[helm] Don't hard-code `.cluster.local` in the `teleport-cluster` chart #41165

programmerq · 2024-05-02T19:43:59Z

What would you like Teleport to do?

Kubernetes allows cluster administrators to choose a value other than cluster.local. This means that our chart's hard-coded use leads to failures on a Kubernetes cluster that doesn't use the default value.

https://github.com/gravitational/teleport/blob/master/examples/chart/teleport-cluster/templates/_helpers.tpl#L90

% grep -Ri 'serviceFQDN' .
./charts/teleport-operator/templates/_helpers.tpl:{{- $clusterAddr := include "teleport-cluster.auth.serviceFQDN" . -}}
./charts/teleport-operator/templates/_helpers.tpl:{{- define "teleport-cluster.auth.serviceFQDN" -}}{{- end }}
./templates/proxy/_config.common.tpl:  auth_server: "{{ include "teleport-cluster.auth.serviceFQDN" . }}:3025"
./templates/auth/_config.common.tpl:  public_addr: "{{ include "teleport-cluster.auth.serviceFQDN" . }}:3026"
./templates/_helpers.tpl:{{- define "teleport-cluster.auth.serviceFQDN" -}}

A common paradigm in the helm community is to include a clusterDomain value that defaults to cluster.local. An alternate approach would be to avoid using the FQDN and instead rely on the short DNS names (if feasible).

Here's an example in the bitnami etcd chart:

https://github.com/bitnami/charts/blob/main/bitnami/etcd/values.yaml#L49-L51
https://github.com/bitnami/charts/blob/main/bitnami/etcd/templates/statefulset.yaml#L182-L183

The text was updated successfully, but these errors were encountered:

This PR allows users to set `clusterDomain` to match Kubernetes Cluster domain address when running clusters with non default cluster domains. Fixes #41165 Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>

…41311) This PR allows users to set `clusterDomain` to match Kubernetes Cluster domain address when running clusters with non default cluster domains. Fixes #41165 Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>

This PR allows users to set `clusterDomain` to match Kubernetes Cluster domain address when running clusters with non default cluster domains. Fixes #41165 Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>

…41331) This PR allows users to set `clusterDomain` to match Kubernetes Cluster domain address when running clusters with non default cluster domains. Fixes #41165 Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>

…41356) This PR allows users to set `clusterDomain` to match Kubernetes Cluster domain address when running clusters with non default cluster domains. Fixes #41165 Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>

…41355) This PR allows users to set `clusterDomain` to match Kubernetes Cluster domain address when running clusters with non default cluster domains. Fixes #41165 Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>

programmerq added feature-request Used for new features in Teleport, improvements to current should be #enhancements helm kube-operator Issues related to Kube Operator labels May 2, 2024

tigrato mentioned this issue May 8, 2024

Allow configuring clusterDomain in teleport-cluster helm chart #41311

Merged

tigrato closed this as completed in #41311 May 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[helm] Don't hard-code `.cluster.local` in the `teleport-cluster` chart #41165

[helm] Don't hard-code `.cluster.local` in the `teleport-cluster` chart #41165

programmerq commented May 2, 2024

[helm] Don't hard-code .cluster.local in the teleport-cluster chart #41165

[helm] Don't hard-code .cluster.local in the teleport-cluster chart #41165

Comments

programmerq commented May 2, 2024

What would you like Teleport to do?

[helm] Don't hard-code `.cluster.local` in the `teleport-cluster` chart #41165

[helm] Don't hard-code `.cluster.local` in the `teleport-cluster` chart #41165