feat(helm): add priorityClassName and extraLabels to kube-agent

docs/pages/kubernetes-access/helm/reference/teleport-kube-agent.mdx

@@ -768,6 +768,27 @@ Ensures that this number of replicas is available during voluntary disruptions,
   </TabItem>
 </Tabs>
 
+## `priorityClassName`
+
+| Type | Default value |
+| - | - |
+| `string` | `nil` |
+
+`priorityClassName` allows to specify a priority class for the `teleport-kube-agent` deployment/statefulset.
+
+<Tabs>
+  <TabItem label="values.yaml">
+  ```yaml
+  priorityClassName: "teleport-kube-agent"
+  ```
+  </TabItem>
+  <TabItem label="--set">
+  ```code
+  $ --set priorityClassName=teleport-kube-agent
+  ```
+  </TabItem>
+</Tabs>
+
 ## `serviceAccountName`
 
 <Admonition type="note">
@@ -1000,6 +1021,267 @@ Kubernetes affinity to set for pod assignments.
   </TabItem>
 </Tabs>
 
+## `extraLabels.clusterRole`
+
+| Type | Default value |
+| - | - |
+| `object` | `{}` |
+
+[Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+Kubernetes labels which should be applied to the `ClusterRole` created by the chart.
+
+<Tabs>
+  <TabItem label="values.yaml">
+  ```yaml
+  extraLabels:
+    clusterRole:
+      app.kubernetes.io/name: teleport-kube-agent
+  ```
+  </TabItem>
+  <TabItem label="--set">
+  ```code
+  $ --set extraLabels.clusterRole."app\.kubernetes\.io\/name"=teleport-kube-agent
+  ```
+  <Admonition type="warning" title="Escaping values">
+    You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
+    using a `values.yaml` file instead to avoid confusion and errors.
+  </Admonition>
+  </TabItem>
+</Tabs>
+
+## `extraLabels.clusterRoleBinding`
+
+| Type | Default value |
+| - | - |
+| `object` | `{}` |
+
+[Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+Kubernetes labels which should be applied to the `ClusterRoleBinding` created by the chart.
+
+<Tabs>
+  <TabItem label="values.yaml">
+  ```yaml
+  extraLabels:
+    clusterRoleBinding:
+      app.kubernetes.io/name: teleport-kube-agent
+  ```
+  </TabItem>
+  <TabItem label="--set">
+  ```code
+  $ --set extraLabels.clusterRoleBinding."app\.kubernetes\.io\/name"=teleport-kube-agent
+  ```
+  <Admonition type="warning" title="Escaping values">
+    You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
+    using a `values.yaml` file instead to avoid confusion and errors.
+  </Admonition>
+  </TabItem>
+</Tabs>
+
+## `extraLabels.config`
+
+| Type | Default value |
+| - | - |
+| `object` | `{}` |
+
+[Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+Kubernetes labels which should be applied to the `ConfigMap` created by the chart.
+
+<Tabs>
+  <TabItem label="values.yaml">
+  ```yaml
+  extraLabels:
+    config:
+      app.kubernetes.io/name: teleport-kube-agent
+  ```
+  </TabItem>
+  <TabItem label="--set">
+  ```code
+  $ --set extraLabels.config."app\.kubernetes\.io\/name"=teleport-kube-agent
+  ```
+  <Admonition type="warning" title="Escaping values">
+    You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
+    using a `values.yaml` file instead to avoid confusion and errors.
+  </Admonition>
+  </TabItem>
+</Tabs>
+
+## `extraLabels.deployment`
+
+| Type | Default value |
+| - | - |
+| `object` | `{}` |
+
+[Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+Kubernetes labels which should be applied to the `Deployment` or `StatefulSet` created by the chart.
+
+<Tabs>
+  <TabItem label="values.yaml">
+  ```yaml
+  extraLabels:
+    deployment:
+      app.kubernetes.io/name: teleport-kube-agent
+  ```
+  </TabItem>
+  <TabItem label="--set">
+  ```code
+  $ --set extraLabels.deployment."app\.kubernetes\.io\/name"=teleport-kube-agent
+  ```
+  <Admonition type="warning" title="Escaping values">
+    You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
+    using a `values.yaml` file instead to avoid confusion and errors.
+  </Admonition>
+  </TabItem>
+</Tabs>
+
+## `extraLabels.pod`
+
+| Type | Default value |
+| - | - |
+| `object` | `{}` |
+
+[Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+Kubernetes labels which should be applied to every `Pod` in the `Deployment` or `StatefulSet` created by the chart.
+
+<Tabs>
+  <TabItem label="values.yaml">
+  ```yaml
+  extraLabels:
+    pod:
+      app.kubernetes.io/name: teleport-kube-agent
+  ```
+  </TabItem>
+  <TabItem label="--set">
+  ```code
+  $ --set extraLabels.pod."app\.kubernetes\.io\/name"=teleport-kube-agent
+  ```
+  <Admonition type="warning" title="Escaping values">
+    You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
+    using a `values.yaml` file instead to avoid confusion and errors.
+  </Admonition>
+  </TabItem>
+</Tabs>
+
+## `extraLabels.podDisruptionBudget`
+
+| Type | Default value |
+| - | - |
+| `object` | `{}` |
+
+[Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+Kubernetes labels which should be applied to the `PodDisruptionBudget` created by the chart (if enabled).
+
+<Tabs>
+  <TabItem label="values.yaml">
+  ```yaml
+  extraLabels:
+    podDisruptionBudget:
+      app.kubernetes.io/name: teleport-kube-agent
+  ```
+  </TabItem>
+  <TabItem label="--set">
+  ```code
+  $ --set extraLabels.podDisruptionBudget."app\.kubernetes\.io\/name"=teleport-kube-agent
+  ```
+  <Admonition type="warning" title="Escaping values">
+    You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
+    using a `values.yaml` file instead to avoid confusion and errors.
+  </Admonition>
+  </TabItem>
+</Tabs>
+
+## `extraLabels.podSecurityPolicy`
+
+| Type | Default value |
+| - | - |
+| `object` | `{}` |
+
+[Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+Kubernetes labels which should be applied to the `PodSecurityPolicy` created by the chart (if enabled).
+
+<Tabs>
+  <TabItem label="values.yaml">
+  ```yaml
+  extraLabels:
+    podSecurityPolicy:
+      app.kubernetes.io/name: teleport-kube-agent
+  ```
+  </TabItem>
+  <TabItem label="--set">
+  ```code
+  $ --set extraLabels.podSecurityPolicy."app\.kubernetes\.io\/name"=teleport-kube-agent
+  ```
+  <Admonition type="warning" title="Escaping values">
+    You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
+    using a `values.yaml` file instead to avoid confusion and errors.
+  </Admonition>
+  </TabItem>
+</Tabs>
+
+## `extraLabels.secret`
+
+| Type | Default value |
+| - | - |
+| `object` | `{}` |
+
+[Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+Kubernetes labels which should be applied to the `Secret` created by the chart (if enabled).
+
+<Tabs>
+  <TabItem label="values.yaml">
+  ```yaml
+  extraLabels:
+    secret:
+      app.kubernetes.io/name: teleport-kube-agent
+  ```
+  </TabItem>
+  <TabItem label="--set">
+  ```code
+  $ --set extraLabels.secret."app\.kubernetes\.io\/name"=teleport-kube-agent
+  ```
+  <Admonition type="warning" title="Escaping values">
+    You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
+    using a `values.yaml` file instead to avoid confusion and errors.
+  </Admonition>
+  </TabItem>
+</Tabs>
+
+## `extraLabels.serviceAccount`
+
+| Type | Default value |
+| - | - |
+| `object` | `{}` |
+
+[Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
+
+Kubernetes labels which should be applied to the `ServiceAccount` created by the chart.
+
+<Tabs>
+  <TabItem label="values.yaml">
+  ```yaml
+  extraLabels:
+    serviceAccount:
+      app.kubernetes.io/name: teleport-kube-agent
+  ```
+  </TabItem>
+  <TabItem label="--set">
+  ```code
+  $ --set extraLabels.serviceAccount."app\.kubernetes\.io\/name"=teleport-kube-agent
+  ```
+  <Admonition type="warning" title="Escaping values">
+    You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
+    using a `values.yaml` file instead to avoid confusion and errors.
+  </Admonition>
+  </TabItem>
+</Tabs>
+
 ## `annotations.config`
 
 | Type | Default value | Can be used in `custom` mode? | `teleport.yaml` equivalent |

examples/chart/teleport-kube-agent/.lint/extra-labels.yaml

@@ -0,0 +1,31 @@
+authToken: auth-token
+proxyAddr: proxy.example.com:3080
+kubeClusterName: test-kube-cluster
+extraLabels:
+  clusterRole:
+    app.kubernetes.io/name: "teleport-kube-agent"
+    resource: "clusterrole"
+  clusterRoleBinding:
+    app.kubernetes.io/name: "teleport-kube-agent"
+    resource: "clusterrolebinding"
+  config:
+    app.kubernetes.io/name: "teleport-kube-agent"
+    resource: "config"
+  deployment:
+    app.kubernetes.io/name: "teleport-kube-agent"
+    resource: "deployment"
+  pod:
+    app.kubernetes.io/name: "teleport-kube-agent"
+    resource: "pod"
+  podDisruptionBudget:
+    app.kubernetes.io/name: "teleport-kube-agent"
+    resource: "poddisruptionbudget"
+  podSecurityPolicy:
+    app.kubernetes.io/name: "teleport-kube-agent"
+    resource: "podsecuritypolicy"
+  secret:
+    app.kubernetes.io/name: "teleport-kube-agent"
+    resource: "secret"
+  serviceAccount:
+    app.kubernetes.io/name: "teleport-kube-agent"
+    resource: "serviceaccount"

examples/chart/teleport-kube-agent/.lint/priority-class-name.yaml

@@ -0,0 +1,4 @@
+authToken: auth-token
+proxyAddr: proxy.example.com:3080
+kubeClusterName: test-kube-cluster
+priorityClassName: teleport-kube-agent

examples/chart/teleport-kube-agent/templates/clusterrole.yaml

@@ -2,6 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: {{ .Values.clusterRoleName | default .Release.Name }}
+{{- if .Values.extraLabels.clusterRole }}
+  labels:
+  {{- toYaml .Values.extraLabels.clusterRole | nindent 4 }}
+{{- end }}
 rules:
 - apiGroups:
   - ""

examples/chart/teleport-kube-agent/templates/clusterrolebinding.yaml

@@ -2,6 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: {{ .Values.clusterRoleBindingName | default .Release.Name }}
+{{- if .Values.extraLabels.clusterRoleBinding }}
+  labels:
+  {{- toYaml .Values.extraLabels.clusterRoleBinding | nindent 4 }}
+{{- end }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

examples/chart/teleport-kube-agent/templates/config.yaml

@@ -9,6 +9,10 @@ kind: ConfigMap
 metadata:
   name: {{ .Release.Name }}
   namespace: {{ .Release.Namespace }}
+{{- if .Values.extraLabels.config }}
+  labels:
+  {{- toYaml .Values.extraLabels.config | nindent 4 }}
+{{- end }}
   {{- if .Values.annotations.config }}
   annotations:
     {{- toYaml .Values.annotations.config | nindent 4 }}

examples/chart/teleport-kube-agent/templates/deployment.yaml

@@ -11,6 +11,9 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     app: {{ .Release.Name }}
+  {{- if .Values.extraLabels.deployment }}
+    {{- toYaml .Values.extraLabels.deployment | nindent 4 }}
+  {{- end }}
   {{- if .Values.annotations.deployment }}
   annotations:
     {{- toYaml .Values.annotations.deployment | nindent 4 }}
@@ -30,6 +33,9 @@ spec:
 {{- end }}
       labels:
         app: {{ .Release.Name }}
+{{- if .Values.extraLabels.pod }}
+  {{- toYaml .Values.extraLabels.pod | nindent 8 }}
+{{- end }}
     spec:
       {{- if or .Values.affinity (gt (int $replicaCount) 1) }}
       affinity:
@@ -177,6 +183,9 @@ spec:
       {{- end }}
 {{- if .Values.extraVolumes }}
   {{- toYaml .Values.extraVolumes | nindent 6 }}
+{{- end }}
+{{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName }}
 {{- end }}
       serviceAccountName: {{ .Values.serviceAccountName | default .Release.Name }}
 {{- end }}