From ad91bc2f4509cfde337a04944d47afff8aae150f Mon Sep 17 00:00:00 2001 From: Hannah Cooper Date: Fri, 27 Mar 2026 01:44:09 +0000 Subject: [PATCH] GITBOOK-42: Helm chart config options update --- advanced/helm-chart-configuration-options.md | 78 ++++++++++++-------- 1 file changed, 47 insertions(+), 31 deletions(-) diff --git a/advanced/helm-chart-configuration-options.md b/advanced/helm-chart-configuration-options.md index 891cb66b..81cdffb2 100644 --- a/advanced/helm-chart-configuration-options.md +++ b/advanced/helm-chart-configuration-options.md @@ -7,35 +7,51 @@ metaLinks: # Helm chart configuration options -The following table lists the configurable parameters of the Portainer Helm chart and their default values. Find the values file under `deploy/helm/portainer/values.yaml`. +The following table lists the configurable parameters of the Portainer Helm chart and their default values. Find the values file in our [GitHub repository](https://github.com/portainer/k8s/blob/master/charts/portainer/values.yaml) under `k8s/charts/portainer/values.yaml`. -| Parameter | Description | Default | -| ---------------------------- | --------------------------------------------------------------------------------------------------------- | --------------------------- | -| `replicaCount` | Number of Portainer service replicas (always set to 1). | `1` | -| `image.repository` | Portainer Docker Hub repository. | `portainer/portainer-ce` | -| `image.tag` | Tag for the Portainer image. | `latest` | -| `image.pullPolicy` | Portainer image-pulling policy. | `IfNotPresent` | -| `imagePullSecrets` | If the Portainer image needs to be in a private repository. | `nil` | -| `nodeSelector` | Used to apply a nodeSelector to the deployment. | `{}` | -| `serviceAccount.annotations` | Annotations to add to the service account. | `null` | -| `serviceAccount.name` | The name of the service account to use. | `portainer-sa-clusteradmin` | -| `service.type` | Service type for the main Portainer Service. Valid values: `ClusterIP`, `NodePort`, `LoadBalancer`. | `LoadBalancer` | -| `service.httpPort` | HTTP port for accessing the Portainer web interface. | `9000` | -| `service.httpNodePort` | Static NodePort for accessing the Portainer web interface. Specify only if the type is `NodePort`. | `30777` | -| `service.edgePort` | TCP port for accessing Portainer Edge. | `8000` | -| `service.edgeNodePort` | Static NodePort for accessing Portainer Edge. Specify only if the type is `NodePort`. | `30776` | -| `service.annotations` | Annotations to add to the service. | `{}` | -| `ingress.enabled` | Creates an ingress for Portainer. | `false` | -| `ingress.annotations` |

Annotations to add to the ingress. For example:
kubernetes.io/ingress.class: nginx

| `{}` | -| `ingress.hosts.host` | URL for Portainer Web. For example, `portainer.example.io`. | `nil` | -| `ingress.hosts.paths.path` | Path for the Portainer web interface. | `/` | -| `ingress.hosts.paths.port` | Port for the Portainer web interface. | `9000` | -| `ingress.tls` | TLS support on ingress. Must create a secret with TLS certificates in advance. | `[]` | -| `resources` | Portainer resource requests and limits. | `{}` | -| `persistence.enabled` | Whether or not to enable data persistence. | `true` | -| `persistence.existingClaim` | Name of an existing PVC to use for data persistence. | `nil` | -| `persistence.size` | Size of the PVC used for persistence. | `10Gi` | -| `persistence.annotations` | Annotations to apply to PVC used for persistence. | `{}` | -| `persistence.storageClass` | StorageClass to apply to PVC used for persistence. | `default` | -| `persistence.accessMode` | AccessMode for persistence. | `ReadWriteOnce` | -| `persistence.selector` | Selector for persistence. | `nil` | +| Parameter | Description | Default | +| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | +| `replicaCount` | Number of Portainer service replicas (always set to 1). | `1` | +| `enterpriseEdition.enabled` | If enterpriseEdition is enabled, then use the values here instead of those in `.image` | `true` | +| `enterpriseEdition.image.repository` | Portainer Docker Hub repository. | `portainer/portainer-ee` | +| `enterpriseEdition.image.tag` | Tag for the Portainer image. | `latest` | +| `enterpriseEdition.image.pullPolicy` | Portainer image-pulling policy. | `Always` | +| `image.repository` | Portainer Docker Hub repository. | `portainer/portainer-ce` | +| `image.tag` | Tag for the Portainer image. | `latest` | +| `image.pullPolicy` | Portainer image-pulling policy. | `Always` | +| `imagePullSecrets` | If the Portainer image needs to be in a private repository. | `[]` | +| `nodeSelector` | Used to apply a nodeSelector to the deployment. | `{}` | +| `tolerations` | Defines any Kubernetes taints that the Portainer pod is allowed to tolerate. | `[]` | +| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | +| `serviceAccount.name` | The name of the service account to use. | `portainer-sa-clusteradmin` | +| `localMgmt` |

Provides the ability to enable or disable RBAC-related resources during the deployment of the Portainer application.

If you are using Portainer to manage the K8s cluster it is deployed to, this flag must be set to true.

| `true` | +| `service.type` | Service type for the main Portainer Service. Valid values: `ClusterIP`, `NodePort`, `LoadBalancer`. | `NodePort` | +| `service.httpPort` | HTTP port for accessing the Portainer web interface. | `9000` | +| `service.httpsPort` | HTTPS port for accessing the Portainer web interface. | `9443` | +| `service.httpNodePort` | Static HTTP NodePort for accessing the Portainer web interface. Specify only if the type is `NodePort`. | `30777` | +| `service.edgePort` | TCP port for accessing Portainer Edge. | `8000` | +| `service.edgeNodePort` | Static NodePort for accessing Portainer Edge. Specify only if the type is `NodePort`. | `30776` | +| `service.httpsNodePort` | Static HTTPS NodePort for accessing the Portainer web interface. Specify only if the type is `NodePort`. | `30779` | +| `service.annotations` | Annotations to add to the service. | `{}` | +| `tls.force` | If true, Portainer will be configured to use TLS only | `false` | +| `tls.existingSecret` | If set, will mount the existing secret into the pod | `""` | +| `trusted_origins.enabled` | If true, Portainer will be configured to trust the domains specified in domains | `false` | +| `trusted_origins.domains` | specify (in a comma-separated list) the domain(s) used to access Portainer when it is behind a reverse proxy. For example: portainer.mydomain.com,portainer.example.com | `""` | +| `mtls.enable` | If set, Portainer will be configured to trust the domains specified in domains | `false` | +| `mtls.existingSecret` | If set, will mount the existing secret into the pod | `""` | +| `dbEncryption.existingSecret` |

If set, will mount the existing secret into the pod to enable Portainer database encryption.

WARNING: Enabling database encryption is a non-reversible change.

| `""` | +| `AdminPassword.existingSecret` |

If set, will mount the existing secret into the pod and pass --admin-password-file to Portainer.

The secret must contain a key named 'password' holding the plain text password.

| `""` | +| `feature.flags` | Used to enable or disable Portainer feature flags at container start | `[]` | +| `ingress.enabled` | Creates an ingress for Portainer. | `false` | +| `ingress.ingressClassName` | Sets the `ingressClassName` field on the Kubernetes Ingress object so the correct controller picks it up. | `""` | +| `ingress.annotations` |

Annotations to add to the ingress. For example:
kubernetes.io/ingress.class: nginx

| `{}` | +| `ingress.hosts.host` | URL for Portainer Web. For example, `portainer.example.io`. | `nil` | +| `ingress.hosts.paths` | Path for the Portainer web interface. | `[]` | +| `ingress.tls` | TLS support on ingress. Must create a secret with TLS certificates in advance. | `[]` | +| `extraEnv` | Extra environment variables to set on the Portainer container. | `[]` | +| `resources` | Portainer resource requests and limits. | `{}` | +| `persistence.enabled` | Whether or not to enable data persistence. | `true` | +| `persistence.existingClaim` | Name of an existing PVC to use for data persistence. | `default` | +| `persistence.size` | Size of the PVC used for persistence. | `10Gi` | +| `persistence.annotations` | Annotations to apply to PVC used for persistence. | `{}` | +| `persistence.storageClass` | StorageClass to apply to PVC used for persistence. | `default` |