Data Plane
Dependenciesβ
This chart depends on the following sub-charts. For full configuration options of each dependency, please refer to their official documentation.
| Name | Version | Repository | Condition |
|---|---|---|---|
| external-secrets | 0.19.2 | https://charts.external-secrets.io | external-secrets.enabled |
| kgateway-crds | v2.1.1 | oci://cr.kgateway.dev/kgateway-dev/charts | gateway.enabled |
| kgateway | v2.1.1 | oci://cr.kgateway.dev/kgateway-dev/charts | gateway.enabled |
| kube-prometheus-stack | 78.3.0 | https://prometheus-community.github.io/helm-charts | kube-prometheus-stack.enabled |
| opentelemetry-collector | 0.140.0 | https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector.enabled |
| gateway-operator | 0.1.0 | oci://ghcr.io/wso2/api-platform/helm-charts | api-platform.enabled |
Api Platformβ
For full configuration options, please refer to the official chart documentation.
WSO2 API Platform configuration for advanced API management capabilities
| Parameter | Description | Type | Default |
|---|---|---|---|
api-platform.enabled | Enable WSO2 API Platform gateway operator | boolean | false |
api-platform.gateway.helm.chartName | OCI chart reference for the API Platform gateway | string | oci://ghcr.io/wso2/api-platform/helm-charts/gateway |
api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.AllowedAlgorithms | Allowed JWT signing algorithms | array | ["RS256","ES256"] |
api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.AuthHeaderScheme | Authorization header scheme prefix | string | Bearer |
api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.ErrorMessage | Error message returned on authentication failure | string | Authentication failed. |
api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.ErrorMessageFormat | Format for error messages | object | json |
api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.HeaderName | HTTP header name for JWT token | string | Authorization |
api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.JwksCacheTtl | Cache TTL for JWKS keys | string | 5m |
api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.JwksFetchRetryCount | Number of retry attempts for JWKS fetch | integer | 3 |
api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.JwksFetchRetryInterval | Interval between JWKS fetch retries | string | 2s |
api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.JwksFetchTimeout | Timeout for fetching JWKS | string | 5s |
api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.KeyManagers | List of key managers for JWT validation | array | |
api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.Leeway | Clock skew tolerance for JWT validation | string | 30s |
api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.OnFailureStatusCode | HTTP status code returned on authentication failure | integer | 401 |
api-platform.gateway.values.gateway.config.policy_configurations.JWTAuth_v010.ValidateIssuer | Validate the JWT issuer claim | boolean | true |
Cluster Agentβ
Cluster Agent configuration for WebSocket connection to control plane cluster gateway
| Parameter | Description | Type | Default |
|---|---|---|---|
clusterAgent.affinity | Affinity rules for pod scheduling | object | {} |
clusterAgent.dnsRewrite.enabled | Enable CoreDNS rewrite of *.openchoreo.localhost to host.k3d.internal | boolean | false |
clusterAgent.enabled | Enable the cluster agent deployment | boolean | true |
clusterAgent.heartbeatInterval | Interval between heartbeat messages to control plane | string | 30s |
clusterAgent.image.pullPolicy | Image pull policy | object | IfNotPresent |
clusterAgent.image.repository | Cluster agent image repository | string | ghcr.io/openchoreo/cluster-agent |
clusterAgent.image.tag | Image tag. Empty uses Chart.AppVersion. | string | |
clusterAgent.logLevel | Log level for cluster agent | object | info |
clusterAgent.name | Name of the cluster agent deployment | string | cluster-agent-dataplane |
clusterAgent.nodeSelector | Node selector for pod scheduling | object | {} |
clusterAgent.planeID | Logical plane identifier shared across multiple CRs connecting to the same physical plane. Defaults to Helm release name if not specified. | string | default-dataplane |
clusterAgent.planeType | Type of plane this agent manages | object | dataplane |
clusterAgent.podAnnotations | Annotations to add to cluster agent pods | object | {} |
clusterAgent.podSecurityContext.fsGroup | Group ID for volume mounts | integer | 1000 |
clusterAgent.podSecurityContext.runAsNonRoot | Run container as non-root user | boolean | true |
clusterAgent.podSecurityContext.runAsUser | User ID to run container as | integer | 1000 |
clusterAgent.priorityClass.create | Create a PriorityClass for cluster agent | boolean | false |
clusterAgent.priorityClass.name | PriorityClass name | string | cluster-agent-dataplane |
clusterAgent.priorityClass.value | Priority value (higher = more important) | integer | 900000 |
clusterAgent.rbac.create | Create RBAC resources (ClusterRole, ClusterRoleBinding) | boolean | true |
clusterAgent.reconnectDelay | Delay before attempting reconnection after disconnect | string | 5s |
clusterAgent.replicas | Number of cluster agent replicas (typically 1 per data plane) | integer | 1 |
clusterAgent.resources.limits.cpu | CPU limit for the agent | string | 100m |
clusterAgent.resources.limits.memory | Memory limit for the agent | string | 256Mi |
clusterAgent.resources.requests.cpu | CPU request for the agent | string | 50m |
clusterAgent.resources.requests.memory | Memory request for the agent | string | 128Mi |
clusterAgent.securityContext.allowPrivilegeEscalation | Prevent privilege escalation | boolean | false |
clusterAgent.securityContext.capabilities.drop | Capabilities to drop from container | array | ["ALL"] |
clusterAgent.securityContext.readOnlyRootFilesystem | Mount root filesystem as read-only | boolean | true |
clusterAgent.serverCANamespace | Namespace where cluster-gateway CA exists (control plane namespace) | string | openchoreo-control-plane |
clusterAgent.serverUrl | WebSocket URL of the cluster gateway in control plane | string | wss://cluster-gateway.openchoreo-control-plane.svc.cluster.local:8443/ws |
clusterAgent.serviceAccount.annotations | Annotations to add to the service account | object | {} |
clusterAgent.serviceAccount.create | Create a service account for the cluster agent | boolean | true |
clusterAgent.serviceAccount.name | Service account name | string | cluster-agent-dataplane |
clusterAgent.tls.caSecretName | CA secret name for signing agent client certificates. If empty, self-signed certs will be generated (required for multi-cluster setup). | string | cluster-gateway-ca |
clusterAgent.tls.caSecretNamespace | Namespace where the CA secret exists. If empty, self-signed certs will be generated (required for multi-cluster setup). | string | openchoreo-control-plane |
clusterAgent.tls.caValue | Inline CA certificate in PEM format (for multi-cluster setup). Takes precedence over caSecretName/caSecretNamespace. | string | |
clusterAgent.tls.clientSecretName | Secret name for client certificate (typically same as secretName) | string | cluster-agent-tls |
clusterAgent.tls.duration | Certificate validity duration | string | 2160h |
clusterAgent.tls.enabled | Enable TLS for agent-gateway communication | boolean | true |
clusterAgent.tls.generateCerts | Generate client certificates locally using cert-manager (for multi-cluster setups where data plane is in different cluster) | boolean | false |
clusterAgent.tls.renewBefore | Time before expiry to renew certificate | string | 360h |
clusterAgent.tls.secretName | Secret name for client certificate and key | string | cluster-agent-tls |
clusterAgent.tls.serverCAConfigMap | ConfigMap name containing server CA certificate for verifying gateway | string | cluster-gateway-ca |
clusterAgent.tls.serverCAValue | Inline server CA certificate in PEM format (for multi-cluster setup). Takes precedence over copying from control plane. | string | |
clusterAgent.tolerations | Tolerations for pod scheduling | array | [] |
External Secretsβ
For full configuration options, please refer to the official chart documentation.
External Secrets Operator configuration for syncing secrets from external secret stores (Vault, AWS Secrets Manager, etc.)
| Parameter | Description | Type | Default |
|---|---|---|---|
external-secrets.enabled | Enable External Secrets Operator for production secret management | boolean | false |
external-secrets.fullnameOverride | Override the full name of External Secrets resources | string | external-secrets |
external-secrets.nameOverride | Override the name of External Secrets resources | string | external-secrets |
Fake Secret Storeβ
Fake Secret Store for development and testing. Replace with a real ClusterSecretStore in production.
| Parameter | Description | Type | Default |
|---|---|---|---|
fakeSecretStore.enabled | Enable the fake secret store (development only - disable in production) | boolean | true |
fakeSecretStore.name | Name of the fake ClusterSecretStore resource | string | default |
fakeSecretStore.secrets | List of fake secrets for development testing | array |
Fluent Bitβ
Fluent Bit log collector configuration for forwarding container logs to OpenSearch
| Parameter | Description | Type | Default |
|---|---|---|---|
fluentBit.config.filter.k8sLoggingExclude | Respect Kubernetes logging exclude annotations | boolean | false |
fluentBit.config.filter.k8sLoggingParser | Use Kubernetes logging parser annotations | boolean | true |
fluentBit.config.filter.kubeCAFile | Path to Kubernetes CA certificate file | string | /var/run/secrets/kubernetes.io/serviceaccount/ca.crt |
fluentBit.config.filter.kubeTagPrefix | Tag prefix for Kubernetes metadata enrichment | string | kube.var.log.containers. |
fluentBit.config.filter.kubeTokenFile | Path to Kubernetes service account token file | string | /var/run/secrets/kubernetes.io/serviceaccount/token |
fluentBit.config.filter.kubeURL | Kubernetes API server URL | string | https://kubernetes.default.svc:443 |
fluentBit.config.filter.match | Tag pattern to match for filtering | string | kube.* |
fluentBit.config.filter.mergeLog | Merge log content into the main record | boolean | true |
fluentBit.config.filter.mergeLogKey | Key name for merged log content | string | log_processed |
fluentBit.config.filter.name | Filter plugin name | string | kubernetes |
fluentBit.config.input.db | Database file path for tracking read positions | string | /var/log/flb_kube.db |
fluentBit.config.input.excludePath | Glob pattern for log files to exclude from collection | string | /var/log/containers/*opensearch*_openchoreo-observability-plane_*.log,/var/log/containers/*fluent-bit*_openchoreo-data-plane_*.log |
fluentBit.config.input.inotifyWatcher | Use inotify for file watching (disable on some systems) | boolean | false |
fluentBit.config.input.memBufLimit | Memory buffer limit before backpressure | string | 256MB |
fluentBit.config.input.name | Input plugin name (tail for file-based log collection) | string | tail |
fluentBit.config.input.parser | Parser to use for log entries | string | docker |
fluentBit.config.input.path | Glob pattern for container log files to collect | string | /var/log/containers/*_openchoreo-*_*.log,/var/log/containers/*_dp-*_*.log,/var/log/containers/*_openchoreo-ci-*_*.log |
fluentBit.config.input.refreshInterval | File refresh interval in seconds | integer | 10 |
fluentBit.config.input.skipLongLines | Skip lines longer than buffer limit | boolean | true |
fluentBit.config.input.tag | Tag pattern for collected logs | string | kube.* |
fluentBit.config.opensearch.authentication.basicauth.password | OpenSearch password | string | ThisIsTheOpenSearchPassword1 |
fluentBit.config.opensearch.authentication.basicauth.username | OpenSearch username | string | admin |
fluentBit.config.opensearch.host | OpenSearch host address | string | opensearch.openchoreo-observability-plane.svc.cluster.local |
fluentBit.config.opensearch.port | OpenSearch port | string | 9200 |
fluentBit.config.opensearch.tls | Enable TLS for OpenSearch connection | boolean | true |
fluentBit.config.opensearch.tlsVerify | Verify TLS certificate (disable for self-signed certs) | boolean | false |
fluentBit.config.output.logstashFormat | Use Logstash-compatible index format | boolean | true |
fluentBit.config.output.logstashPrefix | Index prefix for Logstash format | string | container-logs |
fluentBit.config.output.match | Tag pattern to match for output | string | kube.* |
fluentBit.config.output.name | Output plugin name | string | opensearch |
fluentBit.config.output.suppressTypeName | Suppress type name in output (OpenSearch 2.x compatibility) | boolean | true |
fluentBit.config.output.timeKey | Field name for timestamp in output records | string | @timestamp |
fluentBit.config.output.traceError | Enable trace-level error logging for debugging | boolean | true |
fluentBit.config.output.type | Type field value in output records | string | flb_type |
fluentBit.config.parser.format | Log format type | string | json |
fluentBit.config.parser.name | Parser name | string | docker |
fluentBit.config.parser.timeFormat | strptime format string for parsing timestamps | string | %Y-%m-%dT%H:%M:%S.%L |
fluentBit.config.parser.timeKeep | Keep the original time field in output | boolean | true |
fluentBit.config.parser.timeKey | Field name containing timestamp | string | time |
fluentBit.config.service.daemon | Run Fluent Bit as a daemon (background process) | object | off |
fluentBit.config.service.flush | Flush interval in seconds for output plugins | integer | 1 |
fluentBit.config.service.logLevel | Log level for Fluent Bit service | object | info |
fluentBit.enabled | Enable Fluent Bit DaemonSet for log collection | boolean | true |
fluentBit.hostPaths.dockerContainers | Host path to Docker containers directory | string | /var/lib/docker/containers |
fluentBit.hostPaths.varLog | Host path to /var/log directory | string | /var/log |
fluentBit.image.pullPolicy | Image pull policy | object | IfNotPresent |
fluentBit.image.repository | Fluent Bit image repository | string | fluent/fluent-bit |
fluentBit.image.tag | Fluent Bit image tag | string | 2.1.10 |
fluentBit.rbac.create | Create RBAC resources (ClusterRole, ClusterRoleBinding) | boolean | true |
fluentBit.rbac.serviceAccountName | Service account name for Fluent Bit pods | string | fluent-bit |
Gatewayβ
For full configuration options, please refer to the official chart documentation.
KGateway API gateway configuration. Provides HTTP/HTTPS traffic routing using Kubernetes Gateway API and Envoy proxy.
| Parameter | Description | Type | Default |
|---|---|---|---|
gateway.agentgateway.enabled | Enable Agent Gateway for AI agent connectivity | boolean | false |
gateway.controller.image.pullPolicy | Image pull policy for the controller container | object | IfNotPresent |
gateway.controller.image.registry | Container registry for the controller image. Empty uses default registry. | string | |
gateway.controller.image.repository | Image repository name for the gateway controller | string | kgateway |
gateway.controller.image.tag | Image tag. Empty uses Chart.AppVersion. | string | |
gateway.controller.logLevel | Log level for the gateway controller | object | info |
gateway.controller.replicaCount | Number of gateway controller replicas | integer | 1 |
gateway.controller.resources.limits.cpu | CPU limit for the controller | string | 200m |
gateway.controller.resources.limits.memory | Memory limit for the controller | string | 256Mi |
gateway.controller.resources.requests.cpu | CPU request for the controller | string | 100m |
gateway.controller.resources.requests.memory | Memory request for the controller | string | 128Mi |
gateway.controller.service.ports.agwGrpc | Agent gateway gRPC port | integer | 9978 |
gateway.controller.service.ports.grpc | gRPC port for xDS communication | integer | 9977 |
gateway.controller.service.ports.health | Health check endpoint port | integer | 9093 |
gateway.controller.service.ports.metrics | Metrics endpoint port | integer | 9092 |
gateway.controller.service.type | Service type for the gateway controller | object | ClusterIP |
gateway.enabled | Enable KGateway installation (controls both kgateway and kgateway-crds sub-charts) | boolean | true |
gateway.envoy.enabled | Enable Envoy proxy for traffic routing | boolean | true |
gateway.envoy.mountTmpVolume | Mount /tmp as emptyDir volume to fix Envoy temporary file creation issues on macOS with Docker Desktop/Colima | boolean | false |
gateway.httpPort | Port for the HTTP listener on the gateway | integer | 9080 |
gateway.httpsPort | Port for the HTTPS listener on the gateway | integer | 9443 |
gateway.image.pullPolicy | Image pull policy for gateway containers | object | IfNotPresent |
gateway.image.registry | Container registry for gateway images | string | cr.kgateway.dev/kgateway-dev |
gateway.image.tag | Image tag. Empty uses Chart.AppVersion. | string | |
gateway.tls.certName | Kubernetes Secret name for storing the TLS certificate | string | openchoreo-gateway-tls |
gateway.tls.clusterIssuer | Cert-manager ClusterIssuer name for certificate generation. Defaults to openchoreo-selfsigned-issuer if empty. | string | |
gateway.tls.hostname | Hostname pattern for the HTTPS listener certificate | string | *.openchoreoapis.localhost |
Globalβ
Global values shared across all components in the data plane
| Parameter | Description | Type | Default |
|---|---|---|---|
global.commonLabels | Common labels applied to all resources deployed by this chart | object | {} |
Kgateway Crdsβ
For full configuration options, please refer to the official chart documentation.
KGateway CRDs subchart configuration (values passed through to kgateway-crds)
| Parameter | Description | Type | Default |
|---|---|---|---|
kgateway-crds | KGateway CRDs subchart configuration (values passed through to kgateway-crds) | object |
Kube Prometheus Stackβ
For full configuration options, please refer to the official chart documentation.
Prometheus stack configuration (kube-prometheus-stack sub-chart). Provides metrics collection for workload observability.
| Parameter | Description | Type | Default |
|---|---|---|---|
kube-prometheus-stack.alertmanager.enabled | Enable Alertmanager for alert management (not used by OpenChoreo) | boolean | false |
kube-prometheus-stack.cleanPrometheusOperatorObjectNames | Produce cleaner resource names without redundant prefixes | boolean | true |
kube-prometheus-stack.coreDns.enabled | Enable CoreDNS metrics collection | boolean | false |
kube-prometheus-stack.crds.enabled | Install Prometheus Operator CRDs (ServiceMonitor, PodMonitor, etc.) | boolean | true |
kube-prometheus-stack.defaultRules.create | Create default alerting rules (disabled - OpenChoreo uses custom rules) | boolean | false |
kube-prometheus-stack.enabled | Enable the Prometheus monitoring stack for metrics collection | boolean | false |
kube-prometheus-stack.fullnameOverride | Override the full name of Prometheus stack resources | string | openchoreo-observability |
kube-prometheus-stack.grafana.enabled | Enable Grafana dashboards (not used by OpenChoreo - use observability plane instead) | boolean | false |
kube-prometheus-stack.kube-state-metrics.collectors | Kubernetes resource types to collect metrics from | array | ["pods"] |
kube-prometheus-stack.kube-state-metrics.fullnameOverride | Override the full name of kube-state-metrics resources | string | kube-state-metrics |
kube-prometheus-stack.kube-state-metrics.metricAllowlist | Specific metrics to collect (allowlist filter) | array | |
kube-prometheus-stack.kube-state-metrics.metricLabelsAllowlist | Pod labels to include in metrics for filtering by OpenChoreo resources | array | |
kube-prometheus-stack.kubeApiServer.enabled | Enable API server metrics collection | boolean | false |
kube-prometheus-stack.kubeControllerManager.enabled | Enable controller manager metrics collection | boolean | false |
kube-prometheus-stack.kubeEtcd.enabled | Enable etcd metrics collection | boolean | false |
kube-prometheus-stack.kubeProxy.enabled | Enable kube-proxy metrics collection | boolean | false |
kube-prometheus-stack.kubeScheduler.enabled | Enable scheduler metrics collection | boolean | false |
kube-prometheus-stack.nodeExporter.enabled | Enable node-level metrics collection | boolean | false |
kube-prometheus-stack.prometheus.agentMode | Run Prometheus in agent mode for lightweight remote-write only operation | boolean | true |
kube-prometheus-stack.prometheus.enabled | Deploy a Prometheus instance (requires Prometheus Operator) | boolean | true |
kube-prometheus-stack.prometheus.prometheusSpec.remoteWrite | Remote write endpoints for forwarding metrics to external storage | array | |
kube-prometheus-stack.prometheusOperator.enabled | Enable Prometheus Operator for managing Prometheus instances | boolean | true |
kube-prometheus-stack.prometheusOperator.fullnameOverride | Override the full name of Prometheus Operator resources | string | prometheus-operator |
kube-prometheus-stack.prometheusOperator.resources.limits.cpu | CPU limit for Prometheus Operator | string | 40m |
kube-prometheus-stack.prometheusOperator.resources.limits.memory | Memory limit for Prometheus Operator | string | 50Mi |
kube-prometheus-stack.prometheusOperator.resources.requests.cpu | CPU request for Prometheus Operator | string | 20m |
kube-prometheus-stack.prometheusOperator.resources.requests.memory | Memory request for Prometheus Operator | string | 30Mi |
Kubernetes Cluster Domainβ
Kubernetes cluster DNS domain used for service discovery and certificate generation
| Parameter | Description | Type | Default |
|---|---|---|---|
kubernetesClusterDomain | Kubernetes cluster DNS domain used for service discovery and certificate generation | string | cluster.local |
Networkingβ
Network configuration for the data plane
| Parameter | Description | Type | Default |
|---|---|---|---|
networking.enabled | Enable networking features (network policies, service mesh integration) | boolean | true |
Observabilityβ
Observability configuration controlling metrics, logging, and tracing collection
| Parameter | Description | Type | Default |
|---|---|---|---|
observability.enabled | Master switch for all observability features | boolean | true |
observability.logging.enabled | Enable log collection. Set to true after observability plane is installed. | boolean | false |
observability.logging.publishers.fluentbit.enabled | Enable Fluent Bit as the log publisher | boolean | true |
observability.metrics.enabled | Enable metrics collection. Set to true after observability plane is installed. | boolean | false |
observability.observabilityPlaneUrl | URL of the observability plane for sending telemetry data (OTLP endpoint) | string |
Opentelemetry Collectorβ
For full configuration options, please refer to the official chart documentation.
OpenTelemetry Collector configuration for trace and metrics collection
| Parameter | Description | Type | Default |
|---|---|---|---|
opentelemetry-collector.clusterRole.create | Create ClusterRole for OpenTelemetry Collector | boolean | true |
opentelemetry-collector.clusterRole.rules | RBAC rules for accessing Kubernetes API resources | array | |
opentelemetry-collector.configMap.create | Create a new ConfigMap (false to use existing) | boolean | false |
opentelemetry-collector.configMap.existingName | Name of existing ConfigMap containing collector configuration | string | opentelemetry-collector-config |
opentelemetry-collector.enabled | Enable OpenTelemetry Collector deployment | boolean | false |
opentelemetry-collector.fullnameOverride | Override the full name of OpenTelemetry Collector resources | string | opentelemetry-collector |
opentelemetry-collector.image.repository | OpenTelemetry Collector image repository (contrib version includes extra receivers/exporters) | string | otel/opentelemetry-collector-contrib |
opentelemetry-collector.mode | Deployment mode for the collector | object | deployment |
opentelemetry-collector.resources.limits.cpu | CPU limit for the collector | string | 100m |
opentelemetry-collector.resources.limits.memory | Memory limit for the collector | string | 200Mi |
opentelemetry-collector.resources.requests.cpu | CPU request for the collector | string | 50m |
opentelemetry-collector.resources.requests.memory | Memory request for the collector | string | 100Mi |
Registryβ
[DEPRECATED] Container registry configuration. Registry has been moved to Build Plane.
| Parameter | Description | Type | Default |
|---|---|---|---|
registry.enabled | [DEPRECATED] Enable the container registry. Use Build Plane registry instead. | boolean | false |
registry.resources.limits.cpu | CPU limit for the registry | string | 100m |
registry.resources.limits.memory | Memory limit for the registry | string | 256Mi |
registry.resources.requests.cpu | CPU request for the registry | string | 50m |
registry.resources.requests.memory | Memory request for the registry | string | 128Mi |
registry.service.nodePort | NodePort for external access to the registry | integer | 30003 |
registry.storage.size | Size of the persistent volume for storing container images | string | 2Gi |
Securityβ
Security configuration for the data plane
| Parameter | Description | Type | Default |
|---|---|---|---|
security.enabled | Enable security features (certificate issuers, TLS configuration) | boolean | true |
Wait Jobβ
Wait job configuration for post-install Helm hooks that wait for resources
| Parameter | Description | Type | Default |
|---|---|---|---|
waitJob.image | Container image for kubectl-based wait jobs used in Helm hooks | string | bitnamilegacy/kubectl:1.32.4 |