DirectorySecurity AdvisoriesPricing
Sign in
Directory
keda logoHELM

keda

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:
1
# Default values for keda.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
global:
6
image:
7
# -- Global image registry of KEDA components
8
registry: null
9
# -- DNS config for KEDA components
10
dnsConfig: {}
11
# nameservers:
12
# - 1.2.3.4
13
# searches:
14
# - ns1.svc.cluster-domain.example
15
# - my.dns.search.suffix
16
# options:
17
# - name: ndots
18
# value: "1"
19
# - name: attempts
20
# value: "3"
21
image:
22
keda:
23
# -- Image registry of KEDA operator
24
registry: cgr.dev
25
# -- Image name of KEDA operator
26
repository: scratch-images/test-tmp/keda
27
# -- Image tag of KEDA operator. Optional, given app version of Helm chart is used by default
28
tag: 2.20.1-r1@sha256:d5a26749e8fcbedf24b418b3dbdc9b1ff69563af8f014a099d12df28cadb2651
29
metricsApiServer:
30
# -- Image registry of KEDA Metrics API Server
31
registry: cgr.dev
32
# -- Image name of KEDA Metrics API Server
33
repository: scratch-images/test-tmp/keda-metrics-apiserver
34
# -- Image tag of KEDA Metrics API Server. Optional, given app version of Helm chart is used by default
35
tag: 2.20.1-r1@sha256:7ce5fc9e6acd3c92ba46953413ede33e880de6ccf787d121206714d8b9fc35e1
36
webhooks:
37
# -- Image registry of KEDA admission-webhooks
38
registry: cgr.dev
39
# -- Image name of KEDA admission-webhooks
40
repository: scratch-images/test-tmp/keda-admission-webhooks
41
# -- Image tag of KEDA admission-webhooks . Optional, given app version of Helm chart is used by default
42
tag: 2.20.1-r1@sha256:7246b0fa53b1bb435b9582021e07caf1d07616c0a0488ea0ebc02f8d58f7ae0f
43
# -- Image pullPolicy for all KEDA components
44
pullPolicy: Always
45
# -- Kubernetes cluster name. Used in features such as emitting CloudEvents
46
clusterName: kubernetes-default
47
# -- Kubernetes cluster domain
48
clusterDomain: cluster.local
49
crds:
50
# -- Defines whether the KEDA CRDs have to be installed or not.
51
install: true
52
# -- Custom annotations specifically for CRDs
53
additionalAnnotations: {}
54
# foo: bar
55
# -- Defines Kubernetes namespaces to watch to scale their workloads. Default watches all namespaces
56
watchNamespace: ""
57
# -- Name of secret to use to pull images to use to pull Docker images
58
imagePullSecrets: []
59
networkPolicy:
60
# -- Enable network policies
61
enabled: false
62
# -- Flavor of the network policies (cilium, kubernetes)
63
flavor: "cilium"
64
# -- Allow use of extra egress rules for cilium network policies
65
cilium:
66
operator:
67
extraEgressRules: []
68
# -- Allow use of extra egress rules for kubernetes network policies
69
kubernetes:
70
operator:
71
extraEgressRules: []
72
metricsServer:
73
extraEgressRules: []
74
webhooks:
75
extraEgressRules: []
76
operator:
77
# -- Name of the KEDA operator
78
name: keda-operator
79
# -- ReplicaSets for this Deployment you want to retain (Default: 10)
80
revisionHistoryLimit: 10
81
# -- Capability to configure the number of replicas for KEDA operator.
82
# While you can run more replicas of our operator, only one operator instance will be the leader and serving traffic.
83
# You can run multiple replicas, but they will not improve the performance of KEDA, it could only reduce downtime during a failover.
84
# Learn more in [our documentation](https://keda.sh/docs/latest/operate/cluster/#high-availability).
85
replicaCount: 1
86
# --Disable response compression for k8s restAPI in client-go.
87
# Disabling compression simply means that turns off the process of making data smaller for K8s restAPI in client-go for faster transmission.
88
disableCompression: true
89
# -- Leader election ID (Lease resource name) for the controller manager. Defaults to operator.keda.sh.
90
# Override to allow multiple independent KEDA operator deployments in the same namespace.
91
# leaderElectionID: "operator.keda.sh"
92
# -- DNS config for KEDA operator pod
93
dnsConfig: {}
94
# use ClusterFirstWithHostNet if `useHostNetwork: true` https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
95
# -- Defined the DNS policy for the operator
96
dnsPolicy: ClusterFirst
97
# -- Enable operator to use host network
98
useHostNetwork: false
99
# -- [Affinity] for pod scheduling for KEDA operator. Takes precedence over the `affinity` field
100
affinity: {}
101
# podAntiAffinity:
102
# requiredDuringSchedulingIgnoredDuringExecution:
103
# - labelSelector:
104
# matchExpressions:
105
# - key: app
106
# operator: In
107
# values:
108
# - keda-operator
109
# topologyKey: "kubernetes.io/hostname"
110
# -- Additional containers to run as part of the operator deployment
111
extraContainers: []
112
# - name: hello-many
113
# args:
114
# - -c
115
# - "while true; do echo hi; sleep 300; done"
116
# command:
117
# - /bin/sh
118
# image: 'busybox:glibc'
119
# -- Additional init containers to run as part of the operator deployment
120
extraInitContainers: []
121
# - name: hello-once
122
# args:
123
# - -c
124
# - "echo 'Hello World!'"
125
# command:
126
# - /bin/sh
127
# image: 'busybox:glibc'
128
# -- Liveness probes for operator ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/))
129
livenessProbe:
130
initialDelaySeconds: 25
131
periodSeconds: 10
132
timeoutSeconds: 1
133
failureThreshold: 3
134
successThreshold: 1
135
# -- Readiness probes for operator ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes))
136
readinessProbe:
137
initialDelaySeconds: 20
138
periodSeconds: 3
139
timeoutSeconds: 1
140
failureThreshold: 3
141
successThreshold: 1
142
# -- Node selector for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/))
143
nodeSelector: {}
144
# -- Tolerations for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/))
145
tolerations: []
146
metricsServer:
147
# -- Enable KEDA metrics server and external metrics API resources.
148
enabled: true
149
# -- ReplicaSets for this Deployment you want to retain (Default: 10)
150
revisionHistoryLimit: 10
151
# -- Capability to configure the number of replicas for KEDA metric server.
152
# While you can run more replicas of our metric server, only one instance will used and serve traffic.
153
# You can run multiple replicas, but they will not improve the performance of KEDA, it could only reduce downtime during a failover.
154
# Learn more in [our documentation](https://keda.sh/docs/latest/operate/cluster/#high-availability).
155
replicaCount: 1
156
# --Disable response compression for k8s restAPI in client-go.
157
# Disabling compression simply means that turns off the process of making data smaller for K8s restAPI in client-go for faster transmission.
158
disableCompression: true
159
# use ClusterFirstWithHostNet if `useHostNetwork: true` https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
160
# -- Defined the DNS policy for the metric server
161
dnsPolicy: ClusterFirst
162
# -- DNS config for KEDA metrics server pod
163
dnsConfig: {}
164
# -- Enable metric server to use host network
165
useHostNetwork: false
166
# -- [Affinity] for pod scheduling for Metrics API Server. Takes precedence over the `affinity` field
167
affinity: {}
168
# podAntiAffinity:
169
# requiredDuringSchedulingIgnoredDuringExecution:
170
# - labelSelector:
171
# matchExpressions:
172
# - key: app
173
# operator: In
174
# values:
175
# - keda-operator-metrics-apiserver
176
# topologyKey: "kubernetes.io/hostname"
177
# -- Liveness probes for Metrics API Server ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/))
178
livenessProbe:
179
initialDelaySeconds: 5
180
periodSeconds: 10
181
timeoutSeconds: 1
182
failureThreshold: 3
183
successThreshold: 1
184
# -- Readiness probes for Metrics API Server ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes))
185
readinessProbe:
186
initialDelaySeconds: 5
187
periodSeconds: 3
188
timeoutSeconds: 1
189
failureThreshold: 3
190
successThreshold: 1
191
# -- Node selector for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/))
192
nodeSelector: {}
193
# -- Tolerations for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/))
194
tolerations: []
195
webhooks:
196
# It also used to enable or disable webhook patching in the operator
197
enabled: true
198
# -- Port number to use for KEDA admission webhooks. Default is 9443.
199
port: ""
200
# -- Port number to use for KEDA admission webhooks health probe
201
healthProbePort: 8081
202
# -- DNS config for KEDA admission webhooks pod
203
dnsConfig: {}
204
# -- Liveness probes for admission webhooks ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/))
205
livenessProbe:
206
initialDelaySeconds: 25
207
periodSeconds: 10
208
timeoutSeconds: 1
209
failureThreshold: 3
210
successThreshold: 1
211
# -- Readiness probes for admission webhooks ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes))
212
readinessProbe:
213
initialDelaySeconds: 20
214
periodSeconds: 3
215
timeoutSeconds: 1
216
failureThreshold: 3
217
successThreshold: 1
218
# -- Timeout in seconds for KEDA admission webhooks
219
timeoutSeconds: 10
220
# -- Enable webhook to use host network, this is required on EKS with custom CNI
221
useHostNetwork: false
222
# -- Name of the KEDA admission webhooks
223
name: keda-admission-webhooks
224
# -- ReplicaSets for this Deployment you want to retain (Default: 10)
225
revisionHistoryLimit: 10
226
# -- Capability to configure the number of replicas for KEDA admission webhooks
227
replicaCount: 1
228
# -- [Affinity] for pod scheduling for KEDA admission webhooks. Takes precedence over the `affinity` field
229
affinity: {}
230
# podAntiAffinity:
231
# requiredDuringSchedulingIgnoredDuringExecution:
232
# - labelSelector:
233
# matchExpressions:
234
# - key: app
235
# operator: In
236
# values:
237
# - keda-admission-webhooks
238
# topologyKey: "kubernetes.io/hostname"
239
240
# -- [Failure policy](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy) to use with KEDA admission webhooks
241
failurePolicy: Ignore
242
# -- Node selector for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/))
243
nodeSelector: {}
244
# -- Tolerations for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/))
245
tolerations: []
246
upgradeStrategy:
247
# -- Capability to configure [Deployment upgrade strategy] for operator
248
operator: {}
249
# type: RollingUpdate
250
# rollingUpdate:
251
# maxUnavailable: 1
252
# maxSurge: 1
253
254
# -- Capability to configure [Deployment upgrade strategy] for Metrics Api Server
255
metricsApiServer: {}
256
# type: RollingUpdate
257
# rollingUpdate:
258
# maxUnavailable: 1
259
# maxSurge: 1
260
261
# -- Capability to configure [Deployment upgrade strategy] for Admission webhooks
262
webhooks: {}
263
# type: RollingUpdate
264
# rollingUpdate:
265
# maxUnavailable: 1
266
# maxSurge: 1
267
podDisruptionBudget:
268
# -- Capability to configure [Pod Disruption Budget]
269
operator: {}
270
# minAvailable: 1
271
# maxUnavailable: 1
272
273
# -- Capability to configure [Pod Disruption Budget]
274
metricServer: {}
275
# minAvailable: 1
276
# maxUnavailable: 1
277
278
# -- Capability to configure [Pod Disruption Budget]
279
webhooks: {}
280
# minAvailable: 1
281
# maxUnavailable: 1
282
# -- Custom labels to add into metadata
283
additionalLabels: {}
284
# foo: bar
285
286
# -- Custom annotations to add into metadata
287
additionalAnnotations: {}
288
# foo: bar
289
290
podAnnotations:
291
# -- Pod annotations for KEDA operator
292
keda: {}
293
# -- Pod annotations for KEDA Metrics Adapter
294
metricsAdapter: {}
295
# -- Pod annotations for KEDA Admission webhooks
296
webhooks: {}
297
podLabels:
298
# -- Pod labels for KEDA operator
299
keda: {}
300
# -- Pod labels for KEDA Metrics Adapter
301
metricsAdapter: {}
302
# -- Pod labels for KEDA Admission webhooks
303
webhooks: {}
304
rbac:
305
# -- Specifies whether RBAC should be used
306
create: true
307
# -- Specifies whether RBAC for CRDs should be [aggregated](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles) to default roles (view, edit, admin)
308
aggregateToDefaultRoles: false
309
# -- Whether RBAC for configured CRDs that can have a `scale` subresource should be created
310
enabledCustomScaledRefKinds: true
311
# -- Customize the namespace of k8s metrics-server deployment
312
# This could also be achieved by the Kubernetes control plane manager flag --use-service-account-credentials:
313
# [docs](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/)
314
controlPlaneServiceAccountsNamespace: kube-system
315
# -- List of custom resources that support the `scale` subresource and can be referenced by `scaledobject.spec.scaleTargetRef`.
316
# The feature needs to be also enabled by `enabledCustomScaledRefKinds`.
317
# If left empty, RBAC for `apiGroups: *` and `resources: *, */scale` will be created
318
# note: Deployments and StatefulSets are supported out of the box
319
scaledRefKinds:
320
- apiGroup: "*"
321
kind: "*"
322
# - apiGroup: argoproj.io
323
# kind: Rollout
324
serviceAccount:
325
operator:
326
# -- Specifies whether a service account should be created
327
create: true
328
# -- The name of the service account to use.
329
name: keda-operator
330
# -- Specifies whether a service account should automount API-Credentials
331
automountServiceAccountToken: true
332
# -- Annotations to add to the service account
333
annotations: {}
334
metricServer:
335
# -- Specifies whether a service account should be created
336
create: true
337
# -- The name of the service account to use.
338
name: keda-metrics-server
339
# -- Specifies whether a service account should automount API-Credentials
340
automountServiceAccountToken: true
341
# -- Annotations to add to the service account
342
annotations: {}
343
webhooks:
344
# -- Specifies whether a service account should be created
345
create: true
346
# -- The name of the service account to use.
347
name: keda-webhook
348
# -- Specifies whether a service account should automount API-Credentials
349
automountServiceAccountToken: true
350
# -- Annotations to add to the service account
351
annotations: {}
352
podIdentity:
353
azureWorkload:
354
# -- Set to true to enable Azure Workload Identity usage.
355
# See https://keda.sh/docs/concepts/authentication/#azure-workload-identity
356
# This will be set as a label on the KEDA service account.
357
enabled: false
358
# Set to the value of the Azure Active Directory Client and Tenant Ids
359
# respectively. These will be set as annotations on the KEDA service account.
360
# -- Id of Azure Active Directory Client to use for authentication with Azure Workload Identity. ([docs](https://keda.sh/docs/concepts/authentication/#azure-workload-identity))
361
clientId: ""
362
# -- Id Azure Active Directory Tenant to use for authentication with for Azure Workload Identity. ([docs](https://keda.sh/docs/concepts/authentication/#azure-workload-identity))
363
tenantId: ""
364
# Set to the value of the service account token expiration duration.
365
# This will be set as an annotation on the KEDA service account.
366
# -- Duration in seconds to automatically expire tokens for the service account. ([docs](https://keda.sh/docs/concepts/authentication/#azure-workload-identity))
367
tokenExpiration: 3600
368
aws:
369
irsa:
370
# -- Specifies whether [AWS IAM Roles for Service Accounts (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) is to be enabled or not.
371
enabled: false
372
# -- Sets the token audience for IRSA.
373
# This will be set as an annotation on the KEDA service account.
374
audience: "sts.amazonaws.com"
375
# -- Set to the value of the ARN of an IAM role with a web identity provider.
376
# This will be set as an annotation on the KEDA service account.
377
roleArn: ""
378
# -- Sets the use of an STS regional endpoint instead of global.
379
# Recommended to use regional endpoint in almost all cases.
380
# This will be set as an annotation on the KEDA service account.
381
stsRegionalEndpoints: "true"
382
# -- Set to the value of the service account token expiration duration.
383
# This will be set as an annotation on the KEDA service account.
384
tokenExpiration: 86400
385
gcp:
386
# -- Set to true to enable GCP Workload Identity.
387
# See https://keda.sh/docs/2.10/authentication-providers/gcp-workload-identity/
388
# This will be set as a annotation on the KEDA service account.
389
enabled: false
390
# -- GCP IAM Service Account Email which you would like to use for workload identity.
391
gcpIAMServiceAccount: ""
392
# -- Set this if you are using an external scaler and want to communicate
393
# over TLS (recommended). This variable holds the name of the secret that
394
# will be mounted to the /grpccerts path on the Pod
395
grpcTLSCertsSecret: ""
396
# -- Set this if you are using HashiCorp Vault and want to communicate
397
# over TLS (recommended). This variable holds the name of the secret that
398
# will be mounted to the /vault path on the Pod
399
hashiCorpVaultTLS: ""
400
logging:
401
operator:
402
# -- Logging level for KEDA Operator.
403
# allowed values: `debug`, `info`, `error`, or an integer value greater than 0, specified as string
404
level: info
405
# -- Logging format for KEDA Operator.
406
# allowed values: `json` or `console`
407
format: console
408
# -- Logging time encoding for KEDA Operator.
409
# allowed values are `epoch`, `millis`, `nano`, `iso8601`, `rfc3339` or `rfc3339nano`
410
timeEncoding: rfc3339
411
# -- If enabled, the stack traces will be also printed
412
stackTracesEnabled: false
413
metricServer:
414
# -- Logging level for Metrics Server (Deprecated).
415
# allowed values: `0` for info, `4` for debug, or an integer value greater than 0, specified as string
416
level: 0
417
# -- Logging stderrthreshold for Metrics Server (Deprecated)
418
# allowed values: 'DEBUG','INFO','WARN','ERROR','ALERT','EMERG'
419
stderrthreshold: ERROR
420
# -- Zap Logging level for Metrics Server.
421
# allowed values: `debug`, `info`, `error`, or an integer value greater than 0, specified as string
422
zapLevel: info
423
# -- Zap Logging encoder for Metrics Server.
424
# allowed values: `json` or `console`
425
zapEncoder: console
426
# -- Zap logging time encoding for Metrics Server.
427
# allowed values are `epoch`, `millis`, `nano`, `iso8601`, `rfc3339` or `rfc3339nano`
428
zapTimeEncoding: rfc3339
429
webhooks:
430
# -- Logging level for KEDA Operator.
431
# allowed values: `debug`, `info`, `error`, or an integer value greater than 0, specified as string
432
level: info
433
# -- Logging format for KEDA Admission webhooks.
434
# allowed values: `json` or `console`
435
format: console
436
# -- Logging time encoding for KEDA Operator.
437
# allowed values are `epoch`, `millis`, `nano`, `iso8601`, `rfc3339` or `rfc3339nano`
438
timeEncoding: rfc3339
439
# -- [Security context] for all containers
440
# @default -- [See below](#KEDA-is-secure-by-default)
441
securityContext:
442
# -- [Security context] of the operator container
443
# @default -- [See below](#KEDA-is-secure-by-default)
444
operator:
445
capabilities:
446
drop:
447
- ALL
448
allowPrivilegeEscalation: false
449
readOnlyRootFilesystem: true
450
seccompProfile:
451
type: RuntimeDefault
452
# -- [Security context] of the metricServer container
453
# @default -- [See below](#KEDA-is-secure-by-default)
454
metricServer:
455
capabilities:
456
drop:
457
- ALL
458
allowPrivilegeEscalation: false
459
readOnlyRootFilesystem: true
460
seccompProfile:
461
type: RuntimeDefault
462
# -- [Security context] of the admission webhooks container
463
# @default -- [See below](#KEDA-is-secure-by-default)
464
webhooks:
465
capabilities:
466
drop:
467
- ALL
468
allowPrivilegeEscalation: false
469
readOnlyRootFilesystem: true
470
seccompProfile:
471
type: RuntimeDefault
472
# -- [Pod security context] for all pods
473
# @default -- [See below](#KEDA-is-secure-by-default)
474
podSecurityContext:
475
# -- [Pod security context] of the KEDA operator pod
476
# @default -- [See below](#KEDA-is-secure-by-default)
477
operator:
478
runAsNonRoot: true
479
# runAsUser: 1000
480
# runAsGroup: 1000
481
# fsGroup: 1000
482
# -- [Pod security context] of the KEDA metrics apiserver pod
483
# @default -- [See below](#KEDA-is-secure-by-default)
484
metricServer:
485
runAsNonRoot: true
486
# runAsUser: 1000
487
# runAsGroup: 1000
488
# fsGroup: 1000
489
# -- [Pod security context] of the KEDA admission webhooks
490
# @default -- [See below](#KEDA-is-secure-by-default)
491
webhooks:
492
runAsNonRoot: true
493
# runAsUser: 1000
494
# runAsGroup: 1000
495
# fsGroup: 1000
496
service:
497
# -- KEDA Metric Server service type
498
type: ClusterIP
499
# -- HTTPS port for KEDA Metric Server service
500
portHttps: 443
501
# -- HTTPS port for KEDA Metric Server container
502
portHttpsTarget: 6443
503
# -- Annotations to add the KEDA Metric Server service
504
annotations: {}
505
# -- The minimum TLS version to use when KEDA components provide a TLS-enabled service.
506
minTlsVersion: "TLS13"
507
# -- The list of cipher suites to use when KEDA components provide a TLS-enabled service. When left empty or unset, the TLS implementation will provide a default list of cipher suites which are believed to be secure.
508
tlsCipherList: ""
509
# We provides the default values that we describe in our docs:
510
# https://keda.sh/docs/latest/operate/cluster/
511
# If you want to specify the resources (or totally remove the defaults), change or comment the following
512
# lines, adjust them as necessary, or simply add the curly braces after 'operator' and/or 'metricServer'
513
# and remove/comment the default values
514
resources:
515
# -- Manage [resource request & limits] of KEDA operator pod
516
operator:
517
limits:
518
cpu: 1
519
memory: 1000Mi
520
requests:
521
cpu: 100m
522
memory: 100Mi
523
# -- Manage [resource request & limits] of KEDA metrics apiserver pod
524
metricServer:
525
limits:
526
cpu: 1
527
memory: 1000Mi
528
requests:
529
cpu: 100m
530
memory: 100Mi
531
# -- Manage [resource request & limits] of KEDA admission webhooks pod
532
webhooks:
533
limits:
534
cpu: 1
535
memory: 1000Mi
536
requests:
537
cpu: 100m
538
memory: 100Mi
539
# -- Node selector for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/))
540
nodeSelector: {}
541
# -- Tolerations for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/))
542
tolerations: []
543
# -- HostAliases for pod networking ([docs](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/))
544
hostAliases: []
545
topologySpreadConstraints:
546
# -- [Pod Topology Constraints] of KEDA operator pod
547
operator: []
548
# -- [Pod Topology Constraints] of KEDA metrics apiserver pod
549
metricsServer: []
550
# -- [Pod Topology Constraints] of KEDA admission webhooks pod
551
webhooks: []
552
# -- [Affinity] for pod scheduling for KEDA operator, Metrics API Server and KEDA admission webhooks.
553
affinity: {}
554
# podAntiAffinity:
555
# requiredDuringSchedulingIgnoredDuringExecution:
556
# - labelSelector:
557
# matchExpressions:
558
# - key: app
559
# operator: In
560
# values:
561
# - keda-operator
562
# - keda-operator-metrics-apiserver
563
# - keda-admission-webhooks
564
# topologyKey: "kubernetes.io/hostname"
565
566
# -- priorityClassName for all KEDA components
567
priorityClassName: ""
568
## The default HTTP timeout in milliseconds that KEDA should use
569
## when making requests to external services. Removing this defaults to a
570
## reasonable default
571
http:
572
# -- The default HTTP timeout to use for all scalers that use raw HTTP clients (some scalers use SDKs to access target services. These have built-in HTTP clients, and the timeout does not necessarily apply to them)
573
timeout: 3000
574
keepAlive:
575
# -- Enable HTTP connection keep alive
576
enabled: true
577
# -- The minimum TLS version to use for all scalers that use raw HTTP clients (some scalers use SDKs to access target services. These have built-in HTTP clients, and this value does not necessarily apply to them)
578
minTlsVersion: TLS12
579
# -- The list of cipher suites to use when making HTTP over TLS connections. When left empty or unset, the TLS implementation will provide a default list of cipher suites which are believed to be secure.
580
tlsCipherList: ""
581
## This setting lets you enable profiling for all of the components of KEDA and in the specific port you choose
582
## This can be useful when trying to investigate errors like memory leaks or CPU or even look at goroutines to understand better
583
## This setting is disabled by default
584
profiling:
585
operator:
586
# -- Enable profiling for KEDA operator
587
enabled: false
588
# -- Expose profiling on a specific port
589
port: 8082
590
metricsServer:
591
# -- Enable profiling for KEDA metrics server
592
enabled: false
593
# -- Expose profiling on a specific port
594
port: 8083
595
webhooks:
596
# -- Enable profiling for KEDA admission webhook
597
enabled: false
598
# -- Expose profiling on a specific port
599
port: 8084
600
## Extra KEDA Operator and Metrics Adapter container arguments
601
extraArgs:
602
# -- Additional KEDA Operator container arguments
603
keda: {}
604
# -- Additional Metrics Adapter container arguments
605
metricsAdapter: {}
606
# -- Additional environment variables that will be passed onto all KEDA components
607
env: []
608
# - name: ENV_NAME
609
# value: 'ENV-VALUE'
610
611
# Extra volumes and volume mounts for the deployment. Optional.
612
volumes:
613
keda:
614
# -- Extra volumes for KEDA deployment
615
extraVolumes: []
616
# -- Extra volume mounts for KEDA deployment
617
extraVolumeMounts: []
618
metricsApiServer:
619
# -- Extra volumes for metric server deployment
620
extraVolumes: []
621
# -- Extra volume mounts for metric server deployment
622
extraVolumeMounts: []
623
webhooks:
624
# -- Extra volumes for admission webhooks deployment
625
extraVolumes: []
626
# -- Extra volume mounts for admission webhooks deployment
627
extraVolumeMounts: []
628
prometheus:
629
metricServer:
630
# -- Enable metric server Prometheus metrics expose
631
enabled: false
632
# -- HTTP port used for exposing metrics server prometheus metrics
633
port: 8080
634
# -- HTTP port name for exposing metrics server prometheus metrics
635
portName: metrics
636
# -- App Protocol for service when scraping metrics endpoint
637
# appProtocol: http
638
serviceMonitor:
639
# -- Enables ServiceMonitor creation for the Prometheus Operator
640
enabled: false
641
# -- JobLabel selects the label from the associated Kubernetes service which will be used as the job label for all metrics. [ServiceMonitor Spec]
642
jobLabel: ""
643
# -- TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics
644
targetLabels: []
645
# -- PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics
646
podTargetLabels: []
647
# -- Name of the service port this endpoint refers to. Mutually exclusive with targetPort
648
port: metrics
649
# -- Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port
650
targetPort: ""
651
# -- Interval at which metrics should be scraped If not specified Prometheus’ global scrape interval is used.
652
interval: ""
653
# -- Timeout after which the scrape is ended If not specified, the Prometheus global scrape timeout is used unless it is less than Interval in which the latter is used
654
scrapeTimeout: ""
655
# -- DEPRECATED. List of expressions that define custom relabeling rules for metric server ServiceMonitor crd (prometheus operator). [RelabelConfig Spec]
656
relabellings: []
657
# -- List of expressions that define custom relabeling rules for metric server ServiceMonitor crd (prometheus operator). [RelabelConfig Spec]
658
relabelings: []
659
# -- List of expressions that define custom metric relabeling rules for metric server ServiceMonitor crd after scrape has happened (prometheus operator). [RelabelConfig Spec]
660
metricRelabelings: []
661
# -- Additional labels to add for metric server using ServiceMonitor crd (prometheus operator)
662
additionalLabels: {}
663
# -- HTTP scheme used for scraping. Defaults to `http`
664
scheme: http
665
# -- TLS configuration for scraping metrics
666
tlsConfig: {}
667
# caFile: /etc/prom-certs/root-cert.pem
668
# certFile: /etc/prom-certs/cert-chain.pem
669
# insecureSkipVerify: true
670
# keyFile: /etc/prom-certs/key.pem
671
podMonitor:
672
# -- Enables PodMonitor creation for the Prometheus Operator
673
enabled: false
674
# -- Scraping interval for metric server using podMonitor crd (prometheus operator)
675
interval: ""
676
# -- Scraping timeout for metric server using podMonitor crd (prometheus operator)
677
scrapeTimeout: ""
678
# -- Scraping namespace for metric server using podMonitor crd (prometheus operator)
679
namespace: ""
680
# -- Additional labels to add for metric server using podMonitor crd (prometheus operator)
681
additionalLabels: {}
682
# -- List of expressions that define custom relabeling rules for metric server podMonitor crd (prometheus operator)
683
relabelings: []
684
# -- List of expressions that define custom metric relabeling rules for metric server PodMonitor crd after scrape has happened (prometheus operator). [RelabelConfig Spec]
685
metricRelabelings: []
686
operator:
687
# -- Enable KEDA Operator prometheus metrics expose
688
enabled: false
689
# -- Port used for exposing KEDA Operator prometheus metrics
690
port: 8080
691
# -- App Protocol for service when scraping metrics endpoint
692
# appProtocol: http
693
serviceMonitor:
694
# -- Enables ServiceMonitor creation for the Prometheus Operator
695
enabled: false
696
# -- JobLabel selects the label from the associated Kubernetes service which will be used as the job label for all metrics. [ServiceMonitor Spec]
697
jobLabel: ""
698
# -- TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics
699
targetLabels: []
700
# -- PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics
701
podTargetLabels: []
702
# -- Name of the service port this endpoint refers to. Mutually exclusive with targetPort
703
port: metrics
704
# -- Name or number of the target port of the Pod behind the Service,
705
# the port must be specified with container port property. Mutually exclusive with port
706
targetPort: ""
707
# -- Interval at which metrics should be scraped If not specified Prometheus’ global scrape interval is used.
708
interval: ""
709
# -- Timeout after which the scrape is ended If not specified, the Prometheus global scrape timeout is used unless it is less than Interval in which the latter is used
710
scrapeTimeout: ""
711
# -- DEPRECATED. List of expressions that define custom relabeling rules for metric server ServiceMonitor crd (prometheus operator). [RelabelConfig Spec]
712
relabellings: []
713
# -- List of expressions that define custom relabeling rules for metric server ServiceMonitor crd (prometheus operator). [RelabelConfig Spec]
714
relabelings: []
715
# -- List of expressions that define custom metric relabeling rules for metric server ServiceMonitor crd after scrape has happened (prometheus operator). [RelabelConfig Spec]
716
metricRelabelings: []
717
# -- Additional labels to add for metric server using ServiceMonitor crd (prometheus operator)
718
additionalLabels: {}
719
# -- HTTP scheme used for scraping. Defaults to `http`
720
scheme: http
721
# -- TLS configuration for scraping metrics
722
tlsConfig: {}
723
# caFile: /etc/prom-certs/root-cert.pem
724
# certFile: /etc/prom-certs/cert-chain.pem
725
# insecureSkipVerify: true
726
# keyFile: /etc/prom-certs/key.pem
727
podMonitor:
728
# -- Enables PodMonitor creation for the Prometheus Operator
729
enabled: false
730
# -- Scraping interval for KEDA Operator using podMonitor crd (prometheus operator)
731
interval: ""
732
# -- Scraping timeout for KEDA Operator using podMonitor crd (prometheus operator)
733
scrapeTimeout: ""
734
# -- Scraping namespace for KEDA Operator using podMonitor crd (prometheus operator)
735
namespace: ""
736
# -- Additional labels to add for KEDA Operator using podMonitor crd (prometheus operator)
737
additionalLabels: {}
738
# -- List of expressions that define custom relabeling rules for KEDA Operator podMonitor crd (prometheus operator)
739
relabelings: []
740
# -- List of expressions that define custom metric relabeling rules for metric server PodMonitor crd after scrape has happened (prometheus operator). [RelabelConfig Spec]
741
metricRelabelings: []
742
prometheusRules:
743
# -- Enables PrometheusRules creation for the Prometheus Operator
744
enabled: false
745
# -- Scraping namespace for KEDA Operator using prometheusRules crd (prometheus operator)
746
namespace: ""
747
# -- Additional labels to add for KEDA Operator using prometheusRules crd (prometheus operator)
748
additionalLabels: {}
749
# -- Additional alerts to add for KEDA Operator using prometheusRules crd (prometheus operator)
750
alerts: []
751
# - alert: KedaScalerErrors
752
# annotations:
753
# description: Keda scaledObject {{ $labels.scaledObject }} is experiencing errors with {{ $labels.scaler }} scaler
754
# summary: Keda Scaler {{ $labels.scaler }} Errors
755
# expr: sum by ( scaledObject , scaler) (rate(keda_metrics_adapter_scaler_errors[2m])) > 0
756
# for: 2m
757
# labels:
758
webhooks:
759
# -- Enable KEDA admission webhooks prometheus metrics expose
760
enabled: false
761
# -- Port used for exposing KEDA admission webhooks prometheus metrics
762
port: 8080
763
# -- App Protocol for service when scraping metrics endpoint
764
# appProtocol: http
765
serviceMonitor:
766
# -- Enables ServiceMonitor creation for the Prometheus webhooks
767
enabled: false
768
# -- jobLabel selects the label from the associated Kubernetes service which will be used as the job label for all metrics. [ServiceMonitor Spec]
769
jobLabel: ""
770
# -- TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics
771
targetLabels: []
772
# -- PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics
773
podTargetLabels: []
774
# -- Name of the service port this endpoint refers to. Mutually exclusive with targetPort
775
port: metrics
776
# -- Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port
777
targetPort: ""
778
# -- Interval at which metrics should be scraped If not specified Prometheus’ global scrape interval is used.
779
interval: ""
780
# -- Timeout after which the scrape is ended If not specified, the Prometheus global scrape timeout is used unless it is less than Interval in which the latter is used
781
scrapeTimeout: ""
782
# -- DEPRECATED. List of expressions that define custom relabeling rules for metric server ServiceMonitor crd (prometheus operator). [RelabelConfig Spec]
783
relabellings: []
784
# -- List of expressions that define custom relabeling rules for metric server ServiceMonitor crd (prometheus operator). [RelabelConfig Spec]
785
relabelings: []
786
# -- List of expressions that define custom metric relabeling rules for metric server ServiceMonitor crd after scrape has happened (prometheus operator). [RelabelConfig Spec]
787
metricRelabelings: []
788
# -- Additional labels to add for metric server using ServiceMonitor crd (prometheus operator)
789
additionalLabels: {}
790
# -- HTTP scheme used for scraping. Defaults to `http`
791
scheme: http
792
# -- TLS configuration for scraping metrics
793
tlsConfig: {}
794
# caFile: /etc/prom-certs/root-cert.pem
795
# certFile: /etc/prom-certs/cert-chain.pem
796
# insecureSkipVerify: true
797
# keyFile: /etc/prom-certs/key.pem
798
prometheusRules:
799
# -- Enables PrometheusRules creation for the Prometheus Operator
800
enabled: false
801
# -- Scraping namespace for KEDA admission webhooks using prometheusRules crd (prometheus operator)
802
namespace: ""
803
# -- Additional labels to add for KEDA admission webhooks using prometheusRules crd (prometheus operator)
804
additionalLabels: {}
805
# -- Additional alerts to add for KEDA admission webhooks using prometheusRules crd (prometheus operator)
806
alerts: []
807
opentelemetry:
808
collector:
809
# -- Uri of OpenTelemetry Collector to push telemetry to
810
uri: ""
811
operator:
812
# -- Enable pushing metrics to an OpenTelemetry Collector for operator
813
enabled: false
814
certificates:
815
# -- Enables the self generation for KEDA TLS certificates inside KEDA operator
816
autoGenerated: true
817
# -- Secret name to be mounted with KEDA TLS certificates
818
secretName: kedaorg-certs
819
# -- Path where KEDA TLS certificates are mounted
820
mountPath: /certs
821
certManager:
822
# -- Enables Cert-manager for certificate management
823
enabled: false
824
# -- Certificate duration
825
duration: 8760h0m0s # 1 year
826
# -- Certificate renewal time before expiration
827
renewBefore: 5840h0m0s # 8 months
828
# -- Generates a self-signed CA with Cert-manager.
829
# If generateCA is false, the secret with the CA
830
# has to be annotated with `cert-manager.io/allow-direct-injection: "true"`
831
generateCA: true
832
# -- Secret name where the CA is stored (generatedby cert-manager or user given)
833
caSecretName: "kedaorg-ca"
834
# -- Add labels/annotations to secrets created by Certificate resources
835
# [docs](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
836
secretTemplate: {}
837
# annotations:
838
# my-secret-annotation-1: "foo"
839
# my-secret-annotation-2: "bar"
840
# labels:
841
# my-secret-label: foo
842
# -- Reference to custom Issuer. If issuer.generate is false, then issuer.group, issuer.kind and issuer.name are required
843
issuer:
844
# -- Generates an Issuer resource with Cert-manager
845
generate: true
846
# -- Custom Issuer name. Required when generate: false
847
name: foo-org-ca
848
# -- Custom Issuer kind. Required when generate: false
849
kind: ClusterIssuer
850
# -- Custom Issuer group. Required when generate: false
851
group: cert-manager.io
852
operator:
853
# -- Enable APIService patching by KEDA operator. Controls whether KEDA operator will inject the self-generated TLS certificate into the APIService used by KEDA Metrics API Server.
854
# Only takes effect when certificates.autoGenerated is true and certificates.certManager.enabled is false.
855
# WARNING: If metricsServer.enabled is true and you disable this, you must ensure the APIService CA bundle is injected by an alternative mechanism (e.g. external controller, manual patching), otherwise the metrics API will fail TLS verification.
856
# apiServicePatching:
857
# enabled: false
858
# -- Location(s) of CA files for authentication of external TLS connections such as TLS-enabled metrics sources
859
# caDirs:
860
# - /custom/ca
861
permissions:
862
metricServer:
863
restrict:
864
# -- Restrict Secret Access for Metrics Server
865
secret: false
866
operator:
867
restrict:
868
# -- Restrict Secret Access for KEDA operator
869
# if true, KEDA operator will be able to read only secrets in {{ .Release.Namespace }} namespace
870
secret: false
871
# -- Array of strings denoting what secrets the KEDA operator will be able to read, this takes into account
872
# also the configured `watchNamespace`.
873
# the default is an empty array -> no restriction on the secret name
874
namesAllowList: []
875
# -- Creates roles and rolebindings from namespaced service accounts in the array which allow the KEDA operator
876
# to request service account tokens for use with the boundServiceAccountToken trigger source.
877
# If the namespace does not exist, this will cause the helm chart installation to fail.
878
serviceAccountTokenCreationRoles: []
879
# - name: myServiceAccount
880
# namespace: myServiceAccountNamespace
881
# -- Allow Keda to access all Service Token for KEDA operator
882
allowAllServiceAccountTokenCreation: false
883
# -- Array of extra K8s manifests to deploy
884
extraObjects: []
885
# - apiVersion: keda.sh/v1alpha1
886
# kind: ClusterTriggerAuthentication
887
# metadata:
888
# name: aws-credentials
889
# namespace: keda
890
# spec:
891
# podIdentity:
892
# provider: aws-eks
893
894
# -- Capability to turn on/off ASCII art in Helm installation notes
895
asciiArt: true
896
# -- When specified, each rendered resource will have `app.kubernetes.io/managed-by: ${this}` label on it. Useful, when using only helm template with some other solution.
897
customManagedBy: ""
898
# -- Enable service links in pods. Although enabled, mirroring k8s default, it is highly recommended to disable,
899
# due to its legacy status [Legacy container links](https://docs.docker.com/engine/network/links/)
900
enableServiceLinks: true
901

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0SOC 2Golden ImagesCVE RemediationPublic SectorStartups

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogOpen Source LeadershipPartnersNewsroomCareersLegal
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.