nri-metadata-injection
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# -- Override the name of the chart
2
nameOverride: ""
3
# -- Override the full name of the release
4
fullnameOverride: ""
5
# -- Name of the Kubernetes cluster monitored. Can be configured also with `global.cluster`
6
cluster: ""
7
# -- The provider that you are deploying your cluster on. Sets config options providers that are known to have constraints.
8
provider:
9
# -- Image for the New Relic Metadata Injector
10
# @default -- See `values.yaml`
11
image:
12
registry: cgr.dev
13
repository: chainguard-private/k8s-metadata-injection-fips
14
tag: latest@sha256:14ac322ece109aa028032db15f71806ec945bf2e8631ec4a0020e74d6a20ca48
15
pullPolicy: IfNotPresent
16
# -- The secrets that are needed to pull images from a custom registry.
17
pullSecrets: []
18
# - name: regsecret
19
# -- Image for creating the needed certificates of this webhook to work
20
# @default -- See `values.yaml`
21
jobImage:
22
registry: cgr.dev # Defaults to registry.k8s.io
23
repository: chainguard-private/kube-webhook-certgen-fips
24
tag: latest@sha256:67dbb547f64e2aeb0f8e19f7fd13c4ab2ec8297d5bf318542593ee15992c147a
25
pullPolicy: IfNotPresent
26
# -- The secrets that are needed to pull images from a custom registry.
27
pullSecrets: []
28
# - name: regsecret
29
30
# -- Volume mounts to add to the job, you might want to mount tmp if Pod Security Policies
31
# Enforce a read-only root.
32
volumeMounts: []
33
# - name: tmp
34
# mountPath: /tmp
35
36
# -- Volumes to add to the job container
37
volumes: []
38
# - name: tmp
39
# emptyDir: {}
40
# -- Resources for the job container admission-create
41
admissionCreate:
42
resources: {}
43
# -- Resources for the job container admission-patch
44
admissionPatch:
45
resources: {}
46
rbac:
47
# rbac.pspEnabled -- Whether the chart should create Pod Security Policy objects.
48
pspEnabled: false
49
replicas: 1
50
# -- Additional labels for chart objects. Can be configured also with `global.labels`
51
labels: {}
52
# -- Annotations to be added to all pods created by the integration.
53
podAnnotations: {}
54
# -- Additional labels for chart pods. Can be configured also with `global.podLabels`
55
podLabels: {}
56
# -- Image for creating the needed certificates of this webhook to work
57
# @default -- 100m/30M -/80M
58
resources:
59
limits:
60
memory: 80M
61
requests:
62
cpu: 100m
63
memory: 30M
64
# -- Sets pod's priorityClassName. Can be configured also with `global.priorityClassName`
65
priorityClassName: ""
66
# -- (bool) Sets pod's hostNetwork. Can be configured also with `global.hostNetwork`
67
# @default -- false
68
hostNetwork:
69
# -- Sets pod's dnsConfig. Can be configured also with `global.dnsConfig`
70
dnsConfig: {}
71
# -- Sets security context (at pod level). Can be configured also with `global.podSecurityContext`
72
podSecurityContext: {}
73
# -- Sets security context (at container level). Can be configured also with `global.containerSecurityContext`
74
containerSecurityContext: {}
75
certManager:
76
# certManager.enabled -- Use cert manager for webhook certs
77
enabled: false
78
# -- Sets the root certificate duration. Defaults to 43800h (5 years).
79
rootCertificateDuration: 43800h
80
# -- Sets certificate duration. Defaults to 8760h (1 year).
81
webhookCertificateDuration: 8760h
82
# -- Sets pod/node affinities. Can be configured also with `global.affinity`
83
affinity: {}
84
# -- Sets pod's node selector. Can be configured also with `global.nodeSelector`
85
nodeSelector: {}
86
# -- Sets pod's tolerations to node taints. Can be configured also with `global.tolerations`
87
tolerations: []
88
# -- Enable the metadata decoration only for pods living in namespaces labeled
89
# with 'newrelic-metadata-injection=enabled'.
90
injectOnlyLabeledNamespaces: false
91
# -- This is a list of namespaces that will be ignored by the webhook.
92
ignoreNamespaces: ['kube-public', 'kube-node-lease', 'kube-system']
93
# -- Use custom tls certificates for the webhook, or let the chart handle it
94
# automatically.
95
# Ref: https://docs.newrelic.com/docs/integrations/kubernetes-integration/link-your-applications/link-your-applications-kubernetes#configure-injection
96
customTLSCertificate: false
97
# -- Webhook timeout
98
# Ref: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
99
timeoutSeconds: 28
100
# -- Port configuration for the webhook server
101
ports:
102
# -- Port on which the webhook server listens (TLS/HTTPS)
103
webhook: 8443
104
# -- Port for health check endpoint (HTTP)
105
health: 8080
106
# -- Log level for the application. Valid values: debug, info, warn, error
107
logLevel: info
108
# -- Service configuration
109
service:
110
# -- External port exposed by the Kubernetes service
111
port: 443
112
# -- Target port that the service forwards traffic to (should match webhook port)
113
# If not specified, defaults to the webhook port value
114
targetPort: ""
115
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.