases[0].uri=${DB_URI?}" \ - --set "databases[0].protocol=${DB_PROTOCOL}" + --set "databases[0].protocol=${DB_PROTOCOL?}" ``` Set the values in the above command as appropriate for your setup. diff --git a/examples/chart/teleport-kube-agent/templates/psp.yaml b/examples/chart/teleport-kube-agent/templates/psp.yaml index f2c82bdd97f98..9fe9992f1866c 100644 --- a/examples/chart/teleport-kube-agent/templates/psp.yaml +++ b/examples/chart/teleport-kube-agent/templates/psp.yaml @@ -48,7 +48,7 @@ rules: resourceNames: - {{ .Release.Name }} --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ .Release.Name }}-psp diff --git a/examples/chart/teleport/templates/service.yaml b/examples/chart/teleport/templates/service.yaml index 3d05ad608c926..93189b058aac1 100644 --- a/examples/chart/teleport/templates/service.yaml +++ b/examples/chart/teleport/templates/service.yaml @@ -16,7 +16,7 @@ spec: {{- if and .Values.service.loadBalancerSourceRanges (eq .Values.service.type "LoadBalancer") }} loadBalancerSourceRanges: {{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} +{{- end }} ports: {{- range $key, $value := .Values.service.ports }} {{ if or (not $.Values.config.highAvailability) (and ($.Values.config.highAvailability) (not (eq $key "authssh"))) }} @@ -51,7 +51,7 @@ spec: {{- if and .Values.config.authService.loadBalancerSourceRanges (eq .Values.config.authService.type "LoadBalancer") }} loadBalancerSourceRanges: {{ toYaml .Values.config.authService.loadBalancerSourceRanges | indent 4 }} -{{- end }} +{{- end }} ports: - name: authssh port: {{ .Values.ports.authssh.containerPort }} diff --git a/examples/chart/teleport/values.yaml b/examples/chart/teleport/values.yaml index d1b11ef1e1750..e4ea6003a2448 100644 --- a/examples/chart/teleport/values.yaml +++ b/examples/chart/teleport/values.yaml @@ -159,7 +159,7 @@ config: enabled: yes # Specify a different hostname for the k8s public address (if different to config.public_address) # public_addr: teleportkubernetes.example.com - + # Alternatively you can provide your teleport configuration under teleportConfig with static text. No variable substitution. otherConfig: