From c88a1844e518155fafb167ff98b3051b1ac09007 Mon Sep 17 00:00:00 2001 From: Gus Luxton Date: Fri, 25 Feb 2022 12:46:42 -0400 Subject: [PATCH 1/2] helm: Fix indenting on database autodiscovery I had previously assumed that db_service.aws and db_service.databases.aws were the same key; they are not. This PR fixes this error. --- .../aws-and-manual-db.yaml | 21 +++++++++++++++++++ .../teleport-kube-agent/templates/config.yaml | 9 +++----- 2 files changed, 24 insertions(+), 6 deletions(-) create mode 100644 examples/chart/teleport-kube-agent/aws-and-manual-db.yaml diff --git a/examples/chart/teleport-kube-agent/aws-and-manual-db.yaml b/examples/chart/teleport-kube-agent/aws-and-manual-db.yaml new file mode 100644 index 0000000000000..7e85f65660696 --- /dev/null +++ b/examples/chart/teleport-kube-agent/aws-and-manual-db.yaml @@ -0,0 +1,21 @@ +authToken: auth-token +proxyAddr: proxy.example.com:3080 +roles: db +awsDatabases: +- types: ["rds"] + regions: ["us-east-1"] + tags: + "*": "*" +- types: ["rds"] + regions: ["us-west-2"] + tags: + "env": "development" +databases: +- name: aurora + uri: "postgres-aurora-instance-1.xxx.us-east-1.rds.amazonaws.com:5432" + protocol: "postgres" + labels: + database: staging +annotations: + serviceAccount: + eks.amazonaws.com/role-arn: arn:aws:iam::1234567890:role/my-rds-autodiscovery-role diff --git a/examples/chart/teleport-kube-agent/templates/config.yaml b/examples/chart/teleport-kube-agent/templates/config.yaml index ba06b12e5bb80..5ef2cec03b6cb 100644 --- a/examples/chart/teleport-kube-agent/templates/config.yaml +++ b/examples/chart/teleport-kube-agent/templates/config.yaml @@ -56,9 +56,8 @@ data: {{- if not (or (.Values.awsDatabases) (.Values.databases)) }} {{- fail "'awsDatabases' and/or 'databases' is required in chart values when db role is enabled, see README" }} {{- end }} - databases: {{- if .Values.awsDatabases }} - aws: + aws: {{- range $awsDb := .Values.awsDatabases }} {{- if not (hasKey $awsDb "types") }} {{- fail "'types' is required for all 'awsDatabases' in chart values when key is set and db role is enabled, see README" }} @@ -70,13 +69,11 @@ data: {{- fail "'tags' is required for all 'awsDatabases' in chart values when key is set and db role is enabled, see README" }} {{- end }} {{- end }} - {{- toYaml .Values.awsDatabases | nindent 8 }} + {{- toYaml .Values.awsDatabases | nindent 6 }} {{- end }} {{- if .Values.databases }} + databases: {{- range $db := .Values.databases }} - {{- if (and ($.Values.awsDatabases) (hasKey $db "aws")) }} - {{- fail "The 'aws' key cannot be used under 'databases' when 'awsDatabases' is also set - use autodiscovery for AWS databases, or run a separate agent without awsDatabases" }} - {{- end }} {{- if not (hasKey $db "name") }} {{- fail "'name' is required for all 'databases' in chart values when db role is enabled, see README" }} {{- end }} From 0f3a0c727d4976d47cac2dba9523fb94004c54a0 Mon Sep 17 00:00:00 2001 From: Gus Luxton Date: Fri, 25 Feb 2022 16:15:45 -0400 Subject: [PATCH 2/2] helm: Fix enabled clause for db_service when using awsDatabases only Some logic was in the wrong place and was erroneously adding both enabled: true and enabled:false when only awsDatabases was enabled. --- examples/chart/teleport-kube-agent/templates/config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/chart/teleport-kube-agent/templates/config.yaml b/examples/chart/teleport-kube-agent/templates/config.yaml index 5ef2cec03b6cb..c5aed3dad9ffa 100644 --- a/examples/chart/teleport-kube-agent/templates/config.yaml +++ b/examples/chart/teleport-kube-agent/templates/config.yaml @@ -85,9 +85,9 @@ data: {{- end }} {{- end }} {{- toYaml .Values.databases | nindent 6 }} - {{- else }} - enabled: false {{- end }} + {{- else }} + enabled: false {{- end }} {{- end }}