kubelet-csr-approver
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
global:
2
clusterDomain: cluster.local
3
# Required configuration item
4
providerRegex: ""
5
# optional, specified as a string (enclosed with ""). if left empty, defaults to 367 days
6
maxExpirationSeconds: ""
7
# optional, permits to bypass dns resolution checks. default: false
8
bypassDnsResolution: false
9
# number of DNS SAN names allowed in a certificate request. defaults to 1
10
allowedDnsNames: 1
11
# optional, permits ignoring CSRs with another Username than `system:node:...`
12
ignoreNonSystemNode: false
13
# optional, prevents csr denial, i.e. only lets kubelet-csr-approver approve valid CSRs but ignore other CSRs
14
skipDenyStep: false
15
# set this parameter to true to ignore mismatching DNS name and hostname
16
bypassHostnameCheck: false
17
# optional, list of IP (IPv4, IPv6) subnets that are allowed to submit CSRs
18
providerIpPrefixes: []
19
# - 192.168.8.0/22
20
# - fc00::/7
21
22
# logging level ranges from -5 (Fatal) to 10 (Verbose). default level is 0
23
loggingLevel: 0
24
leaderElection: true
25
replicas: 2
26
namespace: ""
27
image:
28
repository: cgr.dev/chainguard-private/kubelet-csr-approver
29
pullPolicy: IfNotPresent
30
# Overrides the image tag whose default is the chart appVersion.
31
tag: latest@sha256:bea73b384210c0c7de4057286361ca8780063c41aeaeaa884f9ddad880e476b5
32
imagePullSecrets: []
33
nameOverride: ""
34
fullnameOverride: ""
35
metrics:
36
enable: true
37
serviceType: ClusterIP
38
port: 8080
39
annotations: {}
40
serviceMonitor:
41
enabled: false
42
additionalLabels: {}
43
interval: 1m
44
scrapeTimeout: 10s
45
metricRelabelings: []
46
relabelings: []
47
serviceAccount:
48
# Specifies whether a service account should be created
49
create: true
50
# Annotations to add to the service account
51
annotations: {}
52
# The name of the service account to use.
53
# If not set and create is true, a name is generated using the fullname template
54
name: ""
55
podAnnotations: {}
56
podLabels: {}
57
# PriorityClass indicates the importance of a Pod relative to other Pods.
58
priorityClassName: ""
59
podSecurityContext: {}
60
# fsGroup: 65532
61
62
securityContext:
63
runAsUser: 65532
64
runAsGroup: 65532
65
runAsNonRoot: true
66
privileged: false
67
allowPrivilegeEscalation: false
68
readOnlyRootFilesystem: true
69
seccompProfile:
70
type: RuntimeDefault
71
capabilities:
72
drop: ["ALL"]
73
resources:
74
requests:
75
memory: "64Mi"
76
cpu: "100m"
77
limits:
78
memory: "128Mi"
79
cpu: "500m"
80
nodeSelector: {}
81
tolerations:
82
- effect: NoSchedule
83
key: node-role.kubernetes.io/control-plane
84
operator: Equal
85
affinity: {}
86
rbac:
87
manage: true
88
# Additional environment variables
89
env: []
90
# - name: FOO
91
# value: bar
92
93
dnsPolicy: ""
94
dnsConfig: {}
95
# Include additional objects within the chart
96
extraObjects: []
97
# - |
98
# apiVersion: v1
99
# kind: Secret
100
# metadata:
101
# name: my-special-secret
102
# data:
103
# key: value
104
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.