You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi all. I'm running into an issue that clearly needs case_insensitive_routing enabled in auth_service, and while that's been discussed here a couple times:
...I didn't see how to enable that if Teleport is deployed to Kubernetes via Helm. In looking at values from Helm, I think I see the right area with helm show values teleport/teleport-cluster:
# The `teleport-cluster` charts deploys two sets of pods: auth and proxy.
#
# `auth` allows you to set chart values only for Kubernetes resources related to the Teleport Auth Service.
# This is merged with chart-scoped values and takes precedence in case of conflict.
# For example:
#
# auth:
# postStart: ["curl", "http://hook"]
# imagePullPolicy: Always
auth:
# auth.teleportConfig contains YAML teleport configuration for auth pods
# The configuration will be merged with the chart-generated configuration
# and will take precedence in case of conflict.
#
# See the Teleport Configuration Reference for the list of supported fields:
# https://goteleport.com/docs/reference/config/
#
# teleportConfig:
# teleport:
# cache:
# enabled: false
# auth_service:
# client_idle_timeout: 2h
# client_idle_timeout_message: "Connection closed after 2hours without activity"
teleportConfig: {}
This makes me think I want to set auth.teleportConfig.auth_service.case_insensitive_routing: true but it's still not quite clear how.
A web search makes it seem like helm upgrade is the right way to go, but the notion of using an upgrade command on production to change a config value is a bit frightening. That said, helm help upgrade says:
You can update the values for an existing release with this command as well via the
'--reuse-values' flag. The 'RELEASE' and 'CHART' arguments should be set to the original
parameters, and existing values will be merged with any values set via '--values'/'-f'
or '--set' flags. Priority is given to new values.
$ helm upgrade --reuse-values --set foo=bar --set foo=newbar redis ./redis
As I'm on 15 and not yet ready to upgrade to 16, I don't want to upgrade inadvertently, so I figured out how to lock down the version, and then I found a --dry-run flag that seemed encouraging.
And then I tried it without --dry-run. It appears to work.
I started writing this post not knowing where to start, and as I dug out more information to ask a more accurate question the puzzle pieces fell into place. So maybe this'll just be here for folks who were looking for an answer like I was, but while I'm here, I'd love to know if I've done any of this poorly, and if there's a better/safer way to go about turning this value on for a Kubernetes deployment.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi all. I'm running into an issue that clearly needs
case_insensitive_routing
enabled inauth_service
, and while that's been discussed here a couple times:...I didn't see how to enable that if Teleport is deployed to Kubernetes via Helm. In looking at values from Helm, I think I see the right area with
helm show values teleport/teleport-cluster
:This makes me think I want to set
auth.teleportConfig.auth_service.case_insensitive_routing: true
but it's still not quite clear how.A web search makes it seem like
helm upgrade
is the right way to go, but the notion of using an upgrade command on production to change a config value is a bit frightening. That said,helm help upgrade
says:As I'm on 15 and not yet ready to upgrade to 16, I don't want to upgrade inadvertently, so I figured out how to lock down the version, and then I found a --dry-run flag that seemed encouraging.
I ended up with this:
And then I tried it without --dry-run. It appears to work.
I started writing this post not knowing where to start, and as I dug out more information to ask a more accurate question the puzzle pieces fell into place. So maybe this'll just be here for folks who were looking for an answer like I was, but while I'm here, I'd love to know if I've done any of this poorly, and if there's a better/safer way to go about turning this value on for a Kubernetes deployment.
Thank you in advance.
Beta Was this translation helpful? Give feedback.
All reactions