replicaCount: 1 image: repository: ghcr.io/external-secrets/external-secrets pullPolicy: IfNotPresent # -- The image tag to use. The default is the chart appVersion. # There are different image flavours available, like distroless and ubi. # Please see GitHub release notes for image tags for these flavors. # By default the distroless image is used. tag: "" # -- If set, install and upgrade CRDs through helm chart. installCRDs: true crds: # -- If true, create CRDs for Cluster External Secret. createClusterExternalSecret: true # -- If true, create CRDs for Cluster Secret Store. createClusterSecretStore: true # -- If true, create CRDs for Push Secret. createPushSecret: true imagePullSecrets: [] nameOverride: "" fullnameOverride: "" # -- If true, external-secrets will perform leader election between instances to ensure no more # than one instance of external-secrets operates at a time. leaderElect: false # -- If set external secrets will filter matching # Secret Stores with the appropriate controller values. controllerClass: "" # -- If set external secrets are only reconciled in the # provided namespace scopedNamespace: "" # -- Must be used with scopedNamespace. If true, create scoped RBAC roles under the scoped namespace # and implicitly disable cluster stores and cluster external secrets scopedRBAC: false # -- if true, the operator will process cluster external secret. Else, it will ignore them. processClusterExternalSecret: true # -- if true, the operator will process cluster store. Else, it will ignore them. processClusterStore: true # -- Specifies whether an external secret operator deployment be created. createOperator: true # -- Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at # a time. concurrent: 1 serviceAccount: # -- Specifies whether a service account should be created. create: true # -- Automounts the service account token in all containers of the pod automount: true # -- Annotations to add to the service account. annotations: {} # -- Extra Labels to add to the service account. extraLabels: {} # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template. name: "" rbac: # -- Specifies whether role and rolebinding resources should be created. create: true ## -- Extra environment variables to add to container. extraEnv: [] ## -- Map of extra arguments to pass to container. extraArgs: {} ## -- Extra volumes to pass to pod. extraVolumes: [] ## -- Extra volumes to mount to the container. extraVolumeMounts: [] # -- Annotations to add to Deployment deploymentAnnotations: {} # -- Annotations to add to Pod podAnnotations: {} podLabels: {} podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 resources: {} # requests: # cpu: 10m # memory: 32Mi prometheus: # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead. enabled: false service: # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead. port: 8080 serviceMonitor: # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics enabled: false # -- Additional labels additionalLabels: {} # -- Interval to scrape metrics interval: 30s # -- Timeout if metrics can't be retrieved in given time interval scrapeTimeout: 25s metrics: service: # -- Enable if you use another monitoring tool than Prometheus to scrape the metrics enabled: false # -- Metrics service port to scrape port: 8080 # -- Additional service annotations annotations: {} nodeSelector: {} tolerations: [] affinity: {} # -- Pod priority class name. priorityClassName: "" # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ podDisruptionBudget: enabled: false minAvailable: 1 # maxUnavailable: 1 webhook: # -- Specifies whether a webhook deployment be created. create: true # -- Specifices the time to check if the cert is valid certCheckInterval: "5m" # -- Specifices the lookaheadInterval for certificate validity lookaheadInterval: "" replicaCount: 1 certDir: /tmp/certs # -- specifies whether validating webhooks should be created with failurePolicy: Fail or Ignore failurePolicy: Fail # -- Specifies if webhook pod should use hostNetwork or not. hostNetwork: false image: repository: ghcr.io/external-secrets/external-secrets pullPolicy: IfNotPresent # -- The image tag to use. The default is the chart appVersion. tag: "" imagePullSecrets: [] nameOverride: "" fullnameOverride: "" # -- The port the webhook will listen to port: 10250 rbac: # -- Specifies whether role and rolebinding resources should be created. create: true serviceAccount: # -- Specifies whether a service account should be created. create: true # -- Automounts the service account token in all containers of the pod automount: true # -- Annotations to add to the service account. annotations: {} # -- Extra Labels to add to the service account. extraLabels: {} # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template. name: "" nodeSelector: {} tolerations: [] affinity: {} # -- Pod priority class name. priorityClassName: "" # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ podDisruptionBudget: enabled: false minAvailable: 1 # maxUnavailable: 1 prometheus: # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead enabled: false service: # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead port: 8080 serviceMonitor: # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics enabled: false # -- Additional labels additionalLabels: {} # -- Interval to scrape metrics interval: 30s # -- Timeout if metrics can't be retrieved in given time interval scrapeTimeout: 25s metrics: service: # -- Enable if you use another monitoring tool than Prometheus to scrape the metrics enabled: false # -- Metrics service port to scrape port: 8080 # -- Additional service annotations annotations: {} readinessProbe: # -- Address for readiness probe address: "" # -- ReadinessProbe port for kubelet port: 8081 ## -- Extra environment variables to add to container. extraEnv: [] ## -- Map of extra arguments to pass to container. extraArgs: {} ## -- Extra volumes to pass to pod. extraVolumes: [] ## -- Extra volumes to mount to the container. extraVolumeMounts: [] # -- Annotations to add to Secret secretAnnotations: {} # -- Annotations to add to Deployment deploymentAnnotations: {} # -- Annotations to add to Pod podAnnotations: {} podLabels: {} podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 resources: {} # requests: # cpu: 10m # memory: 32Mi certController: # -- Specifies whether a certificate controller deployment be created. create: true requeueInterval: "5m" replicaCount: 1 image: repository: ghcr.io/external-secrets/external-secrets pullPolicy: IfNotPresent tag: "" imagePullSecrets: [] nameOverride: "" fullnameOverride: "" rbac: # -- Specifies whether role and rolebinding resources should be created. create: true serviceAccount: # -- Specifies whether a service account should be created. create: true # -- Automounts the service account token in all containers of the pod automount: true # -- Annotations to add to the service account. annotations: {} # -- Extra Labels to add to the service account. extraLabels: {} # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template. name: "" nodeSelector: {} tolerations: [] affinity: {} # -- Pod priority class name. priorityClassName: "" # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ podDisruptionBudget: enabled: false minAvailable: 1 # maxUnavailable: 1 prometheus: # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead enabled: false service: # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead port: 8080 serviceMonitor: # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics enabled: false # -- Additional labels additionalLabels: {} # -- Interval to scrape metrics interval: 30s # -- Timeout if metrics can't be retrieved in given time interval scrapeTimeout: 25s metrics: service: # -- Enable if you use another monitoring tool than Prometheus to scrape the metrics enabled: false # -- Metrics service port to scrape port: 8080 # -- Additional service annotations annotations: {} ## -- Extra environment variables to add to container. extraEnv: [] ## -- Map of extra arguments to pass to container. extraArgs: {} ## -- Extra volumes to pass to pod. extraVolumes: [] ## -- Extra volumes to mount to the container. extraVolumeMounts: [] # -- Annotations to add to Deployment deploymentAnnotations: {} # -- Annotations to add to Pod podAnnotations: {} podLabels: {} podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 resources: {} # requests: # cpu: 10m # memory: 32Mi # -- Specifies `dnsOptions` to deployment dnsConfig: {}