[8.16](backport #5912) [helm]: forward agent providers configuration for fleet mode

deploy/helm/elastic-agent/examples/fleet-managed/README.md

@@ -0,0 +1,68 @@
+# Example: Managed by Fleet Elastic Agent
+
+In this example we deploy an Elastic Agent that is managed by [Fleet](https://www.elastic.co/guide/en/fleet/current/manage-agents-in-fleet.html).
+
+## Prerequisites:
+1. Follow [this guide](https://www.elastic.co/guide/en/fleet/current/install-fleet-managed-elastic-agent.html#elastic-agent-installation-steps) to set up an agent policy and enroll an agent to it. Do not download any binary, from the proposed enrollment command just extract the Fleet URL (`--url=$FLEET_URL`) and Enrollment token (`--enrollment-token=$FLEET_TOKEN`).
+
+## Run:
+
+```console
+helm install elastic-agent ../../ \
+     --set agent.fleet.enabled=true \
+     --set agent.fleet.url=$FLEET_URL \
+     --set agent.fleet.token=$FLEET_TOKEN \
+     --set agent.fleet.preset=perNode
+     -n kube-system
+```
+
+## Validate:
+
+1. [Optional] Install kube-state metrics if you want to see the KSM related metrics `kubectl apply -k https://github.com/kubernetes/kube-state-metrics`.
+2. Install Kubernetes integration to the agent policy that you created in Fleet. If you didn't install kube-state metrics from above, make sure to disable them in the integration.
+3. The Kibana `kubernetes`-related dashboards should start showing the respective info.
+
+## Note:
+
+In this example we deploy an Elastic Agent that is managed by Fleet using the built-in `perNode` preset (`DaemonSet`) targeting kubernetes monitoring. However, a user-defined agent `preset`, for different use cases, can be used as well, e.g. by using the following configuration:
+```yaml
+agent:
+  fleet:
+    enabled: true
+    url: $FLEET_URL # replace with Fleet URL
+    token: $FLEET_TOKEN # replace with Fleet Enrollment token
+    preset: nginx
+  presets:
+    nginx:
+      mode: deployment
+      securityContext:
+        runAsUser: 0
+      rules:
+        # minimum cluster role ruleset required by agent
+        - apiGroups: [ "" ]
+          resources:
+            - nodes
+            - namespaces
+            - pods
+          verbs:
+            - get
+            - watch
+            - list
+        - apiGroups: [ "apps" ]
+          resources:
+            - replicasets
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups: [ "batch" ]
+          resources:
+            - jobs
+          verbs:
+            - get
+            - list
+            - watch
+      providers:
+        kubernetes_leaderelection:
+          enabled: false
+```

deploy/helm/elastic-agent/examples/fleet-managed/fleet-values.yaml

@@ -0,0 +1,39 @@
+agent:
+  fleet:
+    enabled: true
+    url: http://localhost:8220
+    token: fleetToken
+    preset: nginx
+  presets:
+    nginx:
+      mode: deployment
+      securityContext:
+        runAsUser: 0
+      rules:
+        # minimum cluster role ruleset required by agent
+        - apiGroups: [ "" ]
+          resources:
+            - nodes
+            - namespaces
+            - pods
+          verbs:
+            - get
+            - watch
+            - list
+        - apiGroups: [ "apps" ]
+          resources:
+            - replicasets
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups: [ "batch" ]
+          resources:
+            - jobs
+          verbs:
+            - get
+            - list
+            - watch
+      providers:
+        kubernetes_leaderelection:
+          enabled: false

deploy/helm/elastic-agent/examples/fleet-managed/rendered/manifest.yaml

@@ -0,0 +1,233 @@
+---
+# Source: elastic-agent/templates/agent/service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: agent-nginx-example
+  namespace: "default"
+  labels:
+    helm.sh/chart: elastic-agent-0.0.1
+    app.kubernetes.io/name: elastic-agent
+    app.kubernetes.io/instance: example
+    app.kubernetes.io/version: 8.16.0
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: elastic-agent/templates/agent/k8s/secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: agent-nginx-example
+  namespace: "default"
+  labels:
+    helm.sh/chart: elastic-agent-0.0.1
+    app.kubernetes.io/name: elastic-agent
+    app.kubernetes.io/instance: example
+    app.kubernetes.io/version: 8.16.0
+    app.kubernetes.io/managed-by: Helm
+stringData:
+
+  agent.yml: |-
+    fleet:
+      enabled: true
+    providers:
+      kubernetes_leaderelection:
+        enabled: false
+---
+# Source: elastic-agent/templates/agent/cluster-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: agent-nginx-example-default
+  labels:
+    helm.sh/chart: elastic-agent-0.0.1
+    app.kubernetes.io/name: elastic-agent
+    app.kubernetes.io/instance: example
+    app.kubernetes.io/version: 8.16.0
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups: [ "" ] # "" indicates the core API group
+    resources:
+      - nodes
+      - namespaces
+      - events
+      - pods
+      - services
+      - configmaps
+      - persistentvolumes
+      - persistentvolumeclaims
+      - persistentvolumeclaims/status
+      - nodes/metrics
+      - nodes/proxy
+      - nodes/stats
+    verbs:
+      - get
+      - watch
+      - list
+  - apiGroups:
+      - storage.k8s.io
+    resources:
+      - storageclasses
+    verbs:
+      - get
+      - watch
+      - list
+  - nonResourceURLs:
+      - /metrics
+    verbs:
+      - get
+      - watch
+      - list
+  - apiGroups: [ "coordination.k8s.io" ]
+    resources:
+      - leases
+    verbs:
+      - get
+      - create
+      - update
+  - nonResourceURLs:
+      - /healthz
+      - /healthz/*
+      - /livez
+      - /livez/*
+      - /metrics
+      - /metrics/slis
+      - /readyz
+      - /readyz/*
+    verbs:
+      - get
+  - apiGroups: [ "apps" ]
+    resources:
+      - replicasets
+      - deployments
+      - daemonsets
+      - statefulsets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups: [ "batch" ]
+    resources:
+      - jobs
+      - cronjobs
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+    - ""
+    resources:
+    - nodes
+    - namespaces
+    - pods
+    verbs:
+    - get
+    - watch
+    - list
+  - apiGroups:
+    - apps
+    resources:
+    - replicasets
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - batch
+    resources:
+    - jobs
+    verbs:
+    - get
+    - list
+    - watch
+---
+# Source: elastic-agent/templates/agent/cluster-role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: agent-nginx-example-default
+  labels:
+    helm.sh/chart: elastic-agent-0.0.1
+    app.kubernetes.io/name: elastic-agent
+    app.kubernetes.io/instance: example
+    app.kubernetes.io/version: 8.16.0
+    app.kubernetes.io/managed-by: Helm
+subjects:
+  - kind: ServiceAccount
+    name: agent-nginx-example
+    namespace: "default"
+roleRef:
+  kind: ClusterRole
+  name: agent-nginx-example-default
+  apiGroup: rbac.authorization.k8s.io
+---
+# Source: elastic-agent/templates/agent/k8s/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: agent-nginx-example
+  namespace: "default"
+  labels:
+    helm.sh/chart: elastic-agent-0.0.1
+    app.kubernetes.io/name: elastic-agent
+    app.kubernetes.io/instance: example
+    app.kubernetes.io/version: 8.16.0
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      name: agent-nginx-example
+  template:
+    metadata:
+      labels:
+        name: agent-nginx-example
+      annotations:
+        checksum/config: ce25762427c9b6e207de5327b69be314f9d077db8138b7b241fd40f7b8a80aca
+    spec:
+      automountServiceAccountToken: true
+      containers:
+      - args:
+        - -c
+        - /etc/elastic-agent/agent.yml
+        - -e
+        env:
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: STATE_PATH
+          value: /usr/share/elastic-agent/state
+        - name: FLEET_URL
+          value: http://localhost:8220
+        - name: FLEET_ENROLLMENT_TOKEN
+          value: fleetToken
+        - name: FLEET_INSECURE
+          value: "false"
+        - name: FLEET_ENROLL
+          value: "1"
+        image: docker.elastic.co/beats/elastic-agent:8.16.0-SNAPSHOT
+        imagePullPolicy: IfNotPresent
+        name: agent
+        securityContext:
+          runAsUser: 0
+        volumeMounts:
+        - mountPath: /usr/share/elastic-agent/state
+          name: agent-data
+        - mountPath: /etc/elastic-agent/agent.yml
+          name: config
+          readOnly: true
+          subPath: agent.yml
+      dnsPolicy: ClusterFirstWithHostNet
+      serviceAccountName: agent-nginx-example
+      volumes:
+      - hostPath:
+          path: /etc/elastic-agent/default/agent-nginx-example-managed/state
+          type: DirectoryOrCreate
+        name: agent-data
+      - name: config
+        secret:
+          defaultMode: 292
+          secretName: agent-nginx-example