Annotations that apply to all sealed secrets created under files
{}
sealedSecret.files
Map of secret files with name and encrypted data contained in those files
{}
sealedSecret.files.[name].annotations
Annotations that apply to the secret created through sealed secret
{}
sealedSecret.files.[name].labels
Labels that apply to the secret created through sealed secret
{}
sealedSecret.files.[name].type
Type of secret created through sealed secret
Opaque
sealedSecret.files.[name].clusterWide
When set to true, adds annotation sealedsecrets.bitnami.com/cluster-wide: true to the secret created through sealed secret, setting the scope of the secret to cluster wide.
false
Cert-manager Certificate Paramaters
Name
Description
Value
certificate.enabled
Enable Certificate Custom Resource
false
certificate.enabled
Enable Certificate Custom Resource
false
certificate.additionalLabels
Additional labels for Certificate Custom Resource
{}
certificate.annotations
Annotations for Certificate Custom Resource
{}
certificate.secretName
SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource
tls-cert
certificate.duration
The requested ‘duration’ (i.e. lifetime) of the Certificate
8760h0m0s
certificate.renewBefore
The amount of time before the currently issued certificate’s notAfter time that cert-manager will begin to attempt to renew the certificate
720h0m0s
certificate.subject
Full X509 name specification for certificate
{}
certificate.commonName
CommonName is the common name as specified on the DER encoded CSR
admin-app
certificate.keyAlgorithm
KeyAlgorithm is the private key algorithm of the corresponding private key for this certificate
rsa
certificate.keyEncoding
KeyEncoding is the private key cryptography standards (PKCS) for this certificate’s private key to be encoded in
pkcs1
certificate.keySize
KeySize is the key bit size of the corresponding private key for this certificate
2048
certificate.isCA
IsCA will mark this Certificate as valid for certificate signing
false
certificate.usages
Usages is the set of x509 usages that are requested for the certificate
{}
certificate.dnsNames
DNSNames is a list of DNS subjectAltNames to be set on the Certificate.
{}
certificate.ipAddresses
IPAddresses is a list of IP address subjectAltNames to be set on the Certificate.
{}
certificate.uriSANs
URISANs is a list of URI subjectAltNames to be set on the Certificate.
{}
certificate.emailSANs
EmailSANs is a list of email subjectAltNames to be set on the Certificate.
{}
certificate.privateKey.enabled
Enable private key for the certificate
false
certificate.privateKey.rotationPolicy
Denotes how private keys should be generated or sourced when a Certificate is being issued.
Always
certificate.issuerRef.name
IssuerRef is a reference to the issuer for this certificate. Name of the resource being referred to
ca-issuer
certificate.issuerRef.kind
Kind of the resource being referred to
ClusterIssuer
certificate.keystores.enabled
Enables keystore configuration. Keystores configures additional keystore output formats stored in the secretName Secret resource
false
certificate.keystores.pkcs12.create
Enables PKCS12 keystore creation for the Certificate. PKCS12 configures options for storing a PKCS12 keystore in the spec.secretName Secret resource
true
certificate.keystores.pkcs12.key
The key of the entry in the Secret resource’s data field to be used
test_key
certificate.keystores.pkcs12.name
The name of the Secret resource being referred to
test-creds
certificate.keystores.jks.create
Enables jks keystore creation for the Certificate. JKS configures options for storing a JKS keystore in the spec.secretName Secret resource
false
certificate.keystores.jks.key
The key of the entry in the Secret resource’s data field to be used
test_key
certificate.keystores.jks.name
The name of the Secret resource being referred to
test-creds
Alertmanager Config Paramaters
Name
Description
Value
alertmanagerConfig.enabled
Enable alertmanagerConfig for this app (Will be merged in the base config)
false
alertmanagerConfig.selectionLabels
Labels for this config to be selected for merging in alertmanager base config
alertmanagerConfig: "workload"
alertmanagerConfig.spec.route
The Alertmanager route definition for alerts matching the resource’s namespace. It will be added to the generated Alertmanager configuration as a first-level route
{}
alertmanagerConfig.spec.receivers
List of receivers
[]
alertmanagerConfig.spec.inhibitRules
InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing
[]
PrometheusRule Paramaters
Name
Description
Value
prometheusRule.enabled
Enable prometheusRule for this app
false
prometheusRule.additionalLabels
Kubernetes labels object, these additional labels will be added to PrometheusRule CRD
{}
prometheusRule.spec.groups
PrometheusRules in their groups to be added
[]
SecretProviderClass Paramaters
Name
Description
Value
secretProviderClass.enabled
Enables Secret Provider Class Custom Resource
false
secretProviderClass.name
Name of Secret Provider Class Custom Resource
""
secretProviderClass.provider
Provider of Secret Provider Class Custom Resource
""
secretProviderClass.vaultAddress
Address of vault
""
secretProviderClass.roleName
Name of the role being referred to in vault
""
secretProviderClass.objects
The object created from the secret in vault
[]
secretProviderClass.secretObjects
This creates the kubernetes secret
""
ExternalSecret Paramaters
Name
Description
Value
externalSecret.enabled
Enables External Secret Custom Resource
false
externalSecret.secretStore.name
Defines name of default SecretStore to use when fetching the secret data
tenant-vault-secret-store
externalSecret.secretStore.kind
Defines kind as SecretStore or ClusterSecretStore
SecretStore
externalSecret.refreshInterval
Amount of time before the values reading again from the SecretStore provider
1m
externalSecret.files
Array of secret files with name and remote reference data contained in those files
[]
NetworkPolicy Paramaters
Name
Description
Value
networkPolicy.enabled
Enable NetworkPolicy
false
networkPolicy.additionalLabels
Kubernetes labels object
{}
networkPolicy.annotations
Annotations for NetworkPolicy
{}
networkPolicy.ingress
Ingress ruels for NetworkPolicy
[]
networkPolicy.egress
egress rules for NetworkPolicy
[]
Backup Paramaters
Name
Description
Value
backup.enabled
Enable Backup
false
backup.namespace
Backup Namespace
""
backup.storageLocation
StorageLocation for Backup
""
backup.includedNamespaces
Namespaces to be included in Backup
[]
backup.excludedResources
Resources to be excluded in Backup
[]
backup.ttl
Time Duration for Backup
1h0m0s
backup.snapshotVolumes
Weather SnapshotVolumes in Backup
true
Grafana Dashboard Paramaters
Name
Description
Value
grafanaDashboard.enabled
Enables Grafana Dashboard
false
grafanaDashboard.additionalLabels
Kubernetes labels object
{}
grafanaDashboard.annotations
Annotations for Grafana Dashboard
{}
grafanaDashboard.contents.key
Used as name of Grafana Dashboard object
""
grafanaDashboard.contents.key.json
json string used as content of Grafana Dashboard object
""
grafanaDashboard.contents.key.url
Url used to fetch dashboard content. According to GrafanaDashboard behavior, if both url and json are specified then the GrafanaDashboard content will be updated with fetched content from url
""
grafanaDashboard.contents.key.instanceSelector
selects Grafana instances for import
{}
grafanaDashboard.contents.key.folder
folder assignment for dashboard
""
grafanaDashboard.contents.key.configMapRef
dashboard from configmap
[]
grafanaDashboard.contents.key.datasources
maps required data sources to existing ones
{}
CronJob Parameters
Name
Description
Value
cronJob.enabled
Enable cronjob in application chart
""
cronJob.jobs
cronjobs spec
{}
Job parameter for each cronjob object at cronJob.jobs
Name
Description
<name>.schedule
Schedule of cronjob
<name>.timeZone
Time zone of cronjob (Supported on K8s version 1.27 or Higher)
<name>.image.repository
Repository of container image of cronjob
<name>.image.tag
Tag of container image of cronjob
<name>.image.digest
Digest of container image of cronjob
<name>.image.imagePullPolicy
ImagePullPolicy of container image of cronjob
<name>.command
Command of container of job
<name>.args
Args of container of job
<name>.priorityClassName
Defines the priority class of job
<name>.resources
Resources of container of job
<name>.additionalLabels
Additional labels of cronjob
<name>.annotations
Annotation of cronjob
<name>.successfulJobsHistoryLimit
Successful jobs historyLimit of cronjob
<name>.concurrencyPolicy
ConcurrencyPolicy of cronjob
<name>.failedJobsHistoryLimit
FailedJobsHistoryLimit of cronjob
<name>.volumeMounts
Volume mounts of cronjob
<name>.volumes
Volumes of cronjob
<name>.nodeSelector
Node selector of cronjob
<name>.affinity
Affinity of cronjob
<name>.tolerations
Tolerations of cronjob
<name>.restartPolicy
RestartPolicy of cronjob
<name>.imagePullSecrets
ImagePullSecrets of cronjob
<name>.activeDeadlineSeconds
ActiveDeadlineSeconds of job
<name>.backoffLimit
BackoffLimit of job
<name>.additionalPodAnnotations
Additional annotations of pod of job
<name>.additionalPodLabels
Additional labels of pod of job
<name>.topologySpreadConstraints
TopologySpreadConstraints of pod of job
<name>.securityContext
SecurityContext of pod of job
Job Parameters
Name
Description
Value
job.enabled
Enable job in application chart
""
job.jobs
jobs spec
{}
Job parameter for each job object at job.jobs
Name
Description
<name>.image.repository
Repository of container image of job
<name>.image.tag
Tag of container image of job
<name>.image.digest
Digest of container image of job
<name>.image.imagePullPolicy
ImagePullPolicy of container image of job
<name>.command
Command of container of job
<name>.args
Args of container of job
<name>.resources
Resources of container of job
<name>.additionalLabels
Additional labels of job
<name>.annotations
Annotation of job
<name>.volumeMounts
Volume mounts of job
<name>.volumes
Volumes of job
<name>.nodeSelector
Node selector of job
<name>.affinity
Affinity of job
<name>.tolerations
Tolerations of job
<name>.restartPolicy
RestartPolicy of job
<name>.imagePullSecrets
ImagePullSecrets of job
<name>.activeDeadlineSeconds
ActiveDeadlineSeconds of job
<name>.backoffLimit
BackoffLimit of job
<name>.additionalPodAnnotations
Additional annotations of pod of job
<name>.additionalPodLabels
Additional labels of pod of job
<name>.topologySpreadConstraints
TopologySpreadConstraints of pod of job
<name>.securityContext
SecurityContext of pod of job
Naming convention for ConfigMap, Secret, SealedSecret and ExternalSecret
Name format of ConfigMap, Secret, SealedSecret and ExternalSecret is {{ template "application.name" $ }}-{{ $nameSuffix }} then:
{{ template "application.name" }} is a helper function that outputs .Values.applicationName if exist else return chart name as output
nameSuffix is the each key in secret.files,configMap.files, sealedSecret.files and externalSecret.files
Consuming environment variable in application chart
In order to use environment variable in deployment or cronjob, you will have to provide environment variable in key/value pair in env value. where key being environment variable key and value varies in different scenarios
For simple key/value environment variable, just provide value: <value>
env:
KEY:
value: MY_VALUE
To get environement variable value from ConfigMap
Suppose we have configmap created from applicaion chart
it would be more beneficial if you would add the changelog together with the release, as it is quite difficult to understand what was the latest changes in a single view.
metadata.labels: Invalid value: \"latest@sha256:f2a9d619483d11cd8b2f12be2bc4fb1cc9b7a4e01295b8ba5\":
a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue', or 'my_value', or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')
Would it be possible to trim everything after "@" or maybe support an optional applicationVersion parameter?
I can create a pull request if necessary. Thanks for the great helm chart btw!
There are some tools out there to automatically generate helm chart documentation from the values and comments. It would ensure we don't miss any entries and enforce comments in the value file.
Pods can be slow when creating, updating, or deleting because old objects are still tracked in the cluster. You can reduce the revisionHistoryLimit of deployments to cleanup older ReplicaSets which will lower to total amount of objects tracked by the Kubernetes Controller Manager. The default history limit for Deployments in 10.
We use the flag name enabled for all resources except rbac in which we have called it create; so, for harmony perspective we should rename it to enabled as well
Add VPA manifest; and I would like it to be always running in recommendation mode and document it as well
In this example, you create a VerticalPodAutoscaler that has an updateMode of "Off". Then you create a Deployment that has two Pods, each of which has one container. When the Pods are created, the VerticalPodAutoscaler analyzes the CPU and memory needs of the containers and records those recommendations in its status field. The VerticalPodAutoscaler does not take any action to update the resource requests for the running containers.
In the manifest, you can see that there are no CPU or memory requests. You can also see that the Pods in the Deployment belong to the VerticalPodAutoscaler, because it points to the target of kind: Deployment and name: my-rec-deployment.
The output shows recommendations for CPU and memory requests:
Currently, the checkout action in the unittests job of our GitHub Actions workflow is not actually running tests from the pull request head, instead running the ones on their base branch, master.
This leads to PRs that break unit tests passing the status check.