Helm Chart Values

Here is the reference for the customizable values for Helm installation. See Helm installation documentation for more information.

Values

Key	Description
global (object)	Global configuration Default: {"imagePullSecrets":[],"imageRegistry":""}
global.imageRegistry (string)	Global Docker image registry Default: ""
global.imagePullSecrets (list)	Global Docker registry secret names as an array Default: []
hostname (string)	Hostname for the GitGuardian application (without https://) Default: "gitguardian.example.com"
commonLabels (object)	Custom labels to add to all resources (includes commonMatchLabels) Format: name: value Default: {}
postgresql (object)	PostgreSQL Database configuration Default: Not set
postgresql.host (string)	PostgreSQL Database host name Default: ""
postgresql.port (int)	PostgreSQL Database host port Default: 5432
postgresql.username (string)	PostgreSQL Database user name Default: ""
postgresql.password (string)	PostgreSQL Database user password Should preferably be set in existing secret (see: postgresql.existingSecret) Default: ""
postgresql.tls.mode (string)	PostgreSQL Database SSL mode Possible values: disable, allow, prefer, require, verify-ca, verify-full See: PostgreSQL SSL Mode Descriptions Default: "allow"
postgresql.tls.crt (string)	PostgreSQL Database Client certificate Should preferably be set in existing secret (see: postgresql.existingSecret) Default: ""
postgresql.tls.key (string)	PostgreSQL Database Client certificate private key Should preferably be set in existing secret (see: postgresql.existingSecret) Default: ""
postgresql.tls.caCrt (string)	PostgreSQL Database Custom Certificate Authority Should preferably be set in existing secret (see: postgresql.existingSecret) Default: ""
postgresql.existingSecret (string)	Secret used to store PostgreSQL password and Certificates (preferred method) Default: ""
postgresql.existingSecretKeys (object)	Keys used for PostgreSQL Database secrets when using an existing secret
postgresql.existingSecretKeys.password (string)	Existing secret key where to store PostgreSQL Database user password Default: "POSTGRES_PASSWORD"
postgresql.existingSecretKeys.tls.crt (string)	Existing secret key where to store PostgreSQL Database Client certificate Default: "pg_client.crt"
postgresql.existingSecretKeys.tls.key (string)	Existing secret key where to store PostgreSQL Database Client certificate private key Default: "pg_client.key"
postgresql.existingSecretKeys.tls.caCrt (string)	Existing secret key where to store PostgreSQL Database Custom Certificate Authority Default: "pg_server.ca_crt"
redis (object)	Redis Database configuration You can either provide a full qualified URI or fill each parts in dedicated fields Redis is used as a broker and result backend for celery and as a Commit Cache Default: Not set
redis.main.url (string)	Full qualified URI of Redis Instance Should preferably be set in existing secret (see: redis.main.existingSecret) This values is not used if using Redis Sentinel Default: ""
redis.main.user (string)	Redis Instance user (if redis.main.url is not specified) / Redis Sentinel master name Default: ""
redis.main.password (string)	Redis Instance password (if redis.main.url is not specified) / Redis Sentinel master password Should preferably be set in existing secret (see: redis.main.existingSecret) Default: ""
redis.main.host (string)	Redis Instance host name (if redis.main.url is not specified) This values is not used if using Redis Sentinel Default: ""
redis.main.port (int)	Redis Instance host port (if redis.main.url is not specified) Default: 6379
redis.main.sentinel (object)	Redis Sentinel dedicated parameters (works along with redis.main.url) Default: {"enabled":false,"masterServiceName":"","password":"","url":"","user":""}
redis.main.sentinel.enabled (bool)	Redis Sentinel enabler Default: false
redis.main.sentinel.url (string)	Redis Sentinel instances list. Format: sentinel-1:26379,sentinel-2:26379 Should preferably be set in existing secret (see: redis.main.existingSecret) Default: ""
redis.main.sentinel.user (string)	Redis Sentinel master user Default: ""
redis.main.sentinel.password (string)	Redis Sentinel master password Should preferably be set in existing secret (see: redis.main.existingSecret) Default: ""
redis.main.sentinel.masterServiceName (string)	Redis Sentinel master service name Default: ""
redis.main.tls (object)	Redis Instance TLS configuration Default: Not set
redis.main.tls.enabled (bool)	Enable redis TLS (if redis.main.url is not specified) Default: false
redis.main.tls.requireServerCert (bool)	Enable redis server certificate check If true, you must provide a rediss:// URL Scheme for redis.main.url Default: false
redis.main.tls.crt (string)	Redis Instance Client certificate Should preferably be set in existing secret (see: redis.main.existingSecret) Default: ""
redis.main.tls.key (string)	Redis Instance Client certificate private key Should preferably be set in existing secret (see: redis.main.existingSecret) Default: ""
redis.main.tls.caCrt (string)	Redis Instance Custom Certificate Authority Should preferably be set in existing secret (see: redis.main.existingSecret) Default: ""
redis.main.existingSecret (string)	Secret used to store Redis Instance URL or password and Certificates (preferred method) Default: ""
redis.main.existingSecretKeys (object)	Keys used for Redis secrets when using an existing secret
redis.main.existingSecretKeys.tls.crt (string)	Existing secret key where to store Redis Instance Client certificate Default: "redis_client.crt"
redis.main.existingSecretKeys.tls.key (string)	Existing secret key where to store Redis Instance Client certificate private key Default: "redis_client.key"
redis.main.existingSecretKeys.tls.caCrt (string)	Existing secret key where to store Redis Instance Custom Certificate Authority Default: "redis_server.ca_crt"
redis.main.existingSecretKeys.sentinel.url (string)	Redis Sentinel instances list Default: ""
redis.main.existingSecretKeys.sentinel.password (string)	Redis Sentinel password Default: ""
redis.commitCache.enabled (bool)	Enable a separate Redis instance dedicated to the Commit Cache feature. Commit Cache feature allows to not scan already scanned commit by saving in Redis scan results. If not enabled, main Redis instance will be used for the Commit Cache Default: false
redis.commitCache.url (string)	Full qualified URI of Redis Instance Should preferably be set in existing secret (see: redis.commitCache.existingSecret) Default: ""
redis.commitCache.user (string)	Redis Instance user name (if redis.commitCache.url is not specified) Default: ""
redis.commitCache.password (string)	Redis Instance user password (if redis.commitCache.url is not specified) Should preferably be set in existing secret (see: redis.commitCache.existingSecret) Default: ""
redis.commitCache.host (string)	Redis Instance host name (if redis.commitCache.url is not specified) Default: ""
redis.commitCache.port (int)	Redis Instance host port (if redis.commitCache.url is not specified) Default: 6379
redis.commitCache.tls (object)	Redis Instance TLS configuration Default: Not set
redis.commitCache.tls.enabled (bool)	Enable redis TLS (if redis.main.url is not specified) Default: false
redis.commitCache.tls.requireServerCert (bool)	Enable redis server certificate check If true, you must provide a rediss:// URL Scheme for REDIS_URL Default: false
redis.commitCache.tls.crt (string)	Redis Instance Client certificate Should preferably be set in existing secret (see: redis.commitCache.existingSecret) Default: ""
redis.commitCache.tls.key (string)	Redis Instance Client certificate private key Should preferably be set in existing secret (see: redis.commitCache.existingSecret) Default: ""
redis.commitCache.tls.caCrt (string)	Redis Instance Custom Certificate Authority Should preferably be set in existing secret (see: redis.commitCache.existingSecret) Default: ""
redis.commitCache.existingSecret (string)	Secret used to store Redis Instance URL or password and Certificates (preferred method) Default: ""
redis.commitCache.existingSecretKeys (object)	Keys used for Redis secrets when using an existing secret
redis.commitCache.existingSecretKeys.tls.crt (string)	Existing secret key where to store Redis Instance Client certificate Default: "redis_client.crt"
redis.commitCache.existingSecretKeys.tls.key (string)	Existing secret key where to store Redis Instance Client certificate private key Default: "redis_client.key"
redis.commitCache.existingSecretKeys.tls.caCrt (string)	Existing secret key where to store Redis Instance Custom Certificate Authority Default: "redis_server.ca_crt"
miscEncryption (object)	Encryption keys configuration Django Secret Key, X509 certificate and key are auto-generated during installation if not set Default: Auto-generated
miscEncryption.djangoSecretKey (string)	Encryption key for sensitive database fields. Auto-generated at first install if empty (preferred method) IMPORTANT The key should be kept in a safe place at it is required to access all sensitive information in the database Default: Auto-generated
miscEncryption.dbEncryptionKeys (string)	DB encryption secrets (optional, only needed for djangoSecretKey key rotation) Default: ""
miscEncryption.existingSecret (string)	Secret used to store encryption secrets Default: ""
miscEncryption.existingSecretKeys (object)	Keys used for encryption secrets when using an existing secret
miscEncryption.existingSecretKeys.djangoSecretKey (string)	Existing secret key where to store Django Secret Key Auto-generated at first install if empty (preferred method) Default: "DJANGO_SECRET_KEY"
miscEncryption.existingSecretKeys.dbEncryptionKeys (string)	Existing secret key where to store DB encryption keys (optional, only needed for djangoSecretKey key rotation) Default: "ENCRYPTION_KEYS"
miscEncryption.existingSecretKeys.x509Cert (string)	Existing secret key where to store certificate for SAML/SSO auth Auto-generated at first install if empty (preferred method) Default: "SP_X509_CERT"
miscEncryption.existingSecretKeys.x509PrivateKey (string)	Existing secret key where to store certificate private key for SAML/SSO auth Auto-generated at first install if empty (preferred method) Default: "SP_PRIVATE_KEY"
externalSecrets.enabled (bool)	Enable https://external-secrets.io/ Default: false
externalSecrets.path (string)	External Secret Path Default: ""
externalSecrets.secretStoreRef.kind (string)	https://external-secrets.io/ Class Default: "SecretStore"
externalSecrets.secretStoreRef.name (string)	https://external-secrets.io/ Name Default: "vault"
front (object)	Frontend configuration The Frontend serves the Dashboard and acts as a proxy for other web deployments
front.nginx.replicas (int)	Dashboard Frontend replicas count Default: 1
front.nginx.nodeSelector (object)	Node selection constraint for Frontend Default: {}
front.nginx.tolerations (list)	Schedule Frontend pods with matching taints Default: []
front.nginx.resources (object)	Dashboard Frontend resources Default: {"requests":{"cpu":"200m","memory":"500Mi"}}
front.service.type (string)	Service type. Can be ClusterIP, NodePort or LoadBalancer Default: "ClusterIP"
front.service.port (int)	Dashboard Frontend Service port Default: 80
front.service.annotations (object)	Dashboard Frontend Service annotations Default: {}
front.ingress.enabled (bool)	Enable ingress resource Default: false
front.ingress.pathType (string)	Ingress Path type Default: "Prefix"
front.ingress.ingressClassName (string)	IngressClass that will be used to implement the Ingress Default: ""
front.ingress.path (string)	The routing path to the GitGuardian instance. You may need to set this to '/*' in order to use this with ALB ingress controllers. Default: "/"
front.ingress.annotations (object)	Additional annotations for the Ingress resource. Default: {}
front.ingress.labels (object)	Additional labels for the Ingress resource. Default: {}
webapps (object)	Backend deployments configuration
webapps.internal_api.replicas (int)	Internal API replicas count Default: 1
webapps.internal_api.nodeSelector (object)	Node selection constraint for Internal API Default: {}
webapps.internal_api.tolerations (list)	Schedule Internal API pods with matching taints Default: []
webapps.internal_api_long.replicas (int)	Internal API for long requests replicas count Default: 1
webapps.internal_api_long.nodeSelector (object)	Node selection constraint for Internal long API Default: {}
webapps.internal_api_long.tolerations (list)	Schedule Internal long API pods with matching taints Default: []
webapps.public_api.replicas (int)	Public API (used for ggshield scans) replicas count Default: 1
webapps.public_api.nodeSelector (object)	Node selection constraint for Public API Default: {}
webapps.public_api.tolerations (list)	Schedule Public API pods with matching taints Default: []
webapps.hook.replicas (int)	VCS Webhooks Receivers replicas count Default: 1
webapps.hook.nodeSelector (object)	Node selection constraint for Hook Default: {}
webapps.hook.tolerations (list)	Schedule Hook pods with matching taints Default: []
webapps.app_exporter.replicas (string)	Prometheus exporter replicas count Will be set to 1 if .Values.observability.exporter.statefulAppExporter.enabled is true Default: 0
webapps.app_exporter.nodeSelector (object)	Node selection constraint for App Exporter Default: {}
webapps.app_exporter.tolerations (list)	Schedule App Exporter pods with matching taints Default: []
celeryWorkers (object)	Asynchronous Workers deployments configuration
celeryWorkers.worker.queues (string)	Queues consumed by default workers Default: "celery,check_run,realtime,realtime_retry,honeytoken"
celeryWorkers.worker.replicas (int)	Default workers (incl. realtime scans) replicas count Default: 2
celeryWorkers.worker.nodeSelector (object)	Node selection constraint for Default Worker Default: {}
celeryWorkers.worker.tolerations (list)	Schedule Default Worker pods with matching taints Default: []
celeryWorkers.worker.ephemeralStorage (object)	Worker ephemeral storage Default: {"annotations":{},"enabled":false,"labels":{},"size":"1Gi","storageClass":""}
celeryWorkers.email.queues (string)	Queues consumed by Messaging workers Default: "email,notifier"
celeryWorkers.email.replicas (int)	Messaging workers replicas count Default: 2
celeryWorkers.email.nodeSelector (object)	Node selection constraint for Email Worker Default: {}
celeryWorkers.email.tolerations (list)	Schedule Email Worker pods with matching taints Default: []
celeryWorkers.email.ephemeralStorage (object)	Worker ephemeral storage Default: {"annotations":{},"enabled":false,"labels":{},"size":"1Gi","storageClass":""}
celeryWorkers.scanners.queues (string)	Queues consumed by Historical Scan workers Default: "basic_repo_scan,premium_repo_scan,manual_repo_scan"
celeryWorkers.scanners.replicas (int)	Historical Scan workers replicas count Default: 2
celeryWorkers.scanners.nodeSelector (object)	Node selection constraint for Scanner Worker Default: {}
celeryWorkers.scanners.tolerations (list)	Schedule Scanner Worker pods with matching taints Default: []
celeryWorkers.scanners.ephemeralStorage (object)	Worker ephemeral storage Default: {"annotations":{},"enabled":false,"labels":{},"size":"1Gi","storageClass":""}
celeryWorkers.scanners_ods.queues (string)	Queues consumed by non-VCS Historical Scan workers Default: "ods_scan"
celeryWorkers.scanners_ods.replicas (int)	Non-VCS Historical Scan workers replicas count Default: 0
celeryWorkers.scanners_ods.ephemeralStorage (object)	Non-VCS Historical Scan worker ephemeral storage Default: {"annotations":{},"enabled":false,"labels":{},"size":"1Gi","storageClass":""}
celeryWorkers.realtime-ods.queues (string)	Realtime ODS worker Default: "realtime_ods,realtime_retry_ods"
celeryWorkers.realtime-ods.replicas (int)	ODS workers (incl. realtime scans) replicas count Default: 2
celeryWorkers.realtime-ods.ephemeralStorage (object)	Realtime ODS worker ephemeral storage Default: {"annotations":{},"enabled":false,"labels":{},"size":"1Gi","storageClass":""}
celeryWorkers.long.queues (string)	Queues consumed by Long Tasks workers Default: "celery_long"
celeryWorkers.long.replicas (int)	Long Tasks workers replicas count Default: 2
celeryWorkers.long.nodeSelector (object)	Node selection constraint for Long Worker Default: {}
celeryWorkers.long.tolerations (list)	Schedule Long Worker pods with matching taints Default: []
celeryWorkers.long.ephemeralStorage (object)	Schedule Long Worker ephemeral storage Default: {"annotations":{},"enabled":false,"labels":{},"size":"1Gi","storageClass":""}
beat (object)	Asynchronous tasks scheduler
beat.replicas (int)	Asynchronous tasks scheduler replicas count Default: 1
beat.resources (object)	Asynchronous tasks scheduler resources Default: {"requests":{"cpu":"10m","memory":"200Mi"}}
onPrem.adminUser (object)	GitGuardian Admin User A temporary password has to be set in secret "gim-secrets" under ADMIN_PASSWORD key. You'll be asked to change this password on your connection Default: {"email":"admin@example.com","firstname":"Admin"}
replicated (object)	Replicated SDK configuration Default: {"extraEnv":[{"name":"HTTP_PROXY","value":""},{"name":"HTTPS_PROXY","value":""},{"name":"NO_PROXY","value":""}],"imagePullSecrets":[],"images":{"replicated-sdk":"replicated/replicated-sdk:v1.0.0-beta.16"},"isAirgap":false}
replicated.images (object)	Replicated image configuration, this cannot benefit from global values ! Default: {"replicated-sdk":"replicated/replicated-sdk:v1.0.0-beta.16"}
replicated.images.replicated-sdk (string)	Replicated SDK full image path Default: "replicated/replicated-sdk:v1.0.0-beta.16"
replicated.imagePullSecrets (list)	Image pullsecrets Default: []
replicated.extraEnv (list)	Replicated SDK env vars Default: [{"name":"HTTP_PROXY","value":""},{"name":"HTTPS_PROXY","value":""},{"name":"NO_PROXY","value":""}]
replicated.isAirgap (bool)	- Disable Replicated outbound connections Default: false
sentry.enabled (bool)	Enable Sentry tracing Default: false
sentry.apm.enabled (bool)	Enable Sentry APM Default: false
sentry.dsn (string)	Sentry Data Source Name URL Default: "https://sentry.io"
tls (object)	HTTPS TLS configuration You can manage the certificate manually or use https://cert-manager.io/
tls.certManager.enabled (bool)	Use https://cert-manager.io/ instead of a manual certificate Default: false
tls.certManager.certificatesSecret (string)	Name of the created cert-manager Certificate object Default: "gitguardian-certificate"
tls.certManager.certificatesNamespace (string)	Namespace where certificate will be created Default: .Release.Namespace
tls.certManager.issuer.kind (string)	https://cert-manager.io/ Issuer Class Default: "ClusterIssuer"
tls.certManager.issuer.name (string)	https://cert-manager.io/ Issuer Name Default: "gitguardian"
tls.customCa (object)	Custom Certificate Authority certificate for integrations (VCS, notifiers, webhooks, ...)
tls.customCa.caCert (string)	Certificates full chain in the PEM format Should preferably be set in existing secret (see: tls.customCa.existingSecret) Default: ""
tls.customCa.existingSecret (string)	Existing secret containing certificates full chain in the PEM format Default: ""
tls.customCa.existingSecretCaCertKey (string)	Key name of the certificate entry Default: "custom-ca.pem"
tls.customCa.image (object)	Custom CA nginx-unprivileged (used for init-containers only) image configuration Default: {"name":"services/nginx-unprivileged","pullSecrets":[],"registry":"513715405986.dkr.ecr.us-west-2.amazonaws.com","tag":"stable"}
tls.customCa.image.registry (string)	Registry source to fetch the image Empty = from dockerhub Default: "513715405986.dkr.ecr.us-west-2.amazonaws.com"
tls.customCa.image.name (string)	Image name Default: "services/nginx-unprivileged"
tls.customCa.image.tag (string)	Image tag Default: "stable"
tls.customCa.image.pullSecrets (list)	Image pullsecrets Default: []
networkPolicy.enabled (bool)	Use default network policy. If enabled, you must ensure ingress traffic is allowed to nginx Default: false
securityContext.enabled (bool)	Enable security Context in deployments. Set to false when deploying on OpenShift Default: true
containerSecurityContext (object)	Specify Container Security Context in deployments. Note: Enabled if securityContext.enabled is true. Default: {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"seccompProfile":{"type":"RuntimeDefault"}}
argoCd.enabled (bool)	Enable ArgoCD hook and sync-wave annotations Default: false
istio.enabled (bool)	Enable https://istio.io/ If istio is deactivated, you must configure your own ingress redirecting to nginx service on port 80, or set the service to be LoadBalancer Default: false
istio.gateway.name (string)	Istio Gateway name Default: "{{.Release.Name}}-{{.Release.Namespace}}"
istio.gateway.namespace (string)	Istio Gateway namespace Default: "istio-system"
observability.exporters (object)	Prometheus exporters configuration
observability.exporters.webAppExporter.enabled (bool)	Enable GitGuardian Applicative metrics on Webapp pods and Celery Workers Default: false
observability.exporters.statefulAppExporter.enabled (bool)	Enable Stateful metrics on Applicative Exporter See: https://docs.gitguardian.com/self-hosting/management/application-management/metrics Default: false
observability.exporters.statefulAppExporter.resources (object)	Applicative Exporter resources Default: {"requests":{"cpu":"100m","memory":"500Mi"}}
observability.serviceMonitors.enabled (bool)	Enable ServiceMonitors for Prometheus Operator Note: this requires to install Prometheus Operator (not included in this chart) See: https://prometheus-operator.dev Default: false
rbac (object)	Gitguardian pods will use a limited role if enabled Default: {"enabled":true}
rbac.enabled (bool)	Creates a Role and bind it to GitGuardian ServiceAccount (see serviceAccount.name) Default: true
serviceAccount (object)	GitGuardian Pods are using this ServiceAccount Default: {"annotations":{},"autoMount":true,"create":true,"labels":{},"name":"gim"}
serviceAccount.create (bool)	create the serviceAccount Default: true
serviceAccount.name (string)	name of the serviceAccount (if serviceAccount.create is false, it must exists prior to chart deployment) Default: "gim"
migration.resources (object)	Pre/Post Deployment Jobs resources Default: {"requests":{"cpu":"100m","memory":"100Mi"}}
migration.serviceAccount (object)	GitGuardian migration pods are using this ServiceAccount Default: {"annotations":{},"autoMount":true,"create":true,"labels":{},"name":"gim-migration"}
migration.serviceAccount.create (bool)	create the migration serviceAccount Default: true
migration.serviceAccount.name (string)	name of the serviceAccount (if migration.serviceAccount.create is false, it must exists prior to chart deployment) Default: "gim-migration"
proxy (object)	HTTP(s) proxy configuration You can configure a proxy server for outgoing traffic from the application Default: Not set
proxy.httpProxyUrl (string)	Url of the proxy server to be used for HTTP requests Username and password in the url are not supported Default: nil
proxy.httpsProxyUrl (string)	Url of the proxy server to be used for HTTPS requests Username and password in the url are not supported Default: nil
proxy.noProxyHostNames (list)	List of host names through which the traffic should not go via the proxy Default: []
experimental (object)	Experimental features Default: Not set
experimental.chainguard (bool)	Enable Chainguard images for backend and frontend GitGuardian images Default: true

Helm Chart Changes Between Versions

This section outlines the version-to-version changes in the Helm chart values, providing information into updates, new features, and deprecations.

2024.4.0 versus 2024.3.0

New:

• Added commonLabels to add custom labels to differentiate multiple GitGuardian deployments within the same Kubernetes cluster.
• Introduce ephemeralStorage option for all celeryWorkers to support Generic Ephemeral Inline Volumes.
• Introduced new celeryWorkers.realtime-ods worker for Other Data Sources (ODS) real time scanning.

Updated:

• Modified celeryWorkers.worker.queues and moved realtime_ods,realtime_retry_ods tasks into new celeryWorkers.realtime-ods.queue.

2024.3.0 versus 2024.2.0

Updated:

• Updated default value replicated.images.replicated-sdk from v1.0.0-beta.14 to v1.0.0-beta.16.
• Decreased the default value of celeryWorkers.scanners_ods.replicas from 2 to 0.

2024.2.0 versus 2024.1.0

New:

• Added redis.main.sentinel configuration options for managing Redis Sentinel settings.
• Introduced new settings for redis.main.existingSecretKeys.sentinel.url and redis.main.existingSecretKeys.sentinel.password.
• Added miscEncryption.dbEncryptionKeys and miscEncryption.existingSecretKeys.dbEncryptionKeys for database encryption key management.
• Introduced new celeryWorkers.scanners_ods worker for Other Data Sources (ODS) scanning.

Updated:

• Updated default value replicated.images.replicated-sdk from v1.0.0-beta.12 to v1.0.0-beta.14.

Removed:

• Removed observability.exporters.celeryExporter.

2024.1.0 versus 2023.12.0

New:

• Expanded nodeSelector and tolerations settings across multiple services: front.nginx, webapps.internal_api, webapps.internal_api_long, webapps.public_api, webapps.hook, webapps.app_exporter, celeryWorkers.worker, celeryWorkers.email, celeryWorkers.scanners, and celeryWorkers.long.
• New replicated.isAirgap setting to manage air-gapped environments.
• Introduced tls.customCa.image configuration for custom CA management.
• Added new settings related to Kubernetes Roles and RoleBindings: rbac.enabled, serviceAccount.create, serviceAccount.name, migration.serviceAccount.create, and migration.serviceAccount.name.

Updated:

• Added new tasks realtime_ods,realtime_retry_ods to celeryWorkers.worker.queues to support additional task types.
• Enabled experimental.chainguard by default, changing from false to true, to utilize Chainguard images for backend and frontend services.

Was this page helpful?