helm: Add logging configuration to teleport-kube-agent chart (#9632)

* [helm] Re-add space after type in service definition (#9503)

The whitespace after `type:` was being trimmed, which was causing a lint error. Not sure how this got through the linter in the first place.

* helm: Adds log configuration to teleport-kube-agent chart

* Remove erroneous value

* Update reference.mdx

Remove shell prompt character

docs/pages/kubernetes-access/helm/reference.mdx

@@ -1985,13 +1985,19 @@ $ kubectl --namespace teleport create secret generic teleport-kube-agent-join-to
   </TabItem>
 </Tabs>
 
-## `logLevel`
+## `log`
+
+### `log.level`
+
+<Admonition type="note">
+  This field used to be called `logLevel`. For backwards compatibility this name can still be used, but we recommend changing your values file to use `log.level`.
+</Admonition>
 
 | Type | Default value |
 | - | - |
 | `string` | `INFO` |
 
-`logLevel` sets the log level used for the Teleport process.
+`log.level` sets the log level used for the Teleport process.
 
 Available log levels (in order of most to least verbose) are: `DEBUG`, `INFO`, `WARNING`, `ERROR`.
 
@@ -2002,12 +2008,88 @@ The default is `INFO`, which is recommended in production.
 <Tabs>
   <TabItem label="values.yaml">
   ```yaml
-  logLevel: DEBUG
+  log:
+    level: DEBUG
+  ```
+  </TabItem>
+  <TabItem label="--set">
+  ```code
+  --set log.level=DEBUG
+  ```
+  </TabItem>
+</Tabs>
+
+### `log.output`
+
+| Type | Default value | Can be used in `custom` mode? | `teleport.yaml` equivalent |
+| - | - | - | - |
+| `string` | `stderr` | ❌ | `teleport.log.output` |
+
+`log.output` sets the output destination for the Teleport process.
+
+This can be set to any of the built-in values: `stdout`, `stderr` or `syslog` to use that destination.
+
+The value can also be set to a file path (such as `/var/log/teleport.log`) to write logs to a file. Bear in mind that a few service startup messages will still go to `stderr` for resilience.
+
+<Tabs>
+  <TabItem label="values.yaml">
+  ```yaml
+  log:
+    output: stderr
+  ```
+  </TabItem>
+  <TabItem label="--set">
+  ```code
+  --set log.output=stderr
+  ```
+  </TabItem>
+</Tabs>
+
+### `log.format`
+
+| Type | Default value | Can be used in `custom` mode? | `teleport.yaml` equivalent |
+| - | - | - | - |
+| `string` | `text` | ❌ | `teleport.log.format.output` |
+
+`log.format` sets the output type for the Teleport process.
+
+Possible values are `text` (default) or `json`.
+
+<Tabs>
+  <TabItem label="values.yaml">
+  ```yaml
+  log:
+    format: json
   ```
   </TabItem>
   <TabItem label="--set">
   ```code
-  $ --set logLevel=DEBUG
+  --set log.format=json
+  ```
+  </TabItem>
+</Tabs>
+
+### `log.extraFields`
+
+| Type | Default value | Can be used in `custom` mode? | `teleport.yaml` equivalent |
+| - | - | - | - |
+| `list` | `["timestamp", "level", "component", "caller"]` | ❌ | `teleport.log.format.extra_fields` |
+
+`log.extraFields` sets the fields used in logging for the Teleport process.
+
+See the [Teleport config file reference](../../setup/reference/config.mdx) for more details on possible values for `extra_fields`.
+
+<Tabs>
+  <TabItem label="values.yaml">
+  ```yaml
+  log:
+    extraFields: ["timestamp", "level"]
+  ```
+  </TabItem>
+  <TabItem label="--set">
+  ```code
+  --set "log.extraFields[0]=timestamp" \
+  --set "log.extraFields[1]=level"
   ```
   </TabItem>
 </Tabs>

examples/chart/teleport-kube-agent/.lint/log-basic.yaml

@@ -0,0 +1,6 @@
+authToken: auth-token
+proxyAddr: proxy.example.com:3080
+kubeClusterName: test-kube-cluster-name
+log:
+  format: json
+  level: INFO

examples/chart/teleport-kube-agent/.lint/log-extra.yaml

@@ -0,0 +1,8 @@
+authToken: auth-token
+proxyAddr: proxy.example.com:3080
+kubeClusterName: test-kube-cluster-name
+log:
+  format: json
+  level: DEBUG
+  output: /var/lib/teleport/test.log
+  extraFields: ["level", "timestamp", "component", "caller"]

examples/chart/teleport-kube-agent/.lint/log-legacy.yaml

@@ -0,0 +1,4 @@
+authToken: auth-token
+proxyAddr: proxy.example.com:3080
+kubeClusterName: test-kube-cluster-name
+logLevel: DEBUG

examples/chart/teleport-kube-agent/templates/config.yaml

@@ -1,3 +1,4 @@
+{{- $logLevel := (coalesce .Values.logLevel .Values.log.level "INFO") -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -12,8 +13,11 @@ data:
       auth_token: "/etc/teleport-secrets/auth-token"
       auth_servers: ["{{ required "proxyAddr is required in chart values" .Values.proxyAddr }}"]
       log:
-        severity: {{ .Values.logLevel }}
-        output: stderr
+        severity: {{ $logLevel }}
+        output: {{ .Values.log.output }}
+        format:
+          output: {{ .Values.log.format }}
+          extra_fields: {{ .Values.log.extraFields | toJson }}
 
     kubernetes_service:
       {{- if or (contains "kube" (.Values.roles | toString)) (empty .Values.roles) }}

examples/chart/teleport-kube-agent/values.schema.json

@@ -18,7 +18,7 @@
         "clusterRoleBindingName",
         "serviceAccountName",
         "secretName",
-        "logLevel",
+        "log",
         "affinity",
         "annotations",
         "extraVolumes",
@@ -186,17 +186,37 @@
             "type": "string",
             "default": "teleport-kube-agent-join-token"
         },
-        "logLevel": {
-            "$id": "#/properties/logLevel",
-            "type": "string",
-            "enum": [
-                "DEBUG",
-                "INFO",
-                "WARN",
-                "WARNING",
-                "ERROR"
+        "log": {
+            "$id": "#/properties/log",
+            "type": "object",
+            "required": [
+                "output",
+                "format",
+                "extraFields"
             ],
-            "default": "INFO"
+            "properties": {
+                "level": {
+                    "$id": "#/properties/log/properties/level",
+                    "type": "string",
+                    "enum": ["DEBUG", "INFO", "WARN", "WARNING", "ERROR"],
+                    "default": "INFO"
+                },
+                "deployment": {
+                    "$id": "#/properties/log/properties/output",
+                    "type": "string",
+                    "default": {}
+                },
+                "pod": {
+                    "$id": "#/properties/log/properties/format",
+                    "type": "string",
+                    "default": {}
+                },
+                "service": {
+                    "$id": "#/properties/log/properties/extraFields",
+                    "type": "array",
+                    "default": {}
+                }
+            }
         },
         "affinity": {
             "$id": "#/properties/affinity",

examples/chart/teleport-kube-agent/values.yaml

@@ -119,11 +119,24 @@ clusterRoleBindingName: ""
 serviceAccountName: ""
 # Name of the Secret to store the teleport join token.
 secretName: teleport-kube-agent-join-token
-# Log level for the Teleport process.
-# Available log levels are: DEBUG, INFO, WARNING, ERROR.
-# The default is INFO, which is recommended in production.
-# DEBUG is useful during first-time setup or to see more detailed logs for debugging.
-logLevel: INFO
+
+# Teleport logging configuration
+log:
+  # Log level for the Teleport process.
+  # Available log levels are: DEBUG, INFO, WARNING, ERROR.
+  # The default is INFO, which is recommended in production.
+  # DEBUG is useful during first-time setup or to see more detailed logs for debugging.
+  level: INFO
+  # Log output
+  # Use a file path to log to disk: e.g. '/var/lib/teleport/teleport.log'
+  # Other supported values: 'stdout', 'stderr' and 'syslog'
+  output: stderr
+  # Log format configuration
+  # Possible output values are 'json' and 'text' (default).
+  format: text
+  # Possible extra_fields values include: timestamp, component, caller, and level.
+  # All extra fields are included by default.
+  extraFields: ["timestamp", "level", "component", "caller"]
 
 ##################################
 # Extra Kubernetes configuration #