DirectorySecurity AdvisoriesPricing
Sign in
Directory
keda logoHELM

keda

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:
1
# Default values for keda.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
global:
6
image:
7
# -- Global image registry of KEDA components
8
registry: null
9
# -- DNS config for KEDA components
10
dnsConfig: {}
11
# nameservers:
12
# - 1.2.3.4
13
# searches:
14
# - ns1.svc.cluster-domain.example
15
# - my.dns.search.suffix
16
# options:
17
# - name: ndots
18
# value: "1"
19
# - name: attempts
20
# value: "3"
21
image:
22
keda:
23
# -- Image registry of KEDA operator
24
registry: cgr.dev
25
# -- Image name of KEDA operator
26
repository: chainguard-private/keda
27
# -- Image tag of KEDA operator. Optional, given app version of Helm chart is used by default
28
tag: 2.19@sha256:c1661558d59d1685925a0c5ee71ca91797f741957ccc8951535833b5bb8d2f95
29
metricsApiServer:
30
# -- Image registry of KEDA Metrics API Server
31
registry: cgr.dev
32
# -- Image name of KEDA Metrics API Server
33
repository: chainguard-private/keda-metrics-apiserver
34
# -- Image tag of KEDA Metrics API Server. Optional, given app version of Helm chart is used by default
35
tag: 2.19@sha256:af1ef7467f567b73905a8c3d39bdf1082cde4802ccd7d514ad6744087aabdea7
36
webhooks:
37
# -- Image registry of KEDA admission-webhooks
38
registry: cgr.dev
39
# -- Image name of KEDA admission-webhooks
40
repository: chainguard-private/keda-admission-webhooks
41
# -- Image tag of KEDA admission-webhooks . Optional, given app version of Helm chart is used by default
42
tag: 2.19@sha256:68ebd5fedecb0cb9a2a74888aa8987b632b4d90238d42452ec7c8ff198cf3d46
43
# -- Image pullPolicy for all KEDA components
44
pullPolicy: Always
45
# -- Kubernetes cluster name. Used in features such as emitting CloudEvents
46
clusterName: kubernetes-default
47
# -- Kubernetes cluster domain
48
clusterDomain: cluster.local
49
crds:
50
# -- Defines whether the KEDA CRDs have to be installed or not.
51
install: true
52
# -- Custom annotations specifically for CRDs
53
additionalAnnotations: {}
54
# foo: bar
55
# -- Defines Kubernetes namespaces to watch to scale their workloads. Default watches all namespaces
56
watchNamespace: ""
57
# -- Name of secret to use to pull images to use to pull Docker images
58
imagePullSecrets: []
59
networkPolicy:
60
# -- Enable network policies
61
enabled: false
62
# -- Flavor of the network policies (cilium, kubernetes)
63
flavor: "cilium"
64
# -- Allow use of extra egress rules for cilium network policies
65
cilium:
66
operator:
67
extraEgressRules: []
68
# -- Allow use of extra egress rules for kubernetes network policies
69
kubernetes:
70
operator:
71
extraEgressRules: []
72
metricsServer:
73
extraEgressRules: []
74
webhooks:
75
extraEgressRules: []
76
operator:
77
# -- Name of the KEDA operator
78
name: keda-operator
79
# -- ReplicaSets for this Deployment you want to retain (Default: 10)
80
revisionHistoryLimit: 10
81
# -- Capability to configure the number of replicas for KEDA operator.
82
# While you can run more replicas of our operator, only one operator instance will be the leader and serving traffic.
83
# You can run multiple replicas, but they will not improve the performance of KEDA, it could only reduce downtime during a failover.
84
# Learn more in [our documentation](https://keda.sh/docs/latest/operate/cluster/#high-availability).
85
replicaCount: 1
86
# --Disable response compression for k8s restAPI in client-go.
87
# Disabling compression simply means that turns off the process of making data smaller for K8s restAPI in client-go for faster transmission.
88
disableCompression: true
89
# -- DNS config for KEDA operator pod
90
dnsConfig: {}
91
# use ClusterFirstWithHostNet if `useHostNetwork: true` https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
92
# -- Defined the DNS policy for the operator
93
dnsPolicy: ClusterFirst
94
# -- Enable operator to use host network
95
useHostNetwork: false
96
# -- [Affinity] for pod scheduling for KEDA operator. Takes precedence over the `affinity` field
97
affinity: {}
98
# podAntiAffinity:
99
# requiredDuringSchedulingIgnoredDuringExecution:
100
# - labelSelector:
101
# matchExpressions:
102
# - key: app
103
# operator: In
104
# values:
105
# - keda-operator
106
# topologyKey: "kubernetes.io/hostname"
107
# -- Additional containers to run as part of the operator deployment
108
extraContainers: []
109
# - name: hello-many
110
# args:
111
# - -c
112
# - "while true; do echo hi; sleep 300; done"
113
# command:
114
# - /bin/sh
115
# image: 'busybox:glibc'
116
# -- Additional init containers to run as part of the operator deployment
117
extraInitContainers: []
118
# - name: hello-once
119
# args:
120
# - -c
121
# - "echo 'Hello World!'"
122
# command:
123
# - /bin/sh
124
# image: 'busybox:glibc'
125
# -- Liveness probes for operator ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/))
126
livenessProbe:
127
initialDelaySeconds: 25
128
periodSeconds: 10
129
timeoutSeconds: 1
130
failureThreshold: 3
131
successThreshold: 1
132
# -- Readiness probes for operator ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes))
133
readinessProbe:
134
initialDelaySeconds: 20
135
periodSeconds: 3
136
timeoutSeconds: 1
137
failureThreshold: 3
138
successThreshold: 1
139
metricsServer:
140
# -- ReplicaSets for this Deployment you want to retain (Default: 10)
141
revisionHistoryLimit: 10
142
# -- Capability to configure the number of replicas for KEDA metric server.
143
# While you can run more replicas of our metric server, only one instance will used and serve traffic.
144
# You can run multiple replicas, but they will not improve the performance of KEDA, it could only reduce downtime during a failover.
145
# Learn more in [our documentation](https://keda.sh/docs/latest/operate/cluster/#high-availability).
146
replicaCount: 1
147
# --Disable response compression for k8s restAPI in client-go.
148
# Disabling compression simply means that turns off the process of making data smaller for K8s restAPI in client-go for faster transmission.
149
disableCompression: true
150
# use ClusterFirstWithHostNet if `useHostNetwork: true` https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
151
# -- Defined the DNS policy for the metric server
152
dnsPolicy: ClusterFirst
153
# -- DNS config for KEDA metrics server pod
154
dnsConfig: {}
155
# -- Enable metric server to use host network
156
useHostNetwork: false
157
# -- [Affinity] for pod scheduling for Metrics API Server. Takes precedence over the `affinity` field
158
affinity: {}
159
# podAntiAffinity:
160
# requiredDuringSchedulingIgnoredDuringExecution:
161
# - labelSelector:
162
# matchExpressions:
163
# - key: app
164
# operator: In
165
# values:
166
# - keda-operator-metrics-apiserver
167
# topologyKey: "kubernetes.io/hostname"
168
# -- Liveness probes for Metrics API Server ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/))
169
livenessProbe:
170
initialDelaySeconds: 5
171
periodSeconds: 10
172
timeoutSeconds: 1
173
failureThreshold: 3
174
successThreshold: 1
175
# -- Readiness probes for Metrics API Server ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes))
176
readinessProbe:
177
initialDelaySeconds: 5
178
periodSeconds: 3
179
timeoutSeconds: 1
180
failureThreshold: 3
181
successThreshold: 1
182
webhooks:
183
# It also used to enable or disable webhook patching in the operator
184
enabled: true
185
# -- Port number to use for KEDA admission webhooks. Default is 9443.
186
port: ""
187
# -- Port number to use for KEDA admission webhooks health probe
188
healthProbePort: 8081
189
# -- DNS config for KEDA admission webhooks pod
190
dnsConfig: {}
191
# -- Liveness probes for admission webhooks ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/))
192
livenessProbe:
193
initialDelaySeconds: 25
194
periodSeconds: 10
195
timeoutSeconds: 1
196
failureThreshold: 3
197
successThreshold: 1
198
# -- Readiness probes for admission webhooks ([docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes))
199
readinessProbe:
200
initialDelaySeconds: 20
201
periodSeconds: 3
202
timeoutSeconds: 1
203
failureThreshold: 3
204
successThreshold: 1
205
# -- Timeout in seconds for KEDA admission webhooks
206
timeoutSeconds: 10
207
# -- Enable webhook to use host network, this is required on EKS with custom CNI
208
useHostNetwork: false
209
# -- Name of the KEDA admission webhooks
210
name: keda-admission-webhooks
211
# -- ReplicaSets for this Deployment you want to retain (Default: 10)
212
revisionHistoryLimit: 10
213
# -- Capability to configure the number of replicas for KEDA admission webhooks
214
replicaCount: 1
215
# -- [Affinity] for pod scheduling for KEDA admission webhooks. Takes precedence over the `affinity` field
216
affinity: {}
217
# podAntiAffinity:
218
# requiredDuringSchedulingIgnoredDuringExecution:
219
# - labelSelector:
220
# matchExpressions:
221
# - key: app
222
# operator: In
223
# values:
224
# - keda-admission-webhooks
225
# topologyKey: "kubernetes.io/hostname"
226
227
# -- [Failure policy](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy) to use with KEDA admission webhooks
228
failurePolicy: Ignore
229
upgradeStrategy:
230
# -- Capability to configure [Deployment upgrade strategy] for operator
231
operator: {}
232
# type: RollingUpdate
233
# rollingUpdate:
234
# maxUnavailable: 1
235
# maxSurge: 1
236
237
# -- Capability to configure [Deployment upgrade strategy] for Metrics Api Server
238
metricsApiServer: {}
239
# type: RollingUpdate
240
# rollingUpdate:
241
# maxUnavailable: 1
242
# maxSurge: 1
243
244
# -- Capability to configure [Deployment upgrade strategy] for Admission webhooks
245
webhooks: {}
246
# type: RollingUpdate
247
# rollingUpdate:
248
# maxUnavailable: 1
249
# maxSurge: 1
250
podDisruptionBudget:
251
# -- Capability to configure [Pod Disruption Budget]
252
operator: {}
253
# minAvailable: 1
254
# maxUnavailable: 1
255
256
# -- Capability to configure [Pod Disruption Budget]
257
metricServer: {}
258
# minAvailable: 1
259
# maxUnavailable: 1
260
261
# -- Capability to configure [Pod Disruption Budget]
262
webhooks: {}
263
# minAvailable: 1
264
# maxUnavailable: 1
265
# -- Custom labels to add into metadata
266
additionalLabels: {}
267
# foo: bar
268
269
# -- Custom annotations to add into metadata
270
additionalAnnotations: {}
271
# foo: bar
272
273
podAnnotations:
274
# -- Pod annotations for KEDA operator
275
keda: {}
276
# -- Pod annotations for KEDA Metrics Adapter
277
metricsAdapter: {}
278
# -- Pod annotations for KEDA Admission webhooks
279
webhooks: {}
280
podLabels:
281
# -- Pod labels for KEDA operator
282
keda: {}
283
# -- Pod labels for KEDA Metrics Adapter
284
metricsAdapter: {}
285
# -- Pod labels for KEDA Admission webhooks
286
webhooks: {}
287
rbac:
288
# -- Specifies whether RBAC should be used
289
create: true
290
# -- Specifies whether RBAC for CRDs should be [aggregated](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles) to default roles (view, edit, admin)
291
aggregateToDefaultRoles: false
292
# -- Whether RBAC for configured CRDs that can have a `scale` subresource should be created
293
enabledCustomScaledRefKinds: true
294
# -- Customize the namespace of k8s metrics-server deployment
295
# This could also be achieved by the Kubernetes control plane manager flag --use-service-account-credentials:
296
# [docs](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/)
297
controlPlaneServiceAccountsNamespace: kube-system
298
# -- List of custom resources that support the `scale` subresource and can be referenced by `scaledobject.spec.scaleTargetRef`.
299
# The feature needs to be also enabled by `enabledCustomScaledRefKinds`.
300
# If left empty, RBAC for `apiGroups: *` and `resources: *, */scale` will be created
301
# note: Deployments and StatefulSets are supported out of the box
302
scaledRefKinds:
303
- apiGroup: "*"
304
kind: "*"
305
# - apiGroup: argoproj.io
306
# kind: Rollout
307
serviceAccount:
308
operator:
309
# -- Specifies whether a service account should be created
310
create: true
311
# -- The name of the service account to use.
312
name: keda-operator
313
# -- Specifies whether a service account should automount API-Credentials
314
automountServiceAccountToken: true
315
# -- Annotations to add to the service account
316
annotations: {}
317
metricServer:
318
# -- Specifies whether a service account should be created
319
create: true
320
# -- The name of the service account to use.
321
name: keda-metrics-server
322
# -- Specifies whether a service account should automount API-Credentials
323
automountServiceAccountToken: true
324
# -- Annotations to add to the service account
325
annotations: {}
326
webhooks:
327
# -- Specifies whether a service account should be created
328
create: true
329
# -- The name of the service account to use.
330
name: keda-webhook
331
# -- Specifies whether a service account should automount API-Credentials
332
automountServiceAccountToken: true
333
# -- Annotations to add to the service account
334
annotations: {}
335
podIdentity:
336
azureWorkload:
337
# -- Set to true to enable Azure Workload Identity usage.
338
# See https://keda.sh/docs/concepts/authentication/#azure-workload-identity
339
# This will be set as a label on the KEDA service account.
340
enabled: false
341
# Set to the value of the Azure Active Directory Client and Tenant Ids
342
# respectively. These will be set as annotations on the KEDA service account.
343
# -- Id of Azure Active Directory Client to use for authentication with Azure Workload Identity. ([docs](https://keda.sh/docs/concepts/authentication/#azure-workload-identity))
344
clientId: ""
345
# -- Id Azure Active Directory Tenant to use for authentication with for Azure Workload Identity. ([docs](https://keda.sh/docs/concepts/authentication/#azure-workload-identity))
346
tenantId: ""
347
# Set to the value of the service account token expiration duration.
348
# This will be set as an annotation on the KEDA service account.
349
# -- Duration in seconds to automatically expire tokens for the service account. ([docs](https://keda.sh/docs/concepts/authentication/#azure-workload-identity))
350
tokenExpiration: 3600
351
aws:
352
irsa:
353
# -- Specifies whether [AWS IAM Roles for Service Accounts (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) is to be enabled or not.
354
enabled: false
355
# -- Sets the token audience for IRSA.
356
# This will be set as an annotation on the KEDA service account.
357
audience: "sts.amazonaws.com"
358
# -- Set to the value of the ARN of an IAM role with a web identity provider.
359
# This will be set as an annotation on the KEDA service account.
360
roleArn: ""
361
# -- Sets the use of an STS regional endpoint instead of global.
362
# Recommended to use regional endpoint in almost all cases.
363
# This will be set as an annotation on the KEDA service account.
364
stsRegionalEndpoints: "true"
365
# -- Set to the value of the service account token expiration duration.
366
# This will be set as an annotation on the KEDA service account.
367
tokenExpiration: 86400
368
gcp:
369
# -- Set to true to enable GCP Workload Identity.
370
# See https://keda.sh/docs/2.10/authentication-providers/gcp-workload-identity/
371
# This will be set as a annotation on the KEDA service account.
372
enabled: false
373
# -- GCP IAM Service Account Email which you would like to use for workload identity.
374
gcpIAMServiceAccount: ""
375
# -- Set this if you are using an external scaler and want to communicate
376
# over TLS (recommended). This variable holds the name of the secret that
377
# will be mounted to the /grpccerts path on the Pod
378
grpcTLSCertsSecret: ""
379
# -- Set this if you are using HashiCorp Vault and want to communicate
380
# over TLS (recommended). This variable holds the name of the secret that
381
# will be mounted to the /vault path on the Pod
382
hashiCorpVaultTLS: ""
383
logging:
384
operator:
385
# -- Logging level for KEDA Operator.
386
# allowed values: `debug`, `info`, `error`, or an integer value greater than 0, specified as string
387
level: info
388
# -- Logging format for KEDA Operator.
389
# allowed values: `json` or `console`
390
format: console
391
# -- Logging time encoding for KEDA Operator.
392
# allowed values are `epoch`, `millis`, `nano`, `iso8601`, `rfc3339` or `rfc3339nano`
393
timeEncoding: rfc3339
394
# -- If enabled, the stack traces will be also printed
395
stackTracesEnabled: false
396
metricServer:
397
# -- Logging level for Metrics Server (Deprecated).
398
# allowed values: `0` for info, `4` for debug, or an integer value greater than 0, specified as string
399
level: 0
400
# -- Logging stderrthreshold for Metrics Server (Deprecated)
401
# allowed values: 'DEBUG','INFO','WARN','ERROR','ALERT','EMERG'
402
stderrthreshold: ERROR
403
# -- Zap Logging level for Metrics Server.
404
# allowed values: `debug`, `info`, `error`, or an integer value greater than 0, specified as string
405
zapLevel: info
406
# -- Zap Logging encoder for Metrics Server.
407
# allowed values: `json` or `console`
408
zapEncoder: console
409
# -- Zap logging time encoding for Metrics Server.
410
# allowed values are `epoch`, `millis`, `nano`, `iso8601`, `rfc3339` or `rfc3339nano`
411
zapTimeEncoding: rfc3339
412
webhooks:
413
# -- Logging level for KEDA Operator.
414
# allowed values: `debug`, `info`, `error`, or an integer value greater than 0, specified as string
415
level: info
416
# -- Logging format for KEDA Admission webhooks.
417
# allowed values: `json` or `console`
418
format: console
419
# -- Logging time encoding for KEDA Operator.
420
# allowed values are `epoch`, `millis`, `nano`, `iso8601`, `rfc3339` or `rfc3339nano`
421
timeEncoding: rfc3339
422
# -- [Security context] for all containers
423
# @default -- [See below](#KEDA-is-secure-by-default)
424
securityContext:
425
# -- [Security context] of the operator container
426
# @default -- [See below](#KEDA-is-secure-by-default)
427
operator:
428
capabilities:
429
drop:
430
- ALL
431
allowPrivilegeEscalation: false
432
readOnlyRootFilesystem: true
433
seccompProfile:
434
type: RuntimeDefault
435
# -- [Security context] of the metricServer container
436
# @default -- [See below](#KEDA-is-secure-by-default)
437
metricServer:
438
capabilities:
439
drop:
440
- ALL
441
allowPrivilegeEscalation: false
442
readOnlyRootFilesystem: true
443
seccompProfile:
444
type: RuntimeDefault
445
# -- [Security context] of the admission webhooks container
446
# @default -- [See below](#KEDA-is-secure-by-default)
447
webhooks:
448
capabilities:
449
drop:
450
- ALL
451
allowPrivilegeEscalation: false
452
readOnlyRootFilesystem: true
453
seccompProfile:
454
type: RuntimeDefault
455
# -- [Pod security context] for all pods
456
# @default -- [See below](#KEDA-is-secure-by-default)
457
podSecurityContext:
458
# -- [Pod security context] of the KEDA operator pod
459
# @default -- [See below](#KEDA-is-secure-by-default)
460
operator:
461
runAsNonRoot: true
462
# runAsUser: 1000
463
# runAsGroup: 1000
464
# fsGroup: 1000
465
# -- [Pod security context] of the KEDA metrics apiserver pod
466
# @default -- [See below](#KEDA-is-secure-by-default)
467
metricServer:
468
runAsNonRoot: true
469
# runAsUser: 1000
470
# runAsGroup: 1000
471
# fsGroup: 1000
472
# -- [Pod security context] of the KEDA admission webhooks
473
# @default -- [See below](#KEDA-is-secure-by-default)
474
webhooks:
475
runAsNonRoot: true
476
# runAsUser: 1000
477
# runAsGroup: 1000
478
# fsGroup: 1000
479
service:
480
# -- KEDA Metric Server service type
481
type: ClusterIP
482
# -- HTTPS port for KEDA Metric Server service
483
portHttps: 443
484
# -- HTTPS port for KEDA Metric Server container
485
portHttpsTarget: 6443
486
# -- Annotations to add the KEDA Metric Server service
487
annotations: {}
488
# We provides the default values that we describe in our docs:
489
# https://keda.sh/docs/latest/operate/cluster/
490
# If you want to specify the resources (or totally remove the defaults), change or comment the following
491
# lines, adjust them as necessary, or simply add the curly braces after 'operator' and/or 'metricServer'
492
# and remove/comment the default values
493
resources:
494
# -- Manage [resource request & limits] of KEDA operator pod
495
operator:
496
limits:
497
cpu: 1
498
memory: 1000Mi
499
requests:
500
cpu: 100m
501
memory: 100Mi
502
# -- Manage [resource request & limits] of KEDA metrics apiserver pod
503
metricServer:
504
limits:
505
cpu: 1
506
memory: 1000Mi
507
requests:
508
cpu: 100m
509
memory: 100Mi
510
# -- Manage [resource request & limits] of KEDA admission webhooks pod
511
webhooks:
512
limits:
513
cpu: 1
514
memory: 1000Mi
515
requests:
516
cpu: 100m
517
memory: 100Mi
518
# -- Node selector for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/))
519
nodeSelector: {}
520
# -- Tolerations for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/))
521
tolerations: []
522
# -- HostAliases for pod networking ([docs](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/))
523
hostAliases: []
524
topologySpreadConstraints:
525
# -- [Pod Topology Constraints] of KEDA operator pod
526
operator: []
527
# -- [Pod Topology Constraints] of KEDA metrics apiserver pod
528
metricsServer: []
529
# -- [Pod Topology Constraints] of KEDA admission webhooks pod
530
webhooks: []
531
# -- [Affinity] for pod scheduling for KEDA operator, Metrics API Server and KEDA admission webhooks.
532
affinity: {}
533
# podAntiAffinity:
534
# requiredDuringSchedulingIgnoredDuringExecution:
535
# - labelSelector:
536
# matchExpressions:
537
# - key: app
538
# operator: In
539
# values:
540
# - keda-operator
541
# - keda-operator-metrics-apiserver
542
# - keda-admission-webhooks
543
# topologyKey: "kubernetes.io/hostname"
544
545
# -- priorityClassName for all KEDA components
546
priorityClassName: ""
547
## The default HTTP timeout in milliseconds that KEDA should use
548
## when making requests to external services. Removing this defaults to a
549
## reasonable default
550
http:
551
# -- The default HTTP timeout to use for all scalers that use raw HTTP clients (some scalers use SDKs to access target services. These have built-in HTTP clients, and the timeout does not necessarily apply to them)
552
timeout: 3000
553
keepAlive:
554
# -- Enable HTTP connection keep alive
555
enabled: true
556
# -- The minimum TLS version to use for all scalers that use raw HTTP clients (some scalers use SDKs to access target services. These have built-in HTTP clients, and this value does not necessarily apply to them)
557
minTlsVersion: TLS12
558
## This setting lets you enable profiling for all of the components of KEDA and in the specific port you choose
559
## This can be useful when trying to investigate errors like memory leaks or CPU or even look at goroutines to understand better
560
## This setting is disabled by default
561
profiling:
562
operator:
563
# -- Enable profiling for KEDA operator
564
enabled: false
565
# -- Expose profiling on a specific port
566
port: 8082
567
metricsServer:
568
# -- Enable profiling for KEDA metrics server
569
enabled: false
570
# -- Expose profiling on a specific port
571
port: 8083
572
webhooks:
573
# -- Enable profiling for KEDA admission webhook
574
enabled: false
575
# -- Expose profiling on a specific port
576
port: 8084
577
## Extra KEDA Operator and Metrics Adapter container arguments
578
extraArgs:
579
# -- Additional KEDA Operator container arguments
580
keda: {}
581
# -- Additional Metrics Adapter container arguments
582
metricsAdapter: {}
583
# -- Additional environment variables that will be passed onto all KEDA components
584
env: []
585
# - name: ENV_NAME
586
# value: 'ENV-VALUE'
587
588
# Extra volumes and volume mounts for the deployment. Optional.
589
volumes:
590
keda:
591
# -- Extra volumes for KEDA deployment
592
extraVolumes: []
593
# -- Extra volume mounts for KEDA deployment
594
extraVolumeMounts: []
595
metricsApiServer:
596
# -- Extra volumes for metric server deployment
597
extraVolumes: []
598
# -- Extra volume mounts for metric server deployment
599
extraVolumeMounts: []
600
webhooks:
601
# -- Extra volumes for admission webhooks deployment
602
extraVolumes: []
603
# -- Extra volume mounts for admission webhooks deployment
604
extraVolumeMounts: []
605
prometheus:
606
metricServer:
607
# -- Enable metric server Prometheus metrics expose
608
enabled: false
609
# -- HTTP port used for exposing metrics server prometheus metrics
610
port: 8080
611
# -- HTTP port name for exposing metrics server prometheus metrics
612
portName: metrics
613
# -- App Protocol for service when scraping metrics endpoint
614
# appProtocol: http
615
serviceMonitor:
616
# -- Enables ServiceMonitor creation for the Prometheus Operator
617
enabled: false
618
# -- JobLabel selects the label from the associated Kubernetes service which will be used as the job label for all metrics. [ServiceMonitor Spec]
619
jobLabel: ""
620
# -- TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics
621
targetLabels: []
622
# -- PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics
623
podTargetLabels: []
624
# -- Name of the service port this endpoint refers to. Mutually exclusive with targetPort
625
port: metrics
626
# -- Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port
627
targetPort: ""
628
# -- Interval at which metrics should be scraped If not specified Prometheus’ global scrape interval is used.
629
interval: ""
630
# -- Timeout after which the scrape is ended If not specified, the Prometheus global scrape timeout is used unless it is less than Interval in which the latter is used
631
scrapeTimeout: ""
632
# -- DEPRECATED. List of expressions that define custom relabeling rules for metric server ServiceMonitor crd (prometheus operator). [RelabelConfig Spec]
633
relabellings: []
634
# -- List of expressions that define custom relabeling rules for metric server ServiceMonitor crd (prometheus operator). [RelabelConfig Spec]
635
relabelings: []
636
# -- List of expressions that define custom metric relabeling rules for metric server ServiceMonitor crd after scrape has happened (prometheus operator). [RelabelConfig Spec]
637
metricRelabelings: []
638
# -- Additional labels to add for metric server using ServiceMonitor crd (prometheus operator)
639
additionalLabels: {}
640
# -- HTTP scheme used for scraping. Defaults to `http`
641
scheme: http
642
# -- TLS configuration for scraping metrics
643
tlsConfig: {}
644
# caFile: /etc/prom-certs/root-cert.pem
645
# certFile: /etc/prom-certs/cert-chain.pem
646
# insecureSkipVerify: true
647
# keyFile: /etc/prom-certs/key.pem
648
podMonitor:
649
# -- Enables PodMonitor creation for the Prometheus Operator
650
enabled: false
651
# -- Scraping interval for metric server using podMonitor crd (prometheus operator)
652
interval: ""
653
# -- Scraping timeout for metric server using podMonitor crd (prometheus operator)
654
scrapeTimeout: ""
655
# -- Scraping namespace for metric server using podMonitor crd (prometheus operator)
656
namespace: ""
657
# -- Additional labels to add for metric server using podMonitor crd (prometheus operator)
658
additionalLabels: {}
659
# -- List of expressions that define custom relabeling rules for metric server podMonitor crd (prometheus operator)
660
relabelings: []
661
# -- List of expressions that define custom metric relabeling rules for metric server PodMonitor crd after scrape has happened (prometheus operator). [RelabelConfig Spec]
662
metricRelabelings: []
663
operator:
664
# -- Enable KEDA Operator prometheus metrics expose
665
enabled: false
666
# -- Port used for exposing KEDA Operator prometheus metrics
667
port: 8080
668
# -- App Protocol for service when scraping metrics endpoint
669
# appProtocol: http
670
serviceMonitor:
671
# -- Enables ServiceMonitor creation for the Prometheus Operator
672
enabled: false
673
# -- JobLabel selects the label from the associated Kubernetes service which will be used as the job label for all metrics. [ServiceMonitor Spec]
674
jobLabel: ""
675
# -- TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics
676
targetLabels: []
677
# -- PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics
678
podTargetLabels: []
679
# -- Name of the service port this endpoint refers to. Mutually exclusive with targetPort
680
port: metrics
681
# -- Name or number of the target port of the Pod behind the Service,
682
# the port must be specified with container port property. Mutually exclusive with port
683
targetPort: ""
684
# -- Interval at which metrics should be scraped If not specified Prometheus’ global scrape interval is used.
685
interval: ""
686
# -- Timeout after which the scrape is ended If not specified, the Prometheus global scrape timeout is used unless it is less than Interval in which the latter is used
687
scrapeTimeout: ""
688
# -- DEPRECATED. List of expressions that define custom relabeling rules for metric server ServiceMonitor crd (prometheus operator). [RelabelConfig Spec]
689
relabellings: []
690
# -- List of expressions that define custom relabeling rules for metric server ServiceMonitor crd (prometheus operator). [RelabelConfig Spec]
691
relabelings: []
692
# -- List of expressions that define custom metric relabeling rules for metric server ServiceMonitor crd after scrape has happened (prometheus operator). [RelabelConfig Spec]
693
metricRelabelings: []
694
# -- Additional labels to add for metric server using ServiceMonitor crd (prometheus operator)
695
additionalLabels: {}
696
# -- HTTP scheme used for scraping. Defaults to `http`
697
scheme: http
698
# -- TLS configuration for scraping metrics
699
tlsConfig: {}
700
# caFile: /etc/prom-certs/root-cert.pem
701
# certFile: /etc/prom-certs/cert-chain.pem
702
# insecureSkipVerify: true
703
# keyFile: /etc/prom-certs/key.pem
704
podMonitor:
705
# -- Enables PodMonitor creation for the Prometheus Operator
706
enabled: false
707
# -- Scraping interval for KEDA Operator using podMonitor crd (prometheus operator)
708
interval: ""
709
# -- Scraping timeout for KEDA Operator using podMonitor crd (prometheus operator)
710
scrapeTimeout: ""
711
# -- Scraping namespace for KEDA Operator using podMonitor crd (prometheus operator)
712
namespace: ""
713
# -- Additional labels to add for KEDA Operator using podMonitor crd (prometheus operator)
714
additionalLabels: {}
715
# -- List of expressions that define custom relabeling rules for KEDA Operator podMonitor crd (prometheus operator)
716
relabelings: []
717
# -- List of expressions that define custom metric relabeling rules for metric server PodMonitor crd after scrape has happened (prometheus operator). [RelabelConfig Spec]
718
metricRelabelings: []
719
prometheusRules:
720
# -- Enables PrometheusRules creation for the Prometheus Operator
721
enabled: false
722
# -- Scraping namespace for KEDA Operator using prometheusRules crd (prometheus operator)
723
namespace: ""
724
# -- Additional labels to add for KEDA Operator using prometheusRules crd (prometheus operator)
725
additionalLabels: {}
726
# -- Additional alerts to add for KEDA Operator using prometheusRules crd (prometheus operator)
727
alerts: []
728
# - alert: KedaScalerErrors
729
# annotations:
730
# description: Keda scaledObject {{ $labels.scaledObject }} is experiencing errors with {{ $labels.scaler }} scaler
731
# summary: Keda Scaler {{ $labels.scaler }} Errors
732
# expr: sum by ( scaledObject , scaler) (rate(keda_metrics_adapter_scaler_errors[2m])) > 0
733
# for: 2m
734
# labels:
735
webhooks:
736
# -- Enable KEDA admission webhooks prometheus metrics expose
737
enabled: false
738
# -- Port used for exposing KEDA admission webhooks prometheus metrics
739
port: 8080
740
# -- App Protocol for service when scraping metrics endpoint
741
# appProtocol: http
742
serviceMonitor:
743
# -- Enables ServiceMonitor creation for the Prometheus webhooks
744
enabled: false
745
# -- jobLabel selects the label from the associated Kubernetes service which will be used as the job label for all metrics. [ServiceMonitor Spec]
746
jobLabel: ""
747
# -- TargetLabels transfers labels from the Kubernetes `Service` onto the created metrics
748
targetLabels: []
749
# -- PodTargetLabels transfers labels on the Kubernetes `Pod` onto the created metrics
750
podTargetLabels: []
751
# -- Name of the service port this endpoint refers to. Mutually exclusive with targetPort
752
port: metrics
753
# -- Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port
754
targetPort: ""
755
# -- Interval at which metrics should be scraped If not specified Prometheus’ global scrape interval is used.
756
interval: ""
757
# -- Timeout after which the scrape is ended If not specified, the Prometheus global scrape timeout is used unless it is less than Interval in which the latter is used
758
scrapeTimeout: ""
759
# -- DEPRECATED. List of expressions that define custom relabeling rules for metric server ServiceMonitor crd (prometheus operator). [RelabelConfig Spec]
760
relabellings: []
761
# -- List of expressions that define custom relabeling rules for metric server ServiceMonitor crd (prometheus operator). [RelabelConfig Spec]
762
relabelings: []
763
# -- List of expressions that define custom metric relabeling rules for metric server ServiceMonitor crd after scrape has happened (prometheus operator). [RelabelConfig Spec]
764
metricRelabelings: []
765
# -- Additional labels to add for metric server using ServiceMonitor crd (prometheus operator)
766
additionalLabels: {}
767
# -- HTTP scheme used for scraping. Defaults to `http`
768
scheme: http
769
# -- TLS configuration for scraping metrics
770
tlsConfig: {}
771
# caFile: /etc/prom-certs/root-cert.pem
772
# certFile: /etc/prom-certs/cert-chain.pem
773
# insecureSkipVerify: true
774
# keyFile: /etc/prom-certs/key.pem
775
prometheusRules:
776
# -- Enables PrometheusRules creation for the Prometheus Operator
777
enabled: false
778
# -- Scraping namespace for KEDA admission webhooks using prometheusRules crd (prometheus operator)
779
namespace: ""
780
# -- Additional labels to add for KEDA admission webhooks using prometheusRules crd (prometheus operator)
781
additionalLabels: {}
782
# -- Additional alerts to add for KEDA admission webhooks using prometheusRules crd (prometheus operator)
783
alerts: []
784
opentelemetry:
785
collector:
786
# -- Uri of OpenTelemetry Collector to push telemetry to
787
uri: ""
788
operator:
789
# -- Enable pushing metrics to an OpenTelemetry Collector for operator
790
enabled: false
791
certificates:
792
# -- Enables the self generation for KEDA TLS certificates inside KEDA operator
793
autoGenerated: true
794
# -- Secret name to be mounted with KEDA TLS certificates
795
secretName: kedaorg-certs
796
# -- Path where KEDA TLS certificates are mounted
797
mountPath: /certs
798
certManager:
799
# -- Enables Cert-manager for certificate management
800
enabled: false
801
# -- Certificate duration
802
duration: 8760h0m0s # 1 year
803
# -- Certificate renewal time before expiration
804
renewBefore: 5840h0m0s # 8 months
805
# -- Generates a self-signed CA with Cert-manager.
806
# If generateCA is false, the secret with the CA
807
# has to be annotated with `cert-manager.io/allow-direct-injection: "true"`
808
generateCA: true
809
# -- Secret name where the CA is stored (generatedby cert-manager or user given)
810
caSecretName: "kedaorg-ca"
811
# -- Add labels/annotations to secrets created by Certificate resources
812
# [docs](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
813
secretTemplate: {}
814
# annotations:
815
# my-secret-annotation-1: "foo"
816
# my-secret-annotation-2: "bar"
817
# labels:
818
# my-secret-label: foo
819
# -- Reference to custom Issuer. If issuer.generate is false, then issuer.group, issuer.kind and issuer.name are required
820
issuer:
821
# -- Generates an Issuer resource with Cert-manager
822
generate: true
823
# -- Custom Issuer name. Required when generate: false
824
name: foo-org-ca
825
# -- Custom Issuer kind. Required when generate: false
826
kind: ClusterIssuer
827
# -- Custom Issuer group. Required when generate: false
828
group: cert-manager.io
829
operator:
830
# -- Location(s) of CA files for authentication of external TLS connections such as TLS-enabled metrics sources
831
# caDirs:
832
# - /custom/ca
833
permissions:
834
metricServer:
835
restrict:
836
# -- Restrict Secret Access for Metrics Server
837
secret: false
838
operator:
839
restrict:
840
# -- Restrict Secret Access for KEDA operator
841
# if true, KEDA operator will be able to read only secrets in {{ .Release.Namespace }} namespace
842
secret: false
843
# -- Array of strings denoting what secrets the KEDA operator will be able to read, this takes into account
844
# also the configured `watchNamespace`.
845
# the default is an empty array -> no restriction on the secret name
846
namesAllowList: []
847
# -- Creates roles and rolebindings from namespaced service accounts in the array which allow the KEDA operator
848
# to request service account tokens for use with the boundServiceAccountToken trigger source.
849
# If the namespace does not exist, this will cause the helm chart installation to fail.
850
serviceAccountTokenCreationRoles: []
851
# - name: myServiceAccount
852
# namespace: myServiceAccountNamespace
853
# -- Allow Keda to access all Service Token for KEDA operator
854
allowAllServiceAccountTokenCreation: false
855
# -- Array of extra K8s manifests to deploy
856
extraObjects: []
857
# - apiVersion: keda.sh/v1alpha1
858
# kind: ClusterTriggerAuthentication
859
# metadata:
860
# name: aws-credentials
861
# namespace: keda
862
# spec:
863
# podIdentity:
864
# provider: aws-eks
865
866
# -- Capability to turn on/off ASCII art in Helm installation notes
867
asciiArt: true
868
# -- When specified, each rendered resource will have `app.kubernetes.io/managed-by: ${this}` label on it. Useful, when using only helm template with some other solution.
869
customManagedBy: ""
870
# -- Enable service links in pods. Although enabled, mirroring k8s default, it is highly recommended to disable,
871
# due to its legacy status [Legacy container links](https://docs.docker.com/engine/network/links/)
872
enableServiceLinks: true
873

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0SOC 2Golden ImagesCVE RemediationPublic SectorStartups

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogOpen Source LeadershipPartnersNewsroomCareersLegal
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.