helm-external-secrets/deploy/charts/external-secrets/values.yaml

replicaCount: 1

# -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
revisionHistoryLimit: 10

image:
  repository: ghcr.io/external-secrets/external-secrets
  pullPolicy: IfNotPresent
  # -- The image tag to use. The default is the chart appVersion.
  # There are different image flavours available, like distroless and ubi.
  # Please see GitHub release notes for image tags for these flavors.
  # By default the distroless image is used.
  tag: ""

# -- If set, install and upgrade CRDs through helm chart.
installCRDs: true

crds:
  # -- If true, create CRDs for Cluster External Secret.
  createClusterExternalSecret: true
  # -- If true, create CRDs for Cluster Secret Store.
  createClusterSecretStore: true
  # -- If true, create CRDs for Push Secret.
  createPushSecret: true
  annotations: {}
  conversion:
    enabled: true

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

# -- If true, external-secrets will perform leader election between instances to ensure no more
# than one instance of external-secrets operates at a time.
leaderElect: false

# -- If set external secrets will filter matching
# Secret Stores with the appropriate controller values.
controllerClass: ""

# -- If set external secrets are only reconciled in the
# provided namespace
scopedNamespace: ""

# -- Must be used with scopedNamespace. If true, create scoped RBAC roles under the scoped namespace
# and implicitly disable cluster stores and cluster external secrets
scopedRBAC: false

# -- if true, the operator will process cluster external secret. Else, it will ignore them.
processClusterExternalSecret: true

# -- if true, the operator will process cluster store. Else, it will ignore them.
processClusterStore: true

# -- Specifies whether an external secret operator deployment be created.
createOperator: true

# -- Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at
# a time.
concurrent: 1

serviceAccount:
  # -- Specifies whether a service account should be created.
  create: true
  # -- Automounts the service account token in all containers of the pod
  automount: true
  # -- Annotations to add to the service account.
  annotations: {}
  # -- Extra Labels to add to the service account.
  extraLabels: {}
  # -- The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template.
  name: ""

rbac:
  # -- Specifies whether role and rolebinding resources should be created.
  create: true

## -- Extra environment variables to add to container.
extraEnv: []

## -- Map of extra arguments to pass to container.
extraArgs: {}

## -- Extra volumes to pass to pod.
extraVolumes: []

## -- Extra volumes to mount to the container.
extraVolumeMounts: []

## -- Extra containers to add to the pod.
extraContainers: []

# -- Annotations to add to Deployment
deploymentAnnotations: {}

# -- Annotations to add to Pod
podAnnotations: {}

podLabels: {}

podSecurityContext: {}
  # fsGroup: 2000

securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000

resources: {}
  # requests:
  #   cpu: 10m
  #   memory: 32Mi

prometheus:
  # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead.
  enabled: false
  service:
    # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead.
    port: 8080

serviceMonitor:
  # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
  enabled: false

  # -- Additional labels
  additionalLabels: {}

  # --  Interval to scrape metrics
  interval: 30s

  # -- Timeout if metrics can't be retrieved in given time interval
  scrapeTimeout: 25s

  # -- Let prometheus add an exported_ prefix to conflicting labels
  honorLabels: false

  # -- Metric relabel configs to apply to samples before ingestion. [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
  metricRelabelings: []
  # - action: replace
  #   regex: (.*)
  #   replacement: $1
  #   sourceLabels:
  #   - exported_namespace
  #   targetLabel: namespace

  # -- Relabel configs to apply to samples before ingestion. [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
  relabelings: []
  # - sourceLabels: [__meta_kubernetes_pod_node_name]
  #   separator: ;
  #   regex: ^(.*)$
  #   targetLabel: nodename
  #   replacement: $1
  #   action: replace

metrics:
  service:
    # -- Enable if you use another monitoring tool than Prometheus to scrape the metrics
    enabled: false

    # -- Metrics service port to scrape
    port: 8080

    # -- Additional service annotations
    annotations: {}

nodeSelector: {}

tolerations: []

topologySpreadConstraints: []

affinity: {}

# -- Pod priority class name.
priorityClassName: ""

# -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
podDisruptionBudget:
  enabled: false
  minAvailable: 1
  # maxUnavailable: 1

webhook:
  # -- Specifies whether a webhook deployment be created.
  create: true
  # -- Specifices the time to check if the cert is valid
  certCheckInterval: "5m"
  # -- Specifices the lookaheadInterval for certificate validity
  lookaheadInterval: ""
  replicaCount: 1

  # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
  revisionHistoryLimit: 10

  certDir: /tmp/certs
  # -- Specifies whether validating webhooks should be created with failurePolicy: Fail or Ignore
  failurePolicy: Fail
  # -- Specifies if webhook pod should use hostNetwork or not.
  hostNetwork: false
  image:
    repository: ghcr.io/external-secrets/external-secrets
    pullPolicy: IfNotPresent
  # -- The image tag to use. The default is the chart appVersion.
    tag: ""
  imagePullSecrets: []
  nameOverride: ""
  fullnameOverride: ""
  # -- The port the webhook will listen to
  port: 10250
  rbac:
  # -- Specifies whether role and rolebinding resources should be created.
    create: true
  serviceAccount:
    # -- Specifies whether a service account should be created.
    create: true
    # -- Automounts the service account token in all containers of the pod
    automount: true
    # -- Annotations to add to the service account.
    annotations: {}
    # -- Extra Labels to add to the service account.
    extraLabels: {}
    # -- The name of the service account to use.
    # If not set and create is true, a name is generated using the fullname template.
    name: ""
  nodeSelector: {}

  tolerations: []

  affinity: {}

    # -- Pod priority class name.
  priorityClassName: ""

  # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
  podDisruptionBudget:
    enabled: false
    minAvailable: 1
    # maxUnavailable: 1
  prometheus:
    # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
    enabled: false
    service:
      # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
      port: 8080

  serviceMonitor:
    # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
    enabled: false

    # -- Additional labels
    additionalLabels: {}

    # --  Interval to scrape metrics
    interval: 30s

    # -- Timeout if metrics can't be retrieved in given time interval
    scrapeTimeout: 25s

  metrics:
    service:
      # -- Enable if you use another monitoring tool than Prometheus to scrape the metrics
      enabled: false

      # -- Metrics service port to scrape
      port: 8080

      # -- Additional service annotations
      annotations: {}


  readinessProbe:
    # -- Address for readiness probe
    address: ""
    # -- ReadinessProbe port for kubelet
    port: 8081


    ## -- Extra environment variables to add to container.
  extraEnv: []

    ## -- Map of extra arguments to pass to container.
  extraArgs: {}

    ## -- Extra volumes to pass to pod.
  extraVolumes: []

    ## -- Extra volumes to mount to the container.
  extraVolumeMounts: []

    # -- Annotations to add to Secret
  secretAnnotations: {}

    # -- Annotations to add to Deployment
  deploymentAnnotations: {}

    # -- Annotations to add to Pod
  podAnnotations: {}

  podLabels: {}

  podSecurityContext: {}
      # fsGroup: 2000

  securityContext: {}
      # capabilities:
      #   drop:
      #   - ALL
      # readOnlyRootFilesystem: true
      # runAsNonRoot: true
      # runAsUser: 1000

  resources: {}
      # requests:
      #   cpu: 10m
      #   memory: 32Mi

certController:
  # -- Specifies whether a certificate controller deployment be created.
  create: true
  requeueInterval: "5m"
  replicaCount: 1

  # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
  revisionHistoryLimit: 10

  image:
    repository: ghcr.io/external-secrets/external-secrets
    pullPolicy: IfNotPresent
    tag: ""
  imagePullSecrets: []
  nameOverride: ""
  fullnameOverride: ""
  rbac:
  # -- Specifies whether role and rolebinding resources should be created.
    create: true
  serviceAccount:
    # -- Specifies whether a service account should be created.
    create: true
    # -- Automounts the service account token in all containers of the pod
    automount: true
    # -- Annotations to add to the service account.
    annotations: {}
    # -- Extra Labels to add to the service account.
    extraLabels: {}
    # -- The name of the service account to use.
    # If not set and create is true, a name is generated using the fullname template.
    name: ""
  nodeSelector: {}

  tolerations: []

  affinity: {}

    # -- Pod priority class name.
  priorityClassName: ""

  # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
  podDisruptionBudget:
    enabled: false
    minAvailable: 1
    # maxUnavailable: 1

  prometheus:
    # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
    enabled: false
    service:
      # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
      port: 8080

  serviceMonitor:
    # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
    enabled: false

    # -- Additional labels
    additionalLabels: {}

    # --  Interval to scrape metrics
    interval: 30s

    # -- Timeout if metrics can't be retrieved in given time interval
    scrapeTimeout: 25s

  metrics:
    service:
      # -- Enable if you use another monitoring tool than Prometheus to scrape the metrics
      enabled: false

      # -- Metrics service port to scrape
      port: 8080

      # -- Additional service annotations
      annotations: {}

    ## -- Extra environment variables to add to container.
  extraEnv: []

    ## -- Map of extra arguments to pass to container.
  extraArgs: {}


    ## -- Extra volumes to pass to pod.
  extraVolumes: []

    ## -- Extra volumes to mount to the container.
  extraVolumeMounts: []

    # -- Annotations to add to Deployment
  deploymentAnnotations: {}

    # -- Annotations to add to Pod
  podAnnotations: {}

  podLabels: {}

  podSecurityContext: {}
      # fsGroup: 2000

  securityContext: {}
      # capabilities:
      #   drop:
      #   - ALL
      # readOnlyRootFilesystem: true
      # runAsNonRoot: true
      # runAsUser: 1000

  resources: {}
      # requests:
      #   cpu: 10m
      #   memory: 32Mi

# -- Specifies `dnsOptions` to deployment
dnsConfig: {}