A web interface for Sealed Secrets by Bitnami.
helm install my-sealed-secrets-web oci://ghcr.io/bakito/helm-charts/sealed-secrets-web --version 3.1.7helm repo add bakito https://charts.bakito.net
helm install my-sealed-secrets-web bakito/sealed-secrets-web --version 3.1.7| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object | {} |
Assign custom [affinity] rules to the deployment |
| commonLabels | object | {} |
Optional labels to apply to all resources |
| deployment.args | object | {"defaultArgsEnabled":true} |
Default process arguments are used, while additional can be added too |
| deployment.livenessProbe | object | {"failureThreshold":3,"httpGet":{"path":"/_health","port":"http"}} |
Liveness Probes |
| deployment.readinessProbe | object | {"failureThreshold":3,"httpGet":{"path":"/_health","port":"http"}} |
Readiness Probes |
| deployment.securityContext | object | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"runAsGroup":1000,"runAsUser":1001} |
Hardening security |
| disableLoadSecrets | bool | false |
If set to true secrets cannot be read from this tool, only seal new ones |
| extraContainers | list | [] |
Additional containers to run in the pod |
| fullnameOverride | string | "" |
String to fully override "argo-rollouts.fullname" template |
| image.pullPolicy | string | "IfNotPresent" |
Image pull policy |
| image.repository | string | "ghcr.io/bakito/sealed-secrets-web" |
Repository to use |
| image.tag | string | nil |
Overrides the image tag (default is the chart appVersion) |
| imagePullSecrets | list | [] |
Secrets with credentials to pull images from a private registry. Registry secret names as an array. |
| includeLocalNamespaceOnly | bool | false |
If set to true, the application has only the permission to view sealed secrets in the current namespace |
| ingress.annotations | object | {} |
Ingress annotations |
| ingress.className | string | "" |
Ingress class name |
| ingress.defaultTls | bool | false |
set this to true and leave tls an empty array to use the default TLS certificate (works at least in openshift) |
| ingress.enabled | bool | false |
Enable ingress support |
| ingress.hosts | list | [{"paths":[{"path":"/","pathType":"ImplementationSpecific"}]}] |
Ingress hosts |
| ingress.labels | object | {} |
Ingress labels |
| ingress.tls | list | [] |
Ingress tls |
| initialSecretFile | string | nil |
Define you custom initial secret file |
| nameOverride | string | "" |
String to partially override "argo-rollouts.fullname" template |
| nodeSelector | object | {} |
[Node selector] |
| rbac.create | bool | true |
Specifies whether rbac should be created |
| replicaCount | int | 1 |
The number of pods to run |
| resources | object | {} |
Resource limits and requests for the pods. |
| revisionHistoryLimit | int | 10 |
Max number of old replicasets to retain |
| sealedSecrets.certURL | string | "" |
URL sealed secrets certificate (required if sealed secrets is not reachable with in cluster service) Validation api will be disabled when cert URL is used. |
| sealedSecrets.namespace | string | "sealed-secrets" |
Namespace of the sealed secrets service |
| sealedSecrets.serviceName | string | "sealed-secrets" |
Name of the sealed secrets service |
| service.annotations | object | {} |
Service annotations |
| service.clusterIP | string | "" |
Kubernetes Service clusterIP |
| service.extraPorts | list | [] |
Additional ports to add to the service |
| service.loadBalancerIP | string | "" |
Kubernetes Service loadBalancerIP |
| service.loadBalancerSourceRanges | list | [] |
Kubernetes Service loadBalancerSourceRanges |
| service.nodePort | string | nil |
Kubernetes Service Nodeport |
| service.port | int | 80 |
Service port |
| service.type | string | "ClusterIP" |
Sets the type of the Service |
| serviceAccount.automountServiceAccountToken | bool | true |
Automatically mount the service account token |
| serviceAccount.create | bool | true |
Specifies whether a service account should be created |
| serviceAccount.name | string | "sealed-secrets-web" |
The name of the service account to use. |
| tolerations | list | [] |
[Tolerations] for use with node taints |
| volumeMounts | list | [] |
Additional volumeMounts to the image updater main container |
| volumes | list | [] |
Additional volumes to the image updater pod |
| webContext | string | nil |
The context the application is running on. (for example, if it is served via a reverse proxy) |
Autogenerated from chart metadata using helm-docs