helm-external-secrets/deploy/charts/external-secrets/values.yaml

replicaCount: 1

image:
  repository: ghcr.io/external-secrets/external-secrets
  pullPolicy: IfNotPresent
  # -- The image tag to use. The default is the chart appVersion.
  tag: ""

# -- If set, install and upgrade CRDs through helm chart.
installCRDs: true

crds:
  # -- If true, create CRDs for Cluster External Secret.
  createClusterExternalSecret: true
  # -- If true, create CRDs for Secret Store.
  createClusterSecretStore: true
  # -- If true, create CRDs for External Secret.
  createExternalSecret: true
  # -- If true, create CRDs for Secret Store.
  createSecretStore: true

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

# -- If true, external-secrets will perform leader election between instances to ensure no more
# than one instance of external-secrets operates at a time.
leaderElect: false

# -- If set external secrets will filter matching
# Secret Stores with the appropriate controller values.
controllerClass: ""

# -- If set external secrets are only reconciled in the
# provided namespace
scopedNamespace: ""

# -- Must be used with scopedNamespace. If true, create scoped RBAC roles under the scoped namespace
# and implicitly disable cluster stores and cluster external secrets
scopedRBAC: false

# -- if true, the operator will process cluster external secret. Else, it will ignore them.
processClusterExternalSecret: true

# -- if true, the operator will process cluster store. Else, it will ignore them.
processClusterStore: true

# -- Specifies whether an external secret operator deployment be created.
createOperator: true

# -- Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at
# a time.
concurrent: 1

serviceAccount:
  # -- Specifies whether a service account should be created.
  create: true
  # -- Annotations to add to the service account.
  annotations: {}
  # -- The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template.
  name: ""

rbac:
  # -- Specifies whether role and rolebinding resources should be created.
  create: true

## -- Extra environment variables to add to container.
extraEnv: []

## -- Map of extra arguments to pass to container.
extraArgs: {}

# -- Annotations to add to Deployment
deploymentAnnotations: {}

# -- Annotations to add to Pod
podAnnotations: {}

podLabels: {}

podSecurityContext: {}
  # fsGroup: 2000

securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000

resources: {}
  # requests:
  #   cpu: 10m
  #   memory: 32Mi

prometheus:
  # -- Specifies whether to expose Service resource for collecting Prometheus metrics
  enabled: false
  service:
    port: 8080

nodeSelector: {}

tolerations: []

affinity: {}

# -- Pod priority class name.
priorityClassName: ""

webhook:
  # -- Specifies whether a webhook deployment be created.
  create: true
  certCheckInterval: "5m"
  replicaCount: 1
  certDir: /tmp/certs
  image:
    repository: ghcr.io/external-secrets/external-secrets
    pullPolicy: IfNotPresent
  # -- The image tag to use. The default is the chart appVersion.
    tag: ""
  imagePullSecrets: []
  nameOverride: ""
  fullnameOverride: ""
  rbac:
  # -- Specifies whether role and rolebinding resources should be created.
    create: true
  serviceAccount:
    # -- Specifies whether a service account should be created.
    create: true
    # -- Annotations to add to the service account.
    annotations: {}
    # -- The name of the service account to use.
    # If not set and create is true, a name is generated using the fullname template.
    name: ""
  nodeSelector: {}

  tolerations: []

  affinity: {}

    # -- Pod priority class name.
  priorityClassName: ""
  prometheus:
      # -- Specifies whether to expose Service resource for collecting Prometheus metrics
    enabled: false
    service:
      port: 8080
    ## -- Extra environment variables to add to container.
  extraEnv: []

    ## -- Map of extra arguments to pass to container.
  extraArgs: {}

    # -- Annotations to add to Deployment
  deploymentAnnotations: {}

    # -- Annotations to add to Pod
  podAnnotations: {}

  podLabels: {}

  podSecurityContext: {}
      # fsGroup: 2000

  securityContext: {}
      # capabilities:
      #   drop:
      #   - ALL
      # readOnlyRootFilesystem: true
      # runAsNonRoot: true
      # runAsUser: 1000

  resources: {}
      # requests:
      #   cpu: 10m
      #   memory: 32Mi

certController:
  # -- Specifies whether a certificate controller deployment be created.
  create: true
  requeueInterval: "5m"
  image:
    repository: ghcr.io/external-secrets/external-secrets
    pullPolicy: IfNotPresent
    tag: ""
  imagePullSecrets: []
  nameOverride: ""
  fullnameOverride: ""
  rbac:
  # -- Specifies whether role and rolebinding resources should be created.
    create: true
  serviceAccount:
    # -- Specifies whether a service account should be created.
    create: true
    # -- Annotations to add to the service account.
    annotations: {}
    # -- The name of the service account to use.
    # If not set and create is true, a name is generated using the fullname template.
    name: ""
  nodeSelector: {}

  tolerations: []

  affinity: {}

    # -- Pod priority class name.
  priorityClassName: ""
  prometheus:
      # -- Specifies whether to expose Service resource for collecting Prometheus metrics
    enabled: false
    service:
      port: 8080
    ## -- Extra environment variables to add to container.
  extraEnv: []

    ## -- Map of extra arguments to pass to container.
  extraArgs: {}

    # -- Annotations to add to Deployment
  deploymentAnnotations: {}

    # -- Annotations to add to Pod
  podAnnotations: {}

  podLabels: {}

  podSecurityContext: {}
      # fsGroup: 2000

  securityContext: {}
      # capabilities:
      #   drop:
      #   - ALL
      # readOnlyRootFilesystem: true
      # runAsNonRoot: true
      # runAsUser: 1000

  resources: {}
      # requests:
      #   cpu: 10m
      #   memory: 32Mi