sigstore-rekor
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
namespace:
2
create: false
3
name: rekor-system
4
imagePullSecrets: []
5
initContainerImage:
6
curl:
7
registry: cgr.dev
8
repository: chainguard-private/curl
9
# -- 8.17.0
10
version: sha256:97d75a51645be41f1e9a719ef899f8dfb36f3cd46893b36e20a9a931c5212902
11
imagePullPolicy: IfNotPresent
12
initContainerResources: {}
13
redis:
14
enabled: true
15
replicaCount: 1
16
hostname: ""
17
port: 6379
18
args:
19
- --bind
20
- 0.0.0.0
21
- --appendonly
22
- "yes"
23
name: redis
24
image:
25
registry: cgr.dev
26
repository: chainguard-private/redis
27
pullPolicy: IfNotPresent
28
# -- 6.2.17-alpine3.21
29
version: sha256:918d7c855dd24cefdac9f7552b8855a7a33f269ab19143e81e6bd5948632cc96
30
resources: {}
31
readinessProbe:
32
initialDelaySeconds: 5
33
periodSeconds: 10
34
timeoutSeconds: 1
35
failureThreshold: 3
36
successThreshold: 1
37
exec:
38
command:
39
- /bin/sh
40
- -i
41
- -c
42
- test "$(redis-cli -h 127.0.0.1 ping)" = "PONG"
43
service:
44
type: ClusterIP
45
ports:
46
- name: 6379-tcp
47
port: 6379
48
protocol: TCP
49
targetPort: 6379
50
serviceAccount:
51
create: true
52
name: ""
53
annotations: {}
54
tolerations: []
55
nodeSelector: {}
56
affinity: {}
57
mysql:
58
gcp:
59
enabled: false
60
instance: ""
61
cloudsql:
62
registry: cgr.dev
63
repository: chainguard-private/cloud-sql-proxy
64
# -- crane digest gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.19.0-alpine
65
version: sha256:3810907a3b87c6ea1c8adc1213619f37beed38c9e9acad9de20d4cc33482668e
66
resources:
67
requests:
68
memory: "2Gi"
69
cpu: "1"
70
securityContext:
71
allowPrivilegeEscalation: false
72
readOnlyRootFilesystem: true
73
runAsNonRoot: true
74
capabilities:
75
drop:
76
- ALL
77
unixDomainSocket:
78
enabled: false
79
path: /cloudsql
80
enabled: false
81
replicaCount: 1
82
name: mysql
83
hostname: ""
84
port: 3306
85
strategy:
86
type: Recreate
87
image:
88
registry: cgr.dev
89
repository: chainguard-private/mariadb
90
pullPolicy: IfNotPresent
91
version: sha256:a682e1c24c49875fd4ba84813a176e74aabc9eefdbcdc842c43855bc249d4807
92
server:
93
enabled: true
94
replicaCount: 1
95
name: server
96
port: 3000
97
image:
98
registry: cgr.dev
99
repository: chainguard-private/rekor-server
100
pullPolicy: IfNotPresent
101
# crane digest ghcr.io/sigstore/rekor/rekor-server:v1.5.1
102
version: latest@sha256:f057adac648941585de51284e208959fb7e08cdb1cc8570e508928c9583a279c
103
# -- KMS type for signing key (possible values: "" / "none", "aws")
104
kmsType: none
105
# -- AWS region if using AWS KMS for signing key
106
awsKmsRegion: us-east-1
107
# -- kubernetes secret name containing IAM credentials for use with AWS KMS
108
awsKmsCredentialsSecretName: aws-kms-credentials
109
logging:
110
production: false
111
ingress:
112
enabled: true
113
className: "nginx"
114
hosts:
115
- path: /
116
host: root
117
annotations: {}
118
tls: []
119
ingresses:
120
- enabled: false
121
name: "gce-ingress"
122
className: "gce"
123
hosts:
124
- path: /
125
host: root
126
annotations: {}
127
tls: []
128
staticGlobalIP: lb-ext-ip
129
frontendConfigSpec: # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_frontendconfig_parameters
130
sslPolicy: rekor-ssl-policy
131
redirectToHttps:
132
enabled: true
133
backendConfigSpec: # https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration#configuring_ingress_features_through_backendconfig_parameters
134
securityPolicy:
135
name: rekor-security-policy
136
logging:
137
enable: true
138
service:
139
type: ClusterIP
140
ports:
141
- name: 3000-tcp
142
port: 80
143
protocol: TCP
144
targetPort: 3000
145
- name: 2112-tcp
146
port: 2112
147
protocol: TCP
148
targetPort: 2112
149
signer: memory
150
readinessProbe:
151
initialDelaySeconds: 10
152
periodSeconds: 10
153
timeoutSeconds: 1
154
failureThreshold: 3
155
successThreshold: 1
156
httpGet:
157
port: 3000
158
path: /ping
159
sharding:
160
mountPath: /sharding
161
filename: sharding-config.yaml
162
contents: ""
163
livenessProbe:
164
initialDelaySeconds: 30
165
periodSeconds: 10
166
timeoutSeconds: 1
167
failureThreshold: 3
168
successThreshold: 1
169
httpGet:
170
port: 3000
171
path: /ping
172
securityContext:
173
runAsNonRoot: true
174
runAsUser: 65533
175
config:
176
key: treeID
177
treeID: ""
178
retrieve_api:
179
enabled: true
180
attestation_storage:
181
enabled: true
182
bucket: file:///var/run/attestations
183
persistence:
184
enabled: true
185
annotations: {}
186
storageClass: ""
187
size: 5Gi
188
mountPath: /var/lib/mysql
189
subPath: ""
190
existingClaim: ""
191
accessModes:
192
- ReadWriteOnce
193
podAnnotations:
194
prometheus.io/scrape: "true"
195
prometheus.io/path: /metrics
196
prometheus.io/port: "2112"
197
resources: {}
198
extraArgs: []
199
gomemlimit: ""
200
serviceAccount:
201
create: true
202
name: ""
203
annotations: {}
204
searchIndex:
205
storageProvider: ""
206
mysql: {}
207
tolerations: []
208
nodeSelector: {}
209
affinity: {}
210
createtree:
211
name: createtree
212
force: false
213
image:
214
registry: cgr.dev
215
repository: chainguard-private/sigstore-scaffolding-trillian-createtree
216
pullPolicy: IfNotPresent
217
# v0.7.31
218
version: sha256:15c2a2152a62a9ffa2102915e321bbacb61bc164d7523a1f3cdda9521e344a85
219
ttlSecondsAfterFinished: 3600
220
serviceAccount:
221
create: true
222
name: ""
223
annotations: {}
224
securityContext:
225
runAsNonRoot: true
226
runAsUser: 65533
227
resources: {}
228
annotations: {}
229
tolerations: []
230
nodeSelector: {}
231
affinity: {}
232
# Configure backfillredis to repair indices that were not inserted into Redis.
233
backfillredis:
234
name: backfillredis
235
enabled: false
236
image:
237
registry: cgr.dev
238
repository: chainguard-private/rekor-backfill-index
239
pullPolicy: IfNotPresent
240
# v1.3.6
241
version: sha256:28fc0dbae1471ce7d29259827ab2eb63d87c09287110a0a1cd716a75f25dd763
242
ttlSecondsAfterFinished: 3600
243
securityContext:
244
runAsNonRoot: true
245
runAsUser: 65533
246
rekorAddress: rekor.rekor-system.svc
247
startIndex: -1
248
endIndex: -1
249
resources: {}
250
tolerations: []
251
nodeSelector: {}
252
affinity: {}
253
# Configure Trillian dependency
254
trillian:
255
enabled: true
256
namespace:
257
name: trillian-system
258
create: true
259
forceNamespace: trillian-system
260
fullnameOverride: trillian
261
adminServer: ""
262
logServer:
263
name: trillian-logserver
264
fullnameOverride: trillian-logserver
265
portHTTP: 8090
266
portRPC: 8091
267
logSigner:
268
name: trillian-logsigner
269
fullnameOverride: trillian-logsigner
270
mysql:
271
fullnameOverride: trillian-mysql
272
# Force namespace of namespaced resources
273
forceNamespace: ""
274
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.