diff --git a/examples/chart/teleport-cluster/templates/config.yaml b/examples/chart/teleport-cluster/templates/config.yaml
index 857f5b3071489..7a00b20c57aa8 100644
--- a/examples/chart/teleport-cluster/templates/config.yaml
+++ b/examples/chart/teleport-cluster/templates/config.yaml
@@ -33,6 +33,8 @@ data:
         audit_sessions_uri: "gs://{{ required "gcp.sessionRecordingBucket is required in chart values" .Values.gcp.sessionRecordingBucket }}?projectID={{ required "gcp.projectId is required in chart values" .Values.gcp.projectId }}&credentialsPath=/etc/teleport-secrets/gcp-credentials.json"
   {{- end }}
     auth_service:
+      tokens:
+      - "app,node:/etc/teleport-secrets/auth-token"
       enabled: true
       cluster_name: {{ required "clusterName is required in chart values" .Values.clusterName }}
   {{- if .Values.enterprise }}
diff --git a/examples/chart/teleport-cluster/templates/deployment.yaml b/examples/chart/teleport-cluster/templates/deployment.yaml
index 62a38e93a8ad1..60edc6579df7e 100644
--- a/examples/chart/teleport-cluster/templates/deployment.yaml
+++ b/examples/chart/teleport-cluster/templates/deployment.yaml
@@ -156,6 +156,9 @@ spec:
           readOnly: true
         - mountPath: /var/lib/teleport
           name: "data"
+        - mountPath: /etc/teleport-secrets
+          name: "auth-token"
+          readOnly: true
 {{- if .Values.extraVolumeMounts }}
   {{- toYaml .Values.extraVolumeMounts | nindent 8 }}
 {{- end }}
@@ -178,6 +181,9 @@ spec:
       - name: "config"
         configMap:
           name: {{ .Release.Name }}
+      - name: "auth-token"
+        secret:
+          secretName: {{ .Values.secretName }}
       - name: "data"
         {{- if eq .Values.chartMode "standalone" }}
         persistentVolumeClaim:
diff --git a/examples/chart/teleport-cluster/values.yaml b/examples/chart/teleport-cluster/values.yaml
index f53e2b9060210..f7a90824aca27 100644
--- a/examples/chart/teleport-cluster/values.yaml
+++ b/examples/chart/teleport-cluster/values.yaml
@@ -142,6 +142,8 @@ enterpriseImage: quay.io/gravitational/teleport-ent
 # The default is INFO, which is recommended in production.
 # DEBUG is useful during first-time setup or to see more detailed logs for debugging.
 logLevel: INFO
+# Name of the Secret to store the teleport join token.
+secretName: teleport-kube-agent-join-token
 
 
 ##################################