Deploy teleport-cluster instance

I won't use it atm because it requires an external account, and it doesn't play well with my understanding of self-hosting and indie culture.
2024-10-15 17:11:34 +02:00 · 2024-10-15 17:11:34 +02:00 · db3e731709
commit db3e731709
parent 7d700c8ba5
4 changed files with 46 additions and 0 deletions
--- a/common/environments.yaml
+++ b/common/environments.yaml
@ -22,6 +22,8 @@ environments:
          enabled: true
      - istio:
          enabled: false
+      - teleport:
+          enabled: true
  etersoft:
    kubeContext: etersoft
    values:
@ -45,6 +47,8 @@ environments:
          enabled: true
      - istio:
          enabled: false
+      - teleport:
+          enabled: false
  xray-1:
    kubeContext: xray-1
    values:
@ -68,6 +72,8 @@ environments:
          enabled: false
      - istio:
          enabled: false
+      - teleport:
+          enabled: false
  xray-2:
    kubeContext: xray-2
    values:
@ -91,3 +97,5 @@ environments:
          enabled: false
      - istio:
          enabled: false
+      - teleport:
+          enabled: false
--- a/installations/platform/helmfile.yaml
+++ b/installations/platform/helmfile.yaml
@ -23,6 +23,8 @@ repositories:
    url: https://kubernetes-sigs.github.io/external-dns/
  - name: keel
    url: https://keel-hq.github.io/keel/
+  - name: teleport
+    url: https://charts.releases.teleport.dev

 releases:
  - name: db-operator
@ -112,3 +114,12 @@ releases:
    version: 1.0.4
    namespace: platform
    condition: workload.enabled
+
+  - name: teleport-cluster
+    installed: true
+    version: 16.4.2
+    chart: teleport/teleport-cluster
+    namespace: teleport-cluster
+    condition: teleport.enabled
+    inherit:
+      - template: default-env-values
--- a/values/badhouseplants/values.namespaces.yaml
+++ b/values/badhouseplants/values.namespaces.yaml
@ -8,3 +8,6 @@ namespaces:
  - name: games
  - name: pipelines
  - name: public-xray
+  - name: teleport-cluster
+    labels:
+      pod-security.kubernetes.io/enforce: baseline
--- a/values/badhouseplants/values.teleport-cluster.yaml
+++ b/values/badhouseplants/values.teleport-cluster.yaml
@ -0,0 +1,24 @@
+validateConfigOnDeploy: false
+clusterName: teleport.badhouseplants.net
+proxyListenerMode: multiplex
+acme: false
+acmeEmail: allanger@badhouseplants.net
+service:
+  type: ClusterIP
+ingress:
+  enabled: true
+  suppressAutomaticWildcards: true
+proxy:
+  annotations:
+    ingress:
+      kubernetes.io/tls-acme: "true"
+      kubernetes.io/ingress.allow-http: "false"
+      kubernetes.io/ingress.global-static-ip-name: ""
+      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
+      #tls:
+    #existingSecretName: teleport.badhouseplants.net
+    #publicAddr:
+    #  - teleport.badhouseplants.net:443
+tls:
+  existingSecretName: teleport.badhouseplants.net