Helm Chart Values 2025.9.0
| Key | Description |
|---|---|
| global (object) | Global configuration Default: {"compatibility":{"openshift":{"adaptSecurityContext":"auto"}},"fipsEnabled":false,"image":{"registry":null},"imagePullSecrets":[],"imageRegistry":"","priorityClassName":""} |
| global.imageRegistry (string) | Global Docker image registry Default: "" |
| global.image.registry (string) | Use the same value as global.imageRegistry here (for compatibility)Default: nil |
| global.imagePullSecrets (list) | Global Docker registry secret names as an array Default: [] |
| global.fipsEnabled (bool) | Enable the use of FIPS compliant images Default: false |
| global.compatibility.openshift.adaptSecurityContext (string) | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) Default: "auto" |
| global.priorityClassName (string) | Default priority class for all components Default: "" |
| hostname (string) | Hostname for the GitGuardian application (without https://) Default: "gitguardian.example.com" |
| commonLabels (object) | Custom labels to add to all resources (includes commonMatchLabels) Format: name: valueDefault: {} |
| commonTolerations (list) | Common tolerations applied to all workloads Default: [] |
| postgresql (object) | PostgreSQL Database configuration Default: Not set |
| postgresql.host (string) | PostgreSQL Database host name Default: "" |
| postgresql.port (int) | PostgreSQL Database host port Default: 5432 |
| postgresql.username (string) | PostgreSQL Database user name Default: "" |
| postgresql.password (string) | PostgreSQL Database user password Should preferably be set in existing secret (see: postgresql.existingSecret)Default: "" |
| postgresql.tls.mode (string) | PostgreSQL Database SSL mode Possible values: disable, allow, prefer, require, verify-ca, verify-full See: PostgreSQL SSL Mode Descriptions Default: "allow" |
| postgresql.tls.crt (string) | PostgreSQL Database Client certificate Should preferably be set in existing secret (see: postgresql.existingSecret)Default: "" |
| postgresql.tls.key (string) | PostgreSQL Database Client certificate private key Should preferably be set in existing secret (see: postgresql.existingSecret)Default: "" |
| postgresql.tls.caCrt (string) | PostgreSQL Database Custom Certificate Authority Should preferably be set in existing secret (see: postgresql.existingSecret)Default: "" |
| postgresql.tls.existingSecretKeys.crt (string) | Existing secret key where to store PostgreSQL Database Client certificate Default: "" |
| postgresql.tls.existingSecretKeys.key (string) | Existing secret key where to store PostgreSQL Database Client certificate private key Default: "" |
| postgresql.tls.existingSecretKeys.caCrt (string) | Existing secret key where to store PostgreSQL Database Custom Certificate Authority Default: "" |
| postgresql.existingSecret (string) | Secret used to store PostgreSQL password and Certificates (preferred method) Default: "" |
| postgresql.existingSecretKeys (object) | Keys used for PostgreSQL Database secrets when using an existing secret |
| postgresql.existingSecretKeys.password (string) | Existing secret key where to store PostgreSQL Database user password Default: "" |
| redis (object) | Redis Database configuration You can either provide a full qualified URI or fill each parts in dedicated fields Redis is used as a broker and result backend for celery and as a Commit Cache Default: Not set |
| redis.main.url (string) | Full qualified URI of Redis Instance Should preferably be set in existing secret (see: redis.main.existingSecret) This values is not used if using Redis SentinelDefault: "" |
| redis.main.user (string) | Redis Instance user (if redis.main.url is not specified) / Redis Sentinel master nameDefault: "" |
| redis.main.password (string) | Redis Instance password (if redis.main.url is not specified) / Redis Sentinel master password Should preferably be set in existing secret (see: redis.main.existingSecret)Default: "" |
| redis.main.host (string) | Redis Instance host name (if redis.main.url is not specified) This values is not used if using Redis SentinelDefault: "" |
| redis.main.port (int) | Redis Instance host port (if redis.main.url is not specified)Default: 6379 |
| redis.main.sentinel (object) | Redis Sentinel dedicated parameters (works along with redis.main.url)Default: {"enabled":false,"masterServiceName":"","password":"","url":"","user":""} |
| redis.main.sentinel.enabled (bool) | Redis Sentinel enabler Default: false |
| redis.main.sentinel.url (string) | Redis Sentinel instances list. Format: sentinel-1:26379,sentinel-2:26379 Should preferably be set in existing secret (see: redis.main.existingSecret)Default: "" |
| redis.main.sentinel.user (string) | Redis Sentinel master user Default: "" |
| redis.main.sentinel.password (string) | Redis Sentinel master password Should preferably be set in existing secret (see: redis.main.existingSecret)Default: "" |
| redis.main.sentinel.masterServiceName (string) | Redis Sentinel master service name Default: "" |
| redis.main.tls (object) | Redis Instance TLS configuration Default: Not set |
| redis.main.tls.enabled (bool) | Enable redis TLS (mandatory, whether using redis.main.url or redis.main.host)Default: false |
| redis.main.tls.requireServerCert (bool) | Enable redis server certificate check If true, you must provide a rediss:// URL Scheme for redis.main.urlDefault: false |
| redis.main.tls.crt (string) | Redis Instance Client certificate Should preferably be set in existing secret (see: redis.main.existingSecret)Default: "" |
| redis.main.tls.key (string) | Redis Instance Client certificate private key Should preferably be set in existing secret (see: redis.main.existingSecret)Default: "" |
| redis.main.tls.caCrt (string) | Redis Instance Custom Certificate Authority Should preferably be set in existing secret (see: redis.main.existingSecret)Default: "" |
| redis.main.tls.existingSecretKeys.crt (string) | Existing secret key where to store Redis Instance Client certificate Default: "" |
| redis.main.tls.existingSecretKeys.key (string) | Existing secret key where to store Redis Instance Client certificate private key Default: "" |
| redis.main.tls.existingSecretKeys.caCrt (string) | Existing secret key where to store Redis Instance Custom Certificate Authority Default: "" |
| redis.main.existingSecret (string) | Secret used to store Redis Instance URL or password and Certificates (preferred method) Default: "" |
| redis.main.existingSecretKeys (object) | Keys used for Redis secrets when using an existing secret |
| redis.main.existingSecretKeys.url (string) | Redis url Default: "" |
| redis.main.existingSecretKeys.password (string) | Redis password (You can't use this parameter with Argo CD, use url parameter instead)Default: "" |
| redis.main.existingSecretKeys.sentinelUrl (string) | Redis Sentinel instances list Default: "" |
| redis.main.existingSecretKeys.sentinelPassword (string) | Redis Sentinel password Default: "" |
| redis.commitCache.enabled (bool) | Enable a separate Redis instance dedicated to the Commit Cache feature. Commit Cache feature allows to not scan already scanned commit by saving in Redis scan results. If not enabled, main Redis instance will be used for the Commit Cache Default: false |
| redis.commitCache.url (string) | Full qualified URI of Redis Instance Should preferably be set in existing secret (see: redis.commitCache.existingSecret)Default: "" |
| redis.commitCache.user (string) | Redis Instance user name (if redis.commitCache.url is not specified)Default: "" |
| redis.commitCache.password (string) | Redis Instance user password (if redis.commitCache.url is not specified) Should preferably be set in existing secret (see: redis.commitCache.existingSecret)Default: "" |
| redis.commitCache.host (string) | Redis Instance host name (if redis.commitCache.url is not specified)Default: "" |
| redis.commitCache.port (int) | Redis Instance host port (if redis.commitCache.url is not specified)Default: 6379 |
| redis.commitCache.tls (object) | Redis Instance TLS configuration Default: Not set |
| redis.commitCache.tls.enabled (bool) | Enable redis TLS (mandatory, whether using redis.commitCache.url or redis.commitCache.host)Default: false |
| redis.commitCache.tls.requireServerCert (bool) | Enable redis server certificate check If true, you must provide a rediss:// URL Scheme for REDIS_URLDefault: false |
| redis.commitCache.tls.crt (string) | Redis Instance Client certificate Should preferably be set in existing secret (see: redis.commitCache.existingSecret)Default: "" |
| redis.commitCache.tls.key (string) | Redis Instance Client certificate private key Should preferably be set in existing secret (see: redis.commitCache.existingSecret)Default: "" |
| redis.commitCache.tls.caCrt (string) | Redis Instance Custom Certificate Authority Should preferably be set in existing secret (see: redis.commitCache.existingSecret)Default: "" |
| redis.commitCache.tls.existingSecretKeys.crt (string) | Existing secret key where to store Redis Instance Client certificate Default: "" |
| redis.commitCache.tls.existingSecretKeys.key (string) | Existing secret key where to store Redis Instance Client certificate private key Default: "" |
| redis.commitCache.tls.existingSecretKeys.caCrt (string) | Existing secret key where to store Redis Instance Custom Certificate Authority Default: "" |
| redis.commitCache.existingSecret (string) | Secret used to store Redis Instance URL or password and Certificates (preferred method) Default: "" |
| redis.commitCache.existingSecretKeys (object) | Keys used for Redis secrets when using an existing secret |
| redis.commitCache.existingSecretKeys.url (string) | Redis url can be set directly, or it will be recomposed from host, user, ... Default: "" |
| redis.commitCache.existingSecretKeys.password (string) | Redis password (You can't use this parameter with Argo CD, use url parameter instead)Default: "" |
| miscEncryption (object) | Encryption keys configuration Django Secret Key, X509 certificate and key are auto-generated during installation if not set Default: Auto-generated |
| miscEncryption.djangoSecretKey (string) | Encryption key for sensitive database fields. Auto-generated at first install if empty (preferred method) IMPORTANT The key should be kept in a safe place at it is required to access all sensitive information in the database Default: Auto-generated |
| miscEncryption.dbEncryptionKeys (string) | DB encryption secrets (optional, only needed for djangoSecretKey key rotation) Default: "" |
| miscEncryption.existingSecret (string) | Secret used to store encryption secrets Default: "" |
| miscEncryption.existingSecretKeys (object) | Keys used for encryption secrets when using an existing secret |
| miscEncryption.existingSecretKeys.djangoSecretKey (string) | Existing secret key where to store Django Secret Key Auto-generated at first install if empty (preferred method) Default: "" |
| miscEncryption.existingSecretKeys.dbEncryptionKeys (string) | Existing secret key where to store DB encryption keys (optional, only needed for djangoSecretKey key rotation) Default: "" |
| miscEncryption.existingSecretKeys.x509Cert (string) | Existing secret key where to store certificate for SAML/SSO auth Auto-generated at first install if empty (preferred method) Default: "" |
| miscEncryption.existingSecretKeys.x509PrivateKey (string) | Existing secret key where to store certificate private key for SAML/SSO auth Auto-generated at first install if empty (preferred method) Default: "" |
| externalSecrets.enabled (bool) | Enable External secrets Default: false |
| externalSecrets.refreshInterval (string) | Specify the refreshInterval for externalSecrets Default: "15s" |
| externalSecrets.path (string) | External Secret Path Default: "" |
| externalSecrets.secretStoreRef.kind (string) | External secrets Class Default: "SecretStore" |
| externalSecrets.secretStoreRef.name (string) | External secrets Name Default: "vault" |
| autoscaling (object) | Autoscaling configuration Default: {"keda":{"prometheus":{}}} |
| autoscaling.keda.prometheus (object) | Prometheus scaler configguration Default: {} |
| front (object) | Frontend configuration The Frontend serves the Dashboard and acts as a proxy for other web deployments |
| front.nginx.replicas (int) | Dashboard Frontend replicas count Default: 1 |
| front.nginx.nodeSelector (object) | Node selection constraint for Frontend Default: {} |
| front.nginx.tolerations (list) | Schedule Frontend pods with matching taints Default: [] |
| front.nginx.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| front.nginx.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| front.nginx.resources (object) | Dashboard Frontend resources Default: {"requests":{"cpu":"100m","memory":"200Mi"}} |
| front.service.type (string) | Service type. Can be ClusterIP, NodePort or LoadBalancer Default: "ClusterIP" |
| front.service.port (int) | Dashboard Frontend Service port Default: 80 |
| front.service.annotations (object) | Dashboard Frontend Service annotations Default: {} |
| webapps (object) | Backend deployments configuration |
| webapps.internal_api.replicas (int) | Internal API replicas count Default: 1 |
| webapps.internal_api.autoscaling.hpa.enabled (bool) | Enable Horizontal Pod Autoscaler Default: false |
| webapps.internal_api.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| webapps.internal_api.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| webapps.internal_api.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| webapps.internal_api.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 10 |
| webapps.internal_api.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"targetLatency":1000} |
| webapps.internal_api.nodeSelector (object) | Node selection constraint for Internal API Default: {} |
| webapps.internal_api.tolerations (list) | Schedule Internal API pods with matching taints Default: [] |
| webapps.internal_api.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| webapps.internal_api.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| webapps.internal_api_long.replicas (int) | Internal API for long requests replicas count Default: 1 |
| webapps.internal_api_long.autoscaling.hpa.enabled (bool) | Enable Horizontal Pod Autoscaler Default: false |
| webapps.internal_api_long.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| webapps.internal_api_long.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| webapps.internal_api_long.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| webapps.internal_api_long.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 10 |
| webapps.internal_api_long.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"targetLatency":1000} |
| webapps.internal_api_long.nodeSelector (object) | Node selection constraint for Internal long API Default: {} |
| webapps.internal_api_long.tolerations (list) | Schedule Internal long API pods with matching taints Default: [] |
| webapps.internal_api_long.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| webapps.internal_api_long.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| webapps.public_api.replicas (int) | Public API (used for ggshield scans) replicas count Default: 1 |
| webapps.public_api.autoscaling.hpa.enabled (bool) | Enable Horizontal Pod Autoscaler Default: false |
| webapps.public_api.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| webapps.public_api.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| webapps.public_api.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| webapps.public_api.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 10 |
| webapps.public_api.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"targetLatency":1000} |
| webapps.public_api.nodeSelector (object) | Node selection constraint for Public API Default: {} |
| webapps.public_api.tolerations (list) | Schedule Public API pods with matching taints Default: [] |
| webapps.public_api.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| webapps.public_api.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| webapps.hook.replicas (int) | VCS Webhooks Receivers replicas count Default: 1 |
| webapps.hook.autoscaling.hpa.enabled (bool) | Enable Horizontal Pod Autoscaler Default: false |
| webapps.hook.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| webapps.hook.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| webapps.hook.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| webapps.hook.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 10 |
| webapps.hook.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"targetLatency":1000} |
| webapps.hook.nodeSelector (object) | Node selection constraint for Hook Default: {} |
| webapps.hook.tolerations (list) | Schedule Hook pods with matching taints Default: [] |
| webapps.hook.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| webapps.hook.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| webapps.app_exporter.replicas (string) | Prometheus exporter replicas count Will be set to 1 if .Values.observability.exporter.statefulAppExporter.enabled is true Default: 0 |
| webapps.app_exporter.autoscaling.hpa.enabled (bool) | Enable Horizontal Pod Autoscaler Default: false |
| webapps.app_exporter.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| webapps.app_exporter.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| webapps.app_exporter.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| webapps.app_exporter.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 10 |
| webapps.app_exporter.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"targetLatency":1000} |
| webapps.app_exporter.nodeSelector (object) | Node selection constraint for App Exporter Default: {} |
| webapps.app_exporter.tolerations (list) | Schedule App Exporter pods with matching taints Default: [] |
| webapps.app_exporter.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| webapps.app_exporter.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| celeryWorkers (object) | Asynchronous Workers deployments configuration |
| celeryWorkers.worker.queues (string) | Queues consumed by default workers Default: "celery,check_run,realtime,realtime_retry,honeytoken,reports" |
| celeryWorkers.worker.replicas (int) | Default workers (incl. realtime scans) replicas count Default: 2 |
| celeryWorkers.worker.autoscaling.hpa.enabled (bool) | Enable Horizontal Pod Autoscaler Default: false |
| celeryWorkers.worker.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| celeryWorkers.worker.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| celeryWorkers.worker.autoscaling.keda.idleReplicaCount (int) | Having this to zero means it can downscale to zero in some case. To disable this, set it's value to ~. Default: 0 |
| celeryWorkers.worker.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| celeryWorkers.worker.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 10 |
| celeryWorkers.worker.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"celery":10,"check_run":10,"honeytoken":10,"realtime":10,"realtime_retry":10,"reports":10} |
| celeryWorkers.worker.nodeSelector (object) | Node selection constraint for Default Worker Default: {} |
| celeryWorkers.worker.tolerations (list) | Schedule Default Worker pods with matching taints Default: [] |
| celeryWorkers.worker.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| celeryWorkers.worker.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| celeryWorkers.worker.ephemeralStorage (object) | Worker ephemeral storage Default: {"annotations":{},"enabled":false,"labels":{},"size":"1Gi","storageClass":""} |
| celeryWorkers.email.queues (string) | Queues consumed by Messaging workers Default: "email,notifier" |
| celeryWorkers.email.replicas (int) | Messaging workers replicas count Default: 2 |
| celeryWorkers.email.autoscaling.hpa.enabled (bool) | Enable Horizontal Pod Autoscaler Default: false |
| celeryWorkers.email.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| celeryWorkers.email.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| celeryWorkers.email.autoscaling.keda.idleReplicaCount (int) | Having this to zero means it can downscale to zero in some case. To disable this, set it's value to ~. Default: 0 |
| celeryWorkers.email.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| celeryWorkers.email.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 10 |
| celeryWorkers.email.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"email":10,"notifier":10} |
| celeryWorkers.email.nodeSelector (object) | Node selection constraint for Email Worker Default: {} |
| celeryWorkers.email.tolerations (list) | Schedule Email Worker pods with matching taints Default: [] |
| celeryWorkers.email.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| celeryWorkers.email.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| celeryWorkers.email.ephemeralStorage (object) | Worker ephemeral storage Default: {"annotations":{},"enabled":false,"labels":{},"size":"1Gi","storageClass":""} |
| celeryWorkers.scanners.queues (string) | Queues consumed by Historical Scan workers Default: "basic_repo_scan,premium_repo_scan,manual_repo_scan" |
| celeryWorkers.scanners.replicas (int) | Historical Scan workers replicas count Default: 2 |
| celeryWorkers.scanners.autoscaling.hpa.enabled (bool) | Enable Horizontal Pod Autoscaler Default: false |
| celeryWorkers.scanners.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| celeryWorkers.scanners.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| celeryWorkers.scanners.autoscaling.keda.idleReplicaCount (int) | Having this to zero means it can downscale to zero in some case. To disable this, set it's value to ~. Default: 0 |
| celeryWorkers.scanners.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| celeryWorkers.scanners.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 10 |
| celeryWorkers.scanners.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"basic_repo_scan":10,"manual_repo_scan":10,"premium_repo_scan":10} |
| celeryWorkers.scanners.nodeSelector (object) | Node selection constraint for Scanner Worker Default: {} |
| celeryWorkers.scanners.tolerations (list) | Schedule Scanner Worker pods with matching taints Default: [] |
| celeryWorkers.scanners.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| celeryWorkers.scanners.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| celeryWorkers.scanners.ephemeralStorage (object) | Worker ephemeral storage Default: {"annotations":{},"enabled":false,"labels":{},"size":"1Gi","storageClass":""} |
| celeryWorkers.long.queues (string) | Queues consumed by Long Tasks workers Default: "celery_long,background_validity_check" |
| celeryWorkers.long.replicas (int) | Long Tasks workers replicas count Default: 2 |
| celeryWorkers.long.autoscaling.hpa.enabled (bool) | Enable Horizontal Pod Autoscaler Default: false |
| celeryWorkers.long.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| celeryWorkers.long.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| celeryWorkers.long.autoscaling.keda.idleReplicaCount (int) | Having this to zero means it can downscale to zero in some case. To disable this, set it's value to ~. Default: 0 |
| celeryWorkers.long.autoscaling.minReplicas (int) | HPA minReplicas Default: 1 |
| celeryWorkers.long.autoscaling.maxReplicas (int) | HPA maxReplicas Default: 10 |
| celeryWorkers.long.autoscaling.metrics (object) | HPA metrics threshold Default: {"background_validity_check":10,"celery_long":10} |
| celeryWorkers.long.nodeSelector (object) | Node selection constraint for Long Worker Default: {} |
| celeryWorkers.long.tolerations (list) | Schedule Long Worker pods with matching taints Default: [] |
| celeryWorkers.long.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| celeryWorkers.long.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| celeryWorkers.long.ephemeralStorage (object) | Schedule Long Worker ephemeral storage Default: {"annotations":{},"enabled":false,"labels":{},"size":"1Gi","storageClass":""} |
| celeryWorkers.scanners-ods.queues (string) | Queues consumed by non-VCS Historical Scan workers Default: "ods_scan" |
| celeryWorkers.scanners-ods.replicas (int) | Non-VCS Historical Scan workers replicas count Default: 0 |
| celeryWorkers.scanners-ods.autoscaling.hpa.enabled (bool) | Enable Horizontal Pod Autoscaler Default: false |
| celeryWorkers.scanners-ods.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| celeryWorkers.scanners-ods.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| celeryWorkers.scanners-ods.autoscaling.keda.idleReplicaCount (int) | Having this to zero means it can downscale to zero in some case. To disable this, set it's value to ~. Default: 0 |
| celeryWorkers.scanners-ods.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| celeryWorkers.scanners-ods.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 10 |
| celeryWorkers.scanners-ods.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"ods_scan":10} |
| celeryWorkers.scanners-ods.nodeSelector (object) | Node selection constraint for Long Worker Default: {} |
| celeryWorkers.scanners-ods.tolerations (list) | Schedule Long Worker pods with matching taints Default: [] |
| celeryWorkers.scanners-ods.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| celeryWorkers.scanners-ods.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| celeryWorkers.scanners-ods.ephemeralStorage (object) | Non-VCS Historical Scan worker ephemeral storage Default: {"annotations":{},"enabled":false,"labels":{},"size":"1Gi","storageClass":""} |
| celeryWorkers.scanners-ods-highdisk.queues (string) | Queues consumed by non-VCS Historical Scan workers Default: "ods_scan_highdisk" |
| celeryWorkers.scanners-ods-highdisk.replicas (int) | Non-VCS Historical Scan workers replicas count Default: 0 |
| celeryWorkers.scanners-ods-highdisk.autoscaling.hpa.enabled (bool) | Enable Horizontal Pod Autoscaler Default: false |
| celeryWorkers.scanners-ods-highdisk.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| celeryWorkers.scanners-ods-highdisk.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| celeryWorkers.scanners-ods-highdisk.autoscaling.keda.idleReplicaCount (int) | Having this to zero means it can downscale to zero in some case. To disable this, set it's value to ~. Default: 0 |
| celeryWorkers.scanners-ods-highdisk.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| celeryWorkers.scanners-ods-highdisk.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 10 |
| celeryWorkers.scanners-ods-highdisk.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"ods_scan_highdisk":10} |
| celeryWorkers.scanners-ods-highdisk.nodeSelector (object) | Node selection constraint for Long Worker Default: {} |
| celeryWorkers.scanners-ods-highdisk.tolerations (list) | Schedule Long Worker pods with matching taints Default: [] |
| celeryWorkers.scanners-ods-highdisk.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| celeryWorkers.scanners-ods-highdisk.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| celeryWorkers.scanners-ods-highdisk.ephemeralStorage (object) | Non-VCS Historical Scan worker ephemeral storage Default: {"annotations":{},"enabled":false,"labels":{},"size":"1Gi","storageClass":""} |
| celeryWorkers.realtime-ods.queues (string) | Queues consumed by default workers Default: "realtime_ods,realtime_retry_ods" |
| celeryWorkers.realtime-ods.replicas (int) | Default workers (incl. realtime scans) replicas count Default: 0 |
| celeryWorkers.realtime-ods.autoscaling.hpa.enabled (bool) | Enable Horizontal Pod Autoscaler Default: false |
| celeryWorkers.realtime-ods.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| celeryWorkers.realtime-ods.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| celeryWorkers.realtime-ods.autoscaling.keda.idleReplicaCount (int) | Having this to zero means it can downscale to zero in some case. To disable this, set it's value to ~. Default: 0 |
| celeryWorkers.realtime-ods.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| celeryWorkers.realtime-ods.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 10 |
| celeryWorkers.realtime-ods.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"realtime_ods":10,"realtime_retry_ods":10} |
| celeryWorkers.realtime-ods.tolerations (list) | Schedule Long Worker pods with matching taints Default: [] |
| celeryWorkers.realtime-ods.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| celeryWorkers.realtime-ods.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| celeryWorkers.realtime-ods.ephemeralStorage (object) | Realtime ODS worker ephemeral storage Default: {"annotations":{},"enabled":false,"labels":{},"size":"1Gi","storageClass":""} |
| celeryWorkers.long-ods.queues (string) | Queues consumed by none-VCS Long Tasks workers Default: "long_ods" |
| celeryWorkers.long-ods.replicas (int) | Non-VCS Long Tasks workers replicas count Default: 0 |
| celeryWorkers.long-ods.autoscaling.hpa.enabled (bool) | Enable Horizontal Pod Autoscaler Default: false |
| celeryWorkers.long-ods.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| celeryWorkers.long-ods.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| celeryWorkers.long-ods.autoscaling.keda.idleReplicaCount (int) | Having this to zero means it can downscale to zero in some case. To disable this, set it's value to ~. Default: 0 |
| celeryWorkers.long-ods.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| celeryWorkers.long-ods.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 15 |
| celeryWorkers.long-ods.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"long_ods":10} |
| celeryWorkers.long-ods.nodeSelector (object) | Node selection constraint for Long Worker Default: {} |
| celeryWorkers.long-ods.tolerations (list) | Schedule Long Worker pods with matching taints Default: [] |
| celeryWorkers.long-ods.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| celeryWorkers.long-ods.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| celeryWorkers.long-ods.ephemeralStorage (object) | Schedule Non-VCS Long Worker ephemeral storage Default: {"annotations":{},"enabled":false,"labels":{},"size":"1Gi","storageClass":""} |
| celeryWorkers.long-ods-io.replicas (int) | Number of replica for Non-VCS workers specialized in IO operations Default: 0 |
| celeryWorkers.long-ods-io.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| celeryWorkers.long-ods-io.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| celeryWorkers.long-ods-io.autoscaling.keda.idleReplicaCount (int) | Having this to zero means it can downscale to zero in some case. To disable this, set it's value to ~. Default: 0 |
| celeryWorkers.long-ods-io.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| celeryWorkers.long-ods-io.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 1 |
| celeryWorkers.long-ods-io.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"long_ods_io":10} |
| celeryWorkers.long-ods-io.tolerations (list) | Schedule Long Worker pods with matching taints Default: [] |
| celeryWorkers.long-ods-io.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| celeryWorkers.long-ods-io.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| celeryWorkers.container-registries.replicas (int) | Number of replica for Container Registries scans Default: 0 |
| celeryWorkers.container-registries.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| celeryWorkers.container-registries.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| celeryWorkers.container-registries.autoscaling.keda.idleReplicaCount (int) | Having this to zero means it can downscale to zero in some case. To disable this, set it's value to ~. Default: 0 |
| celeryWorkers.container-registries.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| celeryWorkers.container-registries.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 1 |
| celeryWorkers.container-registries.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"container_registries":10} |
| celeryWorkers.container-registries.nodeSelector (object) | Node selection constraint for Long Worker Default: {} |
| celeryWorkers.container-registries.tolerations (list) | Schedule Long Worker pods with matching taints Default: [] |
| celeryWorkers.container-registries.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| celeryWorkers.container-registries.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| celeryWorkers.scanners-slack.replicas (int) | Number of replica for Slack scans Default: 0 |
| celeryWorkers.scanners-slack.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| celeryWorkers.scanners-slack.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| celeryWorkers.scanners-slack.autoscaling.keda.idleReplicaCount (int) | Having this to zero means it can downscale to zero in some case. To disable this, set it's value to ~. Default: 0 |
| celeryWorkers.scanners-slack.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| celeryWorkers.scanners-slack.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 4 |
| celeryWorkers.scanners-slack.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"slack_scan":6} |
| celeryWorkers.scanners-slack.nodeSelector (object) | Node selection constraint for Slack Worker Default: {} |
| celeryWorkers.scanners-slack.tolerations (list) | Schedule Slack Worker pods with matching taints Default: [] |
| celeryWorkers.scanners-slack.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| celeryWorkers.scanners-slack.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| celeryWorkers.ml-api-priority.replicas (int) | Number of replica for ML API priority worker Default: 1 |
| celeryWorkers.ml-api-priority.autoscaling.hpa.enabled (bool) | Enable Horizontal Pod Autoscaler Default: false |
| celeryWorkers.ml-api-priority.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| celeryWorkers.ml-api-priority.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| celeryWorkers.ml-api-priority.autoscaling.keda.idleReplicaCount (int) | Having this to zero means it can downscale to zero in some case. To disable this, set it's value to ~. Default: 0 |
| celeryWorkers.ml-api-priority.autoscaling.metrics (object) | Autoscaling metrics threshold Default: {"ml_api_priority":10} |
| celeryWorkers.ml-api-priority.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| celeryWorkers.ml-api-priority.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 1 |
| celeryWorkers.ml-api-priority.nodeSelector (object) | Node selection constraint for Long Worker Default: {} |
| celeryWorkers.ml-api-priority.tolerations (list) | Schedule Long Worker pods with matching taints Default: [] |
| celeryWorkers.ml-api-priority.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| celeryWorkers.ml-api-priority.podAntiAffinityPreset (string) | Pod anti-affinity preset (hard or soft) Default: "soft" |
| beat (object) | Asynchronous tasks scheduler |
| beat.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| beat.resources (object) | Asynchronous tasks scheduler resources Default: {"requests":{"cpu":"10m","memory":"200Mi"}} |
| secretEngine (object) | ML Secret Engine Default: {"autoscaling":{"hpa":{"enabled":false},"keda":{"enabled":false,"triggers":[]},"maxReplicas":1,"metrics":{"bentoml_service_request_in_progress":10},"minReplicas":1},"labels":{},"nodeSelector":{},"pdb":{"enabled":false,"minAvailable":"50%"},"priorityClassName":"","replicas":1,"tolerations":[]} |
| secretEngine.replicas (int) | Number of replicas Default: 1 |
| secretEngine.nodeSelector (object) | Node selection constraint for secret-engine Default: {} |
| secretEngine.tolerations (list) | Schedule secret-engine pods with matching taints Default: [] |
| secretEngine.priorityClassName (string) | priorityClassName (overrides global) Default: "" |
| secretEngine.labels (object) | Additional labels Default: {} |
| secretEngine.pdb.enabled (bool) | Activate PodDisruptionBudget on secret engine Default: false |
| secretEngine.pdb.minAvailable (string) | Minimum percentage of available replicas Default: "50%" |
| secretEngine.autoscaling.hpa.enabled (bool) | Enable HPA on secret engine Default: false |
| secretEngine.autoscaling.keda.enabled (bool) | Enable Keda Autoscaler Default: false |
| secretEngine.autoscaling.keda.triggers (list) | Additional Keda triggers Default: [] |
| secretEngine.autoscaling.minReplicas (int) | Minimum number of workers created by autoscaler Default: 1 |
| secretEngine.autoscaling.maxReplicas (int) | Maximum number of workers created by autoscaler Default: 1 |
| secretEngine.autoscaling.metrics (object) | Metrics Default: {"bentoml_service_request_in_progress":10} |
| onPrem.adminUser (object) | GitGuardian Admin User A temporary password has to be set in secret "gim-secrets" under ADMIN_PASSWORD key. You'll be asked to change this password on your connection Default: {"email":"admin@example.com","existingSecret":"","existingSecretKeys":{"password":""},"firstname":"Admin"} |
| replicated.image.registry (string) | Replicated SDK image registry Default: "proxy.replicated.com/proxy/gitguardian/docker.io" |
| replicated.image.repository (string) | Replicated SDK image repository Default: "replicated/replicated-sdk" |
| replicated.image.tag (string) | Replicated SDK image tag Default: "1.8.0" |
| replicated.imagePullSecrets (list) | Image pullsecrets Default: [{"name":"gim-replicated-registry"}] |
| replicated.extraEnv (list) | Replicated SDK env vars update this to use an existing Secret for proxy urls. gim-proxy is created automatically otherwise. Default: [{"name":"HTTP_PROXY","valueFrom":{"secretKeyRef":{"key":"http_proxy","name":"gim-proxy"}}},{"name":"HTTPS_PROXY","valueFrom":{"secretKeyRef":{"key":"https_proxy","name":"gim-proxy"}}}] |
| replicated.isAirgap (bool) | Disable Replicated outbound connections Default: false |
| replicated.privateCASecret (object) | Specify secret containing Custom Certificate Authority certificate. See GitGuardian doc Default: nil |
| replicated.supportBundle.rbac.role.create (bool) | Create role (optional) for Support Bundle generation Default: false |
| replicated.supportBundle.rbac.clusterRole.create (bool) | Create ClusterRole (optional) for Support Bundle generation Default: false |
| replicated.supportBundle.logs.maxLines (int) | Set the max number of lines in the support bundle logs Default: 10000 |
| ggscout.enabled (bool) | Enable ggscout Default: false |
| ggscout.inventory.config.gitguardian.endpoint (string) | GitGuardian API endpoint (optional; if not specified, the current self-hosted GitGuardian instance URL will be used) Default: "http://public-api:5051/exposed/v1" |
| ggscout.inventory.config.gitguardian.api_token (string) | GitGuardian API token for ggscout, please refer to ggscout Helm configuration Default: "" |
| ggscout.inventory.config.sources (object) | For ggscout inventory sources configuration details, please refer to ggscout Helm chart examples Default: {} |
| ggscout.caBundle.certs (string) | Specify CA certificates to inject (PEM format) Default: "" |
| ggscout.caBundle.existingSecret (string) | Specify the secret containing the CA certificate to inject Default: "" |
| ggscout.caBundle.existingSecretKey (string) | Specify secret key under the CA certificate is stored Default: "ca.crt" |
| sentry.enabled (bool) | Enable Sentry tracing Default: false |
| sentry.apm.enabled (bool) | Enable Sentry APM Default: false |
| sentry.dsn (string) | Sentry Data Source Name URL Default: "https://sentry.io" |
| tls (object) | HTTPS TLS configuration You can manage the certificate manually or use Cert-Manager |
| tls.certManager.enabled (bool) | Use Cert-Manager instead of a manual certificate Default: false |
| tls.certManager.certificatesSecret (string) | Name of the created cert-manager Certificate objectDefault: "gitguardian-certificate" |
| tls.certManager.certificatesNamespace (string) | Namespace where certificate will be created Default: .Release.Namespace |
| tls.certManager.issuer.kind (string) | Cert-Manager Issuer Class Default: "ClusterIssuer" |
| tls.certManager.issuer.name (string) | Cert-Manager Issuer Name Default: "gitguardian" |
| tls.customCa (object) | Custom Certificate Authority certificate for integrations (VCS, notifiers, webhooks, ...) |
| tls.customCa.caCrt (string) | Certificates full chain in the PEM format Should preferably be set in existing secret (see: tls.customCa.existingSecret)Default: "" |
| tls.customCa.existingSecret (string) | Existing secret containing certificates full chain in the PEM format Default: "" |
| tls.customCa.existingSecretKeys.caCrt (string) | Key name of the certificate authority entry Default: "" |
| tls.customCa.image (object) | Custom CA (used for init-containers only) image configuration Default: {"name":"gitguardian/wolfi/bash","pullSecrets":[],"registry":"proxy.replicated.com/proxy/gitguardian/ghcr.io","tag":"latest"} |
| tls.customCa.image.registry (string) | Registry source to fetch the image Empty = from dockerhub Default: "proxy.replicated.com/proxy/gitguardian/ghcr.io" |
| tls.customCa.image.name (string) | Image name Default: "gitguardian/wolfi/bash" |
| tls.customCa.image.tag (string) | Image tag Default: "latest" |
| tls.customCa.image.pullSecrets (list) | Image pullsecrets Default: [] |
| tls.clientAuth (object) | Client (end user) authentication |
| tls.clientAuth.enabled (bool) | Enable client authentication. This is required for Common Access Card Default: false |
| tls.clientAuth.mode (string) | Set client authentication mode (one of enforce, audit). audit mode must be used for initial setup.Default: "enforce" |
| tls.clientAuth.userRegex (string) | Regex to extract the unique user identifier from the certificate DN. You must use a capture group using parenthesis to catch the user ID. Default regex will match 117 here: CN=hubert.bonisseur.delabath.117,O=DGSE,C=FR Default: "(?:.+,)?CN=[^.]+\\.[^.]+\\.[^.]+\\.(\\d+)(?:,.+)?" |
| tls.clientAuth.crt (string) | NGINX Server certificate (PEM) Should preferably be set in existing secret (see: tls.clientAuth.existingSecret)Default: "" |
| tls.clientAuth.key (string) | NGINX Server key (PEM) Should preferably be set in existing secret (see: tls.clientAuth.existingSecret)Default: "" |
| tls.clientAuth.caCrt (string) | NGINX Authority that validates user certificates (PEM) Should preferably be set in existing secret (see: tls.clientAuth.existingSecret)Default: "" |
| tls.clientAuth.crl (object) | Nginx CRL usage for clientAuth Default: {"cron":"0 0 * * *","persistence":{"accessModes":["ReadWriteMany"],"annotations":{},"labels":{},"size":"1Gi","storageClass":""},"url":""} |
| tls.clientAuth.crl.url (string) | Nginx CRL URL. Use a CRL instead of OCSP to check revokations status. Keep empty to use OCSP. Default: "" |
| tls.clientAuth.crl.cron (string) | Nginx CRL refresh cron expression. This example means daily at 00:00 Default: "0 0 * * *" |
| tls.clientAuth.crl.persistence.storageClass (string) | storageClass to use for the CRL PVC Default: "" |
| tls.clientAuth.crl.persistence.accessModes (list) | accessModes to use for the CRL PVC. Use only ReadWriteMany (HA) if available. Default: ["ReadWriteMany"] |
| tls.clientAuth.crl.persistence.size (string) | PVC size Default: "1Gi" |
| tls.clientAuth.crl.persistence.labels (object) | PVC Labels Default: {} |
| tls.clientAuth.crl.persistence.annotations (object) | PVC Annotations Default: {} |
| tls.clientAuth.existingSecret (string) | Existing secret name Default: "" |
| networkPolicy.enabled (bool) | Use default network policy. If enabled, you must ensure ingress traffic is allowed to nginx Default: false |
| securityContext (object) | Specify Pod Security Context. Default: {"enabled":true,"fsGroup":65532,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532} |
| containerSecurityContext (object) | Specify Container Security Context. Note: Enabled if securityContext.enabled is true.Default: {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"seccompProfile":{"type":"RuntimeDefault"}} |
| ingress.enabled (bool) | Enable ingress resource Default: false |
| ingress.controller (string) | Ingress controller in use in the cluster. Mandatory if using istio or experimental.ingressRoutes=true Supported: ingress-nginx / traefik / contour / aws_alb / openshift (Openshift Route) / istioDefault: "ingress-nginx" |
| ingress.path (string) | The routing path to the GitGuardian instance. You may need to set this to '/*' in order to use this with ALB ingress controllers. Default: "/" |
| ingress.pathType (string) | Ingress Path type Default: "Prefix" |
| ingress.ingressClassName (string) | IngressClass that will be used to implement the Ingress Default: "" |
| ingress.annotations (object) | Additional annotations for the Ingress resource. Default: {} |
| ingress.labels (object) | Additional labels for the Ingress resource. Default: {} |
| ingress.istio.revision (string) | Istio revision, if any Default: "" |
| ingress.istio.gateway.enabled (bool) | Enable Istio gateway handling Default: false |
| ingress.istio.gateway.name (string) | Istio Gateway name Default: "{{.Release.Name}}-{{.Release.Namespace}}" |
| ingress.istio.gateway.namespace (string) | Istio Gateway namespace Default: "istio-system" |
| ingress.istio.gateway.selector (string) | Istio Gateway selector Default: "ingressgateway" |
| ingress.tls.enabled (bool) | Enable TLS configuration for the hostname defined at ingress.hostname parameter Default: false |
| ingress.tls.existingSecret (string) | Existing secret containing TLS certificates Default: "" |
| ingress.tls.crt (string) | TLS certificate in PEM format Should preferably be set in existing secret (see: ingress.tls.existingSecret)Default: "" |
| ingress.tls.key (string) | TLS private key Should preferably be set in existing secret (see: ingress.tls.existingSecret)Default: "" |
| observability.exporters (object) | Prometheus exporters configuration |
| observability.exporters.webAppExporter.enabled (bool) | Enable GitGuardian Applicative metrics on Webapp pods and Celery Workers Default: false |
| observability.exporters.statefulAppExporter.enabled (bool) | Enable Stateful metrics on Applicative Exporter See: GitGuardian documentation Default: false |
| observability.exporters.statefulAppExporter.resources (object) | Applicative Exporter resources Default: {"requests":{"cpu":"100m","memory":"500Mi"}} |
| observability.serviceMonitors.enabled (bool) | Enable ServiceMonitors for Prometheus Operator Note: this requires to install Prometheus Operator (not included in this chart) See: Prometheus documentation Default: false |
| rbac (object) | GitGuardian pods will use a limited role if enabled Default: {"enabled":true} |
| rbac.enabled (bool) | Creates a Role and bind it to GitGuardian ServiceAccount (see serviceAccount.name). See GitGuardian doc Default: true |
| serviceAccount (object) | GitGuardian Pods are using this ServiceAccount Default: {"annotations":{},"autoMount":true,"create":true,"labels":{},"name":"gim"} |
| serviceAccount.create (bool) | create the serviceAccount Default: true |
| serviceAccount.name (string) | name of the serviceAccount (if serviceAccount.create is false, it must exists prior to chart deployment) Default: "gim" |
| migration.nodeSelector (object) | Default: {} |
| migration.tolerations (list) | Default: [] |
| migration.labels (object) | Default: {} |
| migration.podLabels (object) | Default: {} |
| migration.podAnnotations (object) | Default: {} |
| migration.preDeploy.resources (object) | Pre Deployment Job resources Default: {"limits":{"memory":"10Gi"},"requests":{"cpu":"500m","memory":"3Gi"}} |
| migration.postDeploy.resources (object) | Post Deployment Job resources Default: {"limits":{"memory":"2Gi"},"requests":{"cpu":"500m","memory":"1Gi"}} |
| migration.upgradePathCheck.resources (object) | upgradePathCheck Job resources Default: {"limits":{"memory":"1Gi"},"requests":{"cpu":"200m","memory":"500Mi"}} |
| migration.serviceAccount (object) | GitGuardian migration pods are using this ServiceAccount Default: {"annotations":{},"autoMount":true,"create":true,"labels":{},"name":"gim-migration"} |
| migration.serviceAccount.create (bool) | create the migration serviceAccount Default: true |
| migration.serviceAccount.name (string) | name of the serviceAccount (if migration.serviceAccount.create is false, it must exists prior to chart deployment) Default: "gim-migration" |
| proxy (object) | HTTP(s) proxy configuration You can configure a proxy server for outgoing traffic from the application Default: Not set |
| proxy.httpProxyUrl (string) | Url of the proxy server to be used for HTTP requests Default: "" |
| proxy.httpsProxyUrl (string) | Url of the proxy server to be used for HTTPS requests Default: "" |
| proxy.noProxyHostNames (list) | List of host names through which the traffic should not go via the proxy Default: [] |
| proxy.existingSecret (string) | Secret used to store proxy urls (preferred method) Default: "" |
| proxy.existingSecretKeys.httpProxyUrl (string) | Existing secret key where to store proxy http url Default: "" |
| proxy.existingSecretKeys.httpsProxyUrl (string) | Existing secret key where to store proxy https url Default: "" |
| logCollector.enabled (bool) | Enable logCollector Default: true |
| logCollector.image.registry (string) | Fluent-bit image registry Default: "proxy.replicated.com/proxy/gitguardian/ghcr.io" |
| logCollector.image.name (string) | Fluent-bit image repository Default: "gitguardian/wolfi/fluent-bit" |
| logCollector.image.tag (string) | Fluent-bit image tag Default: "4.0.3" |
| logCollector.image.pullSecrets (list) | Fluent-bit image pull secrets Default: [] |
| logCollector.env (list) | - Environment variables to be passed to logCollector Default: [] |
| logCollector.envFrom (list) | - Environment variables to be passed to logCollector from configMaps or Secrets Default: [] |
| logCollector.pipelines (object) | - Specify additional logCollector pipelines Default: {} |
| logCollector.networkPolicy.enabled (bool) | Enable Network Policy for log Collector Default: true |
| logCollector.resources.requests.cpu (string) | Specify CPU request Default: "10m" |
| logCollector.resources.requests.memory (string) | Specify Memory request Default: "32Mi" |
| logCollector.supportBundle.since (string) | lookback window for retrieving logs Default: "6h" |
| logCollector.supportBundle.limit (int) | Limit on number of logs to retrieve for each component (0 means disabled) Default: 0 |
| loki-minio.serviceAccount.create (bool) | Specifies whether a ServiceAccount should be created Default: true |
| loki-minio.image.registry (string) | MinIO image registry Default: "proxy.replicated.com/proxy/gitguardian/ghcr.io" |
| loki-minio.image.repository (string) | MinIO image repository Default: "gitguardian/wolfi/minio-bitnami" |
| loki-minio.image.tag (string) | MinIO image tag Default: "0.20250723" |
| loki-minio.image.digest (string) | MinIO image digest Default: "" |
| loki-minio.image.pullPolicy (string) | MinIO image pull policy Default: "IfNotPresent" |
| loki-minio.image.pullSecrets (list) | MinIO image pull secrets Default: [{"name":"gim-replicated-registry"}] |
| loki-minio.persistence.storageClass (string) | Storage class for MinIO Default: "" |
| loki-minio.persistence.size (string) | MinIO persistent storage size Default: "20Gi" |
| loki-minio.podSecurityContext.enabled (bool) | Enable pod Security Context for MinIO Default: true |
| loki-minio.podSecurityContext.fsGroup (int) | Default: 65532 |
| loki-minio.containerSecurityContext.enabled (bool) | Enable container Security Context for MinIO Default: true |
| loki-minio.containerSecurityContext.runAsUser (int) | Default: 65532 |
| loki-minio.containerSecurityContext.runAsGroup (int) | Default: 65532 |
| loki-minio.resources.requests.cpu (string) | Specify CPU request for MinIO Default: "100m" |
| loki-minio.resources.requests.memory (string) | Specify Memory request for MinIO Default: "512Mi" |
| loki.serviceAccount.create (bool) | Specifies whether a ServiceAccount should be created Default: true |
| loki.rbac.sccEnabled (bool) | For OpenShift set sccEnabled to 'true' to use the SecurityContextConstraints. Default: false |
| loki.imagePullSecrets (list) | Loki image pull secrets Default: [{"name":"gim-replicated-registry"}] |
| loki.loki.image.registry (string) | Loki image registry Default: "proxy.replicated.com/proxy/gitguardian/ghcr.io" |
| loki.loki.image.repository (string) | Loki image repository Default: "gitguardian/wolfi/loki" |
| loki.loki.image.tag (string) | Loki image tag Default: "3.5.3" |
| loki.loki.image.digest (string) | Loki image digest Default: "" |
| loki.loki.image.pullPolicy (string) | Loki image pull policy Default: "IfNotPresent" |
| loki.loki.compactor.retention_delete_delay (string) | Specifies the Loki retention delay Default: "168h" |
| loki.loki.podSecurityContext.fsGroup (int) | Default: 65532 |
| loki.loki.podSecurityContext.runAsGroup (int) | Default: 65532 |
| loki.loki.podSecurityContext.runAsNonRoot (bool) | Default: true |
| loki.loki.podSecurityContext.runAsUser (int) | Default: 65532 |
| loki.loki.containerSecurityContext.runAsNonRoot (bool) | Default: true |
| loki.loki.containerSecurityContext.privileged (bool) | Default: false |
| loki.loki.containerSecurityContext.readOnlyRootFilesystem (bool) | Default: true |
| loki.loki.containerSecurityContext.allowPrivilegeEscalation (bool) | Default: false |
| loki.loki.containerSecurityContext.capabilities.drop[0] (string) | Default: "ALL" |
| loki.loki.containerSecurityContext.seccompProfile.type (string) | Default: "RuntimeDefault" |
| loki.singleBinary.replicas (int) | Number of replicas Default: 1 |
| loki.singleBinary.extraEnv[0].name (string) | Default: "LOKI_ADDR" |
| loki.singleBinary.extraEnv[0].value (string) | Default: "http://localhost:3100" |
| loki.singleBinary.persistence.size (string) | Size of persistent disk Default: "10Gi" |
| loki.singleBinary.persistence.storageClass (string) | Storage class to be used Default: "" |
| loki.singleBinary.resources.requests.cpu (string) | Specify CPU request for Loki Default: "100m" |
| loki.singleBinary.resources.requests.memory (string) | Specify Memory request for Loki Default: "256Mi" |
| experimental (object) | Experimental features Default: Not set |
| experimental.tini (bool) | Enable tini to terminate zombie processes on workers Default: true |
| experimental.ingressRoutes (bool) | Use new Ingress routes instead of legacy nginx Default: false |
