Skip to main content
This page documents the common parameters that are standardized across all charts in this repository. These parameters follow Helm best practices and provide consistent configuration patterns.

Image Configuration

All charts use a standardized image configuration structure.
image.repository
string
required
Container image repository. Specifies where to pull the Docker image from.Example: nginx, ghcr.io/prymitive/karma, prom/memcached-exporter
image.tag
string
default:""
Image tag to use. If not specified, defaults to the chart’s appVersion.Example: "1.16.0", "v0.85", "latest"
Using an empty string allows the image tag to automatically track the chart’s appVersion, making upgrades easier.
image.pullPolicy
string
default:"IfNotPresent"
Image pull policy for the container.Options:
  • IfNotPresent: Pull only if the image isn’t already present
  • Always: Always pull the latest version
  • Never: Never pull, use local image only
imagePullSecrets
array
default:"[]"
List of secret names to use for pulling private images.Example:
imagePullSecrets:
  - name: myregistrykey
  - name: anotherkey

Example Image Configuration

image:
  repository: nginx
  pullPolicy: IfNotPresent
  tag: "1.21.0"

imagePullSecrets:
  - name: docker-registry-secret

Replica and Scaling Configuration

replicaCount
integer
default:"1"
Number of pod replicas to run. Only applies when autoscaling is disabled.Example: 1, 3, 5
autoscaling.enabled
boolean
default:"false"
Enable horizontal pod autoscaling.
autoscaling.minReplicas
integer
default:"1"
Minimum number of replicas for autoscaling.
autoscaling.maxReplicas
integer
default:"100"
Maximum number of replicas for autoscaling.
autoscaling.targetCPUUtilizationPercentage
integer
default:"80"
Target CPU utilization percentage for autoscaling.
autoscaling.targetMemoryUtilizationPercentage
integer
Target memory utilization percentage for autoscaling (optional).

Example Autoscaling Configuration

replicaCount: 3  # Used only when autoscaling.enabled is false

autoscaling:
  enabled: true
  minReplicas: 2
  maxReplicas: 10
  targetCPUUtilizationPercentage: 75
  targetMemoryUtilizationPercentage: 80

Service Configuration

service.type
string
default:"ClusterIP"
Kubernetes Service type.Options:
  • ClusterIP: Internal cluster IP (default)
  • NodePort: Expose on each node’s IP at a static port
  • LoadBalancer: External load balancer (cloud provider)
  • ExternalName: Map to an external DNS name
service.port
integer
default:"80"
Service port to expose.Example: 80, 8080, 3000
service.annotations
object
default:"{}"
Annotations to add to the Service resource.Example:
service:
  annotations:
    prometheus.io/scrape: "true"
    prometheus.io/port: "9150"
service.labels
object
default:"{}"
Additional labels to add to the Service.
containerPort
integer
default:"80"
Container port that the application listens on.Example: 80, 8080, 3000, 5001

Example Service Configuration

service:
  type: LoadBalancer
  port: 80
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
  labels:
    monitoring: "enabled"

containerPort: 8080

Ingress Configuration

ingress.enabled
boolean
default:"false"
Enable Ingress resource creation.
ingress.className
string
default:""
IngressClass name to use (Kubernetes 1.18+).Example: nginx, traefik, alb
ingress.annotations
object
default:"{}"
Annotations for the Ingress resource.Example:
ingress:
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
ingress.hosts
array
List of hosts and paths for the Ingress.Structure:
hosts:
  - host: example.com
    paths:
      - path: /
        pathType: ImplementationSpecific
ingress.tls
array
default:"[]"
TLS configuration for the Ingress.Example:
tls:
  - secretName: example-tls
    hosts:
      - example.com

Example Ingress Configuration

ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
  hosts:
    - host: myapp.example.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: myapp-tls
      hosts:
        - myapp.example.com

HTTPRoute Configuration (Gateway API)

Many charts support the Gateway API HTTPRoute as an alternative to Ingress.
httpRoute.enabled
boolean
default:"false"
Enable Gateway API HTTPRoute creation.
httpRoute.gatewayRef.name
string
default:"envoy-gateway-bundle"
Name of the Gateway to attach to.
httpRoute.gatewayRef.namespace
string
default:"envoy-gateway-system"
Namespace of the Gateway.
httpRoute.reuseIngressConfiguration
boolean
default:"true"
Reuse hostnames from the Ingress configuration.
httpRoute.hostnames
array
default:"[]"
Hostnames for the HTTPRoute (used when reuseIngressConfiguration is false).
httpRoute.extraPaths
array
default:"[]"
Additional HTTPRoute rules.Example:
extraPaths:
  - matches:
      - path:
          type: PathPrefix
          value: /api
    backendRefs:
      - name: api-service
        port: 8080

Example HTTPRoute Configuration

httpRoute:
  enabled: true
  gatewayRef:
    name: my-gateway
    namespace: gateway-system
  reuseIngressConfiguration: false
  hostnames:
    - myapp.example.com
  extraPaths:
    - matches:
        - path:
            type: PathPrefix
            value: /admin
      backendRefs:
        - name: admin-backend
          port: 9090

Resource Limits and Requests

resources
object
default:"{}"
CPU and memory resource requests and limits.Example:
resources:
  limits:
    cpu: 500m
    memory: 512Mi
  requests:
    cpu: 250m
    memory: 256Mi
By default, resources are set to {} to allow charts to run in resource-constrained environments. Always set appropriate limits for production deployments.

Resource Configuration Best Practices

resources:
  # Set limits to prevent resource exhaustion
  limits:
    cpu: 1000m      # 1 CPU core
    memory: 1Gi     # 1 GiB of memory
  # Requests ensure guaranteed resources
  requests:
    cpu: 100m       # 0.1 CPU cores
    memory: 128Mi   # 128 MiB of memory

Scheduling Configuration

nodeSelector
object
default:"{}"
Node labels for pod assignment.Example:
nodeSelector:
  disktype: ssd
  kubernetes.io/arch: amd64
tolerations
array
default:"[]"
Tolerations for pod assignment.Example:
tolerations:
  - key: "key1"
    operator: "Equal"
    value: "value1"
    effect: "NoSchedule"
  - key: "dedicated"
    operator: "Exists"
    effect: "NoExecute"
affinity
object
default:"{}"
Affinity rules for pod assignment.Example:
affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        - matchExpressions:
            - key: kubernetes.io/hostname
              operator: In
              values:
                - node1
                - node2
  podAntiAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchExpressions:
              - key: app
                operator: In
                values:
                  - myapp
          topologyKey: kubernetes.io/hostname

Example Scheduling Configuration

nodeSelector:
  disktype: ssd
  environment: production

tolerations:
  - key: "dedicated"
    operator: "Equal"
    value: "production"
    effect: "NoSchedule"

affinity:
  podAntiAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchLabels:
              app: nginx
          topologyKey: kubernetes.io/hostname

ServiceAccount Configuration

serviceAccount.create
boolean
default:"true"
Specifies whether a ServiceAccount should be created.
serviceAccount.annotations
object
default:"{}"
Annotations to add to the ServiceAccount.Example:
serviceAccount:
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/my-role
serviceAccount.name
string
default:""
The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template.

Example ServiceAccount Configuration

serviceAccount:
  create: true
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/my-app-role
  name: my-custom-sa

Security Context

podSecurityContext
object
default:"{}"
Security context for the pod.Example:
podSecurityContext:
  runAsNonRoot: true
  runAsUser: 1000
  fsGroup: 2000
securityContext
object
default:"{}"
Security context for the container.Example:
securityContext:
  capabilities:
    drop:
      - ALL
  readOnlyRootFilesystem: true
  runAsNonRoot: true
  runAsUser: 1000

Example Security Configuration

podSecurityContext:
  runAsNonRoot: true
  runAsUser: 1000
  fsGroup: 2000
  seccompProfile:
    type: RuntimeDefault

securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - ALL
  readOnlyRootFilesystem: true

Pod Annotations and Labels

podAnnotations
object
default:"{}"
Annotations to add to pods.Example:
podAnnotations:
  prometheus.io/scrape: "true"
  prometheus.io/port: "9090"
podLabels
object
default:"{}"
Additional labels to add to pods.Example:
podLabels:
  environment: production
  team: platform

Environment Variables

env
array
default:"[]"
Environment variables to add to the container.Example:
env:
  - name: LOG_LEVEL
    value: "info"
  - name: DATABASE_PASSWORD
    valueFrom:
      secretKeyRef:
        name: db-secret
        key: password

Volumes and Volume Mounts

volumes
array
default:"[]"
Additional volumes to add to the pod.Example:
volumes:
  - name: config
    configMap:
      name: my-config
  - name: data
    persistentVolumeClaim:
      claimName: my-pvc
volumeMounts
array
default:"[]"
Additional volume mounts to add to the container.Example:
volumeMounts:
  - name: config
    mountPath: /etc/config
    readOnly: true
  - name: data
    mountPath: /data

Example Volume Configuration

volumes:
  - name: config
    configMap:
      name: app-config
  - name: cache
    emptyDir: {}
  - name: persistent-storage
    persistentVolumeClaim:
      claimName: app-pvc

volumeMounts:
  - name: config
    mountPath: /etc/app
    readOnly: true
  - name: cache
    mountPath: /tmp/cache
  - name: persistent-storage
    mountPath: /var/lib/app

Prometheus Monitoring

ServiceMonitor

serviceMonitor.enabled
boolean
default:"false"
Create a ServiceMonitor resource for Prometheus Operator.
serviceMonitor.namespace
string
Namespace to deploy the ServiceMonitor (defaults to release namespace).
serviceMonitor.interval
string
default:"30s"
Scrape interval for metrics.
serviceMonitor.labels
object
default:"{}"
Additional labels for the ServiceMonitor.Example:
serviceMonitor:
  labels:
    release: prometheus-operator

PrometheusRule

prometheusRule.enabled
boolean
default:"false"
Create PrometheusRule resources for alerting.
prometheusRule.namespace
string
Namespace to deploy the PrometheusRule (defaults to release namespace).
prometheusRule.additionalLabels
object
default:"{}"
Additional labels for the PrometheusRule.Example:
prometheusRule:
  additionalLabels:
    release: prometheus-operator
prometheusRule.rules
array
default:"[]"
Prometheus alerting rules.Example:
prometheusRule:
  rules:
    - alert: HighErrorRate
      expr: rate(http_requests_total{status="500"}[5m]) > 0.05
      for: 5m
      labels:
        severity: warning
      annotations:
        summary: High error rate detected
        description: "Error rate is {{ $value }} errors/sec"

Example Prometheus Configuration

serviceMonitor:
  enabled: true
  namespace: monitoring
  interval: 30s
  labels:
    release: prometheus-operator
  relabelings: []
  metricRelabelings: []

prometheusRule:
  enabled: true
  namespace: monitoring
  additionalLabels:
    release: prometheus-operator
  rules:
    - alert: PodDown
      expr: up{job="myapp"} == 0
      for: 2m
      labels:
        severity: critical
      annotations:
        summary: "Pod {{ $labels.instance }} is down"
        description: "Pod has been down for more than 2 minutes"

Name Overrides

nameOverride
string
default:""
Override the chart name used in resource names.
Use sparingly. This affects the nginx.name helper template.
fullnameOverride
string
default:""
Override the full resource name.
This completely replaces the generated name. Use with caution as it can cause naming conflicts.

Next Steps

Build docs developers (and LLMs) love

Get started for freeTalk to us