flux
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# global
2
3
installCRDs: true
4
crds:
5
# -- Add annotations to all CRD resources, e.g. "helm.sh/resource-policy": keep
6
annotations: {}
7
# -- Enable Flux CRs migration using helm pre upgrade hook job
8
migration:
9
enabled: false
10
timeout: 5m
11
resources:
12
limits: {}
13
# cpu: 1000m
14
# memory: 1Gi
15
requests:
16
cpu: 100m
17
memory: 64Mi
18
nodeSelector: {}
19
affinity: {}
20
tolerations: []
21
annotations: {}
22
multitenancy:
23
# -- Implement the patches for Multi-tenancy lockdown.
24
# See https://fluxcd.io/docs/installation/#multi-tenancy-lockdown
25
enabled: false
26
# -- All Kustomizations and HelmReleases which don’t have spec.serviceAccountName
27
# specified, will use the default account from the tenant’s namespace.
28
# Tenants have to specify a service account in their Flux resources to be able
29
# to deploy workloads in their namespaces as the default account has no permissions.
30
defaultServiceAccount: "default"
31
# -- Both kustomize-controller and helm-controller service accounts run privileged
32
# with cluster-admin ClusterRoleBinding. Disable if you want to run them with a
33
# minimum set of permissions.
34
privileged: true
35
clusterDomain: cluster.local
36
cli:
37
image: cgr.dev/chainguard-private/flux
38
tag: latest@sha256:3bf245ec3c688b3b829b663d864bb88163ed69d7e805ab5ea62edd6ddf1b2fe6
39
nodeSelector: {}
40
affinity: {}
41
tolerations: []
42
annotations: {}
43
serviceAccount:
44
automount: true
45
# controllers
46
helmController:
47
create: true
48
image: cgr.dev/chainguard-private/flux-helm-controller
49
tag: latest@sha256:d4794545d38af609a98b4700ae4c99e4e2fe403c710ed8562c8a63844bc105fc
50
resources:
51
limits: {}
52
# cpu: 1000m
53
# memory: 1Gi
54
requests:
55
cpu: 100m
56
memory: 64Mi
57
priorityClassName: ""
58
annotations:
59
prometheus.io/port: "8080"
60
prometheus.io/scrape: "true"
61
labels: {}
62
container:
63
additionalArgs: []
64
extraEnv: []
65
serviceAccount:
66
create: true
67
automount: true
68
annotations: {}
69
imagePullPolicy: ""
70
nodeSelector: {}
71
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core
72
# for example:
73
# affinity:
74
# nodeAffinity:
75
# requiredDuringSchedulingIgnoredDuringExecution:
76
# nodeSelectorTerms:
77
# - matchExpressions:
78
# - key: foo.bar.com/role
79
# operator: In
80
# values:
81
# - master
82
83
affinity: {}
84
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
85
# for example:
86
# tolerations:
87
# - key: foo.bar.com/role
88
# operator: Equal
89
# value: master
90
# effect: NoSchedule
91
92
tolerations: []
93
imageAutomationController:
94
create: true
95
image: cgr.dev/chainguard-private/flux-image-automation-controller
96
tag: latest@sha256:f48bf47f51eeeae2dcb3d5b7eebc8467e984c1236f30c66e6d9e7f05d87238c6
97
resources:
98
limits: {}
99
# cpu: 1000m
100
# memory: 1Gi
101
requests:
102
cpu: 100m
103
memory: 64Mi
104
priorityClassName: ""
105
annotations:
106
prometheus.io/port: "8080"
107
prometheus.io/scrape: "true"
108
labels: {}
109
container:
110
additionalArgs: []
111
extraEnv: []
112
serviceAccount:
113
create: true
114
automount: true
115
annotations: {}
116
imagePullPolicy: ""
117
nodeSelector: {}
118
affinity: {}
119
tolerations: []
120
imageReflectionController:
121
create: true
122
image: cgr.dev/chainguard-private/flux-image-reflector-controller
123
tag: latest@sha256:e974f34f09b823303641c7fb1ebf397f6fa66bf84766d104ea338175dde278a9
124
resources:
125
limits: {}
126
# cpu: 1000m
127
# memory: 1Gi
128
requests:
129
cpu: 100m
130
memory: 64Mi
131
priorityClassName: ""
132
annotations:
133
prometheus.io/port: "8080"
134
prometheus.io/scrape: "true"
135
labels: {}
136
container:
137
additionalArgs: []
138
extraEnv: []
139
serviceAccount:
140
create: true
141
automount: true
142
annotations: {}
143
imagePullPolicy: ""
144
nodeSelector: {}
145
affinity: {}
146
tolerations: []
147
kustomizeController:
148
create: true
149
image: cgr.dev/chainguard-private/flux-kustomize-controller
150
tag: latest@sha256:d73ed9aa36b6f023db85aec01216c58d10512b711ddcc8c28282d98afa16338c
151
resources:
152
limits: {}
153
# cpu: 1000m
154
# memory: 1Gi
155
requests:
156
cpu: 100m
157
memory: 64Mi
158
priorityClassName: ""
159
annotations:
160
prometheus.io/port: "8080"
161
prometheus.io/scrape: "true"
162
labels: {}
163
container:
164
additionalArgs: []
165
extraEnv: []
166
serviceAccount:
167
create: true
168
automount: true
169
annotations: {}
170
imagePullPolicy: ""
171
secret:
172
# -- Create a secret to use it with extraSecretMounts. Defaults to false.
173
create: false
174
name: ""
175
data: {}
176
# -- Defines envFrom using a configmap and/or secret.
177
envFrom:
178
map:
179
name: ""
180
secret:
181
name: ""
182
# -- Defines additional mounts with secrets.
183
# Secrets must be manually created in the namespace or with kustomizeController.secret
184
extraSecretMounts: []
185
# - name: secret-files
186
# mountPath: /etc/secrets
187
# subPath: ""
188
# secretName: secret-files
189
# readOnly: true
190
191
nodeSelector: {}
192
affinity: {}
193
tolerations: []
194
notificationController:
195
create: true
196
image: cgr.dev/chainguard-private/flux-notification-controller
197
tag: latest@sha256:835162a587f9594c6e742c6c64aa3e2ce79eb3ce7fe9d210c02955ddb6ed62f1
198
resources:
199
limits: {}
200
# cpu: 1000m
201
# memory: 1Gi
202
requests:
203
cpu: 100m
204
memory: 64Mi
205
priorityClassName: ""
206
annotations:
207
prometheus.io/port: "8080"
208
prometheus.io/scrape: "true"
209
labels: {}
210
container:
211
additionalArgs: []
212
extraEnv: []
213
serviceAccount:
214
create: true
215
automount: true
216
annotations: {}
217
imagePullPolicy: ""
218
service:
219
labels: {}
220
annotations: {}
221
webhookReceiver:
222
service:
223
labels: {}
224
annotations: {}
225
ingress:
226
create: false
227
# ingressClassName: nginx
228
annotations: {}
229
# kubernetes.io/ingress.class: nginx
230
# kubernetes.io/tls-acme: "true"
231
labels: {}
232
hosts:
233
- host: flux-webhook.example.com
234
paths:
235
- path: /
236
pathType: ImplementationSpecific
237
tls: []
238
# - secretName: flux-webhook-tls
239
# hosts:
240
# - flux-webhook.example.com
241
nodeSelector: {}
242
affinity: {}
243
tolerations: []
244
sourceController:
245
create: true
246
image: cgr.dev/chainguard-private/flux-source-controller
247
tag: latest@sha256:2e8cca6e00e70b321562505126da575a05c3f475e360cf94101dc4c404500b0c
248
resources:
249
limits: {}
250
# cpu: 1000m
251
# memory: 1Gi
252
requests:
253
cpu: 100m
254
memory: 64Mi
255
priorityClassName: ""
256
annotations:
257
prometheus.io/port: "8080"
258
prometheus.io/scrape: "true"
259
labels: {}
260
container:
261
additionalArgs: []
262
serviceAccount:
263
create: true
264
automount: true
265
annotations: {}
266
imagePullPolicy: ""
267
service:
268
labels: {}
269
annotations: {}
270
nodeSelector: {}
271
affinity: {}
272
tolerations: []
273
extraEnv: []
274
sourceWatcher:
275
create: false
276
image: cgr.dev/chainguard-private/flux-source-watcher
277
tag: latest@sha256:a7ef4a2b17e9022796ea249867af001c194779ad59830c2968e2f28e1695a247
278
resources:
279
limits: {}
280
# cpu: 1000m
281
# memory: 1Gi
282
requests:
283
cpu: 50m
284
memory: 64Mi
285
priorityClassName: ""
286
annotations:
287
prometheus.io/port: "8080"
288
prometheus.io/scrape: "true"
289
labels: {}
290
container:
291
additionalArgs: []
292
serviceAccount:
293
create: true
294
automount: true
295
annotations: {}
296
imagePullPolicy: ""
297
service:
298
labels: {}
299
annotations: {}
300
nodeSelector: {}
301
affinity: {}
302
tolerations: []
303
extraEnv: []
304
policies:
305
create: true
306
rbac:
307
create: true
308
# -- Grant the Kubernetes view, edit and admin roles access to Flux custom resources
309
createAggregation: true
310
# -- Add annotations to all RBAC resources, e.g. "helm.sh/resource-policy": keep
311
annotations: {}
312
roleRef:
313
name: cluster-admin
314
logLevel: info
315
watchAllNamespaces: true
316
# -- contents of pod imagePullSecret in form 'name=[secretName]'; applied to all controllers
317
imagePullSecrets: []
318
# -- Array of extra K8s manifests to deploy
319
extraObjects: []
320
# Example usage from https://fluxcd.io/docs/components/source/buckets/#static-authentication
321
# - apiVersion: source.toolkit.fluxcd.io/v1beta2
322
# kind: Bucket
323
# metadata:
324
# name: podinfo
325
# namespace: default
326
# spec:
327
# interval: 1m
328
# provider: generic
329
# bucketName: podinfo
330
# endpoint: minio.minio.svc.cluster.local:9000
331
# insecure: true
332
# secretRef:
333
# name: minio-credentials
334
# - apiVersion: v1
335
# kind: Secret
336
# metadata:
337
# name: minio-credentials
338
# namespace: default
339
# type: Opaque
340
# data:
341
# accesskey: <BASE64>
342
# secretkey: <BASE64>
343
344
# Enables podMonitor creation for the Prometheus Operator
345
prometheus:
346
podMonitor:
347
# -- Enables podMonitor endpoint
348
create: false
349
podMetricsEndpoints:
350
- port: http-prom
351
relabelings:
352
# https://github.com/prometheus-operator/prometheus-operator/issues/4816
353
- sourceLabels: [__meta_kubernetes_pod_phase]
354
action: keep
355
regex: Running
356
distro:
357
openshift: false
358
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.