kube-proxy
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Default values for kube-proxy.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
image:
6
# -- Image repository for the default container.
7
repository: cgr.dev/chainguard-private/kubernetes-kube-proxy-fips
8
# -- (string) Image tag for the default container; at least one of tag and digest must be set.
9
tag: latest@sha256:02081d7c184d196392a8ac95fcad0c51da75456e1c16072407eb209d98f22951
10
# -- (string) Image digest for the default container; at least one of tag and digest must be set.
11
digest:
12
# -- Image pull policy for the default container.
13
pullPolicy: IfNotPresent
14
# -- Image pull secrets.
15
imagePullSecrets: []
16
# -- (string) Override the name of the chart.
17
nameOverride:
18
# -- (string) Override the full name of the chart.
19
fullnameOverride:
20
# -- If configured replace the default selector labels with these.
21
selectorLabelsOverride: {}
22
# -- Labels to add to all chart resources.
23
commonLabels: {}
24
serviceAccount:
25
# -- If `true`, create a new `ServiceAccount`.
26
create: true
27
# -- Labels to add to the service account.
28
labels: {}
29
# -- Annotations to add to the service account.
30
annotations: {}
31
# -- (string) If this is set and `serviceAccount.create` is `true` this will be used for the created `ServiceAccount` name, if set and `serviceAccount.create` is `false` then this will define an existing `ServiceAccount` to use.
32
name:
33
rbac:
34
# -- If `true`, create a `ClusterRole` & `ClusterRoleBinding` with access to the Kubernetes API.
35
create: true
36
# -- Update strategy for the `DaemonSet`.
37
updateStrategy:
38
type: RollingUpdate
39
rollingUpdate:
40
maxUnavailable: 10%
41
maxSurge: 0
42
# -- (int) Min ready seconds for the `DaemonSet`.
43
minReadySeconds:
44
# -- Labels to add to the pod.
45
podLabels: {}
46
# -- Annotations to add to the pod.
47
podAnnotations: {}
48
# -- Security context for the pod.
49
podSecurityContext:
50
runAsNonRoot: false
51
# -- (string) Priority class name for the pod.
52
priorityClassName: system-node-critical
53
# -- (int) Termination grace period for the pod in seconds.
54
terminationGracePeriodSeconds: 30
55
init:
56
# -- If `true`, create an init container so the default container can be unprivileged.
57
enabled: true
58
# -- Security context for the init container.
59
securityContext:
60
privileged: true
61
allowPrivilegeEscalation: true
62
readOnlyRootFilesystem: false
63
runAsNonRoot: false
64
# -- Security context for the default container; if init is disabled then this needs to be modified to make the default container privileged.
65
securityContext:
66
privileged: false
67
allowPrivilegeEscalation: false
68
readOnlyRootFilesystem: false
69
runAsNonRoot: false
70
capabilities:
71
add: ["NET_ADMIN", "SYS_RESOURCE"]
72
# -- Extra args for the default container.
73
args: []
74
# -- Liveness probe configuration for the default container.
75
livenessProbe:
76
httpGet:
77
path: /livez
78
port: http-health
79
# -- Readiness probe configuration for the default container.
80
readinessProbe:
81
httpGet:
82
path: /healthz
83
port: http-health
84
# -- Resources for the default container.
85
resources: {}
86
# -- Node labels to match for pod scheduling.
87
nodeSelector:
88
kubernetes.io/os: linux
89
# -- Affinity settings for pod scheduling.
90
affinity: {}
91
# -- Node taints which will be tolerated for pod scheduling.
92
tolerations:
93
- effect: NoSchedule
94
operator: Exists
95
- effect: NoExecute
96
operator: Exists
97
serviceMonitor:
98
# -- If `true`, create a `ServiceMonitor` resource to support the _Prometheus Operator_.
99
enabled: false
100
# -- Label used to define the scrape job name.
101
jobLabel: app.kubernetes.io/instance
102
# -- Additional labels for the `ServiceMonitor`.
103
additionalLabels: {}
104
# -- Additional endpoint configuration for the default `ServiceMonitor` endpoint.
105
endpointConfig:
106
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
107
apiServer:
108
# -- (string) API server endpoint for kube-proxy to communicate with.
109
endpoint: https://kubernetes.default.svc
110
# -- Configuration for kube-proxy.
111
config:
112
apiVersion: kubeproxy.config.k8s.io/v1alpha1
113
kind: KubeProxyConfiguration
114
bindAddress: 0.0.0.0
115
clientConnection:
116
acceptContentTypes: ""
117
burst: 10
118
contentType: application/vnd.kubernetes.protobuf
119
kubeconfig: /var/lib/kube-proxy/kubeconfig
120
qps: 5
121
clusterCIDR: ""
122
configSyncPeriod: 15m0s
123
conntrack:
124
maxPerCore: 32768
125
min: 131072
126
tcpCloseWaitTimeout: 1h0m0s
127
tcpEstablishedTimeout: 24h0m0s
128
enableProfiling: false
129
healthzBindAddress: 0.0.0.0:10256
130
hostnameOverride: ""
131
iptables:
132
masqueradeAll: false
133
masqueradeBit: 14
134
minSyncPeriod: 0s
135
syncPeriod: 30s
136
ipvs:
137
excludeCIDRs: null
138
minSyncPeriod: 0s
139
scheduler: ""
140
syncPeriod: 30s
141
metricsBindAddress: 0.0.0.0:10249
142
mode: nftables
143
nodePortAddresses: null
144
oomScoreAdj: -998
145
portRange: ""
146
# -- Log level for kube-proxy.
147
logLevel: 2
148
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.