DirectorySecurity AdvisoriesPricing
Sign in
Directory
sigstore-rekor logoHELM

sigstore-rekor

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:

1
namespace:
2
create: false
3
name: rekor-system
4
imagePullSecrets: []
5
initContainerImage:
6
curl:
7
registry: cgr.dev
8
repository: chainguard-private/curl
9
# -- 8.17.0
10
version: sha256:a8afc7470364f424bcbcabc8ca1feb9a740bde25831fde6911652158ac6e7764
11
imagePullPolicy: IfNotPresent
12
initContainerResources: {}
13
redis:
14
enabled: true
15
replicaCount: 1
16
hostname: ""
17
port: 6379
18
args:
19
- --bind
20
- 0.0.0.0
21
- --appendonly
22
- "yes"
23
name: redis
24
image:
25
registry: cgr.dev
26
repository: chainguard-private/redis
27
pullPolicy: IfNotPresent
28
# -- 6.2.17-alpine3.21
29
version: sha256:c3a4eb01acb3949696e54b9b130c87a1d90819bfb057070ecf46c39b41df9e12
30
resources: {}
31
persistence:
32
enabled: false
33
annotations: {}
34
existingClaim: ""
35
storageClass: ""
36
accessModes:
37
- ReadWriteOnce
38
size: 5Gi
39
readinessProbe:
40
initialDelaySeconds: 5
41
periodSeconds: 10
42
timeoutSeconds: 1
43
failureThreshold: 3
44
successThreshold: 1
45
exec:
46
command:
47
- /bin/sh
48
- -i
49
- -c
50
- test "$(redis-cli -h 127.0.0.1 ping)" = "PONG"
51
livenessProbe:
52
initialDelaySeconds: 5
53
periodSeconds: 10
54
timeoutSeconds: 1
55
failureThreshold: 3
56
successThreshold: 1
57
exec:
58
command:
59
- /bin/sh
60
- -i
61
- -c
62
- test "$(redis-cli -h 127.0.0.1 ping)" = "PONG"
63
service:
64
type: ClusterIP
65
ports:
66
- name: 6379-tcp
67
port: 6379
68
protocol: TCP
69
targetPort: 6379
70
serviceAccount:
71
create: true
72
name: ""
73
annotations: {}
74
tolerations: []
75
nodeSelector: {}
76
affinity: {}
77
mysql:
78
gcp:
79
enabled: false
80
instance: ""
81
cloudsql:
82
registry: cgr.dev
83
repository: chainguard-private/cloud-sql-proxy
84
# -- crane digest gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.19.0-alpine
85
version: sha256:11674e606556bc5f436c9876ffd435499fc57b11ff707c7ff42a2d0011a45b41
86
resources:
87
requests:
88
memory: "2Gi"
89
cpu: "1"
90
securityContext:
91
allowPrivilegeEscalation: false
92
readOnlyRootFilesystem: true
93
runAsNonRoot: true
94
capabilities:
95
drop:
96
- ALL
97
unixDomainSocket:
98
enabled: false
99
path: /cloudsql
100
enabled: false
101
replicaCount: 1
102
name: mysql
103
hostname: ""
104
port: 3306
105
strategy:
106
type: Recreate
107
image:
108
registry: cgr.dev
109
repository: chainguard-private/mariadb
110
pullPolicy: IfNotPresent
111
version: sha256:bbbde7e5a4372295241d0e70eb48b0c9aad2192c6a43ee51ad6f40c900e5dd64
112
server:
113
enabled: true
114
replicaCount: 1
115
name: server
116
port: 3000
117
image:
118
registry: cgr.dev
119
repository: chainguard-private/rekor-server
120
pullPolicy: IfNotPresent
121
# crane digest ghcr.io/sigstore/rekor/rekor-server:v1.5.2
122
version: latest@sha256:f9531978143d5bab725c37d1d938ade6e1a1404d2e7524990eaae0b59cb8538f
123
# -- KMS type for signing key (possible values: "" / "none", "aws")
124
kmsType: none
125
# -- AWS region if using AWS KMS for signing key
126
awsKmsRegion: us-east-1
127
# -- kubernetes secret name containing IAM credentials for use with AWS KMS
128
awsKmsCredentialsSecretName: aws-kms-credentials
129
logging:
130
production: false
131
ingress:
132
enabled: true
133
className: "nginx"
134
hosts:
135
- path: /
136
host: root
137
annotations: {}
138
tls: []
139
ingresses:
140
- enabled: false
141
name: "gce-ingress"
142
className: "gce"
143
hosts:
144
- path: /
145
host: root
146
annotations: {}
147
tls: []
148
staticGlobalIP: lb-ext-ip
149
frontendConfigSpec: # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters
150
sslPolicy: rekor-ssl-policy
151
redirectToHttps:
152
enabled: true
153
backendConfigSpec: # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters
154
securityPolicy:
155
name: rekor-security-policy
156
logging:
157
enable: true
158
service:
159
type: ClusterIP
160
ports:
161
- name: 3000-tcp
162
port: 80
163
protocol: TCP
164
targetPort: 3000
165
- name: 2112-tcp
166
port: 2112
167
protocol: TCP
168
targetPort: 2112
169
signer: memory
170
readinessProbe:
171
initialDelaySeconds: 10
172
periodSeconds: 10
173
timeoutSeconds: 1
174
failureThreshold: 3
175
successThreshold: 1
176
httpGet:
177
port: 3000
178
path: /ping
179
sharding:
180
mountPath: /sharding
181
filename: sharding-config.yaml
182
contents: ""
183
livenessProbe:
184
initialDelaySeconds: 30
185
periodSeconds: 10
186
timeoutSeconds: 1
187
failureThreshold: 3
188
successThreshold: 1
189
httpGet:
190
port: 3000
191
path: /ping
192
securityContext:
193
runAsNonRoot: true
194
runAsUser: 65533
195
config:
196
key: treeID
197
treeID: ""
198
retrieve_api:
199
enabled: true
200
attestation_storage:
201
enabled: true
202
bucket: file:///var/run/attestations
203
persistence:
204
enabled: true
205
annotations: {}
206
storageClass: ""
207
size: 5Gi
208
mountPath: /var/lib/mysql
209
subPath: ""
210
existingClaim: ""
211
accessModes:
212
- ReadWriteOnce
213
podAnnotations:
214
prometheus.io/scrape: "true"
215
prometheus.io/path: /metrics
216
prometheus.io/port: "2112"
217
resources: {}
218
extraArgs: []
219
gomemlimit: ""
220
serviceAccount:
221
create: true
222
name: ""
223
annotations: {}
224
searchIndex:
225
storageProvider: ""
226
mysql: {}
227
tolerations: []
228
nodeSelector: {}
229
affinity: {}
230
createtree:
231
name: createtree
232
force: false
233
image:
234
registry: cgr.dev
235
repository: chainguard-private/sigstore-scaffolding-trillian-createtree
236
pullPolicy: IfNotPresent
237
# v0.7.31
238
version: sha256:5d3918f724f0f4fffea406f392d5da7d14a599103f135f84f46213fc7b194892
239
ttlSecondsAfterFinished: 3600
240
serviceAccount:
241
create: true
242
name: ""
243
annotations: {}
244
securityContext:
245
runAsNonRoot: true
246
runAsUser: 65533
247
resources: {}
248
annotations: {}
249
podAnnotations: {}
250
podLabels: {}
251
tolerations: []
252
nodeSelector: {}
253
affinity: {}
254
# Configure backfillredis to repair indices that were not inserted into Redis.
255
backfillredis:
256
name: backfillredis
257
enabled: false
258
image:
259
registry: cgr.dev
260
repository: chainguard-private/rekor-backfill-index
261
pullPolicy: IfNotPresent
262
# v1.3.6
263
version: sha256:3402ab410ffae622589f0887124522cabce8ba888aaa821c9f9cd1adfc22c148
264
ttlSecondsAfterFinished: 3600
265
securityContext:
266
runAsNonRoot: true
267
runAsUser: 65533
268
rekorAddress: rekor.rekor-system.svc
269
startIndex: -1
270
endIndex: -1
271
resources: {}
272
annotations: {}
273
podAnnotations: {}
274
podLabels: {}
275
tolerations: []
276
nodeSelector: {}
277
affinity: {}
278
# Configure Trillian dependency
279
trillian:
280
enabled: true
281
namespace:
282
name: trillian-system
283
create: true
284
forceNamespace: trillian-system
285
fullnameOverride: trillian
286
adminServer: ""
287
logServer:
288
name: trillian-logserver
289
fullnameOverride: trillian-logserver
290
portHTTP: 8090
291
portRPC: 8091
292
logSigner:
293
name: trillian-logsigner
294
fullnameOverride: trillian-logsigner
295
mysql:
296
fullnameOverride: trillian-mysql
297
# Force namespace of namespaced resources
298
forceNamespace: ""
299

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.