Helm Values Reference#

Complete reference for all Helm chart configuration options.

Global#

ValueDefaultDescription
nameOverride""Override the chart name
fullnameOverride""Override the full release name
createNamespacetrueCreate namespace (set to false if managed externally)
namespacekup6s-pagesTarget namespace for deployment
imagePullSecrets[]Global image pull secrets

CRD Configuration#

ValueDefaultDescription
crds.installfalseInstall CRD with the chart (use --skip-crds to skip)
crds.keeptrueKeep CRD when chart is uninstalled

Operator#

ValueDefaultDescription
operator.replicas1Number of operator replicas
operator.image.registryghcr.ioImage registry
operator.image.repositorykup6s/pages-operatorImage repository
operator.image.tag""Image tag (defaults to Chart.appVersion)
operator.image.pullPolicyIfNotPresentImage pull policy
operator.pagesDomainpages.kup6s.comPages domain for auto-generated site URLs
operator.clusterIssuerletsencrypt-prodcert-manager ClusterIssuer name
operator.pagesTlsModeindividualTLS mode for auto-generated domains: individual (HTTP-01 per site) or wildcard (pre-existing wildcard cert)
operator.pagesWildcardSecretpages-wildcard-tlsSecret name for wildcard certificate (only used when pagesTlsMode=wildcard)
operator.metricsBindAddress:8080Metrics bind address
operator.healthProbeBindAddress:8081Health probe bind address
operator.extraArgs[]Additional CLI arguments
operator.resources.limits.cpu200mCPU limit
operator.resources.limits.memory128MiMemory limit
operator.resources.requests.cpu100mCPU request
operator.resources.requests.memory64MiMemory request
operator.nodeSelector{}Node selector
operator.tolerations[]Tolerations
operator.affinity{}Affinity rules
operator.serviceAccount.createtrueCreate service account
operator.serviceAccount.name""Service account name
operator.serviceAccount.annotations{}Service account annotations

Syncer#

ValueDefaultDescription
syncer.replicas1Number of syncer replicas
syncer.image.registryghcr.ioImage registry
syncer.image.repositorykup6s/pages-syncerImage repository
syncer.image.tag""Image tag (defaults to Chart.appVersion)
syncer.image.pullPolicyIfNotPresentImage pull policy
syncer.syncInterval5mDefault sync interval for git repositories
syncer.webhookAddr:8080Webhook server listen address
syncer.sitesRoot/sitesSites root directory
syncer.allowedHosts[]Required. Allowed Git hosts for SSRF protection
syncer.extraArgs[]Additional CLI arguments
syncer.resources.limits.cpu500mCPU limit
syncer.resources.limits.memory256MiMemory limit
syncer.resources.requests.cpu100mCPU request
syncer.resources.requests.memory128MiMemory request
syncer.nodeSelector{}Node selector
syncer.tolerations[]Tolerations
syncer.affinity{}Affinity rules
syncer.serviceAccount.createtrueCreate service account
syncer.serviceAccount.name""Service account name
syncer.service.typeClusterIPService type
syncer.service.port80Service port

nginx#

ValueDefaultDescription
nginx.replicas2Number of nginx replicas for HA
nginx.image.registrydocker.ioImage registry
nginx.image.repositorylibrary/nginxImage repository
nginx.image.tag1.25-alpineImage tag
nginx.image.pullPolicyIfNotPresentImage pull policy
nginx.resources.limits.cpu200mCPU limit
nginx.resources.limits.memory128MiMemory limit
nginx.resources.requests.cpu50mCPU request
nginx.resources.requests.memory64MiMemory request
nginx.nodeSelector{}Node selector
nginx.tolerations[]Tolerations
nginx.affinity(pod anti-affinity)Affinity rules
nginx.service.typeClusterIPService type
nginx.service.port80Service port
nginx.customConfig""Custom nginx configuration
nginx.pdb.enabledtrueEnable PodDisruptionBudget
nginx.pdb.minAvailable1Minimum available pods

Storage#

ValueDefaultDescription
storage.existingClaim""Use existing PVC instead of creating one
storage.storageClassName""Storage class name (empty uses cluster default)
storage.size10GiStorage size
storage.accessModes[ReadWriteMany]Access modes
storage.annotations{}PVC annotations

Webhook#

ValueDefaultDescription
webhook.enabledfalseEnable webhook IngressRoute and Certificate
webhook.domainwebhook.pages.kup6s.comWebhook domain
webhook.clusterIssuer""ClusterIssuer (defaults to operator.clusterIssuer)
webhook.entryPoints[websecure]Traefik entrypoints
webhook.annotations{}Additional IngressRoute annotations
webhook.secret""Webhook secret for HMAC validation
webhook.secretRef.name""Reference to existing secret
webhook.secretRef.keywebhook-secretKey in the secret

RBAC#

ValueDefaultDescription
rbac.createtrueCreate ClusterRole and ClusterRoleBinding resources
Backward StaticSite CRD CLI Flags Forward

Version 1.0.0-rc.1 | Built 2026-02-05
Copyright 2026 Klein & Partner KG, Völs, Austria and contributors