DirectorySecurity AdvisoriesPricing
Sign in
Directory
spegel logoHELM

spegel

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:
1
image:
2
# -- Image repository.
3
repository: cgr.dev/chainguard-private/spegel-fips
4
# -- Image Pull Policy.
5
pullPolicy: IfNotPresent
6
# -- Overrides the image tag whose default is the chart appVersion.
7
tag: latest
8
# -- Image digest.
9
digest: sha256:787bc2bfc0870ae28cd0b1719bf36bd5e6d95c1571809cf98e95f23d9f4dbfcd
10
# -- Image Pull Secrets
11
imagePullSecrets: []
12
# -- Overrides the name of the chart.
13
nameOverride: ""
14
# -- Overrides the full name of the chart.
15
fullnameOverride: ""
16
# -- Overrides the namespace where spegel resources are installed.
17
namespaceOverride: ""
18
serviceAccount:
19
# -- Annotations to add to the service account
20
annotations: {}
21
# -- The name of the service account to use.
22
# If not set and create is true, a name is generated using the fullname template.
23
name: ""
24
# -- Annotations to add to the DaemonSet.
25
daemonsetAnnotations: {}
26
# -- Annotations to add to the pod.
27
podAnnotations: {}
28
# -- Security context for the pod.
29
podSecurityContext: {}
30
# fsGroup: 2000
31
32
# -- The number of old history to retain to allow rollback.
33
revisionHistoryLimit: 10
34
# -- Security context for the Spegel container.
35
securityContext:
36
readOnlyRootFilesystem: true
37
service:
38
registry:
39
# -- Override the NODE_ID environment variable. It defaults to the field status.hostIP
40
nodeIp: ""
41
# -- Port to expose the registry via the service.
42
port: 5000
43
# -- Node port to expose the registry via the service.
44
nodePort: 30021
45
# -- Local host port to expose the registry.
46
hostPort: 30020
47
# -- If true adds topology aware hints annotation to node port service.
48
topologyAwareHintsEnabled: true
49
# -- Annotations to add to the registry service
50
annotations: {}
51
# -- Use PreferSameNode traffic distribution on the node port service
52
# instead of using an additional mirror registry on a container host port.
53
usePreferSameNodeTrafficDistribution: false
54
router:
55
# -- Port to expose the router via the service.
56
port: 5001
57
metrics:
58
# -- Port to expose the metrics via the service.
59
port: 9090
60
# -- Annotations to add to the metrics service
61
annotations: {}
62
bootstrap:
63
# -- Annotations to add to the bootstrap service
64
annotations: {}
65
cleanup:
66
# -- Port to expose cleanup probe on.
67
port: 8080
68
# -- Annotations to add to the cleanup service (used in post-delete hook)
69
annotations: {}
70
# -- Resource requests and limits for the Spegel container.
71
resources:
72
requests:
73
memory: 128Mi
74
limits:
75
memory: 128Mi
76
# -- Node selector for pod assignment.
77
nodeSelector:
78
kubernetes.io/os: linux
79
# -- An update strategy to replace existing pods with new pods.
80
updateStrategy: {}
81
# type: RollingUpdate
82
# rollingUpdate:
83
# maxSurge: 0
84
# maxUnavailable: 1
85
86
# -- Tolerations for pod assignment.
87
tolerations:
88
- key: CriticalAddonsOnly
89
operator: Exists
90
- effect: NoExecute
91
operator: Exists
92
- effect: NoSchedule
93
operator: Exists
94
# -- Affinity settings for pod assignment.
95
affinity: {}
96
# -- Common labels to apply to all rendered resources.
97
commonLabels: {}
98
# -- Domain configured for service domain names.
99
clusterDomain: cluster.local.
100
serviceMonitor:
101
# -- If true creates a Prometheus Service Monitor.
102
enabled: false
103
# -- Prometheus scrape interval.
104
interval: 60s
105
# -- Prometheus scrape interval timeout.
106
scrapeTimeout: 30s
107
# -- Service monitor specific labels for prometheus to discover servicemonitor.
108
labels: {}
109
# -- List of relabeling rules to apply the target’s metadata labels.
110
relabelings: []
111
# -- List of relabeling rules to apply to the samples before ingestion.
112
metricRelabelings: []
113
grafanaDashboard:
114
# -- If true creates a Grafana dashboard.
115
enabled: false
116
# -- Mode for Grafana dashboard creation. Valid values are `Sidecar` and `GrafanaOperator`.
117
mode: Sidecar
118
# -- Labels to add to the Sidecar configMap or GrafanaDashboard.
119
labels: {}
120
# grafana_dashboard: "1"
121
# -- Annotations to add to the Sidecar configMap or GrafanaDashboard.
122
annotations: {}
123
# grafana_folder: "Spegel"
124
grafanaOperator:
125
# -- If true allows for a Grafana in any namespace to access this GrafanaDashboard.
126
allowCrossNamespaceImport: true
127
# -- Folder to create the dashboard in.
128
folder: ""
129
# -- Resync period for the Grafana operator to check for updates to the dashboard.
130
resyncPeriod: "10m"
131
# -- Selected labels for Grafana instance.
132
matchLabels: {}
133
# dashboards: grafana
134
# -- Priority class name to use for the pod.
135
priorityClassName: system-node-critical
136
# -- Name of secret containing basic authentication credentials for registry.
137
basicAuthSecretName: ""
138
spegel:
139
# -- Minimum log level to output. Value should be DEBUG, INFO, WARN, or ERROR.
140
logLevel: "INFO"
141
# Configuration for Spegel persistence on host used for keeping P2P identity between restarts.
142
persistence:
143
# -- If true Spegel will persist data on the host.
144
enabled: true
145
# -- Path in the container where host path is mounted.
146
path: "/var/lib/spegel"
147
# -- Path on host which is mounted to container.
148
hostPath: "/var/lib/spegel"
149
# -- Registries for which mirror configuration will be created. Empty means all registires will be mirrored.
150
mirroredRegistries: []
151
# - https://docker.io
152
# - https://ghcr.io
153
# -- Additional target mirror registries other than Spegel.
154
additionalMirrorTargets: []
155
# -- Max amount of mirrors to attempt.
156
mirrorResolveRetries: 3
157
# -- Max duration spent finding a mirror.
158
mirrorResolveTimeout: "20ms"
159
# -- Path to Containerd socket.
160
containerdSock: "/run/containerd/containerd.sock"
161
# -- Containerd namespace where images are stored.
162
containerdNamespace: "k8s.io"
163
# -- Path to Containerd mirror configuration.
164
containerdRegistryConfigPath: "/etc/containerd/certs.d"
165
# -- Path to Containerd content store..
166
containerdContentPath: "/var/lib/containerd/io.containerd.content.v1.content"
167
# -- If true Spegel will add mirror configuration to the node.
168
containerdMirrorAdd: true
169
# -- When true Spegel will resolve tags to digests.
170
resolveTags: true
171
# -- Regular expressions to filter out tags/registries. If empty, all registries/tags are resolved.
172
registryFilters: []
173
# - ".*:latest$"
174
# - "^docker\\.io/"
175
# - "^ghcr\\.io/"
176
# -- When true existing mirror configuration will be kept and Spegel will prepend it's configuration.
177
prependExisting: false
178
# -- When true enables debug web page.
179
debugWebEnabled: true
180
verticalPodAutoscaler:
181
# -- If true creates a Vertical Pod Autoscaler.
182
enabled: false
183
# -- Recommender responsible for generating recommendation for the object.
184
# List should be empty (then the default recommender will generate the recommendation)
185
# or contain exactly one recommender.
186
recommenders: []
187
# - name: custom-recommender-performance
188
189
# -- List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
190
controlledResources: []
191
# -- Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
192
controlledValues: RequestsAndLimits
193
# -- Define the max allowed resources for the pod
194
maxAllowed: {}
195
# cpu: 100m
196
# memory: 128Mi
197
# -- Define the min allowed resources for the pod
198
minAllowed: {}
199
# cpu: 100m
200
# memory: 128Mi
201
202
updatePolicy:
203
# -- Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction
204
minReplicas: 2
205
# -- Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
206
# are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
207
updateMode: Auto
208
livenessProbe:
209
# -- When enabled a liveness probe will be added to the registry.
210
enabled: false
211
# -- Add additional volumes to the daemonset. This can be helpful when adding custom init containers that need
212
# host path mounts to different locations than the already configured ones.
213
extraVolumes: []
214
# -- Add additional initContainers *before* Spegel's own configuration init container
215
# to run additional node init configuration tasks
216
extraInitContainers: []
217

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0SOC 2Golden ImagesCVE RemediationPublic SectorStartups

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogOpen Source LeadershipPartnersNewsroomCareersLegal
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.