[v9] helm: Backports (#11728)

* helm: Buddy merge for #11493 (#11693)

* examples/chart/teleport-cluster/templates/deployment.yaml: set strategy to 'Recreate' if chartMode is 'standalone' (fixes #11484)

Signed-off-by: Johannes Kastl <[email protected]>

* examples/chart/teleport-cluster/tests/deployment_test.yaml: add test for strategy in standalone mode

Signed-off-by: Johannes Kastl <[email protected]>

* update examples/chart/teleport-cluster/tests/__snapshot__/deployment_test.yaml.snap after running local tests

Co-authored-by: Johannes Kastl <[email protected]>

* helm: Allow probe timeouts to be configurable (buddy merge of #11176) (#11396)

* Allow for probe timeouts to be configurable

When setting up a new Teleport enterprise cluster on GCP,
I noticed that I needed to set the probe timeouts to get the
cluster to be healthy. This seems to be a known issue (kubernetes/kubernetes#89898).

As a "stopgap", I've updated the helm chart to allow for end users
to be able to configure these timeouts.

* Update configuration option name and add documentation

* Update docs/pages/kubernetes-access/helm/reference.mdx

Co-authored-by: Gus Luxton <[email protected]>

* Add tests for probeTimeoutSeconds

* Add probeTimeoutSeconds to required values

* Add probeTimeoutSeconds to teleport-kube-agent

* Add tests for probeTimeoutSeconds to teleport-kube-agent

* Add probeTimeoutSeconds to teleport-kube-agent reference

Co-authored-by: Hunter Madison <[email protected]>
Co-authored-by: Hunter Madison <[email protected]>

Co-authored-by: Johannes Kastl <[email protected]>
Co-authored-by: Hunter Madison <[email protected]>
Co-authored-by: Hunter Madison <[email protected]>

docs/pages/kubernetes-access/helm/reference/teleport-cluster.mdx

@@ -1491,3 +1491,25 @@ Kubernetes PriorityClass to set for pod.
   </TabItem>
 </Tabs>
 
+## `probeTimeoutSeconds`
+
+| Type | Default value | Can be used in `custom` mode? |
+| - | - | - |
+| `integer` | `1` | ✅ |
+
+[Kubernetes reference](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
+
+Kubernetes timeouts for the liveness and readiness probes.
+
+<Tabs>
+  <TabItem label="values.yaml">
+  ```yaml
+  probeTimeoutSeconds: 5
+  ```
+  </TabItem>
+  <TabItem label="--set">
+  ```code
+  $ --set probeTimeoutSeconds=5
+  ```
+  </TabItem>
+</Tabs>

docs/pages/kubernetes-access/helm/reference/teleport-kube-agent.mdx

@@ -1332,3 +1332,26 @@ Kubernetes Tolerations to set for pod assignment.
   ```
   </TabItem>
 </Tabs>
+
+## `probeTimeoutSeconds`
+
+| Type | Default value |
+| - | - |
+| `integer` | `1` |
+
+[Kubernetes reference](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
+
+Kubernetes timeouts for the liveness and readiness probes.
+
+<Tabs>
+  <TabItem label="values.yaml">
+  ```yaml
+  probeTimeoutSeconds: 5
+  ```
+  </TabItem>
+  <TabItem label="--set">
+  ```code
+  $ --set probeTimeoutSeconds=5
+  ```
+  </TabItem>
+</Tabs>

examples/chart/teleport-cluster/.lint/probe-timeout-seconds.yaml

@@ -0,0 +1,4 @@
+clusterName: helm-lint
+# These are just sample values to test the chart.
+# They are not intended to be guidelines or suggestions for running teleport.
+probeTimeoutSeconds: 5

examples/chart/teleport-cluster/templates/deployment.yaml

@@ -21,6 +21,10 @@ spec:
   {{- else }}
   replicas: 1
   {{- end }}
+  {{- if eq .Values.chartMode "standalone" }}
+  strategy:
+    type: Recreate
+  {{- end }}
   selector:
     matchLabels:
       app: {{ .Release.Name }}
@@ -129,13 +133,15 @@ spec:
           initialDelaySeconds: 5 # wait 5s for agent to start
           periodSeconds: 5 # poll health every 5s
           failureThreshold: 6 # consider agent unhealthy after 30s (6 * 5s)
+          timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
         readinessProbe:
           httpGet:
             path: /readyz
             port: diag
           initialDelaySeconds: 5 # wait 5s for agent to register
           periodSeconds: 5 # poll health every 5s
           failureThreshold: 12 # consider agent unhealthy after 60s (12 * 5s)
+          timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
 {{- if .Values.postStart.command }}
         lifecycle:
           postStart:

examples/chart/teleport-cluster/values.schema.json

@@ -19,7 +19,8 @@
         "imagePullPolicy",
         "initContainers",
         "resources",
-        "tolerations"
+        "tolerations",
+        "probeTimeoutSeconds"
     ],
     "properties": {
         "clusterName": {
@@ -495,6 +496,11 @@
             "$id": "#/properties/priorityClassName",
             "type": "string",
             "default": ""
+        },
+        "probeTimeoutSeconds": {
+            "$id": "#/properties/probeTimeoutSeconds",
+            "type": "integer",
+            "default": 1
         }
     }
 }

examples/chart/teleport-cluster/values.yaml

@@ -270,3 +270,7 @@ priorityClassName: ""
 # Tolerations for pod assignment
 # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 tolerations: []
+
+# Timeouts for the readiness and liveness probes
+# https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+probeTimeoutSeconds: 1

examples/chart/teleport-kube-agent/.lint/probe-timeout-seconds.yaml

@@ -0,0 +1,7 @@
+authToken: auth-token
+proxyAddr: proxy.example.com:3080
+roles: kube
+kubeClusterName: test-kube-cluster-name
+# These are just sample values to test the chart.
+# They are not intended to be guidelines or suggestions for running teleport.
+probeTimeoutSeconds: 5

examples/chart/teleport-kube-agent/templates/deployment.yaml

@@ -148,13 +148,15 @@ spec:
           initialDelaySeconds: 5 # wait 5s for agent to start
           periodSeconds: 5 # poll health every 5s
           failureThreshold: 6 # consider agent unhealthy after 30s (6 * 5s)
+          timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
         readinessProbe:
           httpGet:
             path: /readyz
             port: diag
           initialDelaySeconds: 5 # wait 5s for agent to register
           periodSeconds: 5 # poll health every 5s
           failureThreshold: 12 # consider agent unhealthy after 60s (12 * 5s)
+          timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
 {{- if .Values.resources }}
         resources:
   {{- toYaml .Values.resources | nindent 10 }}

examples/chart/teleport-kube-agent/templates/statefulset.yaml

@@ -144,13 +144,15 @@ spec:
           initialDelaySeconds: 5 # wait 5s for agent to start
           periodSeconds: 5 # poll health every 5s
           failureThreshold: 6 # consider agent unhealthy after 30s (6 * 5s)
+          timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
         readinessProbe:
           httpGet:
             path: /readyz
             port: diag
           initialDelaySeconds: 5 # wait 5s for agent to register
           periodSeconds: 5 # poll health every 5s
           failureThreshold: 12 # consider agent unhealthy after 60s (12 * 5s)
+          timeoutSeconds: {{ .Values.probeTimeoutSeconds }}
 {{- if .Values.resources }}
         resources:
   {{- toYaml .Values.resources | nindent 10 }}

examples/chart/teleport-kube-agent/values.schema.json

@@ -27,7 +27,8 @@
         "imagePullPolicy",
         "initContainers",
         "resources",
-        "tolerations"
+        "tolerations",
+        "probeTimeoutSeconds"
     ],
     "properties": {
         "authToken": {
@@ -328,6 +329,11 @@
             "$id": "#/properties/tolerations",
             "type": "array",
             "default": []
+        },
+        "probeTimeoutSeconds": {
+            "$id": "#/properties/probeTimeoutSeconds",
+            "type": "integer",
+            "default": 1
         }
     }
 }

examples/chart/teleport-kube-agent/values.yaml

@@ -217,3 +217,7 @@ resources: {}
 # Tolerations for pod assignment
 # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 tolerations: []
+
+# Timeouts for the readiness and liveness probes
+# https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+probeTimeoutSeconds: 1