Helm Values Reference
Key configurable values for the Ephor Helm chart. For the complete list, see charts/ephor/values.yaml.
Images
| Value | Default | Description |
|---|---|---|
api.image.repository | ghcr.io/holbein-io/ephor-api | API container image |
api.image.tag | Chart appVersion | API image tag |
api.image.pullPolicy | IfNotPresent | Pull policy |
dashboard.image.repository | ghcr.io/holbein-io/ephor-dashboard | Dashboard container image |
dashboard.image.tag | Chart appVersion | Dashboard image tag |
dashboard.image.pullPolicy | IfNotPresent | Pull policy |
Ingress
| Value | Default | Description |
|---|---|---|
ingress.enabled | false | Create an ingress resource |
ingress.className | "" | Ingress class (e.g., nginx, traefik) |
ingress.annotations | {} | Additional ingress annotations |
ingress.hosts | [] | Host and path rules |
ingress.tls | [] | TLS configuration |
Example:
yaml
ingress:
enabled: true
className: nginx
hosts:
- host: ephor.example.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: ephor-tls
hosts:
- ephor.example.comPostgreSQL (Bundled)
| Value | Default | Description |
|---|---|---|
postgresql.enabled | true | Deploy the bundled PostgreSQL instance |
postgresql.auth.database | ephor | Database name |
postgresql.auth.username | ephor | Database username |
postgresql.auth.password | ephor | Database password (override in production) |
External Database
Used when postgresql.enabled is false.
| Value | Default | Description |
|---|---|---|
externalDatabase.host | "" | PostgreSQL hostname |
externalDatabase.port | 5432 | PostgreSQL port |
externalDatabase.name | ephor | Database name |
externalDatabase.user | ephor | Database username |
externalDatabase.password | "" | Database password |
externalDatabase.existingSecret | "" | Kubernetes Secret name containing a password key |
API
| Value | Default | Description |
|---|---|---|
api.replicaCount | 1 | Number of API replicas |
api.resources | {} | CPU and memory requests/limits |
api.auth.idpLogoutUrl | "" | Optional IdP logout URL for session termination |
api.userDirectory.provider | internal | User directory provider (internal, keycloak, github, none) |
Keycloak Settings
| Value | Default | Description |
|---|---|---|
api.userDirectory.keycloak.serverUrl | "" | Keycloak base URL |
api.userDirectory.keycloak.realm | "" | Realm name |
api.userDirectory.keycloak.clientId | "" | Client ID |
api.userDirectory.keycloak.clientSecret | "" | Client secret |
api.userDirectory.keycloak.syncInterval | 900000 | Sync interval (ms) |
api.userDirectory.keycloak.existingSecret | "" | Secret name for Keycloak credentials |
GitHub Settings
| Value | Default | Description |
|---|---|---|
api.userDirectory.github.org | "" | GitHub organization |
api.userDirectory.github.token | "" | GitHub access token |
api.userDirectory.github.syncInterval | 1800000 | Sync interval (ms) |
api.userDirectory.github.existingSecret | "" | Secret name for GitHub credentials |
Dashboard
| Value | Default | Description |
|---|---|---|
dashboard.replicaCount | 1 | Number of dashboard replicas |
dashboard.resources | {} | CPU and memory requests/limits |
TIP
See charts/ephor/values.yaml for all values including pod annotations, service accounts, node selectors, tolerations, and affinity.