Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v16] Support datadog plugin helm chart #47727

Merged
merged 7 commits into from
Oct 21, 2024
Merged
Show file tree
Hide file tree
Changes from 6 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
417 changes: 417 additions & 0 deletions docs/pages/includes/helm-reference/zz_generated.access-datadog.mdx

Large diffs are not rendered by default.

3 changes: 3 additions & 0 deletions docs/pages/reference/helm-reference.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -39,3 +39,6 @@ layout: tocless-doc
- [teleport-plugin-slack](./helm-reference/teleport-plugin-slack.mdx): Deploy
the Teleport Slack Plugin, which allows notifying Slack users and channels
when Access Requests are made.
- [teleport-plugin-datadog](./helm-reference/teleport-plugin-datadog.mdx): Deploy
the Teleport Datadog Incident Management Plugin, which allows Access Requests
to be managed as Datadog incidents.
15 changes: 15 additions & 0 deletions docs/pages/reference/helm-reference/teleport-plugin-datadog.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
title: teleport-plugin-datadog Chart Reference
description: Values that can be set using the teleport-plugin-datadog Helm chart
---

The `teleport-plugin-datadog` Helm chart runs the Datadog Teleport plugin, which
allows users to receive and manage Access Requests as Datadog incidents.

You can [browse the source on GitHub](https://github.com/gravitational/teleport/tree/v(=teleport.version=)/examples/chart/access/datadog).

This reference details available values for the `teleport-plugin-datadog` chart.

(!docs/pages/includes/backup-warning.mdx!)

(!docs/pages/includes/helm-reference/zz_generated.access-datadog.mdx!)
2 changes: 1 addition & 1 deletion examples/chart/Makefile
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# TODO(hugoShaka): uncomment the additional targets as we start sync-ing
# the reference and the values.yaml

access = discord email jira mattermost msteams pagerduty slack
access = discord email jira mattermost msteams pagerduty slack datadog

check_access = $(addprefix check-chart-ref-access-,$(access))
render_access = $(addprefix render-chart-ref-access-,$(access))
Expand Down
23 changes: 23 additions & 0 deletions examples/chart/access/datadog/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
13 changes: 13 additions & 0 deletions examples/chart/access/datadog/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
.version: &version "17.0.0-dev"

apiVersion: v2
name: teleport-plugin-datadog
description: A Helm chart for the Teleport Datadog Incident Management Plugin
type: application
version: *version
appVersion: *version

dependencies:
- name: tbot
version: *version
condition: tbot.enabled
11 changes: 11 additions & 0 deletions examples/chart/access/datadog/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# Teleport Access Request Datadog Incident Management Plugin

This chart sets up and configures a Deployment for the Access Request Datadog Incident Management plugin.

## Installation

See the [Access Requests with Datadog Incident Management guide](https://goteleport.com/docs/access-controls/access-request-plugins/datadog-hosted/).

## Values

See [teleport-plugin-datadog Chart Reference](https://goteleport.com/docs/reference/helm-reference/teleport-plugin-datadog/) for available Helm Chart configuration.
1 change: 1 addition & 0 deletions examples/chart/access/datadog/charts/tbot
82 changes: 82 additions & 0 deletions examples/chart/access/datadog/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "datadog.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "datadog.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "datadog.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Common labels
*/}}
{{- define "datadog.labels" -}}
helm.sh/chart: {{ include "datadog.chart" . }}
{{ include "datadog.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{/*
Selector labels
*/}}
{{- define "datadog.selectorLabels" -}}
app.kubernetes.io/name: {{ include "datadog.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/*
Create the name of the service account to use
*/}}
{{- define "datadog.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "datadog.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

{{- define "datadog.identitySecretName" -}}
{{- if .Values.teleport.identitySecretName -}}
{{- .Values.teleport.identitySecretName -}}
{{- else if .Values.tbot.enabled -}}
{{- .Release.Name }}-{{ default .Values.tbot.nameOverride "tbot" }}-out
{{- end }}
{{- end -}}

{{- define "datadog.identitySecretPath" -}}
{{- if .Values.tbot.enabled -}}
identity
{{- else -}}
{{- .Values.teleport.identitySecretPath -}}
{{- end -}}
{{- end -}}

{{- define "datadog.teleportAddress" -}}

{{- end -}}
29 changes: 29 additions & 0 deletions examples/chart/access/datadog/templates/configmap.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "datadog.fullname" . }}
{{- with .Values.annotations.config }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "datadog.labels" . | nindent 4 }}
data:
teleport-datadog.toml: |
[teleport]
addr = {{ coalesce .Values.teleport.address .Values.tbot.teleportProxyAddress .Values.tbot.teleportAuthAddress | quote }}
identity = "/var/lib/teleport/plugins/datadog/teleport-identity/{{ include "datadog.identitySecretPath" . }}"
refresh_identity = true

[datadog]
api_endpoint = "{{ .Values.datadog.apiEndpoint }}"
api_key = "/var/lib/teleport/plugins/datadog/datadog-api-key"
application_key = "/var/lib/teleport/plugins/datadog/datadog-application-key"
severity = "{{ .Values.datadog.severity }}"

[role_to_recipients]
"*" = ["{{ .Values.datadog.fallbackRecipient }}"]

[log]
output = "{{ .Values.log.output }}"
severity = "{{ .Values.log.severity }}"
87 changes: 87 additions & 0 deletions examples/chart/access/datadog/templates/deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "datadog.fullname" . }}
{{- with .Values.annotations.deployment }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "datadog.labels" . | nindent 4 }}
spec:
replicas: 1
selector:
matchLabels:
{{- include "datadog.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with coalesce .Values.annotations.pod .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "datadog.labels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- /usr/local/bin/teleport-plugin
- start
- "--config"
- "/etc/teleport-datadog.toml"
env:
- name: "TELEPORT_PLUGIN_FAIL_FAST"
value: "true"
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: config
mountPath: /etc/teleport-datadog.toml
subPath: teleport-datadog.toml
- name: teleport-identity
mountPath: /var/lib/teleport/plugins/datadog/teleport-identity
- name: {{ .Values.secretVolumeName }}-api-key
mountPath: /var/lib/teleport/plugins/datadog/datadog-api-key
subPath: {{ .Values.datadog.apiKeySecretPath }}
- name: {{ .Values.secretVolumeName }}-application-key
mountPath: /var/lib/teleport/plugins/datadog/datadog-application-key
subPath: {{ .Values.datadog.applicationKeySecretPath }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: config
configMap:
name: {{ include "datadog.fullname" . }}
defaultMode: 0600
- name: teleport-identity
secret:
secretName: {{ include "datadog.identitySecretName" . | quote }}
defaultMode: 0600
- name: {{ .Values.secretVolumeName }}-api-key
secret:
secretName: "{{ coalesce .Values.datadog.apiKeyFromSecret (printf "%s-api-key" (include "datadog.fullname" .)) }}"
defaultMode: 0600
- name: {{ .Values.secretVolumeName }}-application-key
secret:
secretName: "{{ coalesce .Values.datadog.applicationKeyFromSecret (printf "%s-application-key" (include "datadog.fullname" .)) }}"
defaultMode: 0600
28 changes: 28 additions & 0 deletions examples/chart/access/datadog/templates/secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
{{- if not .Values.datadog.apiKeyFromSecret}}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "datadog.fullname" . }}-api-key
{{- with .Values.annotations.secret }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data:
datadogApiKey: {{ .Values.datadog.apiKey | b64enc }}
{{- end }}

{{- if not .Values.datadog.applicationKeyFromSecret}}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "datadog.fullname" . }}-application-key
{{- with .Values.annotations.secret }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
data:
datadogApplicationKey: {{ .Values.datadog.applicationKey | b64enc }}
{{- end }}
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
should match the snapshot:
1: |
apiVersion: v1
data:
teleport-datadog.toml: |
[teleport]
addr = "teleport.example.com:1234"
identity = "/var/lib/teleport/plugins/datadog/teleport-identity/auth_id"
refresh_identity = true

[datadog]
api_endpoint = "https://api.datadoghq.com"
api_key = "/var/lib/teleport/plugins/datadog/datadog-api-key"
application_key = "/var/lib/teleport/plugins/datadog/datadog-application-key"
severity = "SEV-3"

[role_to_recipients]
"*" = ["[email protected]"]

[log]
output = "/var/log/teleport-datadog.log"
severity = "DEBUG"
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: teleport-plugin-datadog
app.kubernetes.io/version: 17.0.0-dev
helm.sh/chart: teleport-plugin-datadog-17.0.0-dev
name: RELEASE-NAME-teleport-plugin-datadog
Loading
Loading