sets the affinity:
  1: |
    affinity:
      nodeAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          nodeSelectorTerms:
          - matchExpressions:
            - key: gravitational.io/dedicated
              operator: In
              values:
              - teleport
      podAntiAffinity:
        preferredDuringSchedulingIgnoredDuringExecution:
        - podAffinityTerm:
            labelSelector:
              matchExpressions:
              - key: app
                operator: In
                values:
                - teleport
            topologyKey: kubernetes.io/hostname
          weight: 1
    containers:
    - args:
      - --agent-name=RELEASE-NAME
      - --agent-namespace=NAMESPACE
      - --base-image=public.ecr.aws/gravitational/teleport-distroless
      - --version-server=https://my-custom-version-server/v1
      - --version-channel=custom/preview
      image: public.ecr.aws/gravitational/teleport-kube-agent-updater:13.3.8
      imagePullPolicy: IfNotPresent
      livenessProbe:
        failureThreshold: 6
        httpGet:
          path: /healthz
          port: healthz
        initialDelaySeconds: 5
        periodSeconds: 5
        timeoutSeconds: 5
      name: kube-agent-updater
      ports:
      - containerPort: 8080
        name: metrics
        protocol: TCP
      - containerPort: 8081
        name: healthz
        protocol: TCP
      readinessProbe:
        failureThreshold: 6
        httpGet:
          path: /readyz
          port: healthz
        initialDelaySeconds: 5
        periodSeconds: 5
        timeoutSeconds: 5
      securityContext:
        allowPrivilegeEscalation: false
        capabilities:
          drop:
          - all
        readOnlyRootFilesystem: true
        runAsNonRoot: true
        runAsUser: 9807
    serviceAccountName: RELEASE-NAME-updater
sets the tolerations:
  1: |
    containers:
    - args:
      - --agent-name=RELEASE-NAME
      - --agent-namespace=NAMESPACE
      - --base-image=public.ecr.aws/gravitational/teleport-distroless
      - --version-server=https://my-custom-version-server/v1
      - --version-channel=custom/preview
      image: public.ecr.aws/gravitational/teleport-kube-agent-updater:13.3.8
      imagePullPolicy: IfNotPresent
      livenessProbe:
        failureThreshold: 6
        httpGet:
          path: /healthz
          port: healthz
        initialDelaySeconds: 5
        periodSeconds: 5
        timeoutSeconds: 5
      name: kube-agent-updater
      ports:
      - containerPort: 8080
        name: metrics
        protocol: TCP
      - containerPort: 8081
        name: healthz
        protocol: TCP
      readinessProbe:
        failureThreshold: 6
        httpGet:
          path: /readyz
          port: healthz
        initialDelaySeconds: 5
        periodSeconds: 5
        timeoutSeconds: 5
      securityContext:
        allowPrivilegeEscalation: false
        capabilities:
          drop:
          - all
        readOnlyRootFilesystem: true
        runAsNonRoot: true
        runAsUser: 9807
    serviceAccountName: RELEASE-NAME-updater
    tolerations:
    - effect: NoExecute
      key: dedicated
      operator: Equal
      value: teleport
    - effect: NoSchedule
      key: dedicated
      operator: Equal
      value: teleport