Values (reference)

Complete reference for all values.yaml configuration options. Sections follow the same order as the default values file.

Where a topic has a dedicated page (naming, labels, conventions) this page links to it rather than repeating the full explanation.

---

Global naming

Key	Type	Default	Description
nameOverride	string	""	Overrides the chart name used in labels and resource name suffixes. See Resource Naming.
fullnameOverride	string	""	Overrides the entire computed fullname used for resource names. Takes precedence over nameOverride.
releaseName	string	""	Decouples Kubernetes resource names from the Helm release name. Useful when the release name changes across environments but resource names must stay stable.
chartName	string	Chart.Name	Overrides the chart name used in the helm.sh/chart label. Rarely needed outside of library chart usage.
chartVersion	string	Chart.Version	Overrides the chart version used in the helm.sh/chart label.
version	string	Chart.AppVersion	Application version. Used in the app.kubernetes.io/version label and as the default image tag.

---

Scheduling

Key	Type	Default	Description
nodeSelector	object	{}	Node selector applied to all pods. Standard Kubernetes nodeSelector.
tolerations	list	[]	Tolerations applied to all pods. Standard Kubernetes tolerations.
affinity	object	{}	Affinity rules applied to all pods. Standard Kubernetes affinity.
podAnnotations	object	{}	Annotations added to all pod specs (Deployments, CronJobs, Jobs).
replicaCount	int	1	Default replica count for all Deployments. Override per-deployment with deployments.<name>.replicaCount.
deploymentStrategy	object	{}	Default rollout strategy for all Deployments. Standard Kubernetes strategy. Override per-deployment with deployments.<name>.deploymentStrategy.

---

Shorthands

Single-field shorthands that apply to the default container without having to navigate the full deployments structure.

Key	Type	Default	Description
portNumber	int	8080	Default container port number for the primary container. Equivalent to deployments.<name>.containers.<name>.ports.default.containerPort.
healthChecks	object	{}	Health check probes for the primary container. Accepts startupProbe, readinessProbe, and livenessProbe in standard Kubernetes format. Equivalent to deployments.<name>.containers.<name>.healthChecks.
resources	object	{}	Resource requests and limits for the primary container. Standard Kubernetes resources. Equivalent to deployments.<name>.containers.<name>.resources.

---

Container image

Default image applied to all containers (Deployments, CronJobs, Jobs). Init containers and sidecar containers require an explicit image: field.

Key	Type	Default	Description
image.registry	string	""	Registry prefix, e.g. registry.example.com/. Include the trailing slash.
image.repository	string	""	Repository path, e.g. myorg/. Include the trailing slash if used with image.name.
image.name	string	""	Image name, e.g. myapp.
image.tag	string	""	Image tag. Falls back to version, then Chart.AppVersion. Numeric values are coerced to strings to prevent YAML integer parsing.
imagePullPolicy	string	IfNotPresent	Image pull policy applied to all containers. Standard Kubernetes values: Always, IfNotPresent, Never.
imagePullSecrets	list	[]	List of image pull secret names, e.g. [{name: my-registry-secret}].

The full image reference is constructed as: :

---

Auto-configuration (configure)

Controls which global resources are automatically injected into containers as environment variables or volume mounts. These are global defaults; each container can override them individually with its own configure: block.

Init containers and sidecar containers default to all flags false — they must opt in explicitly.

Key	Type	Default	Description
configure.env	bool	true	Automatically add global env entries to all containers.
configure.variables	bool	true	Mount the variables ConfigMap as envFrom on all containers.
configure.secrets	bool	true	Mount the secrets Secret as envFrom on all containers.
configure.files	bool	true	Auto-mount mountedFiles into all containers.
configure.secretFiles	bool	true	Auto-mount mountedSecretFiles and mountedSealedSecretFiles into all containers.
configure.persistence	bool	false	Auto-mount PVCs defined in persistence into all containers. Disabled by default — opt in per-container or globally.

---

Environment variables

Key	Type	Default	Description
env	list or dict	[]	Environment variables injected into all containers (when configure.env: true). Accepts list format (standard Kubernetes env) or dict format where the key becomes name. Supports valueFrom entries in both formats.
variables	dict	{}	Key/value pairs stored in a ConfigMap and injected as environment variables (when configure.variables: true).
secrets	dict	{}	Key/value pairs stored in a Secret and injected as environment variables (when configure.secrets: true). Values are base64-encoded automatically by Kubernetes.

# List format
env:
  - name: LOG_LEVEL
    value: debug
  - name: DB_PASSWORD
    valueFrom:
      secretKeyRef:
        name: db-secret
        key: password

# Dict format — key becomes name
env:
  LOG_LEVEL: debug
  DB_PASSWORD:
    valueFrom:
      secretKeyRef:
        name: db-secret
        key: password

variables:
  DATABASE_HOST: postgres.default.svc

secrets:
  DATABASE_PASSWORD: supersecret

---

Mounted files

Files stored as ConfigMap or Secret data and mounted into containers.

Key	Type	Default	Description
mountedFiles	dict	{}	Files stored in a ConfigMap. Keys are filenames; values are file contents. Mounted at /config/<key> by default, or at the exact path if the key starts with /. Auto-mounted when configure.files: true.
mountedSecretFiles	dict	{}	Files stored in a Secret. Keys are filenames; values are base64-encoded contents. Mounted at /secrets/<key> by default, or at the exact path if the key starts with /. Auto-mounted when configure.secretFiles: true.
mountedSealedSecretFiles	dict	{}	Files stored in a SealedSecret. Keys are filenames; values are sealed (encrypted) strings produced by kubeseal --raw --from-file. Same mount behaviour as mountedSecretFiles.

Use --set-file to load file contents from disk:

helm upgrade myapp hosst/standard \
  --set-file 'mountedFiles.supervisord\.conf=files/supervisord.conf'

---

Persistence

Defines PersistentVolumeClaims and optionally mounts them into containers.

Key	Type	Default	Description
persistence	dict	{}	Map of named PVCs. Each entry creates a PVC resource. Auto-mounted when configure.persistence: true.
persistence.<name>.size	string	—	Required. Storage request, e.g. 10Gi.
persistence.<name>.accessModes	list	[ReadWriteOnce]	PVC access modes.
persistence.<name>.storageClass	string	""	Storage class name. Empty string uses the cluster default.
persistence.<name>.claimName	string	""	Use an existing PVC instead of creating a new one.
persistence.<name>.mount.mountPath	string	/<name>	Mount path inside the container.
persistence.<name>.mount.subPath	string	""	Sub-path within the volume to mount.
persistence.<name>.mount.readOnly	bool	false	Mount as read-only.

persistence:
  data:
    size: 10Gi
    accessModes:
      - ReadWriteOnce
    mount:
      mountPath: /data

---

Volumes and mounts

Arbitrary volumes and volume mounts applied at the pod or container level.

Key	Type	Default	Description
volumes	list or dict	[]	Volumes attached to all pods. Dict mode: key becomes the volume name. List mode: standard Kubernetes volumes, passed through unchanged.
volumeMounts	dict	{}	Volume mounts applied to all containers. Key is the volume name; value is the mount config (mountPath, subPath, readOnly).

volumes:
  config:
    configMap:
      name: my-config

volumeMounts:
  config:
    mountPath: /etc/myapp

---

Security

Key	Type	Default	Description
serviceAccount.create	bool	false	Create a ServiceAccount for the application.
serviceAccount.name	string	""	Name of the ServiceAccount. Defaults to the fullname when create: true, or default when create: false.
serviceAccount.annotations	object	{}	Annotations added to the ServiceAccount, e.g. for IRSA (eks.amazonaws.com/role-arn).
podSecurityContext	object	{}	Security context applied to all pod specs. Standard Kubernetes securityContext at the pod level (runAsUser, fsGroup, etc.).
securityContext	object	{}	Security context applied to all containers. Standard Kubernetes securityContext at the container level (allowPrivilegeEscalation, readOnlyRootFilesystem, etc.).

---

Deployments

Shorthand

deployment: is a shorthand that injects a single entry into the deployments map using the application name as key. Equivalent to:

deployments:
  <appName>:
    <your config>

deployments map

Each key in deployments creates one Deployment resource. A bare key (null value) is valid and produces a working Deployment with a single container named after the key.

See Resource Naming for how the Deployment name is derived from the key.

Key	Type	Default	Description
deployments.<name>.enabled	bool	true	Set to false to skip rendering this Deployment without removing it from values.
deployments.<name>.replicaCount	int	replicaCount	Replica count for this Deployment.
deployments.<name>.deploymentStrategy	object	deploymentStrategy	Rollout strategy for this Deployment.
deployments.<name>.annotations	object	{}	Annotations on the Deployment resource itself.
deployments.<name>.podAnnotations	object	podAnnotations	Annotations on the pod template.
deployments.<name>.podSecurityContext	object	podSecurityContext	Pod-level security context for this Deployment.
deployments.<name>.nodeSelector	object	nodeSelector	Node selector for this Deployment's pods.
deployments.<name>.tolerations	list	tolerations	Tolerations for this Deployment's pods.
deployments.<name>.affinity	object	affinity	Affinity rules for this Deployment's pods.
deployments.<name>.volumes	list or dict	volumes	Volumes for this Deployment's pods. Merged with global volumes.
deployments.<name>.volumeMounts	dict	volumeMounts	Volume mounts cascaded to containers in this Deployment.
deployments.<name>.configure	object	configure	Auto-configuration overrides for this Deployment's containers.

Autoscaling

Key	Type	Default	Description
deployments.<name>.autoscaling.enabled	bool	false	Create an HPA for this Deployment.
deployments.<name>.autoscaling.minReplicas	int	1	Minimum replica count.
deployments.<name>.autoscaling.maxReplicas	int	—	Required. Maximum replica count.
deployments.<name>.autoscaling.targetCPUUtilizationPercentage	int	""	Shorthand CPU utilization target. Generates a Resource metric entry.
deployments.<name>.autoscaling.targetMemoryUtilizationPercentage	int	""	Shorthand memory utilization target. Generates a Resource metric entry.
deployments.<name>.autoscaling.metrics	list	[]	Full autoscaling/v2 metrics list. Takes precedence over the shorthand fields.
deployments.<name>.autoscaling.behavior	object	{}	Scale-up and scale-down behavior (autoscaling/v2 format).

Containers

deployments.<name>.containers is a map of named containers in the pod. A bare key produces a container using global defaults.

Key	Type	Default	Description
containers.<name>.image	string	standard.image	Full image reference for this container. Overrides the global image.* fields.
containers.<name>.imagePullPolicy	string	imagePullPolicy	Pull policy for this container.
containers.<name>.command	list	[]	Overrides the container's ENTRYPOINT.
containers.<name>.args	list	[]	Overrides the container's CMD.
containers.<name>.ports	list or dict	[{name: default, containerPort: portNumber}]	Container ports. Dict mode: key becomes name.
containers.<name>.env	list or dict	env	Environment variables for this container. Merged with or replaces global env depending on configure.env.
containers.<name>.envFrom	list or dict	[]	envFrom sources for this container. Dict mode: key becomes the entry name.
containers.<name>.resources	object	resources	Resource requests and limits. Standard Kubernetes resources.
containers.<name>.securityContext	object	securityContext	Container-level security context.
containers.<name>.healthChecks	object	healthChecks	Probes: startupProbe, readinessProbe, livenessProbe. Standard Kubernetes format.
containers.<name>.volumeMounts	dict	pod-level volumeMounts	Volume mounts for this container. Set to [] to clear inherited mounts.
containers.<name>.configure	object	pod-level configure	Auto-configuration flags for this container. Set individual flags to false to opt out.

---

Services

Shorthand

service: injects a single entry into the services map using the application name as key.

services map

Each key creates one Service resource. A Service with no ports renders nothing useful; ports are required.

Key	Type	Default	Description
services.<name>.enabled	bool	true	Set to false to skip rendering this Service.
services.<name>.type	string	ClusterIP	Service type: ClusterIP, NodePort, LoadBalancer.
services.<name>.annotations	object	{}	Annotations on the Service resource.
services.<name>.ports	list or dict	—	Required. Service ports. Dict mode: key becomes name. Each port accepts port, targetPort, protocol, nodePort.

services:
  web:
    ports:
      http:
        port: 80
        targetPort: http

---

Ingresses

Shorthand

ingress: injects a single entry into the ingresses map using the application name as key.

ingresses map

Each key creates one Ingress resource. By default the Ingress routes to the Service with the same map key.

Key	Type	Default	Description
ingresses.<name>.enabled	bool	true	Set to false to skip rendering this Ingress.
ingresses.<name>.className	string	""	Ingress class name, e.g. nginx.
ingresses.<name>.annotations	object	{}	Annotations on the Ingress resource.
ingresses.<name>.hosts	list	[]	Hostnames. Accepts a plain string list or a list of {host, paths} objects. Plain strings use path: / and pathType: ImplementationSpecific.
ingresses.<name>.tls	any	""	TLS configuration. See below.

TLS modes

Value	Behaviour
tls: true or bare key	Auto-derives hosts from ingresses.<name>.hosts and sets secretName to <fullname>-tls.
List	Each entry is a standard Kubernetes TLS block. hosts defaults to all ingress hosts; secretName defaults to <fullname>-tls.
Dict	Key becomes the default secretName. hosts defaults to all ingress hosts. Supports enabled: false per entry.

ingresses:
  public:
    className: nginx
    hosts:
      - myapp.example.com
    tls: true    # → secretName: myapp-tls, hosts: [myapp.example.com]

---

Init containers

Init containers run to completion before application containers start. All configure flags default to false — init containers do not automatically receive app secrets or environment variables.

Key	Type	Default	Description
initContainers.<name>.image	string	—	Required. Full image reference.
initContainers.<name>.command	list	[]	Container command.
initContainers.<name>.args	list	[]	Container args.
initContainers.<name>.env	list or dict	[]	Environment variables for this init container.
initContainers.<name>.volumeMounts	dict	{}	Volume mounts.
initContainers.<name>.configure	object	all false	Opt in to auto-configuration. E.g. configure.persistence: true to receive PVC mounts.

---

Sidecar containers

Sidecar containers run alongside application containers for the lifetime of the pod (proxies, log shippers, monitoring agents). All configure flags default to false.

Key	Type	Default	Description
sidecarContainers.<name>.image	string	—	Required. Full image reference.
sidecarContainers.<name>.command	list	[]	Container command.
sidecarContainers.<name>.args	list	[]	Container args.
sidecarContainers.<name>.env	list or dict	[]	Environment variables for this sidecar.
sidecarContainers.<name>.volumeMounts	dict	{}	Volume mounts.
sidecarContainers.<name>.configure	object	all false	Opt in to auto-configuration. E.g. configure.secrets: true to receive app secrets.

---

Jobs

Jobs run once and exit. A bare key produces a working Job with restartPolicy: Never and a single container named after the key.

Use helm.sh/hook annotations for lifecycle tasks (migrations, seeding). See the Helm hooks documentation.

Key	Type	Default	Description
jobs.<name>.enabled	bool	true	Set to false to skip rendering this Job.
jobs.<name>.hook	string	""	Helm hook annotation value, e.g. pre-install, pre-upgrade.
jobs.<name>.hookWeight	string	""	Helm hook weight for ordering.
jobs.<name>.hookDeletePolicy	string	""	When Helm deletes the Job resource, e.g. hook-succeeded.
jobs.<name>.restartPolicy	string	Never	Pod restart policy.
jobs.<name>.command	list	[]	Container command override.
jobs.<name>.args	list	[]	Container args override.
jobs.<name>.containers	dict	{}	Full container map, same structure as deployments.<name>.containers. A bare key defaults to global image settings.

jobs:
  database-migrations:
    hook: pre-install, pre-upgrade
    command: ["/app/bin", "database-migrate"]

---

CronJobs

A bare key produces a working CronJob with schedule: "@daily", concurrencyPolicy: Forbid, restartPolicy: Never, and a single container named after the key.

Key	Type	Default	Description
cronJobs.<name>.enabled	bool	true	Set to false to skip rendering this CronJob.
cronJobs.<name>.schedule	string	@daily	Cron schedule expression.
cronJobs.<name>.concurrencyPolicy	string	Forbid	How to handle concurrent runs: Allow, Forbid, Replace.
cronJobs.<name>.restartPolicy	string	Never	Pod restart policy.
cronJobs.<name>.successfulJobsHistoryLimit	int	3	How many completed jobs to retain.
cronJobs.<name>.failedJobsHistoryLimit	int	1	How many failed jobs to retain.
cronJobs.<name>.command	list	[]	Container command override.
cronJobs.<name>.args	list	[]	Container args override.
cronJobs.<name>.containers	dict	{}	Full container map, same structure as deployments.<name>.containers.

cronJobs:
  cleanup:
    schedule: "0 3 * * *"
    command: ["/app/bin", "cleanup"]

---

Extra manifests

Render arbitrary Kubernetes resources alongside the chart's own output. Useful for RBAC rules, NetworkPolicies, ExternalSecrets, cert-manager Certificates, or any resource the chart does not natively generate.

Key	Type	Default	Description
extraManifests	dict or list	{}	Additional Kubernetes manifests to render.

Dict mode (recommended): the key becomes the resource name using the same naming rules as other chart resources. metadata.name, metadata.namespace, and metadata.labels are injected automatically; any metadata you provide takes precedence.

List mode: full control, no auto-metadata. Supports tpl so chart values can be referenced with {{ include "standard.fullname" . }}.

# Dict mode
extraManifests:
  allow-ingress:
    apiVersion: networking.k8s.io/v1
    kind: NetworkPolicy
    spec:
      podSelector: {}
      ingress:
        - from:
            - podSelector:
                matchLabels:
                  app.kubernetes.io/name: frontend

# List mode
extraManifests:
  - apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: "{{ include "standard.fullname" . }}-custom"
      annotations:
        eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/myapp