HelmChart

helm.cattle.io / v1

apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: name: example

apiVersion string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata object

spec object

HelmChartSpec represents the user-configurable details for installation and upgrade of a Helm chart release.

authPassCredentials boolean

Pass Basic auth credentials to all domains. Helm CLI positional argument/flag: `--pass-credentials`

authSecret object

Reference to Secret of type kubernetes.io/basic-auth holding Basic auth credentials for the Chart repo.

name string

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

backOffLimit integer

Specify the number of retries before considering the helm job failed.

format: int32

bootstrap boolean

Set to True if this chart is needed to bootstrap the cluster (Cloud Controller Manager, CNI, etc).

chart string

Helm Chart name in repository, or complete HTTPS URL to chart archive (.tgz) Helm CLI positional argument/flag: `CHART`

chartContent string

Base64-encoded chart archive .tgz; overides `.spec.chart` and `.spec.version`. Helm CLI positional argument/flag: `CHART`

createNamespace boolean

Create target namespace if not present. Helm CLI positional argument/flag: `--create-namespace`

dockerRegistrySecret object

Reference to Secret of type kubernetes.io/dockerconfigjson holding Docker auth credentials for the OCI-based registry acting as the Chart repo.

name string

driver string

Helm storage driver to use for this chart's release metadata. `secret` stores releases in Kubernetes Secrets (default). `configmap` stores releases in ConfigMaps. This field is effectively immutable after the first install; changing the storage backend is not a supported migration path. Helm CLI environment variable: `HELM_DRIVER`

enum: secret, configmap

failurePolicy string

Configures handling of failed chart installation or upgrades. - `reinstall` will perform a clean uninstall and reinstall of the chart. - `abort` will take no action and leave the chart in a failed state so that the administrator can manually resolve the error.

enum: abort, reinstall

helmVersion string

DEPRECATED. Helm version to use. Only v3 is currently supported.

insecureSkipTLSVerify boolean

Skip TLS certificate checks for the chart download. Helm CLI positional argument/flag: `--insecure-skip-tls-verify`

jobImage string

Specify the image to use for tht helm job pod when installing or upgrading the helm chart.

plainHTTP boolean

Use insecure HTTP connections for the chart download. Helm CLI positional argument/flag: `--plain-http`

podSecurityContext object

Custom PodSecurityContext for the helm job pod.

appArmorProfile object

appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.

localhostProfile string

localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".

type string required

type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.

fsGroup integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.

format: int64

fsGroupChangePolicy string

fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.

runAsGroup integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

format: int64

runAsNonRoot boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

format: int64

seLinuxChangePolicy string

seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive". "Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. "MountOption" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled. If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes. This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.

seLinuxOptions object

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

level string

Level is SELinux level label that applies to the container.

role string

Role is a SELinux role label that applies to the container.

type string

Type is a SELinux type label that applies to the container.

user string

User is a SELinux user label that applies to the container.

seccompProfile object

The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.

localhostProfile string

localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.

type string required

type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.

supplementalGroups []integer

A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.

supplementalGroupsPolicy string

Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.

sysctls []object

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.

name string required

Name of a property to set

value string required

Value of a property to set

windowsOptions object

The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.

gmsaCredentialSpec string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.

gmsaCredentialSpecName string

GMSACredentialSpecName is the name of the GMSA credential spec to use.

hostProcess boolean

HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.

runAsUserName string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

repo string

Helm Chart repository URL. Helm CLI positional argument/flag: `--repo`

repoCA string

Verify certificates of HTTPS-enabled servers using this CA bundle. Should be a string containing one or more PEM-encoded CA Certificates. Helm CLI positional argument/flag: `--ca-file`

repoCAConfigMap object

Reference to a ConfigMap containing CA Certificates to be be trusted by Helm. Can be used along with or instead of `.spec.repoCA` Helm CLI positional argument/flag: `--ca-file`

name string

securityContext object

custom SecurityContext for the helm job pod.

allowPrivilegeEscalation boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.

appArmorProfile object

appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.

localhostProfile string

type string required

capabilities object

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.

add []string

Added capabilities

drop []string

Removed capabilities

privileged boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.

procMount string

procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.

readOnlyRootFilesystem boolean

Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.

runAsGroup integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

format: int64

runAsNonRoot boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

format: int64

seLinuxOptions object

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

level string

Level is SELinux level label that applies to the container.

role string

Role is a SELinux role label that applies to the container.

type string

Type is a SELinux type label that applies to the container.

user string

User is a SELinux user label that applies to the container.

seccompProfile object

The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.

localhostProfile string

type string required

windowsOptions object

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.

gmsaCredentialSpec string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.

gmsaCredentialSpecName string

GMSACredentialSpecName is the name of the GMSA credential spec to use.

hostProcess boolean

runAsUserName string

set object

Override simple Chart values. These take precedence over options set via values or valuesContent. Helm CLI positional argument/flag: `--set`, `--set-string`

takeOwnership boolean

Set to True if helm should take ownership of existing resources when installing/upgrading the chart. Helm CLI positional argument/flag: `--take-ownership`

targetNamespace string

Helm Chart target namespace. Helm CLI positional argument/flag: `--namespace`

timeout string

Timeout for Helm operations. Helm CLI positional argument/flag: `--timeout`

values object

Override complex Chart values via structured YAML. Takes precedence over options set via valuesContent. Helm CLI positional argument/flag: `--values`

valuesContent string

Override complex Chart values via inline YAML content. Helm CLI positional argument/flag: `--values`

valuesSecrets []object

Override complex Chart values via references to external Secrets. Helm CLI positional argument/flag: `--values`

ignoreUpdates boolean

Ignore changes to the secret, and mark the secret as optional. By default, the secret must exist, and changes to the secret will trigger an upgrade of the chart to apply the updated values. If `ignoreUpdates` is true, the secret is optional, and changes to the secret will not trigger an upgrade of the chart.

keys []string

Keys to read values content from. If no keys are specified, the secret is not used.

name string

Name of the secret. Must be in the same namespace as the HelmChart resource.

version string

Helm Chart version. Only used when installing from repository; ignored when .spec.chart or .spec.chartContent is used to install a specific chart archive. Helm CLI positional argument/flag: `--version`

status object

HelmChartStatus represents the resulting state from processing HelmChart events

conditions []object

`JobCreated` indicates that a job has been created to install or upgrade the chart. `Failed` indicates that the helm job has failed and the failure policy is set to `abort`.

message string

Human readable message indicating details about last transition.

reason string

(brief) reason for the condition's last transition.

status string required

Status of the condition, one of True, False, Unknown.

type string required

Type of job condition.

jobName string

The name of the job created to install or upgrade the chart.

No matches. Try .spec.authPassCredentials for an exact path