Helm chart values
Source:
deploy/chart/values.yaml.
Chart name stowage, version 0.2.0. App version tracks the
binary release.
#Top-level values
| Key | Type | Default | Notes |
|---|---|---|---|
namespace | string | stowage-system | Where everything is installed. |
image.registry | string | ghcr.io/damianvander | Image repository prefix. |
image.tag | string | sha-75f9ca6 | Image tag. Pin to a release for production. |
image.pullPolicy | string | IfNotPresent | |
image.pullSecrets | []string | [] | Names of pre-existing dockerconfigjson Secrets. The chart does not create these. |
storage.size | quantity | 1Gi | PVC size for the SQLite database and key file. |
storage.storageClassName | string | "" | Empty = cluster default. |
secretKey | string | "" | AES-256 root key (64 hex chars or 44 base64). Empty = generate on first install and preserve via helm lookup. |
#ingress
| Key | Default |
|---|---|
ingress.enabled | false |
ingress.className | "" |
ingress.host | "" |
ingress.annotations | {} |
ingress.tls | false |
When tls: true, the chart references a Secret <release>-tls
which the Ingress controller (or cert-manager) populates.
#config
config: is verbatim YAML merged on top of the chart's generated
Stowage config.yaml. Use this for anything not exposed elsewhere
(OIDC, audit sampling, rate-limit overrides, host suffixes).
config:
auth:
modes: [oidc]
oidc:
issuer: https://idp.example.com/realms/main
...
s3_proxy:
enabled: true
host_suffixes: [s3.stowage.example.com]The full key list is documented in Configuration.
#webhook
| Key | Default | Notes |
|---|---|---|
webhook.enabled | true | Disabling skips webhook + cert. |
webhook.failurePolicy | Fail | Fail or Ignore. |
webhook.selfSigned.enabled | true | Self-signed cert generated by the chart. |
webhook.selfSigned.validityDays | 3650 | |
webhook.certManager.enabled | false | Use cert-manager instead of self-signed. |
webhook.certManager.issuerRef.kind | Issuer | Issuer or ClusterIssuer. |
webhook.certManager.issuerRef.name | "" | |
webhook.caBundle | "" | Inject a CA bundle directly. |
#stowage and operator
stowage:
enabled: true
operator:
enabled: trueToggle one to deploy the components separately. See Stowage only and Operator only.
#networkPolicy
| Key | Default |
|---|---|
networkPolicy.enabled | false |
When enabled, renders policies that allow ingress from the Ingress controller namespace and egress to Kubernetes API server, DNS, and upstream backends. See NetworkPolicy.
#What the chart renders
helm template stowage ./deploy/chart shows the actual rendered
manifests. Paste-able output for review. Inspect before installing
in production clusters.