Skip to main content
Version: 0.38.0

Helm chart reference

This is a reference of all the configurable values in Weave GitOps's Helm chart. This is intended for customizing your installation after you've gone through the getting started guide.

This reference was generated for the chart version 4.0.36 which installs weave gitops v0.38.0.

Values

KeyTypeDefaultDescription
additionalArgslist[]Additional arguments to pass in to the gitops-server
adminUser.createboolfalseWhether the local admin user should be created. If you use this make sure you add it to rbac.impersonationResourceNames.
adminUser.createClusterRolebooltrueSpecifies whether the clusterRole & binding to the admin user should be created. Will be created only if adminUser.create is enabled. Without this, the adminUser will only be able to see resources in the target namespace.
adminUser.createSecretbooltrueWhether we should create the secret for the local adminUser. Will be created only if adminUser.create is enabled. Without this, we'll still set up the roles and permissions, but the secret with username and password has to be provided separately.
adminUser.passwordHashstringnilSet the password for local admin user. Requires adminUser.create and adminUser.createSecret This needs to have been hashed using bcrypt. You can do this via our CLI with gitops get bcrypt-hash.
adminUser.usernamestring"gitops-test-user"Set username for local admin user, this should match the value in the secret cluster-user-auth which can be created with adminUser.createSecret. Requires adminUser.create.
affinityobject{}
annotationsobject{}Annotations to add to the deployment
envVars[0].namestring"WEAVE_GITOPS_FEATURE_TENANCY"
envVars[0].valuestring"true"
envVars[1].namestring"WEAVE_GITOPS_FEATURE_CLUSTER"
envVars[1].valuestring"false"
extraVolumeMountslist[]
extraVolumeslist[]
fullnameOverridestring""
image.pullPolicystring"IfNotPresent"
image.repositorystring"ghcr.io/weaveworks/wego-app"
image.tagstring"v0.38.0"
imagePullSecretslist[]
ingress.annotationsobject{}
ingress.classNamestring""
ingress.enabledboolfalse
ingress.hostsstringnil
ingress.tlslist[]
logLevelstring"info"What log level to output. Valid levels are 'debug', 'info', 'warn' and 'error'
metrics.enabledboolfalseStart the metrics exporter
metrics.service.annotationsobject{"prometheus.io/path":"/metrics","prometheus.io/port":"{{ .Values.metrics.service.port }}","prometheus.io/scrape":"true"}Annotations to set on the service
metrics.service.portint2112Port to start the metrics exporter on
nameOverridestring""
networkPolicy.createbooltrueSpecifies whether default network policies should be created.
nodeSelectorobject{}
oidcSecret.additionalKeysobject{}If non empty, additional keys can be added to the OIDC secret
oidcSecret.createboolfalse
podAnnotationsobject{}
podLabelsobject{}
podSecurityContextobject{}
rbac.additionalRuleslist[]If non-empty, these additional rules will be appended to the RBAC role and the cluster role. for example, additionalRules: - apiGroups: ["infra.contrib.fluxcd.io"] resources: ["terraforms"] verbs: [ "get", "list", "patch" ]
rbac.createbooltrueSpecifies whether the clusterRole & binding to the service account should be created
rbac.impersonationResourceNameslist[]If non-empty, this limits the resources that the service account can impersonate. This applies to both users and groups, e.g. ['user1@corporation.com', 'user2@corporation.com', 'operations']
rbac.impersonationResourceslist["users","groups"]Limit the type of principal that can be impersonated
rbac.viewSecretsResourceNameslist["cluster-user-auth","oidc-auth"]If non-empty, this limits the secrets that can be accessed by the service account to the specified ones, e.g. ['weave-gitops-enterprise-credentials']
replicaCountint1
resourcesobject{}
securityContext.allowPrivilegeEscalationboolfalse
securityContext.capabilities.drop[0]string"ALL"
securityContext.readOnlyRootFilesystembooltrue
securityContext.runAsNonRootbooltrue
securityContext.runAsUserint1000
securityContext.seccompProfile.typestring"RuntimeDefault"
serverTLS.enableboolfalseEnable TLS termination in gitops itself. If you enable this, you need to create a secret, and specify the secretName. Another option is to create an ingress.
serverTLS.secretNamestring"my-secret-tls"Specify the tls secret name. This type of secrets have a key called tls.crt and tls.key containing their corresponding values in base64 format. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets for more details and examples
service.annotationsobject{}
service.createbooltrue
service.portint9001
service.typestring"ClusterIP"
serviceAccount.annotationsobject{}Annotations to add to the service account
serviceAccount.createbooltrueSpecifies whether a service account should be created
serviceAccount.namestring""The name of the service account to use. If not set and create is true, a name is generated using the fullname template
tolerationslist[]