teleport-plugin-jira Chart Reference
The teleport-plugin-jira
Helm chart runs the Jira Teleport plugin, which
allows users to receive and manage Access Requests as tasks in a Jira project.
You can browse the source on GitHub.
This reference details available values for the teleport-plugin-jira
chart.
Backing up production instances, environments, and/or settings before making permanent modifications is encouraged as a best practice. Doing so allows you to roll back to an existing state if needed.
teleport
teleport
contains the configuration describing how the plugin connects to
your Teleport cluster.
teleport.address
Type | Default |
---|---|
string | "" |
teleport.address
is the address of the Teleport cluster the plugin
connects to. The address must contain both the domain name and the port of
the Teleport cluster. It can be either the address of the auth servers or the
proxy servers.
For example:
- joining a Proxy:
teleport.example.com:443
orteleport.example.com:3080
- joining an Auth:
teleport-auth.example.com:3025
teleport.identityFromSecret
Type | Default |
---|---|
string | "" |
teleport.identityFromSecret
is the name of the Kubernetes secret
that contains the credentials for the connection to your Teleport cluster.
The secret should be in the following format:
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: teleport-plugin-identity
data:
auth_id: #...
Check out the Access Requests with Jira guide for more information about how to acquire these credentials.
teleport.identitySecretPath
Type | Default |
---|---|
string | "auth_id" |
teleport.identitySecretPath
is the key in the Kubernetes secret
specified by teleport.identitySecretName
that holds the credentials for
the connection to your Teleport cluster. If the secret has the path,
"auth_id"
, you can omit this field.
jira
jira
contains the configuration used by the plugin to authenticate to Jira
and open issues.
You can pass the Jira apiToken:
- via the chart Values by setting
jira.apiToken
- via an existing Kubernetes Secret by setting
jira.apiTokenFromSecret
jira.url
Type | Default |
---|---|
string | "" |
jira.url
is the Jira URL.
For example:
- a self-hosted Jira instance URL would be
https://jira.example.com/
. - a Jira Cloud URL would be
https://[your-jira].atlassian.net
.
jira.url
Type | Default |
---|---|
string | "" |
jira.url
is the Jira username or email address associated with the API token.
jira.apiToken
Type | Default |
---|---|
string | "" |
jira.apiToken
is the Jira apiToken used by the plugin to interact
with Jira. When set, the Chart creates a Kubernetes Secret for you.
This value has no effect if jira.apiTokenFromSecret
is set.
jira.apiTokenFromSecret
Type | Default |
---|---|
string | "" |
jira.apiTokenFromSecret
is the name of the Kubernetes Secret
containing the Jira apiToken. When this value is set, you must create the
Secret before creating the chart release.
jira.apiTokenSecretPath
Type | Default |
---|---|
string | "jiraApiToken" |
jira.apiTokenSecretPath
is the Kubernetes Secret key
containing the Jira apiToken. The secret name is set via jira.apiTokenFromSecret
.
jira.project
Type | Default |
---|---|
string | "" |
jira.project
is the Jira project in which the issues are opened.
This value is mandatory.
jira.issueType
Type | Default |
---|---|
string | "Task" |
jira.issueType
is the issue type used when opening Jira issues.
http
http
contains the webhook configuration. When an issue is updated in Jira
(approved or denied), Jira contacts the plugin via webhook to trigger the
Teleport Access Request approval.
http.publicAddress
Type | Default |
---|---|
string | "" |
http.publicAddress
is the URL on which the callback server is
accessible externally, e.g. [https://]teleport-proxy.example.com
.
http.tlsFromSecret
Type | Default |
---|---|
string | "" |
http.tlsFromSecret
is the name of the Kubernetes Secret
containing the TLS private key and certificate used by the webhook server.
http.tlsKeySecretPath
Type | Default |
---|---|
string | "tls.key" |
http.tlsKeySecretPath
is the field of the Kubernetes Secret
containing the TLS private key used by the webhook server.
http.tlsCertSecretPath
Type | Default |
---|---|
string | "tls.crt" |
http.tlsCertSecretPath
is the field of the Kubernetes Secret
containing the TLS certificate used by the webhook server.
chartMode
Type | Default |
---|---|
string | "" |
chartMode
enables cloud-specific helpers. aws
is the only
supported value. When chartMode
is aws
, the created service wears the
in-tree AWS LB controller annotations.
log
log
controls the plugin logging.
log.severity
Type | Default |
---|---|
string | "INFO" |
log.severity
is the log level for the Teleport process.
Available log levels are: DEBUG
, INFO
, WARN
, ERROR
.
The default is INFO
, which is recommended in production.
DEBUG
is useful during first-time setup or to see more detailed logs for debugging.
log.output
Type | Default |
---|---|
string | "stdout" |
log.output
sets the output destination for the Teleport process.
This can be set to any of the built-in values: stdout
, stderr
.
The value can also be set to a file path (such as /var/log/teleport.log
)
to write logs to a file. Bear in mind that a few service startup messages
will still go to stderr
for resilience.
annotations
annotations
contains annotations to apply to the different Kubernetes
objects created by the chart. See the Kubernetes annotation
documentation
for more details.
annotations.config
Type | Default |
---|---|
object | {} |
annotations.config
contains the Kubernetes annotations
put on the ConfigMap
resource created by the chart.
annotations.deployment
Type | Default |
---|---|
object | {} |
annotations.deployment
contains the Kubernetes annotations
put on the Deployment
or StatefulSet
resource created by the chart.
annotations.pod
Type | Default |
---|---|
object | {} |
annotations.pod
contains the Kubernetes annotations
put on the Pod
resources created by the chart.
annotations.secret
Type | Default |
---|---|
object | {} |
annotations.secret
contains the Kubernetes annotations
put on the Secret
resource created by the chart.
This has no effect when joinTokenSecret.create
is false
.