diff --git a/docs/pages/reference/helm-reference/teleport-cluster.mdx b/docs/pages/reference/helm-reference/teleport-cluster.mdx
index d2debdea2c7fe..7185f02247acd 100644
--- a/docs/pages/reference/helm-reference/teleport-cluster.mdx
+++ b/docs/pages/reference/helm-reference/teleport-cluster.mdx
@@ -314,18 +314,11 @@ By default no devices are forbidden.
`proxyListenerMode` controls proxy TLS routing used by Teleport. Possible values are `multiplex`.
-
-
+`values.yaml` example:
+
```yaml
proxyListenerMode: multiplex
```
-
-
- ```code
- $ --set proxyListenerMode=multiplex
- ```
-
-
## `sessionRecording`
@@ -337,18 +330,11 @@ By default no devices are forbidden.
It is passed as-is in the configuration.
For possible values, [see the Teleport Configuration Reference](../../reference/config.mdx).
-
-
+`values.yaml` example:
+
```yaml
sessionRecording: proxy
```
-
-
- ```code
- $ --set sessionRecording=proxy
- ```
-
-
## `separatePostgresListener`
@@ -370,18 +356,11 @@ in front of Teleport, such as when using AWS ACM.
These settings will not apply if [`proxyListenerMode`](#proxylistenermode) is set to `multiplex`.
-
-
+`values.yaml` example:
+
```yaml
separatePostgresListener: true
```
-
-
- ```code
- $ --set separatePostgresListener=true
- ```
-
-
## `separateMongoListener`
@@ -402,18 +381,11 @@ in front of Teleport, such as when using AWS ACM.
These settings will not apply if [`proxyListenerMode`](#proxylistenermode) is set to `multiplex`.
-
-
+`values.yaml` example:
+
```yaml
separateMongoListener: true
```
-
-
- ```code
- $ --set separateMongoListener=true
- ```
-
-
## `publicAddr`
@@ -443,18 +415,11 @@ For example, if users are accessing the cluster with the domain
Changing the RP ID will invalidate all already registered webauthn second factors.
-
-
+`values.yaml` example:
+
```yaml
publicAddr: ["loadbalancer.example.com:443"]
```
-
-
- ```code
- $ --set publicAddr[0]=loadbalancer.example.com:443
- ```
-
-
## `kubePublicAddr`
@@ -468,18 +433,11 @@ This setting will not apply if [`proxyListenerMode`](#proxylistenermode) is set
When `kubePublicAddr` is not set, the addresses are inferred from [`publicAddr`](#publicAddr) if set,
else [`clusterName`](#clusterName) is used. Default port is 3026.
-
-
+`values.yaml` example:
+
```yaml
kubePublicAddr: ["loadbalancer.example.com:3026"]
```
-
-
- ```code
- $ --set kubePublicAddr[0]=loadbalancer.example.com:3026
- ```
-
-
## `mongoPublicAddr`
@@ -494,18 +452,11 @@ requires [`separateMongoListener`](#separatePostgresListener) enabled.
When `mongoPublicAddr` is not set, the addresses are inferred from [`clusterName`](#clusterName) is used.
Default port is 27017.
-
-
+`values.yaml` example:
+
```yaml
mongoPublicAddr: ["loadbalancer.example.com:27017"]
```
-
-
- ```code
- $ --set mongoPublicAddr[0]=loadbalancer.example.com:27017
- ```
-
-
## `mysqlPublicAddr`
@@ -519,18 +470,11 @@ This setting will not apply if [`proxyListenerMode`](#proxylistenermode) is set
When `mysqlPublicAddr` is not set, the addresses are inferred from [`publicAddr`](#publicAddr) if set,
else [`clusterName`](#clusterName) is used. Default port is 3036.
-
-
+`values.yaml` example:
+
```yaml
mysqlPublicAddr: ["loadbalancer.example.com:3036"]
```
-
-
- ```code
- $ --set mysqlPublicAddr[0]=loadbalancer.example.com:3036
- ```
-
-
## `postgresPublicAddr`
@@ -545,18 +489,11 @@ requires [`separatePostgresListener`](#separatePostgresListener) enabled.
When `postgresPublicAddr` is not set, the addresses are inferred from [`publicAddr`](#publicAddr) if set,
else [`clusterName`](#clusterName) is used. Default port is 5432.
-
-
+`values.yaml` example:
+
```yaml
postgresPublicAddr: ["loadbalancer.example.com:5432"]
```
-
-
- ```code
- $ --set postgresPublicAddr[0]=loadbalancer.example.com:5432
- ```
-
-
## `sshPublicAddr`
@@ -570,18 +507,11 @@ This setting will not apply if [`proxyListenerMode`](#proxylistenermode) is set
hen `sshPublicAddr` is not set, the addresses are inferred from [`publicAddr`](#publicAddr) if set,
else [`clusterName`](#clusterName) is used. Default port is 3023.
-
-
+`values.yaml` example:
+
```yaml
sshPublicAddr: ["loadbalancer.example.com:3023"]
```
-
-
- ```code
- $ --set sshPublicAddr[0]=loadbalancer.example.com:3023
- ```
-
-
## `tunnelPublicAddr`
@@ -595,18 +525,11 @@ This setting will not apply if [`proxyListenerMode`](#proxylistenermode) is set
When `tunnelPublicAddr` is not set, the addresses are inferred from [`publicAddr`](#publicAddr) if set,
else [`clusterName`](#clusterName) is used. Default port is 3024.
-
-
+`values.yaml` example:
+
```yaml
tunnelPublicAddr: ["loadbalancer.example.com:3024"]
```
-
-
- ```code
- $ --set tunnelPublicAddr[0]=loadbalancer.example.com:3024
- ```
-
-
## `enterprise`
@@ -636,18 +559,11 @@ $ kubectl --namespace teleport create secret generic license --from-file=/path/t
```
-
-
+`values.yaml` example:
+
```yaml
enterprise: true
```
-
-
- ```code
- $ --set enterprise=true
- ```
-
-
## `installCRDs`
@@ -664,18 +580,11 @@ If several releases of the `teleport-cluster` chart are deployed in the same Kub
release should have `installCRDs` enabled. Unless you are deploying multiple `teleport-cluster` Helm releases in
the same Kubernetes cluster or installing the CRDs on your own you should not have to set this value.
-
-
+`values.yaml` example:
+
```yaml
installCRDs: true
```
-
-
- ```code
- $ --set installCRDs=true
- ```
-
-
## `operator`
@@ -691,19 +600,12 @@ Enabling the operator will also deploy the Teleport CRDs in the Kubernetes clust
If you are deploying multiple releases of the Helm chart in the same cluster you can override this behavior with
[`installCRDs`](#installCRDs).
-
-
+`values.yaml` example:
+
```yaml
operator:
enabled: true
```
-
-
- ```code
- $ --set operator.enabled=true
- ```
-
-
### `operator.image`
@@ -716,19 +618,12 @@ You can override this to use your own Teleport Operator image rather than a Tele
This setting requires [`operator.enabled`](#operatorenabled).
-
-
+`values.yaml` example:
+
```yaml
operator:
image: my.docker.registry/teleport-operator-image-name
```
-
-
- ```code
- $ --set operator.image=my.docker.registry/teleport-operator-image-name
- ```
-
-
### `operator.resources`
@@ -741,8 +636,8 @@ documentation.
It is recommended to set resource requests/limits for each container based on their observed usage.
-
-
+`values.yaml` example:
+
```yaml
operator:
resources:
@@ -750,14 +645,6 @@ It is recommended to set resource requests/limits for each container based on th
cpu: 1
memory: 2Gi
```
-
-
- ```code
- $ --set operator.resources.requests.cpu=1 \
- --set operator.resources.requests.memory=2Gi
- ```
-
-
## `teleportVersionOverride`
@@ -773,18 +660,11 @@ You can optionally override this to use a different published Teleport Docker im
See our [installation guide](../../installation.mdx#docker) for information on
Docker image versions.
-
-
+`values.yaml` example:
+
```yaml
teleportVersionOverride: "11"
```
-
-
- ```code
- $ --set teleportVersionOverride="11"
- ```
-
-
## `acme`
@@ -828,22 +708,13 @@ As an example, this can be overridden to use the [Let's Encrypt staging server](
You can also use any other ACME-compatible server.
-
-
+`values.yaml` example:
+
```yaml
acme: true
acmeEmail: user@email.com
acmeURI: https://acme-staging-v02.api.letsencrypt.org/directory
```
-
-
- ```code
- $ --set acme=true \
- --set acmeEmail=user@email.com \
- --set acmeURI=https://acme-staging-v02.api.letsencrypt.org/directory
- ```
-
-
## `podSecurityPolicy`
@@ -865,19 +736,12 @@ To disable PSP creation, you can set `enabled` to `false`.
[Kubernetes reference](https://kubernetes.io/docs/concepts/policy/pod-security-policy/)
-
-
+`values.yaml` example:
+
```yaml
podSecurityPolicy:
enabled: false
```
-
-
- ```code
- $ --set podSecurityPolicy.enabled=false
- ```
-
-
## `labels`
@@ -892,21 +756,13 @@ Teleport's RBAC policies to define access rules for the cluster.
These are Teleport-specific RBAC labels, not Kubernetes labels.
-
-
+`values.yaml` example:
+
```yaml
labels:
environment: production
region: us-east
```
-
-
- ```code
- $ --set labels.environment=production \
- --set labels.region=us-east
- ```
-
-
## `chartMode`
@@ -943,19 +799,12 @@ This driver addon must be configured to use persistent volumes in EKS clusters a
`persistence.enabled` can be used to enable data persistence using either a new or pre-existing `PersistentVolumeClaim`.
-
-
+`values.yaml` example:
+
```yaml
persistence:
enabled: true
```
-
-
- ```code
- $ --set persistence.enabled=true
- ```
-
-
### `persistence.existingClaimName`
@@ -967,19 +816,12 @@ This driver addon must be configured to use persistent volumes in EKS clusters a
The default is left blank, which will automatically create a `PersistentVolumeClaim` to use for Teleport storage in `standalone` or `scratch` mode.
-
-
+`values.yaml` example:
+
```yaml
persistence:
existingClaimName: my-existing-pvc-name
```
-
-
- ```code
- $ --set persistence.existingClaimName=my-existing-pvc-name
- ```
-
-
### `persistence.volumeSize`
@@ -993,19 +835,12 @@ You can set `volumeSize` to request a different size of persistent volume when i
`volumeSize` will be ignored if `existingClaimName` is set.
-
-
+`values.yaml` example:
+
```yaml
persistence:
volumeSize: 50Gi
```
-
-
- ```code
- --set persistence.volumeSize=50Gi
- ```
-
-
## `aws`
@@ -1074,19 +909,12 @@ Teleport pods must not be scheduled on the same physical host.
This setting only has any effect when `highAvailability.replicaCount` is greater than `1`.
-
-
+`values.yaml` example:
+
```yaml
highAvailability:
requireAntiAffinity: true
```
-
-
- ```code
- $ --set highAvailability.requireAntiAffinity=true
- ```
-
-
## `highAvailability.podDisruptionBudget`
@@ -1100,20 +928,13 @@ Teleport pods must not be scheduled on the same physical host.
Enable a Pod Disruption Budget for the Teleport Pod to ensure HA during voluntary disruptions.
-
-
+`values.yaml` example:
+
```yaml
highAvailability:
podDisruptionBudget:
enabled: true
```
-
-
- ```shell
- --set highAvailability.podDisruptionBudget.enabled=true
- ```
-
-
### `highAvailability.podDisruptionBudget.minAvailable`
@@ -1125,20 +946,13 @@ Enable a Pod Disruption Budget for the Teleport Pod to ensure HA during voluntar
Ensures that this number of replicas is available during voluntary disruptions, can be a number of replicas or a percentage.
-
-
+`values.yaml` example:
+
```yaml
highAvailability:
podDisruptionBudget:
minAvailable: 1
```
-
-
- ```shell
- --set highAvailability.podDisruptionBudget.minAvailable=1
- ```
-
-
## `highAvailability.certManager`
@@ -1175,8 +989,8 @@ Setting `highAvailability.certManager.addCommonName` to `true` will instruct `ce
and the relevant sections of the [AWS](../../deploy-a-cluster/helm-deployments/aws.mdx#step-47-configure-tls-certificates-for-teleport) and [GCP](../../deploy-a-cluster/helm-deployments/gcp.mdx#step-47-install-and-configure-cert-manager) guides for more information.
-
-
+`values.yaml` example:
+
```yaml
highAvailability:
certManager:
@@ -1184,15 +998,6 @@ Setting `highAvailability.certManager.addCommonName` to `true` will instruct `ce
addCommonName: true
issuerName: letsencrypt-production
```
-
-
- ```code
- $ --set highAvailability.certManager.enabled=true \
- --set highAvailability.certManager.addCommonName=true \
- --set highAvailability.certManager.issuerName=letsencrypt-production
- ```
-
-
### `highAvailability.certManager.issuerName`
@@ -1209,22 +1014,14 @@ Sets the name of the `cert-manager` `Issuer` or `ClusterIssuer` to use for issui
of the [AWS](../../deploy-a-cluster/helm-deployments/aws.mdx#step-47-configure-tls-certificates-for-teleport) and [GCP](../../deploy-a-cluster/helm-deployments/gcp.mdx#step-47-install-and-configure-cert-manager) guides for more information.
-
-
+`values.yaml` example:
+
```yaml
highAvailability:
certManager:
enabled: true
issuerName: letsencrypt-production
```
-
-
- ```code
- $ --set highAvailability.certManager.enabled=true \
- --set highAvailability.certManager.issuerName=letsencrypt-production
- ```
-
-
### `highAvailability.certManager.issuerKind`
@@ -1235,20 +1032,13 @@ Sets the name of the `cert-manager` `Issuer` or `ClusterIssuer` to use for issui
Sets the `Kind` of `Issuer` to be used when issuing certificates with `cert-manager`. Defaults to `Issuer` to keep permissions
scoped to a single namespace.
-
-
+`values.yaml` example:
+
```yaml
highAvailability:
certManager:
issuerKind: ClusterIssuer
```
-
-
- ```code
- --set highAvailability.certManager.issuerKind=ClusterIssuer
- ```
-
-
### `highAvailability.certManager.issuerGroup`
@@ -1258,20 +1048,13 @@ scoped to a single namespace.
Sets the `Group` of `Issuer` to be used when issuing certificates with `cert-manager`. Defaults to `cert-manager.io` to use built-in issuers.
-
-
+`values.yaml` example:
+
```yaml
highAvailability:
certManager:
issuerGroup: cert-manager.io
```
-
-
- ```code
- --set highAvailability.certManager.issuerGroup=cert-manager.io
- ```
-
-
## `highAvailability.minReadySeconds`
@@ -1284,19 +1067,12 @@ Amount of time to wait during a pod rollout before moving to the next pod.
This is used to give time for the agents to connect back to newly created pods before continuing the rollout.
-
-
+`values.yaml` example:
+
```yaml
highAvailability:
minReadySeconds: 15
```
-
-
- ```shell
- --set highAvailability.minReadySeconds=15
- ```
-
-
## `tls.existingSecretName`
@@ -1315,19 +1091,12 @@ kubectl create secret tls my-tls-secret --cert=/path/to/cert/file --key=/path/to
See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets for more information.
-
-
+`values.yaml` example:
+
```yaml
tls:
existingSecretName: my-tls-secret
```
-
-
- ```shell
- --set tls.existingSecretName=my-tls-secret
- ```
-
-
## `tls.existingCASecretName`
@@ -1354,19 +1123,12 @@ kubectl create secret generic my-root-ca --from-file=ca.pem=/path/to/root-ca.pem
The filename used for the root CA in the secret must be `ca.pem`.
-
-
+`values.yaml` example:
+
```yaml
tls:
existingCASecretName: my-root-ca
```
-
-
- ```shell
- --set tls.existingSecretName=my-root-ca
- ```
-
-
## `image`
@@ -1378,18 +1140,11 @@ kubectl create secret generic my-root-ca --from-file=ca.pem=/path/to/root-ca.pem
You can override this to use your own Teleport Community image rather than a Teleport-published image.
-
-
+`values.yaml` example:
+
```yaml
image: my.docker.registry/teleport-community-image-name
```
-
-
- ```code
- --set image=my.docker.registry/teleport-community-image-name
- ```
-
-
## `enterpriseImage`
@@ -1401,18 +1156,11 @@ You can override this to use your own Teleport Community image rather than a Tel
You can override this to use your own Teleport Enterprise image rather than a Teleport-published image.
-
-
+`values.yaml` example:
+
```yaml
enterpriseImage: my.docker.registry/teleport-enterprise-image-name
```
-
-
- ```code
- --set enterpriseImage=my.docker.registry/teleport-enterprise-image
- ```
-
-
## `log`
@@ -1434,19 +1182,12 @@ The default is `INFO`, which is recommended in production.
`DEBUG` is useful during first-time setup or to see more detailed logs for debugging.
-
-
+`values.yaml` example:
+
```yaml
log:
level: DEBUG
```
-
-
- ```code
- --set log.level=DEBUG
- ```
-
-
### `log.output`
@@ -1460,19 +1201,12 @@ This can be set to any of the built-in values: `stdout`, `stderr` or `syslog` to
The value can also be set to a file path (such as `/var/log/teleport.log`) to write logs to a file. Bear in mind that a few service startup messages will still go to `stderr` for resilience.
-
-
+`values.yaml` example:
+
```yaml
log:
output: stderr
```
-
-
- ```code
- --set log.output=stderr
- ```
-
-
### `log.format`
@@ -1484,19 +1218,12 @@ The value can also be set to a file path (such as `/var/log/teleport.log`) to wr
Possible values are `text` (default) or `json`.
-
-
+`values.yaml` example:
+
```yaml
log:
format: json
```
-
-
- ```code
- --set log.format=json
- ```
-
-
### `log.extraFields`
@@ -1508,20 +1235,12 @@ Possible values are `text` (default) or `json`.
See the [Teleport config file reference](../../reference/config.mdx) for more details on possible values for `extra_fields`.
-
-
+`values.yaml` example:
+
```yaml
log:
extraFields: ["timestamp", "level"]
```
-
-
- ```code
- --set "log.extraFields[0]=timestamp" \
- --set "log.extraFields[1]=level"
- ```
-
-
## `nodeSelector`
@@ -1534,21 +1253,13 @@ nodes that Teleport pods will run on.
[Kubernetes reference](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector)
-
-
+`values.yaml` example:
+
```yaml
nodeSelector:
role: bastion
environment: security
```
-
-
- ```code
- --set nodeSelector.role=bastion \
- --set nodeSelector.environment=security
- ```
-
-
## `affinity`
@@ -1564,8 +1275,8 @@ Kubernetes affinity to set for pod assignments.
You cannot set both `affinity` and `highAvailability.requireAntiAffinity` as they conflict with each other. Only set one or the other.
-
-
+`values.yaml` example:
+
```yaml
affinity:
nodeAffinity:
@@ -1577,15 +1288,6 @@ Kubernetes affinity to set for pod assignments.
values:
- teleport
```
-
-
- ```code
- $ --set affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key=gravitational.io/dedicated \
- --set affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator=In \
- --set affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0]=teleport
- ```
-
-
## `annotations.config`
@@ -1597,24 +1299,13 @@ Kubernetes affinity to set for pod assignments.
Kubernetes annotations which should be applied to the `ConfigMap` created by the chart.
-
-
+`values.yaml` example:
+
```yaml
annotations:
config:
kubernetes.io/annotation: value
```
-
-
- ```code
- $ --set annotations.config."kubernetes\.io\/annotation"=value
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `annotations.deployment`
@@ -1626,24 +1317,13 @@ Kubernetes annotations which should be applied to the `ConfigMap` created by the
Kubernetes annotations which should be applied to the `Deployment` created by the chart.
-
-
+`values.yaml` example:
+
```yaml
annotations:
deployment:
kubernetes.io/annotation: value
```
-
-
- ```code
- $ --set annotations.deployment."kubernetes\.io\/annotation"=value
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `annotations.pod`
@@ -1655,24 +1335,13 @@ Kubernetes annotations which should be applied to the `Deployment` created by th
Kubernetes annotations which should be applied to each `Pod` created by the chart.
-
-
+`values.yaml` example:
+
```yaml
annotations:
pod:
kubernetes.io/annotation: value
```
-
-
- ```code
- $ --set annotations.pod."kubernetes\.io\/annotation"=value
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `annotations.service`
@@ -1684,24 +1353,13 @@ Kubernetes annotations which should be applied to each `Pod` created by the char
Kubernetes annotations which should be applied to the `Service` created by the chart.
-
-
+`values.yaml` example:
+
```yaml
annotations:
service:
kubernetes.io/annotation: value
```
-
-
- ```code
- $ --set annotations.service."kubernetes\.io\/annotation"=value
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `annotations.serviceAccount`
@@ -1713,24 +1371,13 @@ Kubernetes annotations which should be applied to the `Service` created by the c
Kubernetes annotations which should be applied to the `serviceAccount` created by the chart.
-
-
+`values.yaml` example:
+
```yaml
annotations:
serviceAccount:
kubernetes.io/annotation: value
```
-
-
- ```code
- $ --set annotations.serviceAccount."kubernetes\.io\/annotation"=value
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `annotations.certSecret`
@@ -1745,24 +1392,13 @@ Kubernetes annotations which should be applied to the `secret` generated by
`highAvailability.certManager.enabled` is set to `true` and requires
`cert-manager` v1.5.0+.
-
-
+`values.yaml` example:
+
```yaml
annotations:
certSecret:
kubernetes.io/annotation: value
```
-
-
- ```code
- $ --set annotations.certSecret."kubernetes\.io\/annotation"=value
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `serviceAccount.create`
@@ -1793,19 +1429,12 @@ If `serviceAccount.create` is false, service account with this name should be cr
Allows to specify the service type.
-
-
+`values.yaml` example:
+
```yaml
service:
type: LoadBalancer
```
-
-
- ```code
- $ --set service.type=LoadBalancer
- ```
-
-
## `service.spec.loadBalancerIP`
@@ -1817,20 +1446,13 @@ Allows to specify the service type.
Allows to specify the `loadBalancerIP`.
-
-
+`values.yaml` example:
+
```yaml
service:
spec:
loadBalancerIP: 1.2.3.4
```
-
-
- ```code
- $ --set service.spec.loadBalancerIP=1.2.3.4
- ```
-
-
## `extraArgs`
@@ -1840,19 +1462,12 @@ Allows to specify the `loadBalancerIP`.
A list of extra arguments to pass to the `teleport start` command when running a Teleport Pod.
-
-
+`values.yaml` example:
+
```yaml
extraArgs:
- "--bootstrap=/etc/teleport-bootstrap/roles.yaml"
```
-
-
- ```code
- $ --set "extraArgs={--bootstrap=/etc/teleport-bootstrap/roles.yaml}"
- ```
-
-
## `extraEnv`
@@ -1864,21 +1479,13 @@ A list of extra arguments to pass to the `teleport start` command when running a
A list of extra environment variables to be set on the main Teleport container.
-
-
+`values.yaml` example:
+
```yaml
extraEnv:
- name: MY_ENV
value: my-value
```
-
-
- ```code
- $ --set "extraEnv[0].name=MY_ENV" \
- --set "extraEnv[0].value=my-value"
- ```
-
-
## `extraVolumes`
@@ -1891,22 +1498,14 @@ A list of extra environment variables to be set on the main Teleport container.
A list of extra Kubernetes `Volumes` which should be available to any `Pod` created by the chart. These volumes
will also be available to any `initContainers` configured by the chart.
-
-
+`values.yaml` example:
+
```yaml
extraVolumes:
- name: myvolume
secret:
secretName: mysecret
```
-
-
- ```code
- $ --set "extraVolumes[0].name=myvolume" \
- --set "extraVolumes[0].secret.secretName=mysecret"
- ```
-
-
## `extraVolumeMounts`
@@ -1919,21 +1518,13 @@ will also be available to any `initContainers` configured by the chart.
A list of extra Kubernetes volume mounts which should be mounted into any `Pod` created by the chart. These volume
mounts will also be mounted into any `initContainers` configured by the chart.
-
-
+`values.yaml` example:
+
```yaml
extraVolumeMounts:
- name: myvolume
mountPath: /path/to/mount/volume
```
-
-
- ```code
- $ --set "extraVolumeMounts[0].name=myvolume" \
- --set "extraVolumeMounts[0].path=/path/to/mount/volume"
- ```
-
-
## `imagePullPolicy`
@@ -1945,18 +1536,11 @@ mounts will also be mounted into any `initContainers` configured by the chart.
Allows the `imagePullPolicy` for any pods created by the chart to be overridden.
-
-
+`values.yaml` example:
+
```yaml
imagePullPolicy: Always
```
-
-
- ```code
- $ --set imagePullPolicy=Always
- ```
-
-
## `imagePullSecrets`
@@ -1968,19 +1552,12 @@ Allows the `imagePullPolicy` for any pods created by the chart to be overridden.
A list of secrets containing authorization tokens which can be optionally used to access a private Docker registry.
-
-
+`values.yaml` example:
+
```yaml
imagePullSecrets:
- name: my-docker-registry-key
```
-
-
- ```shell
- --set "imagePullSecrets[0].name=my-docker-registry-key"
- ```
-
-
## `initContainers`
@@ -1992,23 +1569,14 @@ A list of secrets containing authorization tokens which can be optionally used t
A list of `initContainers` which will be run before the main Teleport container in any pod created by the chart.
-
-
+`values.yaml` example:
+
```yaml
initContainers:
- name: teleport-init
image: alpine
args: ['echo test']
```
-
-
- ```code
- $ --set "initContainers[0].name=teleport-init" \
- --set "initContainers[0].image=alpine" \
- --set "initContainers[0].args={echo test}"
- ```
-
-
## `postStart`
@@ -2020,22 +1588,14 @@ A list of `initContainers` which will be run before the main Teleport container
A `postStart` lifecycle handler to be configured on the main Teleport container.
-
-
+`values.yaml` example:
+
```yaml
postStart:
command:
- echo
- foo
```
-
-
- ```shell
- --set "postStart.command[0]=echo" \
- --set "postStart.command[1]=foo"
- ```
-
-
## `resources`
@@ -2048,22 +1608,14 @@ A `postStart` lifecycle handler to be configured on the main Teleport container.
Resource requests/limits which should be configured for Teleport containers. These resource limits will also be
applied to `initContainers`.
-
-
+`values.yaml` example:
+
```yaml
resources:
requests:
cpu: 1
memory: 2Gi
```
-
-
- ```code
- $ --set resources.requests.cpu=1 \
- --set resources.requests.memory=2Gi
- ```
-
-
## `securityContext`
@@ -2075,19 +1627,12 @@ applied to `initContainers`.
The `securityContext` applies to the main Teleport containers.
-
-
+`values.yaml` example:
+
```yaml
securityContext:
runAsUser: 99
```
-
-
- ```code
- $ --set securityContext.runAsUser=99
- ```
-
-
## `tolerations`
@@ -2099,8 +1644,8 @@ The `securityContext` applies to the main Teleport containers.
Kubernetes Tolerations to set for pod assignment.
-
-
+`values.yaml` example:
+
```yaml
tolerations:
- key: "dedicated"
@@ -2108,16 +1653,6 @@ Kubernetes Tolerations to set for pod assignment.
value: "teleport"
effect: "NoSchedule"
```
-
-
- ```code
- $ --set tolerations[0].key=dedicated \
- --set tolerations[0].operator=Equal \
- --set tolerations[0].value=teleport \
- --set tolerations[0].effect=NoSchedule
- ```
-
-
## `priorityClassName`
@@ -2129,18 +1664,11 @@ Kubernetes Tolerations to set for pod assignment.
Kubernetes PriorityClass to set for pod.
-
-
+`values.yaml` example:
+
```yaml
priorityClassName: "system-cluster-critical"
```
-
-
- ```code
- $ --set priorityClassName=system-cluster-critical
- ```
-
-
## `probeTimeoutSeconds`
@@ -2152,15 +1680,8 @@ Kubernetes PriorityClass to set for pod.
Kubernetes timeouts for the liveness and readiness probes.
-
-
+`values.yaml` example:
+
```yaml
probeTimeoutSeconds: 5
```
-
-
- ```code
- $ --set probeTimeoutSeconds=5
- ```
-
-
diff --git a/docs/pages/reference/helm-reference/teleport-kube-agent.mdx b/docs/pages/reference/helm-reference/teleport-kube-agent.mdx
index f952679337d2a..96183686e3d16 100644
--- a/docs/pages/reference/helm-reference/teleport-kube-agent.mdx
+++ b/docs/pages/reference/helm-reference/teleport-kube-agent.mdx
@@ -84,25 +84,11 @@ This parameter is not mandatory to preserve backwards compatibility with older c
| Teleport Application service | `app` | [`apps`](#apps) |
| Teleport Database service | `db` | [`databases`](#databases) |
-
-
+`values.yaml` example:
+
```yaml
roles: kube,app,db
```
-
-
- ```code
- $ --set roles=kube\,app\,db
- ```
-
-
- When specifying multiple roles using `--set` syntax, you must escape the commas using a backslash (`\`).
-
- This is a quirk of Helm's CLI parser.
-
-
-
-
If you specify a role here, you may also need to specify some other settings which are detailed in this reference.
@@ -215,19 +201,11 @@ You should set this value if there is a `RoleBinding` resource in the namespace
of your `teleport-kube-agent` resources with the same name as your
`teleport-kube-agent` release.
-
-
+`values.yaml` example:
+
```yaml
roleBindingName: myrolebinding
```
-
-
- ```code
- $ --set roleBindingName=myrolebinding
- ```
-
-
-
## `roleName`
@@ -243,19 +221,11 @@ You should set this value if there is a `Role` resource in the namespace of your
`teleport-kube-agent` resources with the same name as your `teleport-kube-agent`
release.
-
-
+`values.yaml` example:
+
```yaml
roleName: myrole
```
-
-
- ```code
- $ --set roleName=myrole
- ```
-
-
-
## `serviceAccountName`
@@ -295,18 +265,11 @@ A token must be specified for the agent to join the Teleport cluster, either tho
If you do not have the correct services (Teleport refers to these internally as `Roles`) assigned to your join token, the Teleport instance will
fail to join the Teleport cluster.
-
-
+`values.yaml` example:
+
```yaml
authToken:
```
-
-
- ```code
- $ --set authToken=
- ```
-
-
## `joinParams`
@@ -338,19 +301,12 @@ set up on the pods's service account. For access to instance metadata (the quick
pods](https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node).
-
-
+`values.yaml` example:
+
```yaml
joinParams:
method: "token"|"ec2"|"iam"
```
-
-
- ```code
- $ --set joinParams.method="token"|"ec2"|"iam"
- ```
-
-
### `joinParams.tokenName`
| Type | Default value | Required? |
@@ -367,19 +323,12 @@ agent's configuration.
If method is `token`, `joinParams.tokenName` can be empty if the token is provided through an existing Kubernetes
Secret, see [`secretName`](#secretName) for more details and instructions.
-
-
+`values.yaml` example:
+
```yaml
joinParams:
tokenName: "my-token"
```
-
-
- ```code
- $ --set joinParams.token="my-token"
- ```
-
-
## `proxyAddr`
@@ -408,18 +357,11 @@ Here are a few examples:
`kubeClusterName` sets the name used for the Kubernetes cluster proxied by the Teleport agent. This name will be shown to Teleport users
connecting to the cluster.
-
-
+`values.yaml` example:
+
```yaml
kubeClusterName: my-gke-cluster
```
-
-
- ```code
- $ --set kubeClusterName=my-gke-cluster
- ```
-
-
## `apps`
@@ -431,8 +373,8 @@ connecting to the cluster.
You can specify multiple apps by adding additional list elements.
-
-
+`values.yaml` example:
+
```yaml
apps:
- name: grafana
@@ -445,25 +387,6 @@ You can specify multiple apps by adding additional list elements.
purpose: ci
```
- (!docs/pages/includes/yaml-lint-note.mdx!)
-
-
- ```code
- $ --set "apps[0].name=grafana" \
- --set "apps[0].uri=http://localhost:3000" \
- --set "apps[0].purpose=monitoring" \
- --set "apps[1].name=grafana" \
- --set "apps[1].uri=http://jenkins:8080" \
- --set "apps[1].purpose=ci"
- ```
-
-
- Note that when using `--set` syntax, YAML list elements must be indexed starting at `0`.
-
-
-
-
-
You can see a list of all the supported [values which can be used in a Teleport application access configuration here](../../application-access/reference.mdx#configuration).
@@ -478,8 +401,8 @@ You can specify multiple apps by adding additional list elements.
You can specify multiple selectors by including additional list elements.
-
-
+`values.yaml` example:
+
```yaml
appResources:
- labels:
@@ -488,20 +411,6 @@ You can specify multiple selectors by including additional list elements.
"env": "test"
```
-
-
- ```code
- $ --set "appResources[0].labels.env=prod" \
- --set "appResources[1].labels.env=test"
- ```
-
-
- Note that when using `--set` syntax, YAML list elements must be indexed starting at `0`.
-
-
-
-
-
Once `appResources` is set, you can dynamically register application with `tsh` by following [this guide](../../application-access/guides/dynamic-registration.mdx).
@@ -536,8 +445,8 @@ You can specify multiple database filters by adding additional list elements.
- `regions` is a list of AWS regions which should be scanned for databases.
- `tags` can be used to set AWS tags that must be matched for databases to be discovered.
-
-
+`values.yaml` example:
+
```yaml
roles: db
awsDatabases:
@@ -558,10 +467,6 @@ You can specify multiple database filters by adding additional list elements.
eks.amazonaws.com/role-arn: arn:aws:iam::1234567890:role/my-rds-autodiscovery-role
```
- (!docs/pages/includes/yaml-lint-note.mdx!)
-
-
-
## `azureDatabases`
@@ -618,8 +523,8 @@ The default for each of these optional settings is `*`, which will auto-discover
subscriptions, regions, or resource groups accessible by the Teleport service
principal in Azure.
-
-
+`values.yaml` example:
+
```yaml
roles: db
azureDatabases:
@@ -646,10 +551,6 @@ principal in Azure.
value: "11111111-2222-3333-4444-555555555555"
```
- (!docs/pages/includes/yaml-lint-note.mdx!)
-
-
-
## `databases`
| Type | Default value | Required? |
@@ -660,8 +561,8 @@ principal in Azure.
You can specify multiple databases by adding additional list elements.
-
-
+`values.yaml` example:
+
```yaml
databases:
- name: aurora-postgres
@@ -680,29 +581,6 @@ You can specify multiple databases by adding additional list elements.
env: staging
```
- (!docs/pages/includes/yaml-lint-note.mdx!)
-
-
- ```code
- $ --set "databases[0].name=aurora" \
- --set "databases[0].uri=postgres-aurora-instance-1.xxx.us-east-1.rds.amazonaws.com:5432" \
- --set "databases[0].protocol=postgres" \
- --set "databases[0].aws.region=us-east-1" \
- --set "databases[0].static_labels.env=staging" \
- --set "databases[1].name=mysql" \
- --set "databases[1].uri=mysql-instance-1.xxx.us-east-1.rds.amazonaws.com:3306" \
- --set "databases[1].protocol=mysql" \
- --set "databases[1].aws.region=us-east-1" \
- --set "databases[1].static_labels.env=staging"
- ```
-
-
- Note that when using `--set` syntax, YAML list elements must be indexed starting at `0`.
-
-
-
-
-
You can see a list of all the supported [values which can be used in a Teleport database service configuration here](../../database-access/reference/configuration.mdx).
@@ -745,8 +623,8 @@ You can specify multiple databases by adding additional list elements.
You can specify multiple selectors by adding elements to the list.
-
-
+`values.yaml` example:
+
```yaml
databaseResources:
- labels:
@@ -757,23 +635,6 @@ You can specify multiple selectors by adding elements to the list.
"engine": "mysql"
```
-
-
- ```code
- $
- --set "databaseResources[0].labels.env=prod" \
- --set "databaseResources[0].labels.engine=postgres" \
- --set "databaseResources[1].labels.env=test" \
- --set "databaseResources[0].labels.engine=mysql"
- ```
-
-
- Note that when using `--set` syntax, YAML list elements must be indexed starting at `0`.
-
-
-
-
-
Once `databaseResources` is set, you can dynamically register database with `tsh` by following [this guide](../../database-access/guides/dynamic-registration.mdx).
@@ -796,18 +657,11 @@ See [this link for information on Community Docker image versions](../../managem
not require a Teleport license file to be provided.
-
-
+`values.yaml` example:
+
```yaml
teleportVersionOverride: "11"
```
-
-
- ```code
- $ --set teleportVersionOverride="11"
- ```
-
-
## `caPin`
@@ -824,18 +678,11 @@ Each list element can be the pin itself (recommended, works out of the box),
or a path to a file containing the pin. For the latter it is your
responsibility to mount the file using [`extraVolumes`](#extraVolumes).
-
-
+`values.yaml` example:
+
```yaml
caPin: ["sha256:7e12c17c20d9cb504bbcb3f0236be3f446861f1396dcbb44425fe28ec1c108f1"]
```
-
-
- ```code
- $ --set caPin[0]="sha256:7e12c17c20d9cb504bbcb3f0236be3f446861f1396dcbb44425fe28ec1c108f1"
- ```
-
-
## `insecureSkipProxyTLSVerify`
@@ -848,18 +695,11 @@ Proxy Service specified using [`proxyAddr`](#proxyaddr).
This can be used for joining a Teleport instance to a Teleport cluster which does not have valid TLS certificates for testing.
-
-
+`values.yaml` example:
+
```yaml
insecureSkipProxyTLSVerify: false
```
-
-
- ```code
- $ --set insecureSkipProxyTLSVerify=false
- ```
-
-
Using a self-signed TLS certificate and disabling TLS verification is OK for testing, but is not viable when running a production Teleport
@@ -915,19 +755,12 @@ $ kubectl create secret generic my-root-ca --from-file=ca.pem=/path/to/root-ca.p
The key containing the root CA in the secret must be `ca.pem`.
-
-
+`values.yaml` example:
+
```yaml
tls:
existingCASecretName: my-root-ca
```
-
-
- ```shell
- --set tls.existingSecretName=my-root-ca
- ```
-
-
## `existingDataVolume`
@@ -937,18 +770,11 @@ $ kubectl create secret generic my-root-ca --from-file=ca.pem=/path/to/root-ca.p
When `existingDataVolume` is set to the name of an existing volume, the `/var/lib/teleport` mount will use this volume instead of creating a new `emptyDir` volume.
-
-
+`values.yaml` example:
+
```yaml
existingDataVolume: my-volume
```
-
-
- ```code
- --set existingDataVolume=my-volume
- ```
-
-
## `podSecurityPolicy`
@@ -970,19 +796,12 @@ To disable PSP creation, you can set `enabled` to `false`.
[Kubernetes reference](https://kubernetes.io/docs/concepts/policy/pod-security-policy/)
-
-
+`values.yaml` example:
+
```yaml
podSecurityPolicy:
enabled: false
```
-
-
- ```code
- $ --set podSecurityPolicy.enabled=false
- ```
-
-
## `labels`
@@ -1007,21 +826,13 @@ These labels can then be used with Teleport's RBAC policies to define access rul
For more information on how to set static/dynamic labels for Teleport services, see [labelling nodes and applications](../../management/admin/labels.mdx).
-
-
+`values.yaml` example:
+
```yaml
labels:
environment: production
region: us-east
```
-
-
- ```code
- $ --set labels.environment=production \
- --set labels.region=us-east
- ```
-
-
## `storage`
@@ -1074,19 +885,12 @@ If `storage.enabled` is `false`, the chart configures the Teleport pod to manage
its data with a temporary directory that exists until the Teleport pod stops
running.
-
-
+`values.yaml` example:
+
```yaml
storage:
enabled: true
```
-
-
- ```code
- --set storage.enabled=true
- ```
-
-
### `storage.storageClassName`
@@ -1099,19 +903,12 @@ name needs to exist on the Kubernetes cluster for Teleport to use.
[Kubernetes reference](https://kubernetes.io/docs/concepts/storage/storage-classes/)
-
-
+`values.yaml` example:
+
```yaml
storage:
storageClassName: teleport-storage-class
```
-
-
- ```code
- --set storage.storageClassName=teleport-storage-class
- ```
-
-
### `storage.requests`
@@ -1121,19 +918,12 @@ name needs to exist on the Kubernetes cluster for Teleport to use.
The size of persistent volume to create.
-
-
+`values.yaml` example:
+
```yaml
storage:
requests: 128Mi
```
-
-
- ```code
- --set storage.requests=128Mi
- ```
-
-
## `image`
@@ -1154,18 +944,11 @@ For this reason, it is strongly discouraged to set a custom image when
connecting to a Teleport Cloud instance enrolled in automatic updates.
-
-
+`values.yaml` example:
+
```yaml
image: my.docker.registry/teleport-image-name
```
-
-
- ```code
- $ --set image=my.docker.registry/teleport-image-name
- ```
-
-
## `imagePullSecrets`
@@ -1177,19 +960,12 @@ connecting to a Teleport Cloud instance enrolled in automatic updates.
A list of secrets containing authorization tokens which can be optionally used to access a private Docker registry.
-
-
+`values.yaml` example:
+
```yaml
imagePullSecrets:
- name: my-docker-registry-key
```
-
-
- ```shell
- --set "imagePullSecrets[0].name=my-docker-registry-key"
- ```
-
-
### `highAvailability`
@@ -1210,19 +986,12 @@ Set to a number higher than `1` for a high availability mode where multiple Tele
clusters with more traffic.
-
-
+`values.yaml` example:
+
```yaml
highAvailability:
replicaCount: 3
```
-
-
- ```shell
- --set highAvailability.replicaCount=3
- ```
-
-
## `highAvailability.requireAntiAffinity`
@@ -1246,19 +1015,12 @@ Teleport pods must not be scheduled on the same physical host.
This setting only has any effect when `highAvailability.replicaCount` is greater than `1`.
-
-
+`values.yaml` example:
+
```yaml
highAvailability:
requireAntiAffinity: true
```
-
-
- ```shell
- --set highAvailability.requireAntiAffinity=true
- ```
-
-
## `highAvailability.podDisruptionBudget`
@@ -1272,20 +1034,13 @@ Teleport pods must not be scheduled on the same physical host.
Enable a Pod Disruption Budget for the Teleport Pod to ensure HA during voluntary disruptions.
-
-
+`values.yaml` example:
+
```yaml
highAvailability:
podDisruptionBudget:
enabled: true
```
-
-
- ```shell
- --set highAvailability.podDisruptionBudget.enabled=true
- ```
-
-
### `highAvailability.podDisruptionBudget.minAvailable`
@@ -1297,20 +1052,13 @@ Enable a Pod Disruption Budget for the Teleport Pod to ensure HA during voluntar
Ensures that this number of replicas is available during voluntary disruptions, can be a number of replicas or a percentage.
-
-
+`values.yaml` example:
+
```yaml
highAvailability:
podDisruptionBudget:
minAvailable: 1
```
-
-
- ```shell
- --set highAvailability.podDisruptionBudget.minAvailable=1
- ```
-
-
## `clusterRoleName`
@@ -1324,18 +1072,11 @@ Ensures that this number of replicas is available during voluntary disruptions,
Most users will not need to change this.
-
-
+`values.yaml` example:
+
```yaml
clusterRoleName: kubernetes-clusterrole
```
-
-
- ```code
- $ --set clusterRoleName=kubernetes-clusterrole
- ```
-
-
## `clusterRoleBindingName`
@@ -1349,18 +1090,11 @@ Ensures that this number of replicas is available during voluntary disruptions,
`clusterRoleBindingName` can be optionally used to override the name of the Kubernetes `ClusterRoleBinding` used by the `teleport-kube-agent` chart's `ServiceAccount`.
-
-
+`values.yaml` example:
+
```yaml
clusterRoleBindingName: kubernetes-clusterrolebinding
```
-
-
- ```code
- $ --set clusterRoleBindingName=kubernetes-clusterrolebinding
- ```
-
-
## `priorityClassName`
@@ -1370,18 +1104,11 @@ Ensures that this number of replicas is available during voluntary disruptions,
`priorityClassName` allows to specify a priority class for the `teleport-kube-agent` deployment/statefulset.
-
-
+`values.yaml` example:
+
```yaml
priorityClassName: "teleport-kube-agent"
```
-
-
- ```code
- $ --set priorityClassName=teleport-kube-agent
- ```
-
-
## `serviceAccount.create`
@@ -1394,21 +1121,13 @@ Ensures that this number of replicas is available during voluntary disruptions,
Boolean value to control whether Helm Chart should create the `ServiceAccount`.
When off, the `serviceAccount.name` parameter should be set to the existing `ServiceAccount` name.
-
-
+`values.yaml` example:
+
```yaml
serviceAccount:
create: false
name: kubernetes-serviceaccount
```
-
-
- ```code
- $ --set serviceAccount.create=false
- $ --set serviceAccount.name=kubernetes-serviceaccount
- ```
-
-
## `serviceAccount.name`
@@ -1424,19 +1143,12 @@ You should set this value if there is a `ServiceAccount` resource in the
namespace of your `teleport-kube-agent` resources with the same name as your
`teleport-kube-agent` release.
-
-
+`values.yaml` example:
+
```yaml
serviceAccount:
name: kubernetes-serviceaccount
```
-
-
- ```code
- $ --set serviceAccount.name=kubernetes-serviceaccount
- ```
-
-
## `secretName`
@@ -1461,23 +1173,14 @@ $ kubectl --namespace teleport create secret generic teleport-kube-agent-join-to
The key used for the auth token inside the secret must be `auth-token`, as in the command above.
-
-
+`values.yaml` example:
+
```yaml
secretName: "secret-i-created-before"
joinParams:
method: "token"
tokenName: ""
```
-
-
- ```code
- $ --set secretName="secret-i-created-before" \
- --set joinParams.method="token" \
- --set joinParams.tokenName=""
- ```
-
-
## `log`
@@ -1499,19 +1202,12 @@ The default is `INFO`, which is recommended in production.
`DEBUG` is useful during first-time setup or to see more detailed logs for debugging.
-
-
+`values.yaml` example:
+
```yaml
log:
level: DEBUG
```
-
-
- ```code
- --set log.level=DEBUG
- ```
-
-
### `log.output`
@@ -1525,19 +1221,12 @@ This can be set to any of the built-in values: `stdout`, `stderr` or `syslog` to
The value can also be set to a file path (such as `/var/log/teleport.log`) to write logs to a file. Bear in mind that a few service startup messages will still go to `stderr` for resilience.
-
-
+`values.yaml` example:
+
```yaml
log:
output: stderr
```
-
-
- ```code
- --set log.output=stderr
- ```
-
-
### `log.format`
@@ -1549,19 +1238,12 @@ The value can also be set to a file path (such as `/var/log/teleport.log`) to wr
Possible values are `text` (default) or `json`.
-
-
+`values.yaml` example:
+
```yaml
log:
format: json
```
-
-
- ```code
- --set log.format=json
- ```
-
-
### `log.extraFields`
@@ -1573,20 +1255,12 @@ Possible values are `text` (default) or `json`.
See the [Teleport config file reference](../../reference/config.mdx) for more details on possible values for `extra_fields`.
-
-
+`values.yaml` example:
+
```yaml
log:
extraFields: ["timestamp", "level"]
```
-
-
- ```code
- --set "log.extraFields[0]=timestamp" \
- --set "log.extraFields[1]=level"
- ```
-
-
## `affinity`
@@ -1602,8 +1276,8 @@ Kubernetes affinity to set for pod assignments.
You cannot set both `affinity` and `highAvailability.requireAntiAffinity` as they conflict with each other.
-
-
+`values.yaml` example:
+
```yaml
affinity:
nodeAffinity:
@@ -1615,15 +1289,6 @@ Kubernetes affinity to set for pod assignments.
values:
- teleport
```
-
-
- ```code
- $ --set affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key=gravitational.io/dedicated \
- --set affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator=In \
- --set affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0]=teleport
- ```
-
-
## `dnsConfig`
@@ -1672,21 +1337,13 @@ nodes that Teleport pods will run on.
[Kubernetes reference](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/)
-
-
+`values.yaml` example:
+
```yaml
nodeSelector:
role: node
region: us-east
```
-
-
- ```code
- --set nodeSelector.role=node \
- --set nodeSelector.region=us-east
- ```
-
-
## `extraLabels.clusterRole`
@@ -1698,24 +1355,13 @@ nodes that Teleport pods will run on.
Kubernetes labels that should be applied to the `ClusterRole` created by the chart.
-
-
+`values.yaml` example:
+
```yaml
extraLabels:
clusterRole:
app.kubernetes.io/name: teleport-kube-agent
```
-
-
- ```code
- $ --set extraLabels.clusterRole."app\.kubernetes\.io\/name"=teleport-kube-agent
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `extraLabels.clusterRoleBinding`
@@ -1727,24 +1373,13 @@ Kubernetes labels that should be applied to the `ClusterRole` created by the cha
Kubernetes labels that should be applied to the `ClusterRoleBinding` created by the chart.
-
-
+`values.yaml` example:
+
```yaml
extraLabels:
clusterRoleBinding:
app.kubernetes.io/name: teleport-kube-agent
```
-
-
- ```code
- $ --set extraLabels.clusterRoleBinding."app\.kubernetes\.io\/name"=teleport-kube-agent
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `extraLabels.role`
@@ -1757,24 +1392,13 @@ Kubernetes labels that should be applied to the `ClusterRoleBinding` created by
Kubernetes labels that should be applied to the `Role` created by the chart for
the Teleport pod.
-
-
+`values.yaml` example:
+
```yaml
extraLabels:
role:
app.kubernetes.io/name: teleport-kube-agent
```
-
-
- ```code
- $ --set extraLabels.role."app\.kubernetes\.io\/name"=teleport-kube-agent
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `extraLabels.roleBinding`
@@ -1787,24 +1411,13 @@ the Teleport pod.
Kubernetes labels that should be applied to the `RoleBinding` created by the
chart for the Teleport pod.
-
-
+`values.yaml` example:
+
```yaml
extraLabels:
roleBinding:
app.kubernetes.io/name: teleport-kube-agent
```
-
-
- ```code
- $ --set extraLabels.roleBinding."app\.kubernetes\.io\/name"=teleport-kube-agent
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `extraLabels.config`
@@ -1816,24 +1429,13 @@ chart for the Teleport pod.
Kubernetes labels that should be applied to the `ConfigMap` created by the chart.
-
-
+`values.yaml` example:
+
```yaml
extraLabels:
config:
app.kubernetes.io/name: teleport-kube-agent
```
-
-
- ```code
- $ --set extraLabels.config."app\.kubernetes\.io\/name"=teleport-kube-agent
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `extraLabels.deployment`
@@ -1845,24 +1447,13 @@ Kubernetes labels that should be applied to the `ConfigMap` created by the chart
Kubernetes labels that should be applied to the `Deployment` or `StatefulSet` created by the chart.
-
-
+`values.yaml` example:
+
```yaml
extraLabels:
deployment:
app.kubernetes.io/name: teleport-kube-agent
```
-
-
- ```code
- $ --set extraLabels.deployment."app\.kubernetes\.io\/name"=teleport-kube-agent
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `extraLabels.pod`
@@ -1874,24 +1465,13 @@ Kubernetes labels that should be applied to the `Deployment` or `StatefulSet` cr
Kubernetes labels that should be applied to every `Pod` in the `Deployment` or `StatefulSet` created by the chart.
-
-
+`values.yaml` example:
+
```yaml
extraLabels:
pod:
app.kubernetes.io/name: teleport-kube-agent
```
-
-
- ```code
- $ --set extraLabels.pod."app\.kubernetes\.io\/name"=teleport-kube-agent
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `extraLabels.podDisruptionBudget`
@@ -1903,24 +1483,13 @@ Kubernetes labels that should be applied to every `Pod` in the `Deployment` or `
Kubernetes labels that should be applied to the `PodDisruptionBudget` created by the chart (if enabled).
-
-
+`values.yaml` example:
+
```yaml
extraLabels:
podDisruptionBudget:
app.kubernetes.io/name: teleport-kube-agent
```
-
-
- ```code
- $ --set extraLabels.podDisruptionBudget."app\.kubernetes\.io\/name"=teleport-kube-agent
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `extraLabels.podSecurityPolicy`
@@ -1932,24 +1501,13 @@ Kubernetes labels that should be applied to the `PodDisruptionBudget` created by
Kubernetes labels that should be applied to the `PodSecurityPolicy` created by the chart (if enabled).
-
-
+`values.yaml` example:
+
```yaml
extraLabels:
podSecurityPolicy:
app.kubernetes.io/name: teleport-kube-agent
```
-
-
- ```code
- $ --set extraLabels.podSecurityPolicy."app\.kubernetes\.io\/name"=teleport-kube-agent
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `extraLabels.secret`
@@ -1961,24 +1519,13 @@ Kubernetes labels that should be applied to the `PodSecurityPolicy` created by t
Kubernetes labels that should be applied to the `Secret` created by the chart (if enabled).
-
-
+`values.yaml` example:
+
```yaml
extraLabels:
secret:
app.kubernetes.io/name: teleport-kube-agent
```
-
-
- ```code
- $ --set extraLabels.secret."app\.kubernetes\.io\/name"=teleport-kube-agent
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `extraLabels.serviceAccount`
@@ -1991,24 +1538,13 @@ Kubernetes labels that should be applied to the `Secret` created by the chart (i
Kubernetes labels that should be applied to the `ServiceAccount` created by the
chart for the Teleport pod.
-
-
+`values.yaml` example:
+
```yaml
extraLabels:
serviceAccount:
app.kubernetes.io/name: teleport-kube-agent
```
-
-
- ```code
- $ --set extraLabels.serviceAccount."app\.kubernetes\.io\/name"=teleport-kube-agent
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `annotations.config`
@@ -2025,24 +1561,13 @@ Kubernetes annotations which should be applied to the `ConfigMap` created by the
In this instance, you should apply annotations manually to your created `ConfigMap`.
-
-
+`values.yaml` example:
+
```yaml
annotations:
config:
kubernetes.io/annotation: value
```
-
-
- ```code
- $ --set annotations.config."kubernetes\.io\/annotation"=value
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `annotations.deployment`
@@ -2054,24 +1579,13 @@ Kubernetes annotations which should be applied to the `ConfigMap` created by the
Kubernetes annotations which should be applied to the `Deployment` created by the chart.
-
-
+`values.yaml` example:
+
```yaml
annotations:
deployment:
kubernetes.io/annotation: value
```
-
-
- ```code
- $ --set annotations.deployment."kubernetes\.io\/annotation"=value
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `annotations.pod`
@@ -2083,24 +1597,13 @@ Kubernetes annotations which should be applied to the `Deployment` created by th
Kubernetes annotations which should be applied to each `Pod` created by the chart.
-
-
+`values.yaml` example:
+
```yaml
annotations:
pod:
kubernetes.io/annotation: value
```
-
-
- ```code
- $ --set annotations.pod."kubernetes\.io\/annotation"=value
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `annotations.serviceAccount`
@@ -2112,24 +1615,13 @@ Kubernetes annotations which should be applied to each `Pod` created by the char
Kubernetes annotations which should be applied to the `ServiceAccount` created by the chart.
-
-
+`values.yaml` example:
+
```yaml
annotations:
serviceAccount:
kubernetes.io/annotation: value
```
-
-
- ```code
- $ --set annotations.serviceAccount."kubernetes\.io\/annotation"=value
- ```
-
- You must escape values entered on the command line correctly for Helm's CLI to understand them. We recommend
- using a `values.yaml` file instead to avoid confusion and errors.
-
-
-
## `extraVolumes`
@@ -2142,22 +1634,14 @@ Kubernetes annotations which should be applied to the `ServiceAccount` created b
A list of extra Kubernetes `Volumes` which should be available to any `Pod` created by the chart. These volumes
will also be available to any `initContainers` configured by the chart.
-
-
+`values.yaml` example:
+
```yaml
extraVolumes:
- name: myvolume
secret:
secretName: mysecret
```
-
-
- ```code
- $ --set "extraVolumes[0].name=myvolume" \
- --set "extraVolumes[0].secret.secretName=mysecret"
- ```
-
-
## `extraArgs`
@@ -2167,19 +1651,12 @@ will also be available to any `initContainers` configured by the chart.
A list of extra arguments to pass to the `teleport start` command when running a Teleport Pod.
-
-
+`values.yaml` example:
+
```yaml
extraArgs:
- "--debug"
```
-
-
- ```code
- $ --set "extraArgs={--debug}"
- ```
-
-
## `extraEnv`
@@ -2191,21 +1668,13 @@ A list of extra arguments to pass to the `teleport start` command when running a
A list of extra environment variables to be set on the main Teleport container.
-
-
+`values.yaml` example:
+
```yaml
extraEnv:
- name: HTTPS_PROXY
value: "http://username:password@my.proxy.host:3128"
```
-
-
- ```code
- $ --set "extraEnv[0].name=HTTPS_PROXY" \
- --set "extraEnv[0].value=\"http://username:password@my.proxy.host:3128\""
- ```
-
-
## `extraVolumeMounts`
@@ -2218,21 +1687,13 @@ A list of extra environment variables to be set on the main Teleport container.
A list of extra Kubernetes volume mounts which should be mounted into any `Pod` created by the chart. These volume
mounts will also be mounted into any `initContainers` configured by the chart.
-
-
+`values.yaml` example:
+
```yaml
extraVolumeMounts:
- name: myvolume
mountPath: /path/to/mount/volume
```
-
-
- ```code
- $ --set "extraVolumeMounts[0].name=myvolume" \
- --set "extraVolumeMounts[0].path=/path/to/mount/volume"
- ```
-
-
## `imagePullPolicy`
@@ -2244,18 +1705,11 @@ mounts will also be mounted into any `initContainers` configured by the chart.
Allows the `imagePullPolicy` for any pods created by the chart to be overridden.
-
-
+`values.yaml` example:
+
```yaml
imagePullPolicy: Always
```
-
-
- ```code
- $ --set imagePullPolicy=Always
- ```
-
-
## `initContainers`
@@ -2267,23 +1721,14 @@ Allows the `imagePullPolicy` for any pods created by the chart to be overridden.
A list of `initContainers` which will be run before the main Teleport container in any pod created by the chart.
-
-
+`values.yaml` example:
+
```yaml
initContainers:
- name: teleport-init
image: alpine
args: ['echo test']
```
-
-
- ```code
- $ --set "initContainers[0].name=teleport-init" \
- --set "initContainers[0].image=alpine" \
- --set "initContainers[0].args={echo test}"
- ```
-
-
## `resources`
@@ -2296,22 +1741,14 @@ A list of `initContainers` which will be run before the main Teleport container
Resource requests/limits which should be configured for each container inside the pod. These resource limits
will also be applied to `initContainers`.
-
-
+`values.yaml` example:
+
```yaml
resources:
requests:
cpu: 1
memory: 2Gi
```
-
-
- ```code
- $ --set resources.requests.cpu=1 \
- --set resources.requests.memory=2Gi
- ```
-
-
## `initSecurityContext`
@@ -2361,8 +1798,8 @@ To unset the security context, set it to `null` or `~`.
Kubernetes Tolerations to set for pod assignment.
-
-
+`values.yaml` example:
+
```yaml
tolerations:
- key: "dedicated"
@@ -2370,16 +1807,6 @@ Kubernetes Tolerations to set for pod assignment.
value: "teleport"
effect: "NoSchedule"
```
-
-
- ```code
- $ --set tolerations[0].key=dedicated \
- --set tolerations[0].operator=Equal \
- --set tolerations[0].value=teleport \
- --set tolerations[0].effect=NoSchedule
- ```
-
-
## `probeTimeoutSeconds`
@@ -2391,15 +1818,8 @@ Kubernetes Tolerations to set for pod assignment.
Kubernetes timeouts for the liveness and readiness probes.
-
-
+`values.yaml` example:
+
```yaml
probeTimeoutSeconds: 5
```
-
-
- ```code
- $ --set probeTimeoutSeconds=5
- ```
-
-
diff --git a/docs/pages/reference/helm-reference/teleport-plugin-event-handler.mdx b/docs/pages/reference/helm-reference/teleport-plugin-event-handler.mdx
index c55e234600475..5314e57673544 100644
--- a/docs/pages/reference/helm-reference/teleport-plugin-event-handler.mdx
+++ b/docs/pages/reference/helm-reference/teleport-plugin-event-handler.mdx
@@ -19,19 +19,12 @@ This reference details available values for the `teleport-plugin-event-handler`
This parameter contains the host/port combination of the Teleport Auth Service.
-
-
+`values.yaml` example:
+
```yaml
teleport:
address: "teleport.example.com:3025"
```
-
-
- ```code
- $ --set teleport.address="teleport.example.com:3025"
- ```
-
-
## `teleport.identitySecretName`
@@ -55,19 +48,12 @@ data:
Check out the [Event Handler Helm Chart documentation](https://github.com/gravitational/teleport-plugins/tree/v(=teleport.version=)/charts/event-handler/#prerequisites) for more information about how to acquire these credentials.
-
-
+`values.yaml` example:
+
```yaml
teleport:
identitySecretName: "teleport-plugin-event-handler-identity"
```
-
-
- ```code
- $ --set teleport.identitySecretName="teleport-plugin-event-handler-identity"
- ```
-
-
## `teleport.identitySecretPath`
@@ -77,19 +63,12 @@ Check out the [Event Handler Helm Chart documentation](https://github.com/gravit
Name of the key in the Kubernetes secret that holds the credentials for the connection. If the secret follows the format above, it can be omitted.
-
-
+`values.yaml` example:
+
```yaml
teleport:
identitySecretPath: "auth_id"
```
-
-
- ```code
- $ --set teleport.identitySecretPath="auth_id"
- ```
-
-
## `fluentd.url`
@@ -99,19 +78,12 @@ Name of the key in the Kubernetes secret that holds the credentials for the conn
Fluentd URL where the events will be sent.
-
-
+`values.yaml` example:
+
```yaml
fluentd:
url: "https://fluentd:24224/events.log"
```
-
-
- ```code
- $ --set fluentd.url="https://fluentd:24224/events.log"
- ```
-
-
## `fluentd.sessionUrl`
@@ -121,19 +93,12 @@ Fluentd URL where the events will be sent.
Fluentd URL where the session logs will be sent.
-
-
+`values.yaml` example:
+
```yaml
fluentd:
sessionUrl: "https://fluentd:24224/session.log"
```
-
-
- ```code
- $ --set fluentd.sessionUrl="https://fluentd:24224/session.log"
- ```
-
-
## `fluentd.certificate.secretName`
@@ -143,19 +108,12 @@ Fluentd URL where the session logs will be sent.
Secret containing the credentials to connect to Fluentd. It must to contain the CA certificate, the client key and the client certificate.
-
-
+`values.yaml` example:
+
```yaml
fluentd:
secretName: "teleport-plugin-event-handler-fluentd"
```
-
-
- ```code
- $ --set fluentd.secretName="teleport-plugin-event-handler-fluentd"
- ```
-
-
## `fluentd.certificate.caPath`
@@ -165,19 +123,12 @@ Secret containing the credentials to connect to Fluentd. It must to contain the
Name of the key which contains the CA certificate inside the secret.
-
-
+`values.yaml` example:
+
```yaml
fluentd:
caPath: "ca.crt"
```
-
-
- ```code
- $ --set fluentd.caPath="ca.crt"
- ```
-
-
## `fluentd.certificate.keyPath`
@@ -187,19 +138,12 @@ Name of the key which contains the CA certificate inside the secret.
Name of the key which contains the client's private key inside the secret.
-
-
+`values.yaml` example:
+
```yaml
fluentd:
keyPath: "client.key"
```
-
-
- ```code
- $ --set fluentd.keyPath="client.key"
- ```
-
-
## `fluentd.certificate.certPath`
@@ -209,19 +153,12 @@ Name of the key which contains the client's private key inside the secret.
Name of the key which contains the client's certificate inside the secret.
-
-
+`values.yaml` example:
+
```yaml
fluentd:
certPath: "client.crt"
```
-
-
- ```code
- $ --set fluentd.certPath="client.crt"
- ```
-
-
## `log.output`
@@ -231,19 +168,12 @@ Name of the key which contains the client's certificate inside the secret.
Logger output. Can be `stdout`, `stderr` or a file name, eg. `/var/log/teleport/fluentd.log`.
-
-
+`values.yaml` example:
+
```yaml
log:
output: /var/log/teleport/fluentd.log
```
-
-
- ```code
- $ --set log.output="/var/log/teleport/fluentd.log"
- ```
-
-
## `log.severity`
@@ -253,16 +183,9 @@ Logger output. Can be `stdout`, `stderr` or a file name, eg. `/var/log/teleport/
Logger severity. Possible values are `INFO`, `ERROR`, `DEBUG` or `WARN`.
-
-
+`values.yaml` example:
+
```yaml
log:
severity: DEBUG
```
-
-
- ```code
- $ --set log.severity="DEBUG"
- ```
-
-
diff --git a/docs/pages/reference/helm-reference/teleport-plugin-jira.mdx b/docs/pages/reference/helm-reference/teleport-plugin-jira.mdx
index f09c34ffedba5..98ba8cbd737cb 100644
--- a/docs/pages/reference/helm-reference/teleport-plugin-jira.mdx
+++ b/docs/pages/reference/helm-reference/teleport-plugin-jira.mdx
@@ -22,19 +22,12 @@ This reference details available values for the `teleport-plugin-jira` chart.
This parameter contains the host/port combination of the Teleport Auth Service
or Proxy Service.
-
-
+`values.yaml` example:
+
```yaml
teleport:
address: "teleport.example.com:3025"
```
-
-
- ```code
- $ --set teleport.address="teleport.example.com:3025"
- ```
-
-
## `teleport.identitySecretName`
@@ -61,19 +54,12 @@ Check out the [Jira Helm Chart
documentation](../../access-controls/access-request-plugins/ssh-approval-jira.mdx)
for more information about how to acquire these credentials.
-
-
+`values.yaml` example:
+
```yaml
teleport:
identitySecretName: "teleport-plugin-jira-identity"
```
-
-
- ```code
- $ --set teleport.identitySecretName="teleport-plugin-jira-identity"
- ```
-
-
## `teleport.identitySecretPath`
@@ -85,19 +71,12 @@ Name of the key in the Kubernetes secret that holds the credentials for the
connection to the Auth Service. If the secret follows the format above, it can
be omitted.
-
-
+`values.yaml` example:
+
```yaml
teleport:
identitySecretPath: "auth_id"
```
-
-
- ```code
- $ --set teleport.identitySecretPath="auth_id"
- ```
-
-
## `jira.apiTokenFromSecret`
@@ -107,19 +86,12 @@ be omitted.
Secret containing the Jira token of the bot user.
-
-
+`values.yaml` example:
+
```yaml
jira:
apiTokenFromSecret: "teleport-jira-plugin-token"
```
-
-
- ```code
- $ --set jira.apiTokenFromSecret="teleport-jira-plugin-token"
- ```
-
-
## `jira.apiTokenSecretPath`
@@ -129,19 +101,12 @@ Secret containing the Jira token of the bot user.
Key where the token is located inside the secret specified by `jira.apiTokenFromSecret`.
-
-
+`values.yaml` example:
+
```yaml
jira:
apiTokenSecretPath: "token"
```
-
-
- ```code
- $ --set jira.apiTokenSecretPath="token"
- ```
-
-
## `jira.issueType`
@@ -151,19 +116,12 @@ Key where the token is located inside the secret specified by `jira.apiTokenFrom
Issue type to be created when a new Access Request is made.
-
-
+`values.yaml` example:
+
```yaml
jira:
issueType: Task
```
-
-
- ```code
- $ --set jira.issueType=Task
- ```
-
-
## `jira.project`
@@ -173,19 +131,12 @@ Issue type to be created when a new Access Request is made.
List of project who will receive notifications about Access Requests.
-
-
+`values.yaml` example:
+
```yaml
jira:
project: MYPROJ
```
-
-
- ```code
- $ --set jira.project=MYPROJ
- ```
-
-
## `jira.recipients`
@@ -195,21 +146,14 @@ List of project who will receive notifications about Access Requests.
List of recipients who will receive notifications about Access Requests.
-
-
+`values.yaml` example:
+
```yaml
jira:
recipients:
- user1@example.com
- user2@example.com
```
-
-
- ```code
- $ --set jira.recipients[0]="user1@example.com",jira.recipients[0]="user1@example.com"
- ```
-
-
## `jira.token`
@@ -221,19 +165,12 @@ Jira token of the bot user to impersonate when sending Access Request
messages. It's only recommended for testing purposes. Please use
[`jira.apiTokenFromSecret`](#jiraapitokenfromsecret) instead.
-
-
+`values.yaml` example:
+
```yaml
jira:
token: "jiraapitoken"
```
-
-
- ```code
- $ --set jira.token="jiraapitoken"
- ```
-
-
## `jira.url`
@@ -243,19 +180,12 @@ messages. It's only recommended for testing purposes. Please use
Base URL of the Jira instance.
-
-
+`values.yaml` example:
+
```yaml
jira:
url: "https://jira.example.com/"
```
-
-
- ```code
- $ --set jira.url="https://jira.example.com/"
- ```
-
-
## `jira.username`
@@ -265,19 +195,12 @@ Base URL of the Jira instance.
Jira username or email address associated with the token.
-
-
+`values.yaml` example:
+
```yaml
jira:
username: "user@example.com"
```
-
-
- ```code
- $ --set jira.username="user@example.com"
- ```
-
-
## `log.output`
@@ -287,19 +210,12 @@ Jira username or email address associated with the token.
Logger output. Can be `stdout`, `stderr` or a file name, eg. `/var/log/teleport/jira.log`
-
-
+`values.yaml` example:
+
```yaml
log:
output: /var/log/teleport/jira.log
```
-
-
- ```code
- $ --set log.output="/var/log/teleport/jira.log"
- ```
-
-
## `log.severity`
@@ -309,16 +225,9 @@ Logger output. Can be `stdout`, `stderr` or a file name, eg. `/var/log/teleport/
Logger severity. Possible values are `INFO`, `ERROR`, `DEBUG` or `WARN`.
-
-
+`values.yaml` example:
+
```yaml
log:
severity: DEBUG
```
-
-
- ```code
- $ --set log.severity="DEBUG"
- ```
-
-
diff --git a/docs/pages/reference/helm-reference/teleport-plugin-mattermost.mdx b/docs/pages/reference/helm-reference/teleport-plugin-mattermost.mdx
index 59f89f962ded1..83c79b1fa122a 100644
--- a/docs/pages/reference/helm-reference/teleport-plugin-mattermost.mdx
+++ b/docs/pages/reference/helm-reference/teleport-plugin-mattermost.mdx
@@ -21,19 +21,12 @@ This reference details available values for the `teleport-plugin-mattermost` cha
This parameter contains the host/port combination of the Teleport Auth Service or Proxy Service.
-
-
+`values.yaml` example:
+
```yaml
teleport:
address: "teleport.example.com:3025"
```
-
-
- ```code
- $ --set teleport.address="teleport.example.com:3025"
- ```
-
-
## `teleport.identitySecretName`
@@ -58,19 +51,12 @@ data:
Check out the [Access Requests with Mattermost](../../access-controls/access-request-plugins/ssh-approval-mattermost.mdx) guide
for more information about how to acquire these credentials.
-
-
+`values.yaml` example:
+
```yaml
teleport:
identitySecretName: "teleport-plugin-mattermost-identity"
```
-
-
- ```code
- $ --set teleport.identitySecretName="teleport-plugin-mattermost-identity"
- ```
-
-
## `teleport.identitySecretPath`
@@ -82,19 +68,12 @@ The key in the Kubernetes secret specified by `teleport.identitySecretName` that
credentials for the connection to your Teleport cluster. If the secret has the path,
`"auth_id"`, you can omit this field.
-
-
+`values.yaml` example:
+
```yaml
teleport:
identitySecretPath: "auth_id"
```
-
-
- ```code
- $ --set teleport.identitySecretPath="auth_id"
- ```
-
-
## `mattermost.url`
@@ -104,19 +83,12 @@ credentials for the connection to your Teleport cluster. If the secret has the p
Base URL of the Mattermost instance.
-
-
+`values.yaml` example:
+
```yaml
mattermost:
url: "https://mattermost.example.com/"
```
-
-
- ```code
- $ --set mattermost.url="https://mattermost.example.com/"
- ```
-
-
## `mattermost.token`
@@ -129,19 +101,12 @@ messages. Ignored when `mattermost.tokenFromSecret` is set.
It's only recommended for testing purposes. Please use
[`mattermost.tokenFromSecret`](#mattermosttokenfromsecret) instead.
-
-
+`values.yaml` example:
+
```yaml
mattermost:
token: "xoxb-1234"
```
-
-
- ```code
- $ --set mattermost.token="xoxb-1234"
- ```
-
-
## `mattermost.tokenFromSecret`
@@ -151,19 +116,12 @@ It's only recommended for testing purposes. Please use
Secret containing the Mattermost token of the bot user.
-
-
+`values.yaml` example:
+
```yaml
mattermost:
tokenFromSecret: "teleport-mattermost-plugin-token"
```
-
-
- ```code
- $ --set mattermost.tokenFromSecret="teleport-mattermost-plugin-token"
- ```
-
-
## `mattermost.tokenSecretPath`
@@ -173,19 +131,12 @@ Secret containing the Mattermost token of the bot user.
Key where the token is located inside the secret specified by `mattermost.tokenFromSecret`.
-
-
+`values.yaml` example:
+
```yaml
mattermost:
tokenSecretPath: "token"
```
-
-
- ```code
- $ --set mattermost.tokenSecretPath="token"
- ```
-
-
## `mattermost.recipients`
@@ -195,21 +146,14 @@ Key where the token is located inside the secret specified by `mattermost.tokenF
List of recipients who will receive notifications about Access Requests.
-
-
+`values.yaml` example:
+
```yaml
mattermost:
recipients:
- user1@example.com
- user2@example.com
```
-
-
- ```code
- $ --set mattermost.recipients[0]="user1@example.com",mattermost.recipients[0]="user1@example.com"
- ```
-
-
## `log.output`
@@ -219,19 +163,12 @@ List of recipients who will receive notifications about Access Requests.
Logger output. Could be `stdout`, `stderr` or a file name, eg. `/var/log/teleport/mattermost.log`
-
-
+`values.yaml` example:
+
```yaml
log:
output: /var/log/teleport/mattermost.log
```
-
-
- ```code
- $ --set log.output="/var/log/teleport/mattermost.log"
- ```
-
-
## `log.severity`
@@ -241,16 +178,9 @@ Logger output. Could be `stdout`, `stderr` or a file name, eg. `/var/log/telepor
Logger severity. Possible values are `INFO`, `ERROR`, `DEBUG` or `WARN`.
-
-
+`values.yaml` example:
+
```yaml
log:
severity: DEBUG
```
-
-
- ```code
- $ --set log.severity="DEBUG"
- ```
-
-
diff --git a/docs/pages/reference/helm-reference/teleport-plugin-pagerduty.mdx b/docs/pages/reference/helm-reference/teleport-plugin-pagerduty.mdx
index 9c5fca05147a1..fc439e8740f69 100644
--- a/docs/pages/reference/helm-reference/teleport-plugin-pagerduty.mdx
+++ b/docs/pages/reference/helm-reference/teleport-plugin-pagerduty.mdx
@@ -19,19 +19,12 @@ This reference details available values for the `teleport-plugin-pagerduty` char
This parameter contains the host/port combination of the Teleport Auth Service or Proxy Service.
-
-
+`values.yaml` example:
+
```yaml
teleport:
address: "teleport.example.com:3025"
```
-
-
- ```code
- $ --set teleport.address="teleport.example.com:3025"
- ```
-
-
## `teleport.identitySecretName`
@@ -55,19 +48,12 @@ data:
Read the [PagerDuty Helm Chart documentation](https://github.com/gravitational/teleport-plugins/tree/v(=teleport.version=)/charts/access/pagerduty#prerequisites) for more information about how to acquire these credentials.
-
-
+`values.yaml` example:
+
```yaml
teleport:
identitySecretName: "teleport-plugin-pagerduty-identity"
```
-
-
- ```code
- $ --set teleport.identitySecretName="teleport-plugin-pagerduty-identity"
- ```
-
-
## `teleport.identitySecretPath`
@@ -77,19 +63,12 @@ Read the [PagerDuty Helm Chart documentation](https://github.com/gravitational/t
Name of the key in the Kubernetes secret that holds the credentials for the connection. If the secret follows the format above, it can be omitted.
-
-
+`values.yaml` example:
+
```yaml
teleport:
identitySecretPath: "auth_id"
```
-
-
- ```code
- $ --set teleport.identitySecretPath="auth_id"
- ```
-
-
## `pagerduty.url`
@@ -99,19 +78,12 @@ Name of the key in the Kubernetes secret that holds the credentials for the conn
Base URL of the PagerDuty instance
-
-
+`values.yaml` example:
+
```yaml
pagerduty:
url: "https://pagerduty.example.com/"
```
-
-
- ```code
- $ --set pagerduty.url="https://pagerduty.example.com/"
- ```
-
-
## `pagerduty.apiKey`
@@ -122,19 +94,12 @@ Base URL of the PagerDuty instance
PagerDuty API key of the bot user to impersonate when sending messages. It's only recommended for testing purposes.
Please use [`pagerduty.apiKeyFromSecret`](#pagerdutyapikeyfromsecret) instead.
-
-
+`values.yaml` example:
+
```yaml
pagerduty:
apiKey: "pagerdutyapikey"
```
-
-
- ```code
- $ --set pagerduty.apiKey="pagerdutyapikey"
- ```
-
-
## `pagerduty.apiKeyFromSecret`
@@ -144,19 +109,12 @@ Please use [`pagerduty.apiKeyFromSecret`](#pagerdutyapikeyfromsecret) instead.
Secret containing the PagerDuty token of the bot user.
-
-
+`values.yaml` example:
+
```yaml
pagerduty:
apiKeyFromSecret: "teleport-pagerduty-plugin-token"
```
-
-
- ```code
- $ --set pagerduty.apiKeyFromSecret="teleport-pagerduty-plugin-token"
- ```
-
-
## `pagerduty.apiKeySecretPath`
@@ -166,19 +124,12 @@ Secret containing the PagerDuty token of the bot user.
Key where the token is located inside the secret specified by `pagerduty.apiKeyFromSecret`.
-
-
+`values.yaml` example:
+
```yaml
pagerduty:
apiKeySecretPath: "apiKey"
```
-
-
- ```code
- $ --set pagerduty.apiKeySecretPath="apiKey"
- ```
-
-
## `pagerduty.userEmail`
@@ -188,19 +139,12 @@ Key where the token is located inside the secret specified by `pagerduty.apiKeyF
Key where the token is located inside the secret specified by `pagerduty.apiKeyFromSecret`.
-
-
+`values.yaml` example:
+
```yaml
pagerduty:
userEmail: "apiKey"
```
-
-
- ```code
- $ --set pagerduty.userEmail="apiKey"
- ```
-
-
## `pagerduty.recipients`
@@ -210,21 +154,14 @@ Key where the token is located inside the secret specified by `pagerduty.apiKeyF
List of recipients who will receive notifications about Access Requests.
-
-
+`values.yaml` example:
+
```yaml
pagerduty:
recipients:
- user1@example.com
- user2@example.com
```
-
-
- ```code
- $ --set pagerduty.recipients[0]="user1@example.com",pagerduty.recipients[0]="user1@example.com"
- ```
-
-
## `log.output`
@@ -234,19 +171,12 @@ List of recipients who will receive notifications about Access Requests.
Logger output. Could be `stdout`, `stderr` or a file name, eg. `/var/log/teleport/pagerduty.log`
-
-
+`values.yaml` example:
+
```yaml
log:
output: /var/log/teleport/pagerduty.log
```
-
-
- ```code
- $ --set log.output="/var/log/teleport/pagerduty.log"
- ```
-
-
## `log.severity`
@@ -256,16 +186,9 @@ Logger output. Could be `stdout`, `stderr` or a file name, eg. `/var/log/telepor
Logger severity. Possible values are `INFO`, `ERROR`, `DEBUG` or `WARN`.
-
-
+`values.yaml` example:
+
```yaml
log:
severity: DEBUG
```
-
-
- ```code
- $ --set log.severity="DEBUG"
- ```
-
-
diff --git a/docs/pages/reference/helm-reference/teleport-plugin-slack.mdx b/docs/pages/reference/helm-reference/teleport-plugin-slack.mdx
index 76ed1606af36b..8157b539072dc 100644
--- a/docs/pages/reference/helm-reference/teleport-plugin-slack.mdx
+++ b/docs/pages/reference/helm-reference/teleport-plugin-slack.mdx
@@ -21,19 +21,12 @@ This parameter contains the host/port combination of the Teleport Proxy
Service (or the Auth Service if you are configuring your plugin to
connect to it directly).
-
-
+`values.yaml` example:
+
```yaml
teleport:
address: "teleport.example.com:3025"
```
-
-
- ```code
- $ --set teleport.address="teleport.example.com:3025"
- ```
-
-
## `teleport.identitySecretName`
@@ -60,19 +53,12 @@ Check out the [Access Requests with
Slack](../../access-controls/access-request-plugins/ssh-approval-slack.mdx) guide
for more information about how to acquire these credentials.
-
-
+`values.yaml` example:
+
```yaml
teleport:
identitySecretName: "teleport-plugin-slack-identity"
```
-
-
- ```code
- $ --set teleport.identitySecretName="teleport-plugin-slack-identity"
- ```
-
-
## `teleport.identitySecretPath`
@@ -84,19 +70,12 @@ The key in the Kubernetes secret specified by `teleport.identitySecretName` that
credentials for the connection to your Teleport cluster. If the secret has the path,
`"auth_id"`, you can omit this field.
-
-
+`values.yaml` example:
+
```yaml
teleport:
identitySecretPath: "auth_id"
```
-
-
- ```code
- $ --set teleport.identitySecretPath="auth_id"
- ```
-
-
## `slack.token`
@@ -109,19 +88,12 @@ messages. Ignored when `slack.tokenFromSecret` is set.
It's only recommended for testing purposes. Please use
[`slack.tokenFromSecret`](#slacktokenfromsecret) instead.
-
-
+`values.yaml` example:
+
```yaml
slack:
token: "xoxb-1234"
```
-
-
- ```code
- $ --set slack.token="xoxb-1234"
- ```
-
-
## `slack.tokenFromSecret`
@@ -131,19 +103,12 @@ It's only recommended for testing purposes. Please use
Secret containing the Slack token of the bot user.
-
-
+`values.yaml` example:
+
```yaml
slack:
tokenFromSecret: "teleport-slack-plugin-token"
```
-
-
- ```code
- $ --set slack.tokenFromSecret="teleport-slack-plugin-token"
- ```
-
-
## `slack.tokenSecretPath`
@@ -153,19 +118,12 @@ Secret containing the Slack token of the bot user.
Key where the token is located inside the secret specified by `slack.tokenFromSecret`.
-
-
+`values.yaml` example:
+
```yaml
slack:
tokenSecretPath: "token"
```
-
-
- ```code
- $ --set slack.tokenSecretPath="token"
- ```
-
-
## `roleToRecipients`
@@ -176,20 +134,13 @@ Key where the token is located inside the secret specified by `slack.tokenFromSe
Mapping of roles to a list of channels and Slack emails. It must contain
a mapping for `*` in case no matching roles are found.
-
-
+`values.yaml` example:
+
```yaml
roleToRecipients:
dev: ["dev-access-requests", "user@example.com"]
"*": ["access-requests"]
```
-
-
- ```code
- $ --set "roleToRecipients.dev[0]=dev-access-requests,roleToRecipients.dev[1]=user@example.com,roleToRecipients.\*[0]=access-requests"
- ```
-
-
## `log.output`
@@ -199,19 +150,12 @@ a mapping for `*` in case no matching roles are found.
Logger output. Could be `stdout`, `stderr` or a file name, eg. `/var/log/teleport/slack.log`
-
-
+`values.yaml` example:
+
```yaml
log:
output: /var/log/teleport/slack.log
```
-
-
- ```code
- $ --set log.output="/var/log/teleport/slack.log"
- ```
-
-
## `log.severity`
@@ -221,16 +165,9 @@ Logger output. Could be `stdout`, `stderr` or a file name, eg. `/var/log/telepor
Logger severity. Possible values are `INFO`, `ERROR`, `DEBUG` or `WARN`.
-
-
+`values.yaml` example:
+
```yaml
log:
severity: DEBUG
```
-
-
- ```code
- $ --set log.severity="DEBUG"
- ```
-
-