apiVersion: data.packaging.carvel.dev/v1alpha1 kind: Package metadata: name: "sealedsecrets.bitnami.com.2.18.0" spec: refName: "sealedsecrets.bitnami.com" version: "2.18.0" valuesSchema: openAPIv3: title: Chart Values type: object properties: kubeVersion: type: string description: Override Kubernetes version default: "" nameOverride: type: string description: String to partially override sealed-secrets.fullname default: "" fullnameOverride: type: string description: String to fully override sealed-secrets.fullname default: "" namespace: type: string description: Namespace where to deploy the Sealed Secrets controller default: "" extraDeploy: type: array description: Array of extra objects to deploy with the release default: [] items: {} image: type: object properties: registry: type: string description: Sealed Secrets image registry default: docker.io repository: type: string description: Sealed Secrets image repository default: bitnami/sealed-secrets-controller tag: type: string description: Sealed Secrets image tag (immutable tags are recommended) default: v0.24.5 pullPolicy: type: string description: Sealed Secrets image pull policy default: IfNotPresent pullSecrets: type: array description: Sealed Secrets image pull secrets default: [] items: {} createController: type: boolean description: Specifies whether the Sealed Secrets controller should be created default: true secretName: type: string description: The name of an existing TLS secret containing the key used to encrypt secrets default: sealed-secrets-key updateStatus: type: boolean description: Specifies whether the Sealed Secrets controller should update the status subresource default: true skipRecreate: type: boolean description: Specifies whether the Sealed Secrets controller should skip recreating removed secrets default: false keyrenewperiod: type: string description: Specifies key renewal period. Default 30 days default: "" rateLimit: type: string description: Number of allowed sustained request per second for verify endpoint default: "" rateLimitBurst: type: string description: Number of requests allowed to exceed the rate limit per second for verify endpoint default: "" additionalNamespaces: type: array description: List of namespaces used to manage the Sealed Secrets default: [] items: {} command: type: array description: Override default container command default: [] items: {} args: type: array description: Override default container args default: [] items: {} livenessProbe: type: object properties: enabled: type: boolean description: Enable livenessProbe on Sealed Secret containers default: true initialDelaySeconds: type: number description: Initial delay seconds for livenessProbe default: 0 periodSeconds: type: number description: Period seconds for livenessProbe default: 10 timeoutSeconds: type: number description: Timeout seconds for livenessProbe default: 1 failureThreshold: type: number description: Failure threshold for livenessProbe default: 3 successThreshold: type: number description: Success threshold for livenessProbe default: 1 readinessProbe: type: object properties: enabled: type: boolean description: Enable readinessProbe on Sealed Secret containers default: true initialDelaySeconds: type: number description: Initial delay seconds for readinessProbe default: 0 periodSeconds: type: number description: Period seconds for readinessProbe default: 10 timeoutSeconds: type: number description: Timeout seconds for readinessProbe default: 1 failureThreshold: type: number description: Failure threshold for readinessProbe default: 3 successThreshold: type: number description: Success threshold for readinessProbe default: 1 startupProbe: type: object properties: enabled: type: boolean description: Enable startupProbe on Sealed Secret containers default: false initialDelaySeconds: type: number description: Initial delay seconds for startupProbe default: 0 periodSeconds: type: number description: Period seconds for startupProbe default: 10 timeoutSeconds: type: number description: Timeout seconds for startupProbe default: 1 failureThreshold: type: number description: Failure threshold for startupProbe default: 3 successThreshold: type: number description: Success threshold for startupProbe default: 1 customLivenessProbe: type: object description: Custom livenessProbe that overrides the default one default: {} customReadinessProbe: type: object description: Custom readinessProbe that overrides the default one default: {} customStartupProbe: type: object description: Custom startupProbe that overrides the default one default: {} podSecurityContext: type: object properties: enabled: type: boolean description: Enabled Sealed Secret pods' Security Context default: true fsGroup: type: number description: Set Sealed Secret pod's Security Context fsGroup default: 65534 containerSecurityContext: type: object properties: enabled: type: boolean description: Enabled Sealed Secret containers' Security Context default: true readOnlyRootFilesystem: type: boolean description: Whether the Sealed Secret container has a read-only root filesystem default: true runAsNonRoot: type: boolean description: Indicates that the Sealed Secret container must run as a non-root user default: true runAsUser: type: number description: Set Sealed Secret containers' Security Context runAsUser default: 1001 automountServiceAccountToken: type: string description: whether to automatically mount the service account API-token to a particular pod default: "" priorityClassName: type: string description: Sealed Secret pods' priorityClassName default: "" runtimeClassName: type: string description: Sealed Secret pods' runtimeClassName default: "" tolerations: type: array description: Tolerations for Sealed Secret pods assignment default: [] items: {} hostNetwork: type: boolean description: Sealed Secrets pods' hostNetwork default: false dnsPolicy: type: string description: Sealed Secrets pods' dnsPolicy default: "" service: type: object properties: type: type: string description: Sealed Secret service type default: ClusterIP port: type: number description: Sealed Secret service HTTP port default: 8080 nodePort: type: string description: Node port for HTTP default: "" ingress: type: object properties: enabled: type: boolean description: Enable ingress record generation for Sealed Secret default: false pathType: type: string description: Ingress path type default: ImplementationSpecific apiVersion: type: string description: Force Ingress API version (automatically detected if not set) default: "" ingressClassName: type: string description: IngressClass that will be be used to implement the Ingress default: "" hostname: type: string description: Default host for the ingress record default: sealed-secrets.local path: type: string description: Default path for the ingress record default: /v1/cert.pem tls: type: boolean description: Enable TLS configuration for the host defined at `ingress.hostname` parameter default: false selfSigned: type: boolean description: Create a TLS secret for this ingress record using self-signed certificates generated by Helm default: false extraHosts: type: array description: An array with additional hostname(s) to be covered with the ingress record default: [] items: {} extraPaths: type: array description: An array with additional arbitrary paths that may need to be added to the ingress under the main host default: [] items: {} extraTls: type: array description: TLS configuration for additional hostname(s) to be covered with this ingress record default: [] items: {} secrets: type: array description: Custom TLS certificates as secrets default: [] items: {} networkPolicy: type: object properties: enabled: type: boolean description: Specifies whether a NetworkPolicy should be created default: false serviceAccount: type: object properties: create: type: boolean description: Specifies whether a ServiceAccount should be created default: true labels: type: object description: Extra labels to be added to the ServiceAccount default: {} name: type: string description: The name of the ServiceAccount to use. default: "" automountServiceAccountToken: type: string description: Specifies, whether to mount the service account API-token default: "" rbac: type: object properties: create: type: boolean description: Specifies whether RBAC resources should be created default: true clusterRole: type: boolean description: Specifies whether the Cluster Role resource should be created default: true labels: type: object description: Extra labels to be added to RBAC resources default: {} pspEnabled: type: boolean description: PodSecurityPolicy default: false metrics: type: object properties: serviceMonitor: type: object properties: enabled: type: boolean description: Specify if a ServiceMonitor will be deployed for Prometheus Operator default: false namespace: type: string description: Namespace where Prometheus Operator is running in default: "" labels: type: object description: Extra labels for the ServiceMonitor default: {} annotations: type: object description: Extra annotations for the ServiceMonitor default: {} interval: type: string description: How frequently to scrape metrics default: "" scrapeTimeout: type: string description: Timeout after which the scrape is ended default: "" honorLabels: type: boolean description: Specify if ServiceMonitor endPoints will honor labels default: true metricRelabelings: type: array description: Specify additional relabeling of metrics default: [] items: {} relabelings: type: array description: Specify general relabeling default: [] items: {} dashboards: type: object properties: create: type: boolean description: Specifies whether a ConfigMap with a Grafana dashboard configuration should be created default: false labels: type: object description: Extra labels to be added to the Grafana dashboard ConfigMap default: {} namespace: type: string description: Namespace where Grafana dashboard ConfigMap is deployed default: "" template: spec: fetch: - imgpkgBundle: image: ghcr.io/bitnami-labs/sealed-secrets-carvel@sha256:6d13f40c01e1fa53c6ff8cf26062bee3777989b07215537c9093b6f18562c4c3 template: - helmTemplate: path: sealed-secrets - kbld: paths: - "-" - .imgpkg/images.yml deploy: - kapp: {}