teleport-access-graph 차트 레퍼런스
teleport-access-graph Helm 차트는 Access Graph 서비스를 배포합니다. 자세한 내용은 Helm을 사용한 셀프 호스팅 클러스터에서의 Teleport Identity Security와 Access Graph를 참조하세요.
teleport-access-graph Helm 차트는 Access Graph 서비스를 배포합니다.
자세한 내용은 Helm을 사용한 셀프 호스팅 클러스터에서의 Teleport Identity Security와 Access Graph를 참조하세요.
차트는 Access Graph 서비스와 함께 버전이 관리됩니다. 서비스와 차트 버전이 다를 경우 호환성을 보장하지 않습니다.
--version Helm 플래그를 사용하여 차트와 서비스 버전을 항상 맞추는 것을 강력히 권장합니다.
tls#
tls TLS settings for the main gRPC listener.
tls.existingSecretName#
| Type | Default |
|---|---|
string |
"" |
tls.existingSecretName is the name of an existing Kubernetes secret
containing the certificate and its private key to use for the gRPC listener.
The secret must be of type kubernetes.io/tls, see
the Kubernetes documentation for more details.
Setting this is required, as Access Graph always operates via TLS-protected connections.
clusterHostCAs#
| Type | Default |
|---|---|
array |
[] |
clusterHostCAs is a list of strings containing PEM-encoded Host CA certificates of Teleport clusters that are allowed to use this instance of Access Graph.
Setting this to a non-empty array is required.
service#
| Type | Default |
|---|---|
object |
{"grpcPort":443,"type":"ClusterIP"} |
service contains options for the Access Graph Kubernetes service that the Chart exposes.
service.type#
| Type | Default |
|---|---|
string |
"ClusterIP" |
service.type the type of Kubernetes service to create.
The LoadBalancer type is only supported when using a Layer 4 (TCP) or lower load balancer.
Access Graph expects to terminate its own TLS, as it uses mTLS to authenticate its clients.
service.grpcPort#
| Type | Default |
|---|---|
int |
443 |
service.grpcPort the port that the gRPC service is exposed on.
This is the port that Teleport Auth Service and Proxy Service will need to connect to Access Graph on.
replicaCount#
| Type | Default |
|---|---|
int |
2 |
replicaCount the number of Access Graph pods that should be deployed.
image#
image.tag#
| Type | Default |
|---|---|
string |
"" |
image.tag sets the version of the Access Graph image used.
By default, this is the same as the Helm Chart version, i.e. Access Graph will be upgraded when you upgrade the Helm chart.
podAnnotations#
| Type | Default |
|---|---|
object |
{} |
podAnnotations contains the Kubernetes annotations put on the Pod resources created by the chart.
podLabels#
| Type | Default |
|---|---|
object |
{} |
podLabels contains the Kubernetes labels put on the Pod resources created by the chart.
podSecurityContext#
| Type | Default |
|---|---|
object |
{"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532} |
podSecurityContext sets the pod security context for any pods created by the chart.
See the Kubernetes documentation
for more details.
The default value supports running under the restricted
Pod Security Standard.
securityContext#
| Type | Default |
|---|---|
object |
{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"seccompProfile":{"type":"RuntimeDefault"}} |
securityContext sets the container security context for any pods created by the chart.
See the Kubernetes documentation
for more details.
The default value supports running under the restricted
Pod Security Standard.
volumes#
| Type | Default |
|---|---|
array |
[] |
volumes allows to define additional volumes on the output Deployment definition.
nodeSelector#
| Type | Default |
|---|---|
object |
{} |
nodeSelector sets the node selector for any pods created by the chart.
See the Kubernetes documentation
for more details.
tolerations#
| Type | Default |
|---|---|
list |
[] |
tolerations sets the tolerations for any pods created by the chart.
See the Kubernetes documentation
for more details.
affinity#
| Type | Default |
|---|---|
object |
{} |
affinity sets the affinities for any pods created by the chart.
See the Kubernetes documentation
for more details.