headlamp values.yaml📜
domain📜
Type: string
"dev.bigbang.mil"
Description: Domain used for BigBang created exposed services
global.imagePullSecrets[0].name📜
Type: string
"private-registry"
istio.enabled📜
Type: bool
false
istio.hardened📜
Type: object
customAuthorizationPolicies: []
customServiceEntries: []
enabled: false
outboundTrafficPolicyMode: REGISTRY_ONLY
Description: Default peer authentication values
istio.mtls.mode📜
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
istio.headlamp📜
Type: object
annotations: {}
enabled: true
gateways:
- istio-system/public
hosts:
- headlamp.{{ .Values.domain }}
labels: {}
Description: Headlamp UI specific VirtualService values
istio.headlamp.enabled📜
Type: bool
true
Description: Toggle VirtualService creation
networkPolicies.enabled📜
Type: bool
false
networkPolicies.controlPlaneCidr📜
Type: string
"0.0.0.0/0"
networkPolicies.ingressLabels.app📜
Type: string
"public-ingressgateway"
networkPolicies.ingressLabels.istio📜
Type: string
"ingressgateway"
networkPolicies.additionalPolicies📜
Type: list
[]
openshift📜
Type: bool
false
bbtests.enabled📜
Type: bool
false
bbtests.cypress.artifacts📜
Type: bool
true
bbtests.cypress.envs.cypress_url📜
Type: string
"http://headlamp.headlamp.svc.cluster.local:4466"
bbtests.cypress.resources.requests.cpu📜
Type: string
"1"
bbtests.cypress.resources.requests.memory📜
Type: string
"2Gi"
bbtests.cypress.resources.limits.cpu📜
Type: string
"1"
bbtests.cypress.resources.limits.memory📜
Type: string
"2Gi"
replicaCount📜
Type: int
1
Description: Number of desired pods
image.registry📜
Type: string
"registry1.dso.mil"
Description: Container image registry
image.repository📜
Type: string
"ironbank/opensource/headlamp-k8s/headlamp"
Description: Container image name
image.pullPolicy📜
Type: string
"IfNotPresent"
Description: Image pull policy. One of Always, Never, IfNotPresent
image.tag📜
Type: string
"v0.30.0"
Description: Container image tag, If “” uses appVersion in Chart.yaml
image.pullSecrets[0]📜
Type: string
"private-registry"
imagePullSecrets📜
Type: list
- name: private-registry
Description: An optional list of references to secrets in the same namespace to use for pulling any of the images used
nameOverride📜
Type: string
""
Description: Overrides the name of the chart
fullnameOverride📜
Type: string
""
Description: Overrides the full name of the chart
initContainers📜
Type: list
[]
Description: An optional list of init containers to be run before the main containers.
config.inCluster📜
Type: bool
true
config.baseURL📜
Type: string
""
Description: base url path at which headlamp should run
config.oidc.secret.create📜
Type: bool
false
Description: Generate OIDC secret. If true, will generate a secret using .config.oidc.
config.oidc.secret.name📜
Type: string
"oidc"
Description: Name of the OIDC secret.
config.oidc.clientID📜
Type: string
""
Description: OIDC client ID
config.oidc.clientSecret📜
Type: string
""
Description: OIDC client secret
config.oidc.issuerURL📜
Type: string
""
Description: OIDC issuer URL
config.oidc.scopes📜
Type: string
""
Description: OIDC scopes to be used
config.oidc.externalSecret.enabled📜
Type: bool
false
config.oidc.externalSecret.name📜
Type: string
""
config.pluginsDir📜
Type: string
"/headlamp/plugins"
Description: directory to look for plugins
config.extraArgs📜
Type: list
[]
serviceAccount📜
Type: object
annotations: {}
create: true
name: ''
Description: An optional list of environment variables env: - name: KUBERNETES_SERVICE_HOST value: “localhost” - name: KUBERNETES_SERVICE_PORT value: “6443”
serviceAccount.create📜
Type: bool
true
Description: Specifies whether a service account should be created
serviceAccount.annotations📜
Type: object
{}
Description: Annotations to add to the service account
serviceAccount.name📜
Type: string
""
Description: The name of the service account to use.(If not set and create is true, a name is generated using the fullname template)
clusterRoleBinding.create📜
Type: bool
true
Description: Specified whether a cluster role binding should be created
clusterRoleBinding.clusterRoleName📜
Type: string
"cluster-admin"
Description: Set name of the Cluster Role with limited permissions from you cluster for example - clusterRoleName: user-ro
clusterRoleBinding.annotations📜
Type: object
{}
Description: Annotations to add to the cluster role binding
podAnnotations📜
Type: object
{}
Description: Annotations to add to the pod
podSecurityContext📜
Type: object
{}
Description: Headlamp pod’s Security Context
securityContext📜
Type: object
privileged: false
runAsGroup: 101
runAsNonRoot: true
runAsUser: 100
Description: Headlamp containers Security Context
service.type📜
Type: string
"ClusterIP"
Description: Kubernetes Service type
service.port📜
Type: int
4466
Description: Kubernetes Service port
service.clusterIP📜
Type: string
""
Description: Kubernetes Service clusterIP
service.loadBalancerIP📜
Type: string
""
Description: Kubernetes Service loadBalancerIP
service.loadBalancerSourceRanges📜
Type: list
[]
Description: Kubernetes Service loadBalancerSourceRanges
service.nodePort📜
Type: string
nil
Description: Kubernetes Service Nodeport
volumeMounts📜
Type: list
[]
Description: Headlamp containers volume mounts
volumes📜
Type: list
[]
Description: Headlamp pod’s volumes
persistentVolumeClaim.enabled📜
Type: bool
false
Description: Enable Persistent Volume Claim
persistentVolumeClaim.annotations📜
Type: object
{}
Description: Annotations to add to the persistent volume claim (if enabled)
persistentVolumeClaim.accessModes📜
Type: list
[]
Description: accessModes for the persistent volume claim, eg: ReadWriteOnce, ReadOnlyMany, ReadWriteMany etc.
persistentVolumeClaim.size📜
Type: string
""
Description: size of the persistent volume claim, eg: 10Gi. Required if enabled is true.
persistentVolumeClaim.storageClassName📜
Type: string
""
Description: storageClassName for the persistent volume claim.
persistentVolumeClaim.selector📜
Type: object
{}
Description: selector for the persistent volume claim.
persistentVolumeClaim.volumeMode📜
Type: string
""
Description: volumeMode for the persistent volume claim, eg: Filesystem, Block.
ingress.enabled📜
Type: bool
false
Description: Enable ingress controller resource
ingress.annotations📜
Type: object
{}
Description: Annotations for Ingress resource
ingress.labels📜
Type: object
{}
Description: Additional labels to add to the Ingress resource
ingress.ingressClassName📜
Type: string
""
Description: Ingress class name. replacement for the deprecated “kubernetes.io/ingress.class” annotation
ingress.hosts📜
Type: list
[]
Description: Hostname(s) for the Ingress resource Please refer to https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressSpec for more information.
ingress.tls📜
Type: list
[]
Description: Ingress TLS configuration
resources📜
Type: object
{}
Description: CPU/Memory resource requests/limits
nodeSelector📜
Type: object
{}
Description: Node labels for pod assignment
tolerations📜
Type: list
[]
Description: Toleration labels for pod assignment
affinity📜
Type: object
{}
Description: Affinity settings for pod assignment
extraManifests📜
Type: list
[]
Description: Additional Kubernetes manifests to be deployed. Include the manifest as nested YAML.
waitJob.enabled📜
Type: bool
true
waitJob.scripts.image📜
Type: string
"registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.30.11"
waitJob.permissions.apiGroups[0]📜
Type: string
"apps"
waitJob.permissions.resources[0]📜
Type: string
"deployments"
waitJob.permissions.verbs[0]📜
Type: string
"get"
waitJob.permissions.verbs[1]📜
Type: string
"list"
waitJob.permissions.verbs[2]📜
Type: string
"watch"